I just posted an explanation of Leopard Security (that’s Mac OS X 10.5 for you non-Apple geeks) up on TidBITS. It’s based on my original blog post here, but expanded and simplified to appeal to a more general audience.
I realize I took some liberties with the explanations of buffer overflows, ASLR, vulnerabilities, and exploits, but I had to tailor the content for a less-security-geek audience.
Check it out, and feel free to flame me here.
I do believe that if everything works as advertised this is a very significant release. There are still some big holes (Quicktime anyone?), but Apple seems to be taking security more seriously than in the past few versions.
Reader interactions
2 Replies to “Latest TidBITS Article Posted- Leopard Security”
Not sure- I didn’‘t have access to the beta, so all I know is what APple has posted online. I don’‘t think they’‘ve updated AFP, and I don’‘t recommend you use it.
You didn’‘t mention whether Leopard fixes the single worst security
problem in OSX: the fact that AFP sends user-id and passwords in the clear.
Does Leopard finally enable the SSH support that the File Sharing options
box promises, but does not deliver? Or must we continue using MacFusion
for secure file-sharing over wireless networks?
rgds