Post #421,505
11/29/17 7:06:45 PM
11/29/17 7:06:45 PM
|
It goes beyond the root account
|
Post #421,506
11/29/17 7:35:42 PM
11/29/17 7:35:42 PM
|
Thanks for the pointer.
I used to read TheReg every day, now I rarely do. Too little time, too many other distractions...
Cheers, Scott.
|
Post #421,514
11/30/17 2:27:41 AM
11/30/17 2:27:41 AM
|
You're not missing much
It's a crappy link aggregator much of the time, with the odd shouty rant.
Not a shadow of its former self, sadly.
|
Post #421,518
11/30/17 8:35:09 AM
11/30/17 8:35:09 AM
|
Only thing I still read is BOFH
|
Post #421,525
11/30/17 7:38:05 PM
11/30/17 7:38:05 PM
|
And the BOFH kind of lost its way years ago and never really recovered. :-/
|
Post #421,531
12/1/17 10:17:24 AM
12/1/17 5:49:36 PM
|
Not what it used to be
The body count is getting a bit past satire at this point.
Edited by drook
Dec. 1, 2017, 05:49:36 PM EST
|
Post #421,543
12/2/17 2:16:57 AM
12/2/17 2:16:57 AM
|
The BOFH and the PFY come across as just mean, now.
|
Post #421,512
11/30/17 12:15:30 AM
11/30/17 12:15:30 AM
|
When Convenience overwhelms Security.
I recall Microsoft used to have this problem.
Wade.
|
Post #421,513
11/30/17 2:26:56 AM
11/30/17 4:00:09 AM
|
There is something wrong at Apple
...with specific respect to testing. The GotoFail bug from 2014 was pretty egregious - all sorts of non-controversial methods could and should have caught it (checking for repeated lines of code, which should be inspected; checking for unreachable code; actually fucking testing that an invalid certificate didn't fucking work, etc.) and the speed with which Apple has turned round the fix would indicate that this is similarly sloppy and easily fixed. There was the APFS password hint bug. https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79 There was the keychain bug. http://mashable.com/2017/09/26/apple-mac-os-high-sierra-password-exploit/?utm_cid=a-seealsoNot to mention a raft of less critical but still annoying bugs - the random restart/freeze bug would not generate good cheer, for example. (I found an interesting analysis of the APFS password hint bug, and I'll update this post when I find it again. tl;dr: it's just as idiotic as the GotoFail bug - ETA link https://objective-see.com/blog/blog_0x23.html - it's another copy/paste error) Apple is an organisation with no excuses - it has the resources and the talent to do this properly. This is a question of management priorities. Whatever Apple says about its commitment to security is irrelevant; the facts are there for all to see.
Edited by pwhysall
Nov. 30, 2017, 04:00:09 AM EST
|
Post #421,515
11/30/17 5:31:41 AM
11/30/17 5:31:41 AM
|
And they broke the fix
There are unconfirmed reports that the patch breaks certain configurations of SMB file sharing: https://arstechnica.com/civis/viewtopic.php?p=34406677#p34406677This security update breaks SMB file sharing if you don't have the "Less secure" password setting turned on. If you don't have that setting turned on and try to connect to a patched Mac, your password will not be accepted. Quality work, Apple.
|
Post #421,516
11/30/17 7:39:57 AM
11/30/17 7:39:57 AM
|
It's been that way for a long time.
A friend bought a 1U MacOS Server machine for work. It was nice, but the fans were very loud. He said all kinds of simple yet important things related to account permissions, IIRC, would break whenever he updated the OS. It was as if they had done no testing at all before rolling it out.
As you say, they've got no excuse. But it shows that they continue to not really care about macOS.
Cheers, Scott.
|