I can't name a single person who ever used "Legacy Filevault"; that's the "encrypt your home directory" thing from Leopard. This issue doesn't impact Lion FDE at all. Lots of people use Lion FDE.<p>Even the subhed on this story is misleading, and the lede paragraph seems to go out of its way to bury the true article lede, which is "if you're using FileVault home directory encryption, this impacts you" --- instead, it says "in specific configurations".<p>More generally: can anyone name a single case where ZDNet has broken a story we cared about? Even in this case, ZDNet is rehashing stuff published elsewhere earlier.
While I agree that this is a security hole and it should be fixed, a headline like that is completely misleading and a scare tactic to drive eyeballs to the article. This flaw only would affect a very small subset of users, but the headline makes it sound like everyone just had their passwords compromised
So are there literally security researchers that go and poke around of every release of everything major in the software industry to find things like this?
Only slightly related, but this thread bears a striking resemblance to another HN exploit discussion:<p><a href="http://news.ycombinator.com/item?id=3925452" rel="nofollow">http://news.ycombinator.com/item?id=3925452</a><p>The exact same back and forth:<p>Wow! This is <i>really</i> bad... but it only affects a small subset of users... but they knew about it for months and didn't fix it... come on, nobody real actually <i>uses</i> such a setup... what about me... you're all fanboys, this is just another example of how your religion doesn't hold security as a core tenant among its faithful.
Does anyone else thing that it is slimy for ZDNet interpret clicks to the site background as the user clicking the ad below the nav-bar?<p>As an advertiser I would feel defrauded. Not one person clicking on the background is doing so out of interest in the advertiser's product.<p>How common is this practice?
Steve called, he said "Just don't use it that way".<p>On a serious note, this has happened before. This is just the first time anyone has caught it before a patch. The QA at Apple is pretty noteworthy.
I thought FireWire was being phased out. (Doubtfully due to security considerations. If I recall, Intel has something faster that uses a USB port.)<p>I have some older hardware, which was state of the art when I bought it, that uses FW.<p>Is FW going to go the way of PCMCIA and CardBus?