first, bruce is smart, and does obviously know a lot, second, being an IT guy hardly qualifies one as a security guy, i don't have formal credentials along those lines either. on the other hand, i have compromised system security on computers before, and i'm a student of computer science and electronics since high school, and i'm 41 now with a genius iq. i also subscribe to several professional computer security list, including the cryptogram which anyone interested in computer security in general should read regularly. i generally know what i'm talking about, or keep my mouth shut. i've worked with and helped design very high tech systems when my health was better. i've used a lot of systems, and seen a lot of flaws in hardware and software.
but aside from that, the real problem with I.E. is that microsoft does not care about security, which means their products will be grossly insecure, and being a market leader (financially at least) they are an often attacked target (i.e. by crackers). this is not just my opinion, but also that frequently voiced in cryptogram by bruce schneier, one of the "founders" of computer security. don't take my word on it, go to <http://www.schneier.com>, <http://www.schneier.com/crypto-gram.html>, and <http://www.counterpane.com> (this guy does know what he's talking about, and does do security for a living). being closely integrated with the os is only one of IE's flaws, and you'll note that the same flaw applies to some extent to safari, which also has some security flaws (well, all products have some, but neither company has made an effort to consider security during all phases of program design and implementation). apple is also acting a lot like microsoft in terms of disclosing security problems and explaining which bugs are fixed by updates, much worse than bsd which is the core of os X. a huge bug was recently found in all versions of bsd, which created a security problem independent of browsers or server clients and was promptly fixed in all bsd versions, apple has made no mention of this bug and it's fix although they've released an update that hopefully fixes it. and this was a world class security hole. this behavior is unfortunate at best, and somewhat unprofessional considering they do have a lot of customers running servers for businesses. seriously, bruce is generally a very bright guy, but i have to disagree with most of his security assertions. computer security is rightfully a field all it's own, which is why only experts should write firewalls and encryption and other security products or at least design the algorithms and protocols (which still need to be properly implemented, good encryption algorithms that are poorly implemented in code can be worse than poor algorithms well implemented, see the cryptogram doghouse of security companies selling snake oil that doesn't and can't work). i'm not a security expert either, but i do have some experience, and it is one of my fields of interest for a long, long time, and i do understand a lot of these issues at a very fundamental level. i've also been using macs for a long time, and love the mac os, but the security claims being made for os x just don't hold water. there just hasn't been a major well publicized intrusion yet, but few intrusions ever become public, and some security flaws have. in fact, there's a discussion right now on the [EMAIL PROTECTED] security list about a rather major though in this case convenient security hole that allows passwords and other sensitive and normally encrypted data to be recovered from the swap file, which is not a good thing and not possible on securely designed systems. a good os doesn't allow sensitive parts of the os information that normally only exist in memory or encrypted files to be swapped, os x does creating a huge hole for any one with physical access. while this bug requires physical access, it shows that there are bugs, and this bug could be exploited through other types of security attacks remotely. often several security flaws are exploited together to compromise a system remotely so this is of some concern (since it could divulge very private data that users normally think of as being very well protected through encryption, like passwords etc., and from there crackers get more power). note the correct use of the word "cracker" rather than "hacker". hacker's just try to peek inside systems for legitimate reasons like curiosity or to fix problems or add features, those who bypass security for illicit/malicious reasons are rightly called "crackers" not hackers, though obviously the same skill set is involved, just as a good lock smith also knows how to get around locks for illegal purposes, but we don't call them safe crackers. also note, i'm dysgraphic and dyslexic, and yes that does explain my sometimes annoying failure to capitalize properly, but many dyslexics do have a genius iq, and i think the two are actually related. David Dudine wrote: > > Bruce Johnson wrote > > > Actually (and ironically) IE is as secure on the Mac as any other > > browser. > > > > The problems with IE are where they tied it so deeply into the guts of > > Windows, and released the abomination known as ActiveX upon the world. ------------- > > > >> -- > > Bruce Johnson > > University of Arizona > > College of Phar macy > > Information Technology Group > > Thanks, Bruce. Since you publish your professinal position and Philip > doesn't, I feel better about continuing to use IE for secure banking only. > Now, if Philip can equal you on credentials, I will not know what to think. > > What I now understand is that IE on the Mac is as secure with regard to SSL > encryption as any other browser, (I think if it is 5.1.5 or higher) but that > it is the OS that is in danger of being compromised through the browser. Is > that correct? Or, does IE only facilitate entry into the OS from the web on > Windows machines? > > Thanks, > > David Dudine ---------- -- <http://www.informationclearinghouse.info/article3267.htm> proof that the U.S. media is now state controlled! Ask your' local tv station why the hell they aren't airing the news any more! Our system of government requires an informed public, with their eyes open. -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
