View Single Post
Old 05-24-2012, 11:29 AM   #12
obsessed2
Wizard
obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.
 
obsessed2's Avatar
 
Posts: 1,041
Karma: 4694121
Join Date: Apr 2011
Location: Virginia
Device: Pocket Edge X 2 , Edge, gTab, Kindle Fire, Nextbook 7S
Quote:
Originally Posted by morantis View Post
It is a little silly to assume that because a vendor does not choose my particular app or software that they are not taking care of a certain issue.

It's even sillier to assume they are taking care of the issue given their track record. Let's hope following two previous major security incidents Apple will be more proactive instead of delayed reactive.


Mene, Mene, Tekel, Upharsin.


An example of Apple’s nonchalant approach to security is the 2009 OS X Java vulnerability that allowed for remote code execution simply by visiting a webpage. This bug was promptly fixed by Java's creator, Sun Microsystems, but Apple left the vulnerability unpatched for more than six months.

http://www.computerworld.com/s/artic...va_attack_code

This incident prompted Ira Winkler, CISSP and president of the Internet Security Advisors Group, who is considered one of the world's most influential security professionals, to write an opinion piece in Computerworld saying the FTC should investigate MAC security.

http://www.computerworld.com/s/artic...ource=rss_news



Apple's response to the 2012 OS X Flashback Trojan was essentially the same as the Java incident in 2009. Immediately as Apple came to know about this malware attack it should have informed its users and sent out some important directives to be followed for the user’s security, but it did not. Instead of hiding the security flaw, Apple should have informed owners on how to disable Java which could have lessened the outbreak until a patch was released. In fact, this outbreak was even preventable because Oracle issued a patch for the vulnerabilities used by Flashback on February 17, but updates weren’t made available to Mac users until April 2.

http://www.forbes.com/sites/adrianki...ware-outbreak/

Last edited by obsessed2; 05-24-2012 at 01:58 PM.
obsessed2 is offline   Reply With Quote