Hacker News new | past | comments | ask | show | jobs | submit login

While I agree that this is a security hole and it should be fixed, a headline like that is completely misleading and a scare tactic to drive eyeballs to the article. This flaw only would affect a very small subset of users, but the headline makes it sound like everyone just had their passwords compromised



What I got out of the article seems to be more important than the number of users this could impact.

1. A vital piece of the operating system was compiled with debug flags intact. 2. Apple's lack of response on the issue.

I think this goes hand-in-hand with recent Kaspersky statement about Apple's poor security considerations.


Those are definitely the two 'take-aways'. If there is a hole here... there may be other holes that might be REAL security threats.

Other people are correct as well, in that the headline is link bait. I was expecting to find a way to get clear text passwords from my test OSX Lion setup. I can't actually do that on my test system, and I'd wager the vast majority of hackers can't pull that off either. At least not without changing the setup.

Of course... probably my fault for believing you could.


> If there is a hole here... there may be other holes that might be REAL security threats.

The presence or absence of a specific issue is not indicative of the presence or absence of any other issues.


the presence of issues indicates higher probability of more issues


2. Apple's lack of response on the issue.

The takeaway I got was that nobody actually tried to contact Apple's various security contacts and instead just posted on forums.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: