Obviously Apple doesn't take OS X seriously anymore.
To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.
So are you going to get rid of all your Apple gear and go with a truly secure operating system? I mean who would want to stick with a company as ‘non-professional’ as Apple. All this indignation but are you going to DO something about it? Just pontificating, blathering, whining, what?
Huh. Let me try again then. It's possible that I misunderstanding the vulnerability (which is why I asked for clarification of your assertions in the first place).
I thought the bug only allowed sites to impersonate other secured sites. Is it really that case that nothing that was sent via Safari to a secure site was actually encrypted at all?
Any packets you thought you were sending via Apple's SSL is potentially readable. This is why people made a comment about not using public WiFi but they weren't considering the start to finish with all the servers and routers between you and the end server to which you thought you were making a secure connection.
Impersonating a secured site is irrelevant as phishing scams (which this is not) is about impersonating a site in general. In fact, a phishing site could still use SSL that was truly encrypted but you're willfully giving them your data.
Obviously Apple doesn't take OS X seriously anymore.
To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.
I would have liked to have seen an update issued as swiftly as with iOS but I think the Mac update was still issued quickly.
Beliefs can be false. Opinions are beliefs. Therefore opinions can be false. <span style="line-height:1.4em;">Since I’ve already said that, there’s no reason for me to be repeating it. Doesn’t even bear it. And yet here we are. I don’t get it. </span>
<img alt=":???:" src="http://forums-files.appleinsider.com/images/smilies/1confused.gif" style="line-height:1.4em;">
You can think something and be wrong.
A belief can be false but the view (i.e.: opinion) can't be false since it's a self-report. It's a difference of where the subject resides in the statement. For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.
…the view (i.e.: opinion) can’t be false since it's a self-report.
Unless it explicitly contradicts their knowledge or is willfully presented as a contradiction to established fact.
For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.
I just installed the update onto my MacBook Pro… and now the speakers do NOT work! Still get sound via bluetooth, but no sound out via the speakers at all… geez.
-e
Obviously Apple doesn't take OS X seriously anymore.
To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.
Yes. Clearly they were dicking around for 4 days instead of fixing this bug. /s
What problems are you having? Just wondering if they are the same as mine.
I replied back earlier but didn't quote it so not sure if u read it but said that after a while it synced up it seemed to be working good. The problem was that deleted messages from other devices or even gmail web would stay in the Mac mail inbox and unread counts wouldn't be right. Anyway after a while I'm here to say it's definitely finally working great for me. About time.
…the view (i.e.: opinion) can’t be false since it's a self-report.
Unless it explicitly contradicts their knowledge or is willfully presented as a contradiction to established fact.
For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.
Sure, a “truthful opinion”, but still incorrect.
I do wish you'd stop being such an a**hole TS. Its boring. Its offensive.
A belief can be false but the view (i.e.: opinion) can't be false since it's a self-report. It's a difference of where the subject resides in the statement. For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.
That's exactly the example I was going to use - I better change the password in my brain.
I'm on the other side, though: If my opinion is that "The Earth is flat", then that opinion is contrary to fact, and is false. The statement "I believe the Earth is flat" is still true, of course, but that's a statement ABOUT my opinion, not the opinion itself.
By the way, did anyone see the episode of "The Good Wife" where the judge required all the lawyers to end their statements with "in my opinion"?. It was pretty funny.
Huh. Let me try again then. It's possible that I misunderstanding the vulnerability (which is why I asked for clarification of your assertions in the first place).
I thought the bug only allowed sites to impersonate other secured sites. Is it really that case that nothing that was sent via Safari to a secure site was actually encrypted at all?
They could try and impersonate a secure site but then they might as well phish you to a http site, who looks at the bar anyway?
The main issue is man in the middle. An attacker ( c) can intercept secure traffic between a + b by reading the public key from (a) requested by (b) and then pretending to be (a) but sending it's own public key so it can decrypt (b)'s messages.
Having a properly signed cert verification stage should cause this attempt to fail. The last part of the missing code in apples goto fail missed the verification step ( which either has a list of known certs, or talks to an authority, like Verisign, or both).
This is very basic and it calls into question not just the coding style which lead to this ( not just the gotos but the way it would succeed, ie actually just clean up when sopposedly "failing") and lack of code reviews and proper compiler warnings - I mean that's true but people are human - but the testing. The sad truth is nobody in Apple tested a site with a bad cert, nobody wrote those test scripts. That's the fundamental test for ssl security. The goto fail website produced a test in 10 minutes. What is going on?
That's exactly the example I was going to use - I better change the password in my brain.
I'm on the other side, though: If my opinion is that "The Earth is flat", then that opinion is contrary to fact, and is false. The statement "I believe the Earth is flat" is still true, of course, but that's a statement ABOUT my opinion, not the opinion itself.
By the way, did anyone see the episode of "The Good Wife" where the judge required all the lawyers to end their statements with "in my opinion"?. It was pretty funny.
That scene was posted to this forum a couple weeks ago. It was the first time I had ever seen a clip from that show and makes me want to watch the show after I finish up with my current season of shows.
Awww, they fixed the Gotofail bug. Now what will all these poor click-whoring bloggers and stock manipulators have to get their panties all bunched up for now?
They patched it but remember that everything you may have sent via for the last 18 months can now be easily read by anyone that may have captured your data. It's not just public WiFI hotspots you need to consider. In fact, I'd say that is the least likely threat to your privacy you are bound to experience from this security bug. Again, I recommend everyone at least change their iTunes/iCloud password.
Unfortunately we all thought everything was fine up until late last week.
If wifi hotspots aren't a concern, then what things are (or were)?
And if someone has my info, why bother waiting for me to change my passwords? Why not use that info right away before I know what's happened?
They may not believe it, but some of their die-hards do
You are just plain wrong. In fact Apple always made a point of NOT making such claims. Of course for a long time it was true that exploits were not directed against them and many outside Apple noted that fact. But Apple never once said that the OS was impregnable. Hackers were not targeting them but that was simply because they would not reap the same level of damage and consequent notoriety. Apple were very careful and circumspect on this issue — traits that you would do well to acquire. You are spreading nonsense here and no one appreciates it. Go away; learn how to think and post responsibly.
I've never had any of the fixed problems with Mail, unread messages or unread counts, then again I don't use GMail.
Unfortunately ALL my Mail issues remain :
The Address Panel is still dead and useless, clicking or double-clicking still doesn't populate To: or Bcc: boxes, not with Groups or even individuals. Is there a new setting in Mavericks that I missed ?
Message Attributes are always reset, specifically Size, where you have to select it twice every time to get it back, for every folder, before you actually get the Size to display as well as the checkmark in the menu.
When initiating an email from Safari, Font always resets to Times New Roman rather than the default chosen in Preferences and the Format bar is always hidden.
Of course these are minor annoyances compared to security issues which is the dominant topic of this forum,but it's always frustrating when some of your legacy features and conveniences that you've been using for many years are stripped for no apparent reason. Suggestions of fixes would be welcome. Anybody ?
Comments
Obviously Apple doesn't take OS X seriously anymore.
To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.
So are you going to get rid of all your Apple gear and go with a truly secure operating system? I mean who would want to stick with a company as ‘non-professional’ as Apple. All this indignation but are you going to DO something about it? Just pontificating, blathering, whining, what?
Any packets you thought you were sending via Apple's SSL is potentially readable. This is why people made a comment about not using public WiFi but they weren't considering the start to finish with all the servers and routers between you and the end server to which you thought you were making a secure connection.
Impersonating a secured site is irrelevant as phishing scams (which this is not) is about impersonating a site in general. In fact, a phishing site could still use SSL that was truly encrypted but you're willfully giving them your data.
I would have liked to have seen an update issued as swiftly as with iOS but I think the Mac update was still issued quickly.
A belief can be false but the view (i.e.: opinion) can't be false since it's a self-report. It's a difference of where the subject resides in the statement. For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.
Unless it explicitly contradicts their knowledge or is willfully presented as a contradiction to established fact.
Sure, a “truthful opinion”, but still incorrect.
Yes, but at least your secrets are safe.
Yes. Clearly they were dicking around for 4 days instead of fixing this bug. /s
If his speakers worked it would interfere with the NSA listening through his microphone.
Who knows. However a non secure SSL layer is hardly something to ignore.
Unless it explicitly contradicts their knowledge or is willfully presented as a contradiction to established fact.
Sure, a “truthful opinion”, but still incorrect.
I do wish you'd stop being such an a**hole TS. Its boring. Its offensive.
Wish you’d at least say something that actually contradicts when you claim there is a contradiction.
A belief can be false but the view (i.e.: opinion) can't be false since it's a self-report. It's a difference of where the subject resides in the statement. For instance, if someone stated "I believe the Earth is flat" it's a truthful opinion that they think the Earth is flat even though it's factually incorrect.
That's exactly the example I was going to use - I better change the password in my brain.
I'm on the other side, though: If my opinion is that "The Earth is flat", then that opinion is contrary to fact, and is false. The statement "I believe the Earth is flat" is still true, of course, but that's a statement ABOUT my opinion, not the opinion itself.
By the way, did anyone see the episode of "The Good Wife" where the judge required all the lawyers to end their statements with "in my opinion"?. It was pretty funny.
Obviously Apple doesn't take OS X seriously anymore.
To wait several days for the 10.9.2 release to fix a severe bug like this - I'm gobsmacked how non-professional Apple's behaviour in this case is.
*yawn*
Yeah, how dare they make sure the fix works properly¡!
Yeah... he's so "gobsmacked", that makes it even more important!!!
They could try and impersonate a secure site but then they might as well phish you to a http site, who looks at the bar anyway?
The main issue is man in the middle. An attacker ( c) can intercept secure traffic between a + b by reading the public key from (a) requested by (b) and then pretending to be (a) but sending it's own public key so it can decrypt (b)'s messages.
Having a properly signed cert verification stage should cause this attempt to fail. The last part of the missing code in apples goto fail missed the verification step ( which either has a list of known certs, or talks to an authority, like Verisign, or both).
This is very basic and it calls into question not just the coding style which lead to this ( not just the gotos but the way it would succeed, ie actually just clean up when sopposedly "failing") and lack of code reviews and proper compiler warnings - I mean that's true but people are human - but the testing. The sad truth is nobody in Apple tested a site with a bad cert, nobody wrote those test scripts. That's the fundamental test for ssl security. The goto fail website produced a test in 10 minutes. What is going on?
That scene was posted to this forum a couple weeks ago. It was the first time I had ever seen a clip from that show and makes me want to watch the show after I finish up with my current season of shows.
[VIDEO]
Awww, they fixed the Gotofail bug. Now what will all these poor click-whoring bloggers and stock manipulators have to get their panties all bunched up for now?
time to raise the bounty. we need dirt.
They patched it but remember that everything you may have sent via for the last 18 months can now be easily read by anyone that may have captured your data. It's not just public WiFI hotspots you need to consider. In fact, I'd say that is the least likely threat to your privacy you are bound to experience from this security bug. Again, I recommend everyone at least change their iTunes/iCloud password.
Unfortunately we all thought everything was fine up until late last week.
If wifi hotspots aren't a concern, then what things are (or were)?
And if someone has my info, why bother waiting for me to change my passwords? Why not use that info right away before I know what's happened?
exactly!!! lets be practical about this.
They may not believe it, but some of their die-hards do
You are just plain wrong. In fact Apple always made a point of NOT making such claims. Of course for a long time it was true that exploits were not directed against them and many outside Apple noted that fact. But Apple never once said that the OS was impregnable. Hackers were not targeting them but that was simply because they would not reap the same level of damage and consequent notoriety. Apple were very careful and circumspect on this issue — traits that you would do well to acquire. You are spreading nonsense here and no one appreciates it. Go away; learn how to think and post responsibly.
Shut up and go away.
It’s laughable how pathetic you are.
Here's one where they're talking about Macs not getting viruses.
I've never had any of the fixed problems with Mail, unread messages or unread counts, then again I don't use GMail.
Unfortunately ALL my Mail issues remain :
Of course these are minor annoyances compared to security issues which is the dominant topic of this forum, but it's always frustrating when some of your legacy features and conveniences that you've been using for many years are stripped for no apparent reason. Suggestions of fixes would be welcome. Anybody ?