just another reason not to allow automatic software updating. i never have, and never will as it's inherently vulnerable, and because i like to know what the heck is being changed on my machine. often earlier versions of software are better for some things, later patches often seek to make bootlegging more difficult and add other problems. if you're browser doesn't say the site is secure, then it's not, at least not fully. in any case, many of the routers in use in many places on the web have known weaknesses which can potentially result in rerouting of traffic, either for interception, or if people are in the mood to provide fake packages and information. you really shouldn't absolutely trust anything on the web, it is inherently vulnerable. i suppose, if you are really worried and do your software updates manually the best thing to do is download from more than one ip/machine and compare the files, this at least makes it less likely you'll end up with mal-ware. apples solution is definately bad, if the system thinks it's detected a bogus file it should by all means alert the owner to the apparent incursion attempt and the file should be saved for future examination, not auto deleted silently without the user even knowing. i've never liked the software update thing, call me a control freak and a paranoid but i like to have control over everything on my machine. then again, even on a dialup line i've been port probed and seen other incursion attempts. the web is becoming a dangerous place. many of the things that let spammers get away with it have potentially much more harmful and nefarious uses. far too many machines on the web will relay things without verification, allowing the source to be other than what it claims to be, either to hide the true sender or harm an uninvolved party.
several sites i know of now serve all thier information securely, to at least reduce the chances of it being distorted by a third party, and these are sites that don't do any online selling but provide crucial information that must be accurate for it to be safely used and to protect the companies involved and thier reputations. https is a step in the right direction, but the web has far too many inherant flaws to ever trust it completely. just consider how many goverment sites, including sites by the cia and nsa have been succesfully hacked before, and that "secure" banking sites have been hacked not to mention misc. business sites having thier customers credit card info stolen. we never even hear about most major security leaks, because the victim company has too much too lose if people find out that they were/are vulnerable, they'd usually rather just eat the loses and not even involve law enforcement rather than let it get out that they've been violated. indeed several hackers have become rich by breaking into sensitive systems and then blackmailing the owners, with the threat of releasing the info they've stolen, using the info they've stolen, letting the press know the data's been stolen, or letting the victims customers know just how insecure thier data is. i'm sure the banking industry has lost far more than any official record indicates, they just simply can't let the public know that thier banking system is vulnerable. i'll definately check out your' links, information is always good, but when it comes to security it's usually not to be taken at face value, from either side of a situation. we live in the age of the spin doctors, but if you know how to read between the lines even the spins are sometimes very revealing to a careful and critical reader. Al Poulin wrote: > > Hello Listers: > > An official of the Virginia Macintosh User Group sent out a report today > about a new danger in using Apple's Software Update facility to download > software. Below is this report about Apple's fix and problems in using it. ---------------- -- As has sadly been recently documented once again, there are three major gangs, the crips, the bloods and the badges, watch out for the badges..... -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
