Comments on: Security Hole Announced http://theappleblog.com/2006/06/28/security-hole-announced/ TheAppleBlog, published by and for the day-to-day Apple user, is a prominent source for news, reviews, walkthroughs, and real life application of all Apple products. Sat, 21 Nov 2009 20:54:25 +0000 http://wordpress.com/ hourly 1 By: Alan http://theappleblog.com/2006/06/28/security-hole-announced/#comment-7370 Alan Mon, 03 Jul 2006 18:08:27 +0000 http://theappleblog.com/2006/06/28/security-hole-announced/#comment-7370 I think disclosing this vulnerability was the right thing to do. Maybe the next time someone reads a post on Digg.com about some cool app, he or she might think twice about entering the root passwd when checking it out. I think disclosing this vulnerability was the right thing to do. Maybe the next time someone reads a post on Digg.com about some cool app, he or she might think twice about entering the root passwd when checking it out.

]]> By: JulesLt http://theappleblog.com/2006/06/28/security-hole-announced/#comment-7369 JulesLt Thu, 29 Jun 2006 08:24:19 +0000 http://theappleblog.com/2006/06/28/security-hole-announced/#comment-7369 Actually, he suggests a very simple and good solution. When you install you tell the system a piece of secret information ('My Father's middle name is'). The ONLY program that would know this would be the security server. Therefore anything pretending to be the security server wouldn't be able to display the information. Actually, he suggests a very simple and good solution.

When you install you tell the system a piece of secret information (‘My Father’s middle name is’). The ONLY program that would know this would be the security server. Therefore anything pretending to be the security server wouldn’t be able to display the information.

]]> By: Sean Sperte http://theappleblog.com/2006/06/28/security-hole-announced/#comment-7368 Sean Sperte Wed, 28 Jun 2006 22:32:50 +0000 http://theappleblog.com/2006/06/28/security-hole-announced/#comment-7368 I disagree. I don't think publishing this for the world (including those who WRITE the "malicious software" he referenced) is "right". It's been my experience that this type of motivational tactic rarely generates the desired result. As long as there are ignorant people there will be security "holes" like this one. As mentioned in the article, this sort of trap can be mimicked in a variety of ways. The solution does not come from Apple but from users being smart. Needless to say, I'll be much more cautious when giving my password to programs requesting it using this dialog. Problem fixed. I disagree. I don’t think publishing this for the world (including those who WRITE the “malicious software” he referenced) is “right”. It’s been my experience that this type of motivational tactic rarely generates the desired result.

As long as there are ignorant people there will be security “holes” like this one. As mentioned in the article, this sort of trap can be mimicked in a variety of ways. The solution does not come from Apple but from users being smart.

Needless to say, I’ll be much more cautious when giving my password to programs requesting it using this dialog. Problem fixed.

]]>