Apple Fixes Major SSL Bug In OS X, iOS

Trailrunner7 writes: "Apple has fixed a serious security flaw present in many versions of both iOS and OS X and could allow an attacker to intercept data on SSL connections. The bug is one of many the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code. The most severe of the vulnerabilities patched in iOS 7.1.1 and OSX Mountain Lion and Mavericks is an issue with the secure transport component of the operating systems. If an attacker was in a man-in-the-middle position on a user's network, he might be able to intercept supposedly secure traffic or change the connection's properties."

Also fixed in Lion

[Valdrax]

Also fixed in Lion, according to the link, for those of us still using older Macs.

Re:Also fixed in Lion

[ArcadeMan]

What about iOS 6? There's still a lot of older iPhones out there.

Re:Also fixed in Lion

[dimeglio]

Good point. According to the FA, it looks like it affects iOS 7.1 and earlier. A good excuse to upgrade your iDevice. I don't expect Apple to patch unsupported hardware but if people complain, they might get it done.

Re:Also fixed in Lion

[ArcadeMan]

iOS6 did receive a patch about another SSL vulnerability a few months back, I think.

What I'm hoping for is for Apple to enable FaceTime Audio for the iPhone 3G and iPhone 3GS. All this talk about Earth Day is nice, but what's really helpful for users and the environment is to use older devices longer before recycling them.

Re:Also fixed in Lion

[sconeu]

Only for older iPods/iPhones. If your device is capable of running 7, you will not have the 6.x upgrade available.

Neat

That's swell!

NOT Fixed

NOT fixed is the issue that IOS 7 does not work properly with authenticated proxy servers.
It forgets your password.

This means every service which uses the HTTP port needs you to enter your password. Got sick and tired of doing this dozens of times a day, every day so wifi gets turned off at work.

All features

not bugs.

Geeze, they're getting rid of all the features now.

Not a open source issue.

Tell me again how this whole issue with SSL is due to the nature of open source and how it's only the commie OpenSSL which can't be trusted...

Seems to me Apple's got a bit of a quality control issue itself.

What's Apple's excuse ?

Re:Not a open source issue.

[x0ra]

'apple' is smart enough not to give the issue a sexy name as "heartbleed", and thus it will go unnoticed among non tech people...

Re:Not a open source issue.

[omnichad]

But the bug probably is heartbleed. They're just not disclosing that they were affected.

Re:Not a open source issue.

[buchner.johannes]

It's a MITM attack. Heartbleed is not MITM.

Re:Not a open source issue.

[MikeMo]

It is not related to Heartbleed.

Re:Not a open source issue.

It is definitely not heartbleed, though I guess that would require RTFA.

Re:Not a open source issue.

[gnasher719]

But the bug probably is heartbleed. They're just not disclosing that they were affected.

What do you mean by "they were affected"? Only _servers_ were affected by the "heartbleed" bug. Apple was lucky enough that its major services (App Store, iTunes, iCloud) didn't use OpenSSL.

Re:Not a open source issue.

[jo_ham]

Tell me again how this whole issue with SSL is due to the nature of open source and how it's only the commie OpenSSL which can't be trusted...

Seems to me Apple's got a bit of a quality control issue itself.

What's Apple's excuse ?

Apple's SSL implementation is also open source.

Oh, sorry, I interrupted you in the middle of an uninformed Apple bash. Do carry on. My apologies.

Their excuse is "open source means lots of eyes!" No wait, it's "whatever we do we'll be attacked, so we just dropped the ball and said 'fuck it'".

Re:Not a open source issue.

[jo_ham]

You know, information like that should really be in the article.

Oh wait.

Re:Not a open source issue.

[Anubis+IV]

How do you figure? This bug is specific to MITM attacks from an attacker on one's on network, has nothing to do with the heartbeat functionality that Heartbleed relied on, and the nature of the attack is that the attacker can execute arbitrary code, change the properties of the connection, or get data traveling over the network, rather than merely being able to access random 64K bits from memory. This is something wholly separate from Heartbleed, and likely ties back in with the ongoing security audit they've been rumored to be doing after finding themselves on the NSA's PRISM list.

Not all network security bugs happening in the same temporal proximity as Heartbleed are Heartbleed. It's not uncommon for Microsoft, Apple, and the various Linux distros/their dependencies to push out updates of this sort. It's just getting more attention right now because of Heartbleed. But suggesting that this "bug probably is Heartbleed" indicates that you really don't have a good grasp of what Heartbleed is even about, since it bears very little resemblance.

Re:Not a open source issue.

Tell me again how this whole issue with SSL is due to the nature of open source and how it's only the commie OpenSSL which can't be trusted...

Where were the people claiming this crap? I never saw it. Of course, there are always trolls.

What I saw was the open source zealots hooting about Apple's move to an in-house solution (note: not closed source, but still under Apple's control) being completely stupid, and this would never happen in an open source yum yum this crow sure is tasty.

Re:Not a open source issue.

[Espectr0]

decided posting instead of modding you down, since you may not know that Apple does not use OpenSSL, therefore you are just wrong.

Re:Not a open source issue.

[Cinder6]

Not sure it's luck, since Apple went out of its way to replace OpenSSL in 2011 because they didn't think it was secure enough. (Granted, their own replacement wasn't perfect, either, as seen by both this and the "goto fail" bug.)

Re:Not a open source issue.

[David+Jao]

Clients are also affected. https://www.schneier.com/blog/...

Re:Not a open source issue.

I'll give it a sexy name the media can use ... Apple's GoTo Fail Part Duex

Re:Not a open source issue.

[jeremyp]

Only _servers_ were affected by the "heartbleed" bug.

Wrong.

Ability to run arbitrary code.

"the ability to bypass memory protections and run arbitrary code"

I wish I could run arbitrary code on my iPhone without a developer account. Can I put in a feature request for them to unpatch it?

Re:Ability to run arbitrary code.

[am+2k]

Executing arbitrary code is how the jailbreaks work. They exploit some weakness to patch the system, removing a few safeguards in the process (that's why there are some viruses out there that only affect jailbroken iOS devices).

Snow Leopard

I have a perfectly good MBP of early 2007 vintage running Snow Leopard which can't be upgraded, and it still does the job I need of it today. I can't bring myself to 'upgrade' to the modern MBP's as I hate the chicklet keyboard, so I'm swinging back to windows laptops (linux+windows) to avoid Apple abandonware in the future.
For all the criticism Microsoft gets, at least they don't abandon semi-old stuff.

Re:Snow Leopard

[Noah+Haders]

To be fair, that's a 7yo computer... What's the rightlifetime so an os doesn't count as abandon ware? They still do snow leopard updates I think.

Re:Snow Leopard

[mk1004]

No, I've got a 2008 Mac Mini that was updated to Snow Leopard, and I haven't seen any updates for awhile. Newegg also wouldn't let me order using the Mini because of the older version of Safari that runs on SL.

If I upgrade to 2G of RAM, it looks like I can upgrade to Lion, but not Mountain Lion. I was going to upgrade the RAM anyway because it seems to run a bit sluggish, but the Mini maxes out at 2G, which is the lower limit of Lion. So it may be a wash, performance-wise.

Re:Snow Leopard

[LDAPMAN]

So you have a six year old machine that was the lowest specs you could buy at that time. Your surprised you can't run the latest and greatest???

Re:Snow Leopard

[dk20]

You know a lot of times those limits are artificial right? People have figured out how to trick mavericks into installing on "unapproved" systems.

Re:Snow Leopard

[koan]

Install Linux or Windows.

Re:Snow Leopard

[PlusFiveTroll]

Windows Vista still receives security patches, which was released in 2007. Most computers of that age will install W7 fine, though you might want to bump the RAM if you want it to be enjoyable. XP was supported with patches for over a decade. Apple locks you into expensiev hardware and wants you to buy new every few years,

Re:Snow Leopard

[jo_ham]

An "early 2007 vintage" MBP can run Lion.

If your machine is stuck on 10.6 then it's not "early 2007" but "early 2006".

The youngest macbook pro that can't run anything later than 10.6 is the Early 2006 with the Core Duo CPU and 2GB RAM.

Yeah, really "abandonware" there. *eyeroll*

Re:Snow Leopard

[LDAPMAN]

Depends on what you mean by "artificial". If it runs like molasses on less than 2GB or RAM and an ancient processor then limiting it to newer hardware is a reasonable choice.

Re:Snow Leopard

[Guest316]

Why not? I can run the latest Solaris on 12 year old Ultras, and if I had an early '90s Vax I believe I could still run the latest VMS version.

Re:Snow Leopard

wait, you think a Windows laptop is going to have a better keyboard? I recently had to use someone's Windows RT "laptop" and the keyboard was awful, rough plastic already covered in dirt and grime that you can't even click the button down you just press it and hope Windows recognizes it. Seriously fucking awful. Stop being a cheap lil' bitch and buy a MBP.

Re:Snow Leopard

[Cyrano+de+Maniac]

If I upgrade to 2G of RAM, it looks like I can upgrade to Lion, but not Mountain Lion. I was going to upgrade the RAM anyway because it seems to run a bit sluggish, but the Mini maxes out at 2G, which is the lower limit of Lion. So it may be a wash, performance-wise.

No, it will be a huge step backwards. Do not, under any circumstance, install Lion if you can possibly avoid it. Not only is 2GB not enough to run Lion in any reasonable manner, but even if you have more RAM than that, Lion is a molasses sucking pig. The last OS for any hardware I used that was that bad and that much of a step backwards from what came before it was... umm... Wow, can't think of one. Lion wins. Or, actually, loses.

Installing it was the worst single decision I've made regarding Apple software on my early 2008 MacBook Pro. I even did a clean install from official Apple USB media (i.e. the USB fob you had to pay extra for instead of just downloading it) and upgraded RAM to 4GB on account of Lion. Take it from myself and several of my coworkers who regretted every getting within 100 feet of Lion that it is best avoided. Mountain Lion didn't suck, but only by comparison to Lion. Mavericks is a little bit better yet, but still not nearly as snappy as Snow Leopard.

My gut reaction: Don't worry about Snow Leopard being out of date, even security-wise. A man-in-the-middle is rare in most environments, and Snow Leopard is already quickly diminishing in market share, so it's not terribly likely to be widely exploited. Compared to the every day pain you'll cause yourself by installing Lion or later, the tiny risk profile of running a vulnerable Snow Leopard is worth it, in my opinion.

Re:Snow Leopard

[dk20]

It is funny how words like "ancient" are thrown around in discussions like this.

Here's an interesting point similar to what someone posted down below.
In my basement I have a SUN X4500 Storage server (circa 2007) and it is currently running Solaris 11.1 without issues. The system has two "ancient" AMD Opteron's but since little has changed in terms of processor instruction sets they run fine.
So this is a system from 2007 running an OS released in 2011 and supported until 2024. Heck, I might upgrade to 11.2 when it is released in the next month or so.

Artificially preventing you from upgrading in this case seems more like a means to sell hardware then to "protect the user experience".

He has a 2008 mac mini, lets assume the mid 2007 model with a T7200 Intel Core 2 Duo whereas the 2009 mini uses 2.53 GHz (P8700) Intel Core 2 Duo

Go to any benchmark sites and do a comparison of those processors, they are pretty close yet one supports Mavericks, the other tops out at lion?

Re:Snow Leopard

[chuckugly]

To be fair, that's a 7yo computer... What's the rightlifetime so an os doesn't count as abandon ware? They still do snow leopard updates I think.

Do we apply that same logic to Windows XP?

Re:Snow Leopard

[LDAPMAN]

Unless it's slightly earlier than he thinks and is a Core Duo instead of a Core 2 Duo. Then there is the RAM requirement. Comparing support lifetime for a server OS and Hardware to a Mac Mini running a desktop OS is ridiculous.

Re:Snow Leopard

[dk20]

According to Apple's website 2GB is the minimum for Maverics: http://support.apple.com/kb/ht...

They also say a 2009 or later mini, does the small difference in processing powre really make a difference then?

Re:Snow Leopard

[LDAPMAN]

It's not just processing power. Some of the earlier processors are not fully 64bit and some have limitations on the memory they can address.

Re:Snow Leopard

[guruevi]

There is no such thing as a 2008 Mac Mini, you probably got a Mid 2007 Mac Mini which runs up to Mac OS X 10.7.5 which is still supported and can actually take up to 3GB of memory (2GB was the maximum configuration by Apple).

If you want to, you can install Linux on the machine. I don't know why NewEgg would crap out on the browser because that Safari supports common versions of ECMAScript and HTML5, try Firefox otherwise.

Re:Snow Leopard

[LDAPMAN]

And Windows 7 was released when??? Mavericks was released a few months ago. The versions of OS X that were released around that time are still receiving security updates too and will still run fine on six year old hardware. The issue here is Mavericks is 64bit only and it makes some assumptions on the hardware. Nothing different here. Would you rather they did what MS did with Windows 8 and certify hardware they knew would run like crap?

Re:Snow Leopard

Are Windows RT devices being sold as laptops? I hadn't noticed that.

Re:Snow Leopard

[Cinder6]

Everyone has different experiences. I never had problems with Lion (mid-2011 MBA), but I saw enough people complaining that I won't doubt you. On the other hand, I could never go back to Snow Leopard after Mountain Lion, and especially not after Mavericks.

Re:Snow Leopard

[Lakitu]

Looks like it's the opposite to me. He's complaining that he's forced to purchase upgrades to the latest and greatest major versions of his OS, and purchase hardware that it says it will run on, just for a security patch.

Re:Snow Leopard

[LynnwoodRooster]

Oh, I don't know... Maybe 12 years or so?

Re:Snow Leopard

Windows is the only one without opensource implementation. Should be a lot safer because it is harder to find bugs in the code!

Re:Snow Leopard

Have you ever seen anyone using a Windows RT device as a tablet? It's always used as a wannabe Macbook Air kind of thing with the cheesy keys and little monitor stand in the back.

Re:Snow Leopard

[Kremmy]

We hit a level of computing power in 2006 that makes it so computers that old are still very likely to run most things just fine. Throw Windows 7 on anything that was honestly Vista Capable and you're good to go. Hey, that ought to include those Macs...

Re:Snow Leopard

[Lord_Jeremy]

No, you don't have a 2008 Mac Mini. There is no such thing as a 2008-year-model Mac Mini (source). The Mid 2007 model runs 10.7. The Early 2009 model runs 10.9. The 2007 can't run anything beyond than 10.7 natively because 10.8 and newer require a 64-bit EFI firmware. This is due to the newer version always booting the kernel in 64-bit mode. Some older Macs that had 64-bit CPUs, such as your Mini and a couple gens of Mac Pros still had 32-bit EFIs. You *could* run Mountain Lion or Mavericks by using a 3rd-party boot loader (such as Chameleon) that translates the 64-bit EFI calls to 32-bit. I'm actually doing that myself on an older Mac Pro. Of course then you'll discover that the video drivers for you Mini are only compiled for 32-bit in older systems and are totally absent from newer OS X versions. At a certain point, Apple (very reasonably) decided that maintaining two architectures of OS X and all included software, as well as implicitly requiring other developers to do the same was not worth support Macs beyond six years old.

Re:Snow Leopard

You know a lot of times those limits are artificial right? People have figured out how to trick mavericks into installing on "unapproved" systems.

I have a child that's turning 6 this year. Should I throw him out too?

Consumerist hogwash!

Re:Snow Leopard

[supercrisp]

I upgraded to Mavericks from Snow Leopard because a lot of my mainline apps were only getting Mavericks-compatible updates. The best thing I can say about Mavericks is that it doesn't suck as much as I expected. I'm not noticing a slowdown, but I moved to an SSD for the OS drive at the same time, and I'm on an '09 MacBook Pro with 8GB of RAM, so those things may be concealing an OS-related slowdown. At any rate, I'd say that you shouldn't make the move to Mavericks if you don't have to, especially if you have an older machine. It's mostly just a bunch of stupid eye-candy. Yes, I know: App Nap!* Memory efficiency! Battery efficiency! But my battery use was already fine, RAM is often dirt cheap, and App Nap's main function on my machine is to pop up the rainbow pinwheel when I'm in a hurry.

Re:Snow Leopard

[AmiMoJo]

Lion doesn't have any PPC support, so might not be an option. Even if it is Lion runs very poorly on machines of that age, so would be a massive downgrade in terms of performance and productivity.

Remember all the stick Microsoft got about "Vista compatible" machines that ran it like a dog? "Possible" and "advisable" or "practical" are different things.

Re:Snow Leopard

[Gr8Apes]

Yes, everything prior to the Santa Rosa machines circa 2009 I believe have essentially a hamstrung memory controller. Intel wasn't fully into the game yet, still playing catchup to AMD. I have a pre Santa Rosa MBP running SL still, because Lion/ML really aren't stable enough to warrant an upgrade. Yes, I have(had) machines running every thing from panther on up to mavericks, and Grand Central, while a great idea, was a massive architectural change that caused quite a few instabilities in the OS. Mavericks seems to be about as stable as Leopard, which isn't terrible, but even it isn't yet quite at the SL level yet.

Re:Snow Leopard

[Gr8Apes]

I was pretty sure that Vista was EOL'd already. W7 is scheduled for next year. Win8 is ended this year, all of course as far as "free" patches go.

Snow Leopard was still getting patches until Mar 2014. As for it being on sale, it's only there as a gateway for pre- Snow Leopard systems to get to Mavericks, however small that number may be. It's also a way to run PPC software on newer macs via Parallels or the like. Yes you can run that (accidentally) free copy of Adobe PS 2 you downloaded.

Re:Snow Leopard

[Gr8Apes]

Except the version of the OS on his machine isn't affected by that bug...

Re:Snow Leopard

[Gr8Apes]

On the other hand, I could never go back to Snow Leopard after Mountain Lion, and especially not after Mavericks.

Why? (I'm honestly curious)

Note: I'm running SL, ML, and Mavericks, and I have to say, SL is the most stable, followed by Mavericks, ML is "ok", and my brief experience with Lion was only because ML came out and I decided to jump directly to it even though I had had a Lion disk for a year. (Yes, the "bad" stories made me hold off long enough for the "fix" to come out.)

I'm still not 100% happy with the effects of Grand Central, only because the stability has not been returned to SL standards. However, Mavericks is quite usable. The occasional "crash" is mediated by a 500+MB/s SSD, so restarts are sub 15s and used to occur maybe once every 30-45 days. The 10.9.1 patch has actually allowed me to reboot for reasons other than a crash. Oh, and I should mention that these crashes do not come with a dump, just blammo - restart. That never happened in SL, at least you got the infamous crash screen, if you ever had a crash that is. (You will occasionally if you're running a slew of PPC software)

All that said, for me, the main benefit of Grand Central is better handling of messaging and performance for applications that have the ability to be run in parallel. This is a major plus. I have barely changed my interface habits since panther, primarily because I use QuickSilver for launching apps and Cmd[-SHFT]-Tab and Cmd[-SHFT]-` to navigate apps and windows within an app. So all the Launchpad, Mission Control, Expose, Dashboard, Dockbar etc garbage don't even figure in my daily computer use. I minimize and hide the dockbar right after installing QuickSilver, and pretty much never see it again.

Re:Snow Leopard

[strikethree]

My Macbook Pro is from mid 2010. I stopped "upgrading" at Snow Leopard because that is when OS X went off the deep end. Snow Leopard itself actually annoys me with the "integrated app store" bullshit. I wanted a Unix based laptop with a semi-reasonable GUI and all I would have if I upgraded to the latest is an ugly IOS device doing everything it can to get me to buy shit.

Re:Snow Leopard

[Gr8Apes]

So the hackintosh community benefits us again. I'll have to see about the video drivers for my MBP. If they're available in 10.9, I'll upgrade it someday. For now, it's fine on SL.

Re:Snow Leopard

I love the people pointing to XP as if it were something other than a statistical outlier for Microsoft. XP had it's support period extended *several* times because the only available replacement (for MS OS users) was considered so crappy that entire fortune 500 companies were refusing to go through with the upgrade. Not extending the support timeline for XP would have meant that Microsoft would have been pushing its best customers to use other products by other vendors. For years.

Microsoft extended XP support because they had no other viable option.

Re:Snow Leopard

If you insist on using an unsupported OS, at laease try to use a current(ish) browser, i.e. stay away from safari and use Firefox or Chrome instead.

Re:Snow Leopard

[mk1004]

You're right; it's a 2007 model purchased in 2008. The point is, it can't run anything beyond 10.7 (without limited workarounds), and 10.6 is not getting any updates. My point was that Snow Leopard isn't getting any updates, and older hardware is limited as to what you can upgrade to.

It seems to be a shame that hardware that can last for 6+ years has to be abandoned because the OS is no longer supported.

Re:Snow Leopard

[jo_ham]

My Macbook Pro is from mid 2010. I stopped "upgrading" at Snow Leopard because that is when OS X went off the deep end. Snow Leopard itself actually annoys me with the "integrated app store" bullshit. I wanted a Unix based laptop with a semi-reasonable GUI and all I would have if I upgraded to the latest is an ugly IOS device doing everything it can to get me to buy shit.

Loving the hyperbole.

OS X looks nothing like iOS. It has the launchpad, which is clearly derived from the iOS springboard, but using it is totally optional (I never do - I just launch apps the way I've been doing it since 10.1).

OS X also doesn't "do everything it can" to get you to buy shit - using the App Store is optional for anything other than the core apps and OS. It's where you get core updates from (for the OS and built in apps), but it is far from the sole source of software, nor is it intrusive.

I'm struggling to think of what you mean when you say OS X is "doing everything it can" to "force you" to buy things. Can you give me some specific examples?

Also, I wasn't aware that they removed all of the Unix underpinnings and command line with OS X beyond 10.6. Again, can you give me some specific examples of what is missing from OS X after Snow Leopard that means it would no longer be a "Unix-based laptop with a semi-reasonable GUI"?

Re:Snow Leopard

[jo_ham]

That's true - if you need Rosetta support, you are stuck on 10.6. Most apps have x86-native binaries by now, but not all, especially if you have older, unsupported software. I guess for many people this will be Adobe CS1.

Re:Snow Leopard

To be fair, that's a 7yo computer... What's the rightlifetime so an os doesn't count as abandon ware? They still do snow leopard updates I think.

Do we apply that same logic to Windows XP?

Is it Apple's fault that XP's successor all were late? Blackcomb was promised for 2003 in 2000, then delayed for an intermediate release of Longhorn, which was then scraped for Vista. And Blackcomb ultimately became Windows 7, which came out 2009, only 6 years late.

If it had been on time, it likely wouldn't even be supported anymore.

Anyone having trouble with connecting today?

Is anyone having trouble getting through to Slashdot today?

Seeing 90% packet loss betweet AT&T and something closer to Slashdot's end of the pipe than my end of the pipe.
5 10 ms 8 ms 9 ms 12.122.81.73
6 11 ms 11 ms 10 ms 192.205.33.98
7 12 ms 13 ms 12 ms 206.28.98.117
8 * 63 ms 63 ms 204.70.196.246
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 65 ms 63 ms * star.slashdot.org [216.34.181.48]
13 67 ms 85 ms * star.slashdot.org [216.34.181.48]
14 * * 64 ms star.slashdot.org [216.34.181.48]

Tests from a non-AT&T ISP show normal operation. The problem may be on AT&T's end and not Slashdot's, or it may be between AT&T and /.'s immediate upstream provider - but this has been an ongoing issue for about 8 hours so far today.

A ping reveals about 90% packet loss between here and Slashdot. (Again, no or negligible packet loss between a non-AT&T ISP). I have verified this with as many IPs as I can get from my own netblock, but they all funnel through the same rout past 12.83.88.173

Re:Anyone having trouble with connecting today?

[Kazoo+the+Clown]

Yes, I've been having a lot of trouble getting slashdot to load as well. Some browsers seem to be doing better than others. On an iPad.

Not related to hearthblled

Impact: An attacker with a privileged network position may capture
data or change the operations performed in sessions protected by SSL
Description: In a 'triple handshake' attack, it was possible for an
attacker to establish two connections which had the same encryption
keys and handshake, insert the attacker's data in one connection, and
renegotiate so that the connections may be forwarded to each other.
To prevent attacks based on this scenario, Secure Transport was
changed so that, by default, a renegotiation must present the same
server certificate as was presented in the original connection.

Marketshare?

Hardly anyone serious uses Apple's server OS, especially in datacenters, so the footprint affected would most likely be super tiny.

Re:Marketshare?

[Kalriath]

Irrelevant, since the issue is the client implementation.

Re:Marketshare?

Why did OS X get a mention?

Re:Marketshare?

[Kalriath]

Because OSX uses Apple's SSL implementation?

Re:Marketshare?

So hardly irrelevant in that context then.

Re:Marketshare?

[Kalriath]

No, it's irrelevant. Noone uses OS X server in a datacenter as their client PC. The web server that OS X uses in the server context is Apache - so... OpenSSL.

Laugh

[koan]

Just here to scoff at Apple *again* feel free to mod down.

They.

If an attacker was in a man-in-the-middle position on a user's network, he might be able to intercept supposedly secure traffic or change the connection's properties.

Why add gender to this statement?

Re:They.

Did you read the subject line?

Using 'she' is every bit as ridiculous as 'he'. Why add gender to a theoretical person that doesn't actually exist?

Re:They.

Because our language isn't easily structured that way. I guess you could do, "If an attacker was in a person-in-the-middle position on a user's network, they might be able to intercept supposedly secure traffic or change the connection's properties." - "they" is a plural form, but I think you could get away with it in that case. We just don't have a single word singular gender neutral pronoun for "person".

Re:They.

I did read the subject and assumed as much (could have used they instead).

My comment was an off topic to the off topic comment wondering if others have noticed this trend.

Re:They.

[flyingfsck]

Most Amerikins do not realize that the gender neutral form is 'one', as in anyone, no-one, someone, or 'body', as in somebody, anybody and nobody. If everyone would realize that one could use one instead of he, she or it, then the gender issue in politically correct speak would largely go away.

Re:They.

Most Amerikins do not realize that the gender neutral form is 'one', as in anyone, no-one, someone, or 'body', as in somebody, anybody and nobody. If everyone would realize that one could use one instead of he, she or it, then the gender issue in politically correct speak would largely go away.

The use of "one" when attempting to be PC regarding gender is offensive to conjoined twins. Especially conjoined fraternal twins and conjoined identical twins where one twin is transgendered.

VAX/VMS supported into late 1990s

[erikscott]

Sadly, VMS support for VAX ended around 7.1 or 7.3 or something - it was in the late nineties. But every alpha ever made (at least "that ever ran VMS in the first place") can run the latest version.

All UltraSPARCS can run solaris 10.X. Hardware from this millenium is required for Solaris 11.X (more or less). Pre-Ultra machines are kind of limited - A microsparc machine (sparcStation 5 and similar) is supported on 2.9, but unless you max out the RAM you're better off at 2.8. Sparcs with VME busses (4/110, 4/280, etc) are stuck further back - maybe Solaris 2.4, but I'm not sure. These are better off running OpenBSD anyway. :-)

Yeah, I get a laugh out of what constitutes "support" these days. :-)

False

I have a perfectly good MBP of early 2007 vintage running Snow Leopard which can't be upgraded.

A Macbook pro of that "vintage" can be upgraded Lion, for a grand total of $20.

10.6.8 is A OK Fuck U

Just goes to show.
FU

I shit my pants

I also jerked off into the ear holes of a corpse.

Stick Dynamite UP Cook's Anus

Cook want to be Gay, because in Federal Employment, 'Gay' is the new 'Black.'

Let's help !

Kidnap Cook.

Stick a stick of dynamite wrapped in a Trojen Condum up Cook's ass !

Apply SuperGlue to the "Hams" generously.

Apply Duck Tape around the butt and pelvis tightly.

Light Up.

Retreat to a protected bunker.

"BLOUIE BAM"

Wooooooooo ! What a fucker fire cracker !

Just goes to show.
Ha ha

Indeed

The Russkie and the FtMeade Mafia will never lower themselves to the use of a powerful assembly-debugger or a decompiler. We know that. Neither will the North Korean Long Range Recon Forces do that.

with all the media attention lately...

doesn't surprise me that apple finally "fixes" a longstanding security issue.

it also would not surprise me if there are others, yet undiscovered (by the PUBLIC), present.

Apple's a small company, they can't afford to offe

Apple's a small company, they can't afford to offer long term support.

oh...

Errr...

[porkchop_d_clown]

Heartbleed affects clients, too. Android phones running 4.1.1, for example. http://www.bloomberg.com/news/...

Let me know how it goes

[porkchop_d_clown]

when you try to put windows 8.1 on a 7 year old computer.