Forums | MacLife

Apple???     Naaaahhhh!!

"Apple has not yet released patches for the security issues. @Stake has advised Mac users to upgrade to the latest Apple operating system, which is not vulnerable to the flaws. The operating system, OS X 10.3, or Panther, is priced at $129."

Seems very suspicious...

The reports which are found here and here. What I want to know is who is this consulting firm, and why did they publicize these reports, who comissioned them? As one can clearly see from their website @stake They don't issue a security warning for just any security hole, or their site would be obliterated with Micro$oft advisories which it is clearly not.

One then could surmise that this exploit is either:

1) Micro$oft trying to steal OS X thunder away from Apple.
2) Apple trying to get everyone to upgrade for whatever reason.
3) Underpants gnomes are real.
4) Lindows will truely become the "best" OS.

We have all been accustomed to see Micro$oft appear in the news with their security issues, so what is the big deal here? Are we not people who are imperfect? Who does make the perfect OS, not GOD although some would contest that free will corrupted the whole system but that issue is neither here nor there in this discussion.

I guess the biggest question is @stake themselves.....

I'm gonna have to with 3)

I was going to post something, but now I have to go out and buy a lock for my underwear drawer.

What I want to know is who is this consulting firm, and why did they publicize these reports, who comissioned them? As one can clearly see from their website

They are a very well known and trusted security firm.

@stake also dosen't publish security advisories already made or ones discovered by others. They release their own that they find themselves.

If they are releasing security advisories for OS X then they are having customers ask them about OS X. They won't just recommend an OS without tearing into it themselves.

Bottom line is they are good, one of the best in the business for sure.

Here are some of their well known clients. Take note that RSA Data Security is one of them. RSA's work is in every OS on the planet, including OS X. RSA is the biggest provider of encryption software in the world.

http://www.atstake.com/services/clients.html

-=Jax=-

The problem is not in @stake, but in the reporting around the issues by bozos like ZDNet.

Quotes like "leaving security experts wondering if users will have to pay the $129 upgrade fee to be secure" and "Apple apparently doesn't intend to fix the flaws in previous versions of the software" are not directly attributed to Apple (who declined comment) and are second-hand at best.

Was this an official Apple comment? I don't think so.

The article below is a partial response from Apple, and I would expect them to fix it. After two days, it's a bit rich to cry foul at Apple, when we see other OS vendors taking weeks and months to get a security patch out (and sometimes, as in IE, known holes are left unpatched). Note the dates - the article below is dated one day before the ZDNet article.

http://docs.info.apple.com/article.html?artnum=61798

The problem here is biased reporting by reporters who are just unable to go and find out what's really happening. Much better to go with a knee-jerk reaction - "Apple security hole not fixed after two days of notice!" and pretend to have actually tried to find out the real situation.

I look forward to similar reporting by the same correspondent on Microsoft security issues.