Absolutely +1 this. On 8/13/2015 6:21 PM, Sabahattin Gucukoglu wrote: > I don’t agree with the author. Of course, this is MacWorld—some amount of > Apple butt-kissing is to be expected—but I find his attitude very worrying. > > First, “Responsible disclosure” vs “Full disclosure” is a choice of > researchers, and privileged authors of the press shouldn’t be using their > personal ethical judgements about it to suppress public information about > flaws simply on that basis. That alone is reason enough to simply distrust > any further writings of the author. I am personally of the opinion that we > are well past the usefulness of “Responsible disclosure” as a strategy; > giving companies rope, but not quite enough to hang themselves with, isn’t > moving security forward any faster. > > Second, and more important, a privilege escalation vulnerability isn’t a > problem for advanced users, who already know what Glen is suggesting, i.e. > don’t run dodgy software. It is precisely those people who have been > trained, per the standard advice, not to type in their passwords when they > are suspicious who will be most hit by the root bypass. Obviously, better > advice would be “Just don’t trust anyone”, but that’s not how the world > works, sadly. I think it’s time for us to acknowledge that the Mac, once a > peaceful neighbourhood with only the occasional bit of easily-preventable > rogue badness that you could get rid of by just clicking “No” or “Cancel” or > whatever, is now increasingly occupied by bad software that is > well-advertised, easily installed and hard to recognise by a lot of > inexperienced people, and anybody giving a Mac to somebody to keep them (the > recipient) quiet and out of their (the donor’s) hair now needs to hold > Apple’s once glorious p atch turnaround times to account. This is *especially* true if the donor has delivered the Mac with a limited user account and all necessary software already installed or only accessible from the Mac App Store, because as soon as Flash becomes the vector, we’re all finished. > > Microsoft have learned their security lessons the hard and painful way, and > now it’s Apple’s turn. Please don’t give apologists fodder for their absurd > denials. >
-- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at http://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
