Focus on Apple
Heise warns of flaw in Apple Mail Nov 20 2007 09:07PM
Michael Dalling (mtdalling gmail com) (1 replies)
Re: Heise warns of flaw in Apple Mail Nov 21 2007 12:17AM
Indy (ind cca smith gmail com) (1 replies)
Re: Heise warns of flaw in Apple Mail Nov 21 2007 09:16AM
Derek Chesterfield (dez mac com) (1 replies)
Re: Heise warns of flaw in Apple Mail Nov 21 2007 09:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies)
Re: Heise warns of flaw in Apple Mail Nov 22 2007 06:32PM
Derek Chesterfield (dez mac com)

On 21 Nov 2007, at 21:08, Radoslav DejanoviÄ? wrote:

> Derek Chesterfield wrote:
>> And why did they have to hype it up by claiming Apple
>> 'reintroduced' the old bug from March 2006? This is clearly a new
>> bug introduced in the new quarantine feature, otherwise the dialog
>> would never appear.
>
> Does it matter?

I believe it does. Saying that Apple reintroduced an old bug suggests
incompetence, and implies that Apple cannot be trusted with your
security. [Whether they can be trusted or not is beyond the scope of
this reply, but I don't believe this *new* bug implies that, at least
not in the way Heise implies.]

> Of course, that might be completely different piece of code that
> produced the bug with similar features, but from the end-user
> perspective, this *is* the old bug reintroduced.

I don't think the end user is Heise's target audience. They are
publishing technical information for technical people. Unfortunately
other publications pick up the story, and link to it in their own
publications, which are targeted at a less technical audience, whose
opinion on this issue will be tarnished with the same colour as
Heise's comments. And those users, being less technical, will not know
the difference.

> Given, the wording might not reflect the inner truth of this bug,
> but on the other side if Apple already corrected such misbehavior of
> Mail, they should have checked it in the new code as well. Or, at
> least have their QA department do more strict security check?

It certainly could have been discovered before release, yes. I am not
excusing Apple for allowing this bug through, but I think Heise are
misrepresenting the history of the problem in this instance.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus