« Dumm aussehen beim Telefonieren | Start | X.3 Tricks: Adressbuch + Dock »

30.10.2003

Neuartige Sicherheitslücken in OS X

ZDNet berichtet von Sicherheitswarnungen für OS X, herausgegeben von @Stake, die angeblich nur alle X Versionen bis 10.2.8 betreffen sollen (nachdem es für 10.3 ja gestern gerade ein Patch gegeben hatte), woraus empört gefolgert wird, dass Apple nun wohl vorhaben sollte, Geld für ein sicheres System zu verlangen (in Form des Upgrades auf Panther).
Wer kurz in seinem Gedächtnis kramt, wird sich vielleicht erinnern, dass @stake Ende September in die Schlagzeilen geriet, weil einem Angestellten, der an einer Microsoft kritischen Studie mitgearbeitet hatte, fristlos gekündigt wurde (nachzulesen bei heise, auch bei mir seinerzeit verlinkt).

Entsprechend gibt es eine kritische Anmerkung bei macdailynews:
"Microsoft has been taking quite a hit recently, and rightly so, for it's swiss cheese security in Windows as users of the OS are pummeled with worms, viruses, and patches seemingly weekly. Reports of Windows users seriously considering switching to the Mac are growing in tech discussion boards around the Web.
Stories like Walt Mossberg's recent article for The Wall Street Journal, "If You're Getting Tired Of Fighting Viruses, Consider a New Mac," are springing up in various media outlets around the world. So, now we have @Stake issuing "Mac OS X advisories" that don't amount to a hill of beans compared to Windows endemic flaws? Makes you wonder why, doesn't it?"

Und bei Apple-X.net handelt man ausführlich die einzelnen 'Sicherheitslücken' ab und kommt zu folgendem Schluss:
"Good luck though, compared to the rash of constant advisories on MS software, it would take a major landslide of new issues on the Mac to come anywhere near the holes in Windows. Cheap attempt to slander OS X or legitimate worries? Personally, I would tend to think the first, especially with the fact that none of these "holes" in OS X can be found in Panther (which is still getting the last wrinkles worked out) and no example code has been shown for these vulnerabilities to be seen by others of the security community. "Proof of Concept" code is a pretty standard practice when announcing security holes in software, that way others can validate your find as well as work towards a fix in a more accurate way. @Stake used to provide such code back in the day. Interesting that they are not doing so now, isn't it. Well, in the end, you have to decide what you think for yourself. I just hope this has given you a more balanced perspective to make the decision from."

Posted by Leo at 00:48 | Permalink

TrackBack

TrackBack-Adresse für diesen Eintrag:
https://www.typepad.com/services/trackback/6a00d83451c7b569e200d83537e99f69e2

Listed below are links to weblogs that reference Neuartige Sicherheitslücken in OS X: