http://i.zdnet.com/blogs/mac_os_x_filevault_exposed.png

An Apple programmer, apparently by accident, left a debug flag in the most recent version of the Mac OS X operating system. In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.
http://www.zdnet.com/blog/security/apple-security-blunder-exposes-lion-login-passwords-in-clear-text/11963

I think this is a level beyond ******, what kind of programmer misses this.

And the "secure" macs get another blow

Bit stupid of them really. I wonder how long it will take them to fix it this time round.

Bit stupid of them really. I wonder how long it will take them to fix it this time round.
The question really should be: How long will it take for them to accept responsibility and not blame their users?

The question really should be: How long will it take for them to accept responsibility and not blame their users?
Aren't Apple products meant to be user-friendly?

Aren't Apple products meant to be user-friendly?
Obviously not but Apple will say that, then their fanbase lap it up like a cat to cream. Do not flame those who blindly follow their religion, but pity them.

Apple have now fixed the fault - http://www.neowin.net/news/apple-mac-os-x-lion-update-fixes-password-flaw

Considering they only had to disable some logging I'm surprised it took this long.

Bit stupid of them really. I wonder how long it will take them to fix it this time round.

Abit too long but I've seen a lot worse, got fixed in the end; didn't affect me same as the Java exploit although with OS X becoming increasingly more popular I'll soon be looking for an AV.


what kind of programmer misses this.

One who's human.


Aren't Apple products meant to be user-friendly?

Based on how well Apple is doing I would say that users think their products are quite user friendly, based on that same fact I'd say it's no surprise that folks are beginning to target OS X more often. If your Consumer Operating System is targeted for viruses I'd say that means it must be pretty successful.


The question really should be: How long will it take for them to accept responsibility and not blame their users?

Oh please, they're no worse then many other companies when it comes to pointing at users being stupid. Microsoft has been taking advantage of stupid people for years - just look at how many people still use Internet Explorer!!!

*snip*
I see you've got a job mucking out the Apple stables :P Do you want a silver sword to go with your shield, Oh Apple knight in shining armour? :P Also, your example of IE and Microsoft is pretty lousy - first, you can use a different browser, and Microsoft doesn't call their users stupid for using IE, it's more self-inflicted and closer to home. Secondly, Microsoft tend to make it so their OS' do not do stupid things, like delete all user data after an update OR expose passwords. Besides, what I said was a joke but I guess Apple zealots can't take them and only exist to defend their religion.

I see you've got a job mucking out the Apple stables :P Do you want a silver sword to go with your shield, Oh Apple knight in shining armour? :P Also, your example of IE and Microsoft is pretty lousy - first, you can use a different browser, and Microsoft doesn't call their users stupid for using IE, it's more self-inflicted and closer to home. Secondly, Microsoft tend to make it so their OS' do not do stupid things, like delete all user data after an update OR expose passwords. Besides, what I said was a joke but I guess Apple zealots can't take them and only exist to defend their religion.

Perhaps you missed this http://www.habboxforum.com/showthread.php?t=748104&p=7532980

Perhaps you missed this http://www.habboxforum.com/showthread.php?t=748104&p=7532980
That's not stupid, that's just careless and unwise - huge differences. Stupid is making it so IE9 gives out your details in a simple format, or delete everything on your Windows RT device. What they've done here is stick their fingers up at the competition, while at the same time made their product appear undesirable to those who may think IE9 is terrible. Besides, IE9 for Windows ARM devices may actually be very good - tailored for the device - isn't it usually you who touts "You must try it before criticising it?" :P

That's not stupid, that's just careless and unwise - huge differences. Stupid is making it so IE9 gives out your details in a simple format, or delete everything on your Windows RT device. What they've done here is stick their fingers up at the competition, while at the same time made their product appear undesirable to those who may think IE9 is terrible. Besides, IE9 for Windows ARM devices may actually be very good - tailored for the device - isn't it usually you who touts "You must try it before criticising it?" :P

Windows 8 will ship with IE10.

That's not stupid, that's just careless and unwise - huge differences. Stupid is making it so IE9 gives out your details in a simple format, or delete everything on your Windows RT device. What they've done here is stick their fingers up at the competition, while at the same time made their product appear undesirable to those who may think IE9 is terrible. Besides, IE9 for Windows ARM devices may actually be very good - tailored for the device - isn't it usually you who touts "You must try it before criticising it?" :P

If security exploits are acts of stupidity then Microsoft is incredibly stupid by your definition (http://technet.microsoft.com/en-us/security/bulletin/ms12-020) (and if I were to find a list of all Microsoft's security exploits it would be absolutely massive as would any major software companies really).

You also brought up IE and it speaks for itself why IE is stupid so I'm not going to bother explaining it in my post.


Windows 8 will ship with IE10.

Automatic updates IE10? Excellent news, the entire industry will benefit from this.

If security exploits are acts of stupidity then Microsoft is incredibly stupid by your definition (http://technet.microsoft.com/en-us/security/bulletin/ms12-020) (and if I were to find a list of all Microsoft's security exploits it would be absolutely massive as would any major software companies really).

Just pointing out...



By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Just pointing out...

[/FONT][/COLOR]

Microsoft is so cheap they don't even give their home users RDP in the first place.

Microsoft is so cheap they don't even give their home users RDP in the first place.

What have you been smoking?

Microsoft is so cheap they don't even give their home users RDP in the first place.

Why does a non-technical home user need RDP? The point in providing home editions is that consumers aren't paying for features they're simply not going to use. Of course, including RDP in a home edition would be an extremely stupid security mistake, considering the ridiculous passwords most users use and the ease of brute force attacks.

I'm done with you, you're always right in your little world x

What have you been smoking?

Not the same thing this guy is smoking (http://www.habboxforum.com/showthread.php?t=748072&p=7534032#post7534032)


Why does a non-technical home user need RDP? The point in providing home editions is that consumers aren't paying for features they're simply not going to use. Of course, including RDP in a home edition would be an extremely stupid security mistake, considering the ridiculous passwords most users use and the ease of brute force attacks.

I'm done with you, you're always right in your little world x

A lot of the time they don't need it, and my little world is awesome.

Not the same thing this guy is smoking (http://www.habboxforum.com/showthread.php?t=748072&p=7534032#post7534032)



A lot of the time they don't need it, and my little world is awesome.

And if they really wanted it then I'm sure they would get the version that has it included.

And if they really wanted it then I'm sure they would get the version that has it included.

An inconvenience. Anywho my point stands, Apple cannot be generalized as stupid because they had several security exploits, because Microsoft has had security exploits and every software developer under the sun is going to be careless at some point in their career and accidentally leave a nasty trail or a backdoor open in the wrong place. Either everyone within reason is stupid, or nobody is.

An inconvenience. Anywho my point stands, Apple cannot be generalized as stupid because they had several security exploits, because Microsoft has had security exploits and every software developer under the sun is going to be careless at some point in their career and accidentally leave a nasty trail or a backdoor open in the wrong place. Either everyone within reason is stupid, or nobody is.

It isn't really.

An inconvenience.
I can hear Winnie the Pooh exclaiming "oh bother" because his bank details and personal information has been stolen by cyber-criminals already.

You also brought up IE and it speaks for itself why IE is stupid so I'm not going to bother explaining it in my post.
I think you will find you did in the first reply you made in this thread ;) Perhaps you should stop blind raging over something you appear to not use, you seem to be getting judged on your lack of knowledge and, as evident in this post, blind accusations.


An inconvenience. Anywho my point stands, Apple cannot be generalized as stupid because they had several security exploits, because Microsoft has had security exploits and every software developer under the sun is going to be careless at some point in their career and accidentally leave a nasty trail or a backdoor open in the wrong place. Either everyone within reason is stupid, or nobody is.
And my point still stands that Apple seem to shovel blame to their customers rather than fix the problem quickly (this problem took long enough to fix). All companies can be stupid, but real stupidity is carelessly taking your time fixing what can be quite serious, while at the same time denying all knowledge and not taking the blame. Stop playing the Apple Knight, they won't give you a job or free things, and you're coming off as a bit of a religious fanatic ;)

Not really going to bother reading through this thread because I am sure there is plenty of "Told you so - Apple is terrible," going on. If there isn't, big up to HxF.

This could have happened anywhere. Personal data leaks like this have happened across the board and definitely in places with more serious consequences. There are online banking and payment sites all over the world that have experienced user information breaches over the years because of one poor coder. This literally has nothing to do with Apple's coding practice other than the fact that this mistake happened with a release of an Apple operating system. Taking the torch to Apple over this is like taking an issue with the fact that you got an undercooked burger from Burger King even though you have gotten plenty from McDonalds and saying Burger King is terrible.

What I mean to say here is that this really has nothing to do with Apple's security. It was the work of one human who made a mistake who just happened to be employed by Apple. This could have happened to anyone from Microsoft to Neopets (or even, say, NASA (http://iqsecur.blogspot.ca/2012/02/analysis-of-leaked-nasa-passwords.html)).

I didn't see a four page thread of people talking about the fact that someone working for a hugely important agency in the American government had the password 'nasa1234'. Oh wait, not one person — eight. Five of them chose 'llama'. A difficult captcha would be more secure than that.

Not really going to bother reading through this thread because I am sure there is plenty of "Told you so - Apple is terrible," going on. If there isn't, big up to HxF.

This could have happened anywhere. Personal data leaks like this have happened across the board and definitely in places with more serious consequences. There are online banking and payment sites all over the world that have experienced user information breaches over the years because of one poor coder. This literally has nothing to do with Apple's coding practice other than the fact that this mistake happened with a release of an Apple operating system. Taking the torch to Apple over this is like taking an issue with the fact that you got an undercooked burger from Burger King even though you have gotten plenty from McDonalds and saying Burger King is terrible.

What I mean to say here is that this really has nothing to do with Apple's security. It was the work of one human who made a mistake who just happened to be employed by Apple. This could have happened to anyone from Microsoft to Neopets (or even, say, NASA (http://iqsecur.blogspot.ca/2012/02/analysis-of-leaked-nasa-passwords.html)).

I didn't see a four page thread of people talking about the fact that someone working for a hugely important agency in the American government had the password 'nasa1234'. Oh wait, not one person — eight. Five of them chose 'llama'. A difficult captcha would be more secure than that.

It has everything to do with Apple's practices though, whether it be security oriented or not. The fact that a debug flag could be left set and be pushed out to the public like this is ridiculous. I hope Apple test, QA and test some more when it concerns updates that are due to be pushed out to the public.

How something as simple like this got through what should have been many lines of people before being authorised to be pushed out is beyond me.