Its not unreasonable & Landon is contributing!
on
Month of Apple Fixes
·
· Score: 1
If Apple would be as slow about the fix as MS was about the WMF fix, I might indeed install a patch from a 3rd party (as I chose to do for WMF).
There are pros and cons to third party patches (and you have identified a possible negative case), but there solid ways to validate the decision with the security community, even if you can't read the code yourself.
I think its really cool that Landon is spending his time writing counters and taking a decidedly positive action in this investigation.
Personally, I never heard of APE before this, and knowing something about that software is already a positive result for me, even if I only disable rtsp handler (which I have done).
"Venerable" is a funkier, but perhaps less apt spoonerism that "venereal", in this case.
Anyway, the point is "uh oh, wireless drivers could be exploited". I don't KNOW for sure whether my venerable 2003 12" PowerBook G4 is vulnerable to someones venereal malware breaking in via wireless drivers! So, I suggest Apple & Broadcom (in my case) do a code review.
I know these guys aren't classic H8Rs and deserve kudos for publicizing this problem (and with a cautious demo!). Thanks fellahs!
However, the demo, if it used USB adapter for 802.11, was smug in the same way a salesman gets on stage and shows you his software product works on open linux, when really requires a proprietary library you would never buy.
As for Apple user's smugness, I work in infrastructure on 4 O/S from different companies and over a dozen major hardware/software brands every week - this workplace is crawling with vendor engineers and colleagues that are pretty smug, about their platform. You would think effective professionals wouldn't be so smug, but they are. Slashdot is bursting with people who are smug about their O/S, etc. etc. The urge to talk about sticking lit ciggys in smug people's eyeballs is only applauded by those who are smug about their own 'brands'.
Slashdot Mirror
If Apple would be as slow about the fix as MS was about the WMF fix, I might indeed install a patch from a 3rd party (as I chose to do for WMF).
There are pros and cons to third party patches (and you have identified a possible negative case), but there solid ways to validate the decision with the security community, even if you can't read the code yourself.
I think its really cool that Landon is spending his time writing counters and taking a decidedly positive action in this investigation.
Personally, I never heard of APE before this, and knowing something about that software is already a positive result for me, even if I only disable rtsp handler (which I have done).
"Venerable" is a funkier, but perhaps less apt spoonerism that "venereal", in this case.
Anyway, the point is "uh oh, wireless drivers could be exploited". I don't KNOW for sure whether my venerable 2003 12" PowerBook G4 is vulnerable to someones venereal malware breaking in via wireless drivers! So, I suggest Apple & Broadcom (in my case) do a code review.
I know these guys aren't classic H8Rs and deserve kudos for publicizing this problem (and with a cautious demo!). Thanks fellahs!
However, the demo, if it used USB adapter for 802.11, was smug in the same way a salesman gets on stage and shows you his software product works on open linux, when really requires a proprietary library you would never buy.
As for Apple user's smugness, I work in infrastructure on 4 O/S from different companies and over a dozen major hardware/software brands every week - this workplace is crawling with vendor engineers and colleagues that are pretty smug, about their platform. You would think effective professionals wouldn't be so smug, but they are. Slashdot is bursting with people who are smug about their O/S, etc. etc. The urge to talk about sticking lit ciggys in smug people's eyeballs is only applauded by those who are smug about their own 'brands'.