Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Finally Removes DigiNotar Certs In Safari

Posted by Soulskill on from the better-late-than-never dept.

Trailrunner7 writes "Apple has finally released a fix for the certificate trust issue caused by the attack on DigiNotar, more than a week after the fraudulent certificates were identified and other browser vendors moved to revoke trust in them. While Microsoft, Mozilla and Google had been communicating with users about the issue and pushing out new versions and updates to eliminate the compromised certificate authorities from their browsers, Apple had been mum about the attack and hadn't given any indication of when it might issue an update for Safari. On Friday the company published a security advisory for Mac OS X users, saying that it was removing DigiNotar's certificates from its trust list."

7 of 149 comments (clear)

  1. Pointless Apple-bashing by DoctorNathaniel · · Score: 5, Insightful

    So, it took them 1 week to come out with an update to patch their browser? That doesn't seem an egregious delay to me. I haven't yet patched any of my other browsers yet. I'd be surprised if most users patch within the week of bugfix releases anyway.

    And if I understand it, this "security hole" is basically that you won't get bad-certificate warnings if you visit certain fraudulent sites... which isn't likely to happen unless you're clicking links in phishing emails.

    This hyperbole about apple being slow seems like hot air to me.

    1. Re:Pointless Apple-bashing by UnknowingFool · · Score: 4, Insightful

      The problem isn't that there isn't a mechanism to revoke certs in OS X. It exists in KeyChain. The problem was that the implementation was flawed as it could be overriden. So when it was pointed out to Apple, they fixed it in a week's time. Would you rather Apple quickly release a patch that didn't work?

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
  2. Certs are broken. by Speare · · Score: 4, Insightful

    Diginotar was just the beginning of the reports, but truth is, CAs have been broken for a long time and SSL sessions that depend on CA certs are useless. A couple weeks ago, there was a handy how-to page to show how you can go into Mac OS X's keychain to reject Diginotar... one CA entry down, but several hundred others. If you think the NSA, Mossad, MI6, and fifty other countries haven't slipped MitM SSL boxes on various trunks hoping to score a session depending on these CAs, you're deluded.

    --
    [ .sig file not found ]
  3. Re:Yeah Mac's just work by node+3 · · Score: 3, Insightful

    Except of course when they don't. When you create a culture of careless idiots by making them think they are invulnerable to any threats this is the only way to handle them.

    Care to explain how this is a case of Macs not "just working"? Or how may "careless idiots" were adversely affected by this?

    This looks like simple mindless anti-Apple trolling.

    If they just came out and said "Yeah we got screwed too" they might have some credibility, but instead they have to act like something like this doesn't actually affect them and quietly sweep the dirt under the rug.

    "Got screwed"? How, exactly? This is exactly how the system is supposed to work.

    On the other hand of that is the legion of careless users that are made even more careless because they have been given the false belief that they are impervious to any kind of cyber threat. If they just said "Yeah all that 'most secure' stuff we've been telling you is utter nonsense" then they might lose a moron or two to the competition.

    So, where are all the infected Macs? And where are all these people who say Macs are "impervious to any kind of cyber threat"? Straw men don't count, I'm talking about actual human beings.

    The problem with you anti-Apple trolls is that you rail against an imagined Mac user being screwed over by an imagined Apple, neither of which *actually* exist. Apple isn't evil, Mac users aren't idiots. There are millions of highly intelligent, technologically adept people who use and prefer Macs. What's so difficult to understand about this? Just because a smart person likes a system you don't like, that's not an affront to you. There are smart people who happily use Macs, Windows, Linux...

    Why so insecure?

  4. Re:Apple needs to explain its delay by Anonymous Coward · · Score: 2, Insightful

    On Slashdot, an "Apple Apologist Fanboi" is anybody who doesn't incessantly whine in a shrill voice about how awful Apple and Steve Jobs are, annoying anyone within a four-mile radius, most of whom don't care one way or the other.

  5. Re:Yeah Mac's just work by node+3 · · Score: 3, Insightful

    While he is a troll, having worked in support (at a University in Oregon) with Apple users they do often say the following repeatedly:

    "Mac's don't get viruses"
    "My Mac is secure"

    Both are true. Neither mean (what the OP said), "they are invulnerable to any threats" or "they are impervious to any kind of cyber threat".

  6. Apple has Ostrich Syndrome. by Sable+Drakon · · Score: 1, Insightful

    This is just typical Apple. To them, security problems don't exist. They're all happily wandering about aimlessly in Steve Jobs' backyard like a bunch of mindless sheep. Content to shrug off anything that may do grievous harm to their esthetically pleasing brushed aluminum paradise. To those Mac users who actually are security minded, you're not included in this. At least you guys have a clue, more of one than the fanboys and everyone in Cupertino.

    --
    The Amarri pray for god, the Caldari pray for profit. the Gallente pray for peace, but the Minmatar pray their ships hol