Comments on: Security Hole Announced http://gigaom.com/apple/security-hole-announced/ Sat, 26 May 2012 00:44:35 +0000 hourly 1 http://wordpress.com/ By: Alan http://gigaom.com/apple/security-hole-announced/#comment-311864 Mon, 03 Jul 2006 18:08:27 +0000 http://theappleblog.com/2006/06/28/security-hole-announced/#comment-311864 I think disclosing this vulnerability was the right thing to do. Maybe the next time someone reads a post on Digg.com about some cool app, he or she might think twice about entering the root passwd when checking it out.

]]> By: JulesLt http://gigaom.com/apple/security-hole-announced/#comment-311863 Thu, 29 Jun 2006 08:24:19 +0000 http://theappleblog.com/2006/06/28/security-hole-announced/#comment-311863 Actually, he suggests a very simple and good solution.

When you install you tell the system a piece of secret information (‘My Father’s middle name is’). The ONLY program that would know this would be the security server. Therefore anything pretending to be the security server wouldn’t be able to display the information.

]]> By: Sean Sperte http://gigaom.com/apple/security-hole-announced/#comment-311862 Wed, 28 Jun 2006 22:32:50 +0000 http://theappleblog.com/2006/06/28/security-hole-announced/#comment-311862 I disagree. I don’t think publishing this for the world (including those who WRITE the “malicious software” he referenced) is “right”. It’s been my experience that this type of motivational tactic rarely generates the desired result.

As long as there are ignorant people there will be security “holes” like this one. As mentioned in the article, this sort of trap can be mimicked in a variety of ways. The solution does not come from Apple but from users being smart.

Needless to say, I’ll be much more cautious when giving my password to programs requesting it using this dialog. Problem fixed.

]]>