Slashdot Mirror
Apple Criticized For Not Blocking Stolen Certs
CWmike writes "A security researcher is criticizing Apple for lagging with its response to the DigiNotar certificate fiasco. He is urging the company to quickly update Mac OS X to protect users. 'We're looking at some very serious issues [about trust on the Web] and it doesn't help matters when Apple is dragging its feet,' said Paul Henry, a security and forensics analyst with Lumension. Unlike Microsoft, which updated Windows on Tuesday to block all SSL certificates issued by DigiNotar, Apple has not updated Mac OS X to do the same. Meanwhile, even Mac OS X users who want to go DIY are stymied, reports Bob McMillan, because the OS can't properly revoke dodgy digital certificates."
macs cant get hacked
These certs are blocked on all Apple equipment and always have been. Anyone getting the certificate accepted is obviously holding it wrong.
Somewhere deep in Silicon Valley, a programmer is looking at a comment something like this:
/*******
FIXME: WTF Hack here. CRLs require authentication of being revoked, but we never bothered to check the callback of the revoke. Maybe if we bothered to have a revoke infrastructure? For now, we'll just not bother fixing this until 10.1 or 10.2.
******/
return true;
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Thank you for picking a random thread to externate your thinkings abobut MS and Open Source, but this is an Apple bashing thread, you should look more carefully next time. Id*ot.
What, no Micro$oft borg icon? And they already patched Windows?? I find that hard to believe. Come on, give the real details of the story. We all know that M$ technologies is pure crap and that anything Apple does is perfection. That's why Apple can drag its feet. As far as I'm concerned Apple doesn't have to do a single thing (it's perfection).