Re: Security Update 2010-004 for Leopard 10.5
At 1:11 AM -0700 6/18/2010, Ed Grey wrote: test Unless you're the list administrator, there is NEVER a need to send a test message to an entire mailing list. Be considerate. There are people on the lists with slow and/or metered connections. Don't waste their bandwidth. In the furture, if you're worried, go look at the group via the web and take note of your previous postings. I had the test message up for about 5 seconds, and then deleted it. It turned out that there was a problem with cookies in my Firefox browser that caused Google group posting attempts to go into an infinite loop. In the process of diagnosing the problem, I needed to see if another browser would work. I only post messages on rare occasions, so I needed a sample. I would say that the complaint about it took up a lot more bandwidth and was a lot more annoying than the one-word post I put up for 5 seconds. Every time someone does something that violates a tiny rule in a tiny way for a tiny amount of time, there are always some self-righteous enforcers ready to make things a lot worse and alienate yet more people. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
I had the test message up for about 5 seconds, and then deleted it. It turned out that there was a problem with cookies in my Firefox browser that caused Google group posting attempts to go into an infinite loop. In the process of diagnosing the problem, I needed to see if another browser would work. I only post messages on rare occasions, so I needed a sample. I would say that the complaints about it took up a lot more bandwidth, and made no suggestions on how to lawfully do the kind of testing I needed to do. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
My understanding is that Apple is not releasing any more security updates for Tiger. There are still some updates for apps that run in Tiger, but even Firefox is discontinuing support after version 3.6. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
On Jun 16, 3:44 am, Kris Tilford ktilfo...@cox.net wrote: Apple hasn't yet issued a security update for Tiger, so perhaps it's truly abandoned forever now? My understanding is that Apple is not releasing any more security updates for Tiger. There are still some updates for apps that run in Tiger, but even Firefox is discontinuing support after version 3.6. That leads to the question I was going to ask before I saw this thread - without new security updates, is there any reason to worry about using Tiger on the Internet? -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
test On Jun 18, 3:05 am, Ed Grey edwg...@gmail.com wrote: On Jun 16, 3:44 am, Kris Tilford ktilfo...@cox.net wrote: Apple hasn't yet issued a security update for Tiger, so perhaps it's truly abandoned forever now? My understanding is that Apple is not releasing any more security updates for Tiger. There are still some updates for apps that run in Tiger, but even Firefox is discontinuing support after version 3.6. That leads to the question I was going to ask before I saw this thread - without new security updates, is there any reason to worry about using Tiger on the Internet? -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
On Jun 18, 2010, at 1:05 AM, Ed Grey wrote: That leads to the question I was going to ask before I saw this thread - without new security updates, is there any reason to worry about using Tiger on the Internet? Almost all of the security updates involve either local privilege escalation, meaning the bad guy has to already have a local account, or involve fixes to third party software shipped with OS X (the Open source Unix stuff) which you may or may not be using. (or in both cases may not even HAVE in 10.4) As a rule, if you don't have any of the boxes checked in the sharing panel in Sharing prefs, your Mac is pretty much protected against external attacks conducted without your assistance. Moreover, if you're a typical home user, behind a NAT (such as a cable router or wireless access router, like an Airport) the bad guys can't GET to your computer from the outside; all interaction needs to be initiated from YOUR side of the connection. OS X, for all the hype that's constantly generated out there by self-serving security folks with an agenda or sales pitch, is a very low risk system. By design it's harder to attack and by population it's a smaller target. Anyone is vulnerable to a 'trojan horse' type attack, if you install the bad guy's back door for him you're toast; however, these sorts of attacks have been tried and don't seem to go anywhere. As I said, by design OS X is a lot safer...it's harder to attack successfully. So far the only ones seen in the wild have been found in places like warez trading and porn sites. I have never really felt insecure running a Mac wide open on the internet since the OS 8 days. The only virus infection I've EVER gotten on any of my Macs was the WDEF virus. I've taken precaustions with That was cured, permanently, by bringing a bunch of floppies to the college bookstore and getting a copy of that new-fangled OS 7 everyone had been talking about 8-) It is prudent to install the security updates; moreso if you mess around with Unix stuff on your Mac...but if you're doing that, it's kinda presumed that you are taking the requisite care to avoid getting pwned. Is the Mac un-hackable? Not in the slightest. If a sufficiently talented and motivated bad guy sets his or her sights on you, your system can be compromised. Are you vulnerable to the run-of-the mill skriptkiddy and botnet attacks? Pretty much yes. Those are all lowest-common-denominator wholesale mass attacks, based on people running bogus 'greeting cards' or 'sales orders' or the... Your account of the email writings Storage has been delimitized due to spamattacks, please to click here and verify your dearest details. Thank you The IT Technology Mail Expediting Support Team ...emails that supposedly come from your systems administrators or ISP, now that apparently they've been outsourced to some random email address in Romania. 95% of internet security is the purely human task of recognizing when something isn't rightlike those emails: just trash 'em. They will NEVER be legitimate. Clicking on a web page should never cause an OSX permissions dialog to pop up on your computer asking for permission to install something. If it does it's either ^...@%@!#$@ Adobe with Flash 10.2.34455456.678675.456 that they updated with all fresh security holes ten minutes ago or it's malware. (There is great debate as to whether there is actually a difference.) Long story short, you're probably OK. If you use some of the underlying 3rd party technologies that are updated (Apache, various languages, other utilities, etc) and are still using 10.4 it behooves you to go get the patches from the original third parties and fix it yourself. Note, this implies that you have such expertise...if you don't, there are usually many ways to make your computer do the work. If you don't use these things, then you don't need to worry. If you are seriously concerned, go dig up the Apple security guide for 10.4, the one developed in conjunction with the NSA, and follow those directions. You'll have a secure mac, believe me -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
On Jun 18, 2010, at 10:06 AM, Bruce Johnson wrote: I have never really felt insecure running a Mac wide open on the internet since the OS 8 days. The only virus infection I've EVER gotten on any of my Macs was the WDEF virus. I've taken precaustions with The life of a sysadmin is interrupt-driven. What I MEANT to say was: I've taken precautions with my iMac at work, but that's because I do have things open like remote login, am running file-sharing, am running Apache, have PHP installed and working, etc., AND my iMac has an internet accessible IP address. Hit http://dbdev2.pharmacy.arizona.edu and that's my imac. At any given time I may be running MySQL, testing CGI scripts, etc etc. In other words, in many respect my iMac is behaving as much as a server as it is a workstation. Most people's Mac are not. That requires server-level security attention. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
At 1:02 AM -0700 6/18/2010, Ed Grey wrote: My understanding is that Apple is not releasing any more security updates for Tiger. My understanding. Yea, a lot of people suddenly understand that -- but there has been no announcement from Apple. So it's just a guess. There are still some updates for apps that run in Tiger, Some? Thousands per month. but even Firefox is discontinuing support after version 3.6. Of course app developers are moving on. Apple forces this by making it more and more difficult to produce older-OS compatible builds in XCode. heh. I'm starting to run into things that only run on the latest version of Snow Leopard. At 1:11 AM -0700 6/18/2010, Ed Grey wrote: test Unless you're the list administrator, there is NEVER a need to send a test message to an entire mailing list. Be considerate. There are people on the lists with slow and/or metered connections. Don't waste their bandwidth. In the furture, if you're worried, go look at the group via the web and take note of your previous postings. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
[Manager Comment] Re: Security Update 2010-004 for Leopard 10.5
On Jun 18, 2010, at 11:36 AM, Dan wrote: At 1:11 AM -0700 6/18/2010, Ed Grey wrote: test Unless you're the list administrator, there is NEVER a need to send a test message to an entire mailing list. Be considerate. There are people on the lists with slow and/or metered connections. Don't waste their bandwidth. In the furture, if you're worried, go look at the group via the web and take note of your previous postings. It is a violation of Netiquette for all LEM Groups to post test messages. http://www.lowendmac.com/lists/netiquette.shtml Sometimes members become impatient when their messages do not appear instantly. In most such cases it is because the affected members have been placed under moderation by a Group Manager, typically for violation of group rules, so that their messages have to be reviewed and approved by a Group Manager, then released for posting to the Group. Fabian Fang LEM G-Group Manager -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Security Update 2010-004 for Leopard 10.5
Apple hasn't yet issued a security update for Tiger, so perhaps it's truly abandoned forever now? Leopard 10.5 Security Update 2010-004 includes the latest Flash and Shockwave players bundled inside. Evidently Apple thinks Adobe Flash Shockwave are such bad security risks that they need to force the issue and upgrade Apple users en masse. Tiger 10.4 users should probably download install the latest Flash Shockwave ASAP since Apple Adobe won't do it for you. It's a real shame that there isn't automatic updating for Adobe Flash. I hope HTML5 makes Flash obsolete. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
At 3:44 AM -0500 6/16/2010, Kris Tilford wrote: Apple hasn't yet issued a security update for Tiger, so perhaps it's truly abandoned forever now? Or the particular patches aren't applicable to the versions of the softwares in Tiger. The recent Safari 4.1 for Tiger, btw, included a boat load of security patches. Leopard 10.5 Security Update 2010-004 includes the latest Flash and Shockwave players bundled inside. Evidently Apple thinks Adobe Flash Shockwave are such bad security risks that they need to force the issue and upgrade Apple users en masse. Which latest? Exactly what version? (Adobe has put out several recently). Tiger 10.4 users should probably download install the latest Flash Shockwave ASAP since Apple Adobe won't do it for you. Flash 10.1.53.64 is ok, in that it fixes a number of security vulnerabilities and has an h.264 codec that performs a tad bit faster than the one in 10.0.x. But it is LESS stable than the last few 10.0.x releases. It's a real shame that there isn't automatic updating for Adobe Flash. Yes, it would be a good idea to force users to put poorly tested Adobe crap on their systems on a continual basis. sigh. It's good when a trusted company with a high quality product does auto-updating. IMO, that's a club that Adobe left a decade ago and has no interest in joining. I hope HTML5 makes Flash obsolete. It will, but it's going to take a few years. We can all do our part... Install a flash blocker and make sure you totally block flash-based ads. By blocking them, you are telling that web site and the ad company that Flash is unacceptable. They'll get the message as they see the stats and their revenue change. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
We can all do our part... Install a flash blocker and make sure you totally block flash-based ads. By blocking them, you are telling that web site and the ad company that Flash is unacceptable. They'll get the message as they see the stats and their revenue change. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. Is there a Flash blocker that will work in all the browsers? Or do I need one for each? John Carmonne Yorba Linda USA Sent from my TiBook 500 -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
You need Click2Flash. On Jun 16, 2010, at 12:10 PM, john CARMONNE wrote: We can all do our part... Install a flash blocker and make sure you totally block flash-based ads. By blocking them, you are telling that web site and the ad company that Flash is unacceptable. They'll get the message as they see the stats and their revenue change. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. Is there a Flash blocker that will work in all the browsers? Or do I need one for each? John Carmonne Yorba Linda USA Sent from my TiBook 500 -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
On Jun 16, 2010, at 9:10 AM, john CARMONNE wrote: We can all do our part... Install a flash blocker and make sure you totally block flash-based ads. By blocking them, you are telling that web site and the ad company that Flash is unacceptable. They'll get the message as they see the stats and their revenue change. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. Is there a Flash blocker that will work in all the browsers? Or do I need one for each? You need one for each browser. Click to Flash will work with Safari and other Webkit based browsers. Adblock wols with Firefox and (I think) Camino. Others I don't know. I stick to Safari for general purpose browsing needs, only use FF when something doesn't work in Safari, and there's no flash ads on the sites I use in FF; those are UA Intranet things. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Security Update 2010-004 for Leopard 10.5
At 11:28 AM -0400 6/16/2010, Dan wrote: At 3:44 AM -0500 6/16/2010, Kris Tilford wrote: Leopard 10.5 Security Update 2010-004 includes the latest Flash and Shockwave players bundled inside. Evidently Apple thinks Adobe Flash Shockwave are such bad security risks that they need to force the issue and upgrade Apple users en masse. Which latest? Exactly what version? (Adobe has put out several recently). According to TidBITS, it's Flash Player 10.0.45.2, That's OLD and Vulnerable! Bad Apple, bad. IMO, giving us outdated vulnerable software is worse than giving us none. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list