Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: open
WhiteHat has disclosed a critical security vulnerability in Apple's Safari browser that could allow hackers to extract personal information from the OS X address book.
I figured Apple might appreciate a vulnerability disclosure prior to public discussion, which I did on June 17, 2010 complete with technical detail. A gleeful auto-response came shortly after, to which I replied asking if Apple was already aware of the issue. I received no response after that, human or robot.
displaced Oracle as the company with the most security vulnerabilities in its software
Though this does not necessarily mean that Apple's software is the most insecure in practice—the report takes no consideration of the severity of the flaws
Though this does not mean [its] software is the most insecure in practice.
I worked for a state government bureaucracy for 30 years. This wording sounds like something straight out of a memo written by a middle-management paper-pusher.
In a talk scheduled for next week's Black Hat security conference in Las Vegas, Jeremiah Grossman, CTO of White Hat Security, plans to detail critical weaknesses that are enabled by default in the browsers, which are the four biggest by market share. The vulnerabilities have yet to be purged by the respective browser makers despite months, and in some cases, years of notice.
incrediBILL must be asleep
I think these recent trends demonstrate how difficult it is to write code.
Coding isn't difficult nor is writing secure code.
There is simply a discipline and protocol that needs to be followed to make sure that all the code you write is as secure as possible, requiring coding standards, code review, vulnerability testing, so on and so forth.
Then again, Microsoft, a much bigger company, continues to produce "secure code" with more holes than Swiss Cheese so don't hold your breath.
I guess if writing secure code is easy
You've got that backwards, Apple is bigger than Microsoft. Again, shame on Apple.