Apple Updates Safari for Improved SSL Authentication

← Back to Stories (view on slashdot.org)

Apple Updates Safari for Improved SSL Authentication

Posted by pudge on Thursday May 15, 2003 @08:48AM from the i-am-gonna-take-you-surfin-with-me dept.

An anonymous reader writes "Safari upate is available from Apple on Software Update. This updates to Safari 1.0 Beta 2 (v74)." Says Apple, "This update is recommended for all Safari users and improves how Safari validates the authenticity of websites that use SSL certificates."

26 of 61 comments (clear)

Thanks /.! by MikeXpop · 2003-05-15 08:51 · Score: 5, Funny

There's nothing like seeing "2 minutes remaining" turning into "20 minutes remaining" that brings a smile to my face.

--
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
At least Apple is up on these things... by MrTangent · 2003-05-15 08:53 · Score: 5, Insightful

Microsoft seems to twiddle their thumbs when security issues are found. Apple has been pretty good with security issues, even in their beta software like Safari.
1. Re:At least Apple is up on these things... by MikeXpop · 2003-05-15 08:56 · Score: 2, Informative
  
  You obviously don't use XP. There are system updates every week, and a good chunk of them include security updates.
  
  --
  Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
2. Re:At least Apple is up on these things... by HiredMan · 2003-05-15 10:11 · Score: 4, Funny
  
  There are system updates every week, and a good chunk of them include security updates.
  
  Whether the need for near-weekly security updates is a good or bad thing is left up the reader as an exercise.
  
  =tkk
  
  --
  Bill Gates - Creationist?!?
3. Re:At least Apple is up on these things... by sabNetwork · 2003-05-15 10:33 · Score: 5, Informative
  
  Exactly. I use WinXP Pro, and these security updates are SCARY. The security holes which Apple patches are usually innocuous, minor bugs which would require significant effort to exploit. On the other hand, 75% of Microsoft's WinXP patches are described as "... allows attacker to gain control of computer, access to an administration account..."
4. Re:At least Apple is up on these things... by sg3000 · 2003-05-15 14:35 · Score: 4, Funny
  
  > There are system updates every week
  
  Yeah, if those updates don't come fast enough, Microsoft is planning on including a sledgehammer with every copy of their next version of Windows. :-)
  
  --
  Insert simplistic political, ideological, or personal proselytization here.
5. Re:At least Apple is up on these things... by Smurf · 2003-05-15 16:17 · Score: 5, Insightful
  
  Let's see. The original post from MrTangent says:
  Microsoft seems to twiddle their thumbs when security issues are found. Apple has been pretty good with security issues, even in their beta software like Safari.
  His second post says:
  However, it's refreshing that Apple doesn't release security updates every week like Microsoft. That shows that their products are generally more secure.
  I don't see why you imply that he said:
  "It's good that Apple releases more security updates than Microsoft."
  Therefore I don't see the "whoosh". The first post says that Apple's security bug fixes are fast. The second one, that they are not needed as frequently as for Windows. Those are two separate but non-exclusive ideas. You may not agree with him, but he doesn't contradict himself.
That was quick! by Whatchamacallit · 2003-05-15 08:54 · Score: 4, Interesting

Nice to know they fix stuff very fast when it occurs. This was only announced a couple of days ago.

Microsoft is a whole lot slower to release stuff even when they are caught with their pants down which is usually what happens.
Faster than you know. by RalphBNumbers · 2003-05-15 09:15 · Score: 4, Informative

Check the creation date on the updated app. It was built a couple of days ago.

I'm guessing they just had to run it thru QA since then to make sure they didn't break something else by fixing this.

--
"The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
1. Re:Faster than you know. by Phroggy · 2003-05-18 19:02 · Score: 2, Funny
  
  I'm guessing they just had to run it thru QA since then to make sure they didn't break something else by fixing this.
  
  Another difference between Apple and Microsoft... ;-)
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:Whoo hoo indeed! by HiredMan · 2003-05-15 09:22 · Score: 4, Funny

But because we're a superior 5% it apparently matters more.
Come on - it was a joke. The real reason is to pad out the distance between dupes and M$ bashing articles.
;)
=tkk

--
Bill Gates - Creationist?!?
Re:Whoo hoo! by Virus1984 · 2003-05-15 09:38 · Score: 5, Insightful

Actually for the fraction of users who load apple.slashdot.org this is "stuff that matters". It's a section meant to be read by Mac users (read: potential Safari users)...see ?

--
Don't forget to think different.
What this update fixes by aberkvam · 2003-05-15 10:42 · Score: 5, Informative

One May 9, Secunia released an advisory entitled Apple Safari and Konqueror Embedded Common Name Verification Vulnerability. The summary is, "Apple Safari and Konqueror Embedded fails to validate the Common Name of a SSL certificate. This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website." They also add, "NOTE: This does not affect the ordinary version of Konqueror."
1. Re:What this update fixes by Phroggy · 2003-05-18 19:06 · Score: 2, Informative
  
  Is Safari a codefork or an interrelated project?
  
  Apple does contribute patches to KDE, but it's a fork. Apple's version (which does not use Qt) is called WebCore.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:Whoo hoo indeed! by Duck_Taffy · 2003-05-15 12:03 · Score: 2, Interesting

And would you like to tell me what percent of computer users use Linux?

--
Karma: Ran over your dogma.
No problem by 0x0d0a · 2003-05-15 12:56 · Score: 2, Insightful

That's okay. It's still pretty trivial, unworthy-of-Slashdot news.

--
May we never see th
Re:OT-INIT 1984? by FunkyMarcus · 2003-05-15 15:17 · Score: 2, Insightful

I've had . in my path for many years, and wouldn't do without it. It's at the end of my path, so there's no way you're going to spoof my "cat". It's only those who have . at the beginning of their path that get screwed.

Oh, you've never accidentally run a chomd, or maybe l s-l?

(Ouch, those hurt to type.)

Mark
Now if I could just stop my manager... by rubicon7 · 2003-05-15 15:54 · Score: 5, Funny

...from using the term authentification.

--
--- We are not in the 8th dimension. We are over New Jersey.
1. Re:Now if I could just stop my manager... by Migrant+Programmer · 2003-05-16 09:40 · Score: 2, Funny
  
  Amerificans have a habit of doing that, I'm afraid.
  
  --
  Bitchslapped. Neat.
Just Installed lt. . . by Farley+Mullet · 2003-05-15 18:44 · Score: 3, Interesting

And I'm glad that the ssl fix came in. But does anyone know if that nasty memory leak is fixed too?
Re:Whoo hoo indeed! by davesag · 2003-05-15 19:59 · Score: 2, Insightful

5% of computer users maybe, but 95% of apple.slashdot.org readers surely.
a thought - by computer users do you also include computers that use computers, or do you only mean people who use computers?

--
I used to have a better sig than this, but I got tired of it
Security-shmecurity--still needs this feature... by nystagman · 2003-05-16 03:01 · Score: 2, Interesting

As much as I like Safari (and I do!), I can really only use it at work, not at home, because of how it handles (or refuses to handle) individual loading of images.
At home I do NOT have high-speed access, just dial-up over crappy 80 year-old lines (parts of the path from wall jack to telco interface are the original wires from when the building was first wired).
I prefer NOT automatically loading images, instead individually selecting the ones I actually need to see, or in the extreme case, selecting the menu choice (or clicking the 'load images' button) to load the whole page.
As much as I'd like to say 'buh-bye' to Internet Exploiter I simply can't, at least not at home.
Perhaps there's something I'm missing, and I don't have to burrow through and change preferences in Safari each time I want to do this?
Oh, and I guess that the security fixes are also a good thing.

--
Theory and practice are the same in theory, but different in practice.
Perhaps there's something you're missing indeed... by RalphBNumbers · 2003-05-16 04:08 · Score: 3, Informative

In the appearance pane in prefrences uncheck "Display images when the page opens".
Volia, images will not loaded automatically, as you prefer. This has been there since before beta2 iirc.

I can't see how you're supposed to load them manually though...

--
"The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
Re:Perhaps there's something you're missing indeed by gerardrj · 2003-05-16 06:55 · Score: 2, Insightful

The user notes that he knows about that preference of not loading images.

What is missing in Safari is the ability to manually load individual images when you have images set to not load.

Apparenlty MSIE has this feature, I know iCab has it (along with a lot of other's I'd like to see in Safari).

When images aren't loaded, you can right-click (cmd-click) on the image placeholder and choose something like "load image", and only that image will be loaded. In iCab this is especially useful, as sometimes your image filtering rules cause a useful image to not load. That's the price I pay for not being forced to load all those damned flashy GIFs and springy FLASH animations though.

I'm sure this will make it in to Safari at some point, perhaps the initial non-beta release. While we're at it, I'd like a way to disable the "You seem to be looking for something" dialog when you click the "back" button more than few times. So many of the site's don't change their page titles, and going back one-by-one is the only way to locate the content again without page previews.

--
Article X: The powers not delegated... by the Constitution...are reserved...to the people
Safari https via squid proxy by FrankRoscher · 2003-05-16 10:11 · Score: 2, Interesting

Does any body know a solution howto use https via squid proxy (beta2/v74)? This is the only reason to sometimes use Explorer on my macs here ...
Re:Security-shmecurity--still needs this feature.. by Phroggy · 2003-05-18 19:08 · Score: 2, Insightful

As much as I'd like to say 'buh-bye' to Internet Exploiter I simply can't, at least not at home.

Um, Safari is hardly the only non-MSIE browser available for Mac OS X. Try Camino, or Mozilla, or OmniWeb, or iCab.

--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;