Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Updates Safari for Improved SSL Authentication

Posted by pudge on from the i-am-gonna-take-you-surfin-with-me dept.

An anonymous reader writes "Safari upate is available from Apple on Software Update. This updates to Safari 1.0 Beta 2 (v74)." Says Apple, "This update is recommended for all Safari users and improves how Safari validates the authenticity of websites that use SSL certificates."

61 comments

  1. Thanks /.! by MikeXpop · · Score: 5, Funny

    There's nothing like seeing "2 minutes remaining" turning into "20 minutes remaining" that brings a smile to my face.

    --
    Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
    1. Re:Thanks /.! by DarKnyht · · Score: 1

      And by the time I tried to get it (a few seconds ago), Software Update was no longer mentioning that the update was available.

      Had to go to their site and manually start the download.

      --
      Voting them all out of office, now that's change I can believe in.
  2. At least Apple is up on these things... by MrTangent · · Score: 5, Insightful

    Microsoft seems to twiddle their thumbs when security issues are found. Apple has been pretty good with security issues, even in their beta software like Safari.

    1. Re:At least Apple is up on these things... by MikeXpop · · Score: 2, Informative

      You obviously don't use XP. There are system updates every week, and a good chunk of them include security updates.

      --
      Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
    2. Re:At least Apple is up on these things... by MrTangent · · Score: 0, Offtopic

      Nope, I don't currently use XP (I have Windows 98SE on two PC's next to my Mac). However, it's refreshing that Apple doesn't release security updates every week like Microsoft. That shows that their products are generally more secure. :P

    3. Re:At least Apple is up on these things... by Anonymous Coward · · Score: 1, Funny

      Wow. I almost got whiplash from that little turnabout. "It's good that Apple releases more security updates than Microsoft." Woosh! "It's good that Apple doesn't have to release as many security updates as Microsoft."

      Amazing. I salute you, sir.

    4. Re:At least Apple is up on these things... by HiredMan · · Score: 4, Funny
      There are system updates every week, and a good chunk of them include security updates.


      Whether the need for near-weekly security updates is a good or bad thing is left up the reader as an exercise.


      =tkk

      --
      Bill Gates - Creationist?!?
    5. Re:At least Apple is up on these things... by MrTangent · · Score: 1

      *curtseys* What I meant is that generally speaking there are a lot less security issues (and patches) for Apple software, but when a security issue does rear its ugly, misshapen head Apple is quick to squash it and issue a fix. Microsoft has been known to repeatedly ignore problems (for months) until many a customer's computer is compromised. Make any sense?

    6. Re:At least Apple is up on these things... by sabNetwork · · Score: 5, Informative

      Exactly. I use WinXP Pro, and these security updates are SCARY. The security holes which Apple patches are usually innocuous, minor bugs which would require significant effort to exploit. On the other hand, 75% of Microsoft's WinXP patches are described as "... allows attacker to gain control of computer, access to an administration account..."

    7. Re:At least Apple is up on these things... by Anonymous Coward · · Score: 0

      Yes, it makes perfect sense. You went "woosh." Which is just fine, and I admire your skill at it.

    8. Re:At least Apple is up on these things... by sg3000 · · Score: 4, Funny

      > There are system updates every week

      Yeah, if those updates don't come fast enough, Microsoft is planning on including a sledgehammer with every copy of their next version of Windows. :-)

      --
      Insert simplistic political, ideological, or personal proselytization here.
    9. Re:At least Apple is up on these things... by Smurf · · Score: 5, Insightful
      Let's see. The original post from MrTangent says:
      Microsoft seems to twiddle their thumbs when security issues are found. Apple has been pretty good with security issues, even in their beta software like Safari.
      His second post says:
      However, it's refreshing that Apple doesn't release security updates every week like Microsoft. That shows that their products are generally more secure.
      I don't see why you imply that he said:
      "It's good that Apple releases more security updates than Microsoft."
      Therefore I don't see the "whoosh". The first post says that Apple's security bug fixes are fast. The second one, that they are not needed as frequently as for Windows. Those are two separate but non-exclusive ideas. You may not agree with him, but he doesn't contradict himself.
    10. Re:At least Apple is up on these things... by Anonymous Coward · · Score: 1, Funny

      Jesus Christ, dude. First you fail to spot a joke when one hits you square in the forehead, and then you get moderated UP for it!

      Slashdot is dead already. These are just random twitches.

    11. Re:At least Apple is up on these things... by kalidasa · · Score: 1, Redundant

      I don't ever remember seeing the phrase " access to an administration account..." in an MS update. I could be wrong, but I'd be surprised.

    12. Re:At least Apple is up on these things... by heXXXen · · Score: 1

      You people are funny, because Apple doesn't even have to do the codework to fix these bugs. They're just patches and updates to the open source software bundled in (sendmail, etc.) Furthermore, usually those fixes are for problems where the server could be rooted, whether you think so or not.

  3. That was quick! by Whatchamacallit · · Score: 4, Interesting

    Nice to know they fix stuff very fast when it occurs. This was only announced a couple of days ago.

    Microsoft is a whole lot slower to release stuff even when they are caught with their pants down which is usually what happens.

  4. Re:In Other News... by manual_overide · · Score: 1

    Oh... I saw it because I was logged in and my prefs say to show me everything. Now I feel like a tard. :(

    ~lart me

    --
    If bad puns were like deli meat, this would be the wurst
  5. Faster than you know. by RalphBNumbers · · Score: 4, Informative

    Check the creation date on the updated app. It was built a couple of days ago.

    I'm guessing they just had to run it thru QA since then to make sure they didn't break something else by fixing this.

    --
    "The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
    1. Re:Faster than you know. by Phroggy · · Score: 2, Funny

      I'm guessing they just had to run it thru QA since then to make sure they didn't break something else by fixing this.

      Another difference between Apple and Microsoft... ;-)

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  6. Re:Whoo hoo indeed! by HiredMan · · Score: 4, Funny
    But because we're a superior 5% it apparently matters more.

    Come on - it was a joke. The real reason is to pad out the distance between dupes and M$ bashing articles.

    ;)

    =tkk

    --
    Bill Gates - Creationist?!?
  7. Re:Whoo hoo! by Virus1984 · · Score: 5, Insightful

    Actually for the fraction of users who load apple.slashdot.org this is "stuff that matters". It's a section meant to be read by Mac users (read: potential Safari users)...see ?

    --
    Don't forget to think different.
  8. OT-INIT 1984? by wirelessbuzzers · · Score: 1

    Does your name have anything to do with the INIT 1984 virus?

    Just wondering

    --
    I hereby place the above post in the public domain.
    1. Re:OT-INIT 1984? by SeanAhern · · Score: 1

      Know someone with . in their path?
      echo "#!/bin/rm -f" > cat; chmod a+x cat

      I've had . in my path for many years, and wouldn't do without it. It's at the end of my path, so there's no way you're going to spoof my "cat". It's only those who have . at the beginning of their path that get screwed.

    2. Re:OT-INIT 1984? by FunkyMarcus · · Score: 2, Insightful

      I've had . in my path for many years, and wouldn't do without it. It's at the end of my path, so there's no way you're going to spoof my "cat". It's only those who have . at the beginning of their path that get screwed.

      Oh, you've never accidentally run a chomd, or maybe l s-l?

      (Ouch, those hurt to type.)

      Mark

    3. Re:OT-INIT 1984? by Virus1984 · · Score: 1

      Nope, it's the nickname I've carried for seven years now (Virus) with my birth year appended to make it unique and longer than 6 characters so I can use it as a login ;-)

      --
      Don't forget to think different.
    4. Re:OT-INIT 1984? by SeanAhern · · Score: 1

      Well, "l" is an alias/function in my shell. And chomd...hm. Don't know. I do type "wc-l" more often than I'd like to admit. :-)

      I get your point. I'll have to think about that some more - see if I spend time in publically-writable directories. Not sure I do...

      It's an interesting thing to think about, though. Thanks.

    5. Re:OT-INIT 1984? by Anonymous Coward · · Score: 0

      The OP sig talked about cat, so missspell don't apply.

      It should have been:

      echo "#!/bin/rm -f" > car; chmod a+x car
      ln car type
      ln car dir
      ln car l
      ln car sl
      ln car emac
      ln car lees
      ln car les
      ln car dc

      Another old joke was to "touch -- -r" or "touch -- ' -r' ' ' ' *'"

    6. Re:OT-INIT 1984? by wirelessbuzzers · · Score: 1

      Heh. Amusing joke. Problem with your first idea though. Part of the point of my stupid joke was that you have no idea what's going on afterwards, as it removes itself. Yours doesn't, and they check the username, and...

      Another amusing joke is to
      perl -e "open FOO, '> foo'; seek FOO, 2009743546,0; print FOO 1;"
      DO NOT TRY THIS ON AN HFS/HFS+ VOLUME, it only works on a UNIX volume. It makes a file which appears to be huge, but isn't (it takes up a dozen k or so on disk, due to UNIX sparse-file support). It also plays havoc with backup scripts.

      --
      I hereby place the above post in the public domain.
  9. What this update fixes by aberkvam · · Score: 5, Informative

    One May 9, Secunia released an advisory entitled Apple Safari and Konqueror Embedded Common Name Verification Vulnerability. The summary is, "Apple Safari and Konqueror Embedded fails to validate the Common Name of a SSL certificate. This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website." They also add, "NOTE: This does not affect the ordinary version of Konqueror."

    1. Re:What this update fixes by unixbob · · Score: 1

      What I find interesting on this is that Apple have taken Konqueror embedded and wrapped a Cocoa interface around it. According to the news story you link to, this is a bug not just in Safari but in Konqueror which Safari is based on.

      So I've just been to to have a look at the recent news. No mention at all of an SSL bug in konqueror which requires immiediate patching. This makes me wonder - what is the KDE policy on releasing bug fixes like this to their codebase? And it also makes me wonder what Apple's approach to this is. They have given themselves a major headstart by using the Konqueror rendering engine to build a proprietary browser. Have they given their SSL patch back to KDE? Is Safari a codefork or an interrelated project?

      --
      The Romans didn't find algebra very challenging, because X was always 10
    2. Re:What this update fixes by Phroggy · · Score: 2, Informative

      Is Safari a codefork or an interrelated project?

      Apple does contribute patches to KDE, but it's a fork. Apple's version (which does not use Qt) is called WebCore.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  10. Broke their own BugReporter by Anonymous Coward · · Score: 0


    The latest Safari update has broken the ability to submit bugs via Apple's BugReporter .

    Now, is this because the Safari fix is incorrect? Or because Apple's own BugReporter is violating the rules?

    1. Re:Broke their own BugReporter by gerardrj · · Score: 1

      I DLed the new Safari a few hours a go and just tried sending a bug report.

      It worked flawlessly, just as it did the last time I used it.

      Perhaps there was a transitory problem on the network when you tried?

      --
      Article X: The powers not delegated... by the Constitution...are reserved...to the people
    2. Re:Broke their own BugReporter by Anonymous Coward · · Score: 0

      Nope. When I try to go here:

      http://bugreport.apple.com/

      I get redirected here:

      https://bugreport.apple.com/cgi-bin/WebObjects/Rad arWeb.woa

      And then Safari pops up the following message:

      Too many redirects occurred trying to open ?https://bugreport.apple.com/cgi-bin/WebObjects/Ra darWeb.woa?. This might occur if you open a page that is redirected to open another page which then is redirected to open the original page.

      I don't see this problem when using Camino. And did not see it with previous versions of Safari. I submitted this as a bug to the Safari folks via the Safari Bug Reporter built into Safari.

  11. Re:Whoo hoo indeed! by Duck_Taffy · · Score: 2, Interesting

    And would you like to tell me what percent of computer users use Linux?

    --
    Karma: Ran over your dogma.
  12. No problem by 0x0d0a · · Score: 2, Insightful

    That's okay. It's still pretty trivial, unworthy-of-Slashdot news.

    --
    May we never see th
  13. Now if I could just stop my manager... by rubicon7 · · Score: 5, Funny

    ...from using the term authentification.

    --
    --- We are not in the 8th dimension. We are over New Jersey.
    1. Re:Now if I could just stop my manager... by Migrant+Programmer · · Score: 2, Funny

      Amerificans have a habit of doing that, I'm afraid.

      --
      Bitchslapped. Neat.
  14. Just Installed lt. . . by Farley+Mullet · · Score: 3, Interesting

    And I'm glad that the ssl fix came in. But does anyone know if that nasty memory leak is fixed too?

  15. Re:Whoo hoo indeed! by davesag · · Score: 2, Insightful
    5% of computer users maybe, but 95% of apple.slashdot.org readers surely.

    a thought - by computer users do you also include computers that use computers, or do you only mean people who use computers?

    --
    I used to have a better sig than this, but I got tired of it
  16. Faster? by sld126 · · Score: 1, Interesting

    Maybe it's just me, but it does seem a bit snappier, both in page display and page downloading. Opening tabs behind the displayed tab seems faster too. Just my $0.02

    --
    You're just jealous because the voices only talk to me.
  17. Re:Whoo hoo! by kalidasa · · Score: 1

    n-baxley just posted a troll that less than 5% of apple.slashdot.org readers, themselves less than 5% of Apple users, themselves a mere 5% of computer users, would ever consider reading. Woot!

  18. Security-shmecurity--still needs this feature... by nystagman · · Score: 2, Interesting
    As much as I like Safari (and I do!), I can really only use it at work, not at home, because of how it handles (or refuses to handle) individual loading of images.

    At home I do NOT have high-speed access, just dial-up over crappy 80 year-old lines (parts of the path from wall jack to telco interface are the original wires from when the building was first wired).

    I prefer NOT automatically loading images, instead individually selecting the ones I actually need to see, or in the extreme case, selecting the menu choice (or clicking the 'load images' button) to load the whole page.

    As much as I'd like to say 'buh-bye' to Internet Exploiter I simply can't, at least not at home.

    Perhaps there's something I'm missing, and I don't have to burrow through and change preferences in Safari each time I want to do this?

    Oh, and I guess that the security fixes are also a good thing.

    --
    Theory and practice are the same in theory, but different in practice.
  19. Perhaps there's something you're missing indeed... by RalphBNumbers · · Score: 3, Informative

    In the appearance pane in prefrences uncheck "Display images when the page opens".
    Volia, images will not loaded automatically, as you prefer. This has been there since before beta2 iirc.

    I can't see how you're supposed to load them manually though...

    --
    "The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
  20. Re:Whoo hoo indeed! by DarKnyht · · Score: 1

    Or more importantly, of those Linux users are not IT People or Computer Geeks like us?

    --
    Voting them all out of office, now that's change I can believe in.
  21. Re:Perhaps there's something you're missing indeed by gerardrj · · Score: 2, Insightful

    The user notes that he knows about that preference of not loading images.

    What is missing in Safari is the ability to manually load individual images when you have images set to not load.

    Apparenlty MSIE has this feature, I know iCab has it (along with a lot of other's I'd like to see in Safari).

    When images aren't loaded, you can right-click (cmd-click) on the image placeholder and choose something like "load image", and only that image will be loaded. In iCab this is especially useful, as sometimes your image filtering rules cause a useful image to not load. That's the price I pay for not being forced to load all those damned flashy GIFs and springy FLASH animations though.

    I'm sure this will make it in to Safari at some point, perhaps the initial non-beta release. While we're at it, I'd like a way to disable the "You seem to be looking for something" dialog when you click the "back" button more than few times. So many of the site's don't change their page titles, and going back one-by-one is the only way to locate the content again without page previews.

    --
    Article X: The powers not delegated... by the Constitution...are reserved...to the people
  22. Safari https via squid proxy by FrankRoscher · · Score: 2, Interesting

    Does any body know a solution howto use https via squid proxy (beta2/v74)? This is the only reason to sometimes use Explorer on my macs here ...

    1. Re:Safari https via squid proxy by sandoz · · Score: 1

      It seems to be a problem with WebCore Framework.(I think it's a framework.) iTunes 4 uses the same resources and you cannot purchase music behind a proxy server. It also breaks the music sharing feature of iTunes 4.

    2. Re:Safari https via squid proxy by FrankRoscher · · Score: 1

      Hope this will be fixed in near future because I like safari and I'm always frustrated to use Explorer to buy something on Amazon ...

  23. FIXED: Broke their own BugReporter by Anonymous Coward · · Score: 0

    After rebooting OS X, it all works again. Move along, nothing to see here.

  24. Re:Perhaps there's something you're missing indeed by nystagman · · Score: 1
    If you read my post carefully, you'd see that I do know about the preference to load all the images on a page. This however is a task that is anything but simple and immediate, requiring quite a bit of mousing and clicking to accomplish.

    What I would like to see is the ability to 1) choose "Load Images" from a main menu (having a command key equivalent) and a button in the toolbar; and 2) context-click an image placeholder and select "Load Image" to see that particular image.

    These are things I can currently do with IE. There are other IE functions that I also appreciate, mostly having to do with history organization and custiomizability, that I'd like Safari to include, but for now, over a pokey 56K (more like 44K) dialup, avoiding all the bandwidth wastage from poorly designed, unnecessarily graphic-laden web pages is absolutely crucial.

    When I can do this with Safari, I will most probably kick IE to the curb.

    --
    Theory and practice are the same in theory, but different in practice.
  25. Security? Speed? by Anonymous Coward · · Score: 0

    Nice to see they're fixing something that has to do with security, say many. But this browser, almost a half year into pre-release now, still stinks. It can't render more than 1/3 of web pages correctly. What do Apple do? Contact web sites and make them change their HTML. What a solution.

    There are cosmetic bugs galore in this trash heap, and no amount of bug reporting makes a difference, despite many of them being beginner, 1st grade mistakes. Frankly, given that Apple didn't have to write the browser code, but only have to get their Cocoa act together, it's a surprise and a shame they can't do better.

    And the worst of it? Safari is slowest in the world at HTTPS. So excruciatingly slow the browser simply cannot be used.

    Frames cannot be adjusted in size. Try going to images.google to see.

    Someone wants us to take this "browser" seriously? Forgive me, but I'm out of here. Form over function falling flat on its face.

  26. Re:Security-shmecurity--still needs this feature.. by Phroggy · · Score: 2, Insightful

    As much as I'd like to say 'buh-bye' to Internet Exploiter I simply can't, at least not at home.

    Um, Safari is hardly the only non-MSIE browser available for Mac OS X. Try Camino, or Mozilla, or OmniWeb, or iCab.

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;