You call that a bug fix?

Posted on by

The other day I wrote about a security fix that Apple put into Mac OS X server. Basically Apple removed a checkbox that said “Require Authenticated Binding between Clients and Server”. The original bug was that you couldn’t turn off anonymous LDAP binding which is a security risk if your LDAP server is exposed to the Internet or hackers are on your LAN. Apple’s fix effectively removes the illusion of security as anonymous LDAP binding is still permitted. I’ve re-opened the bug as Apple’s fix is not acceptable from a security point of view.

I’m a bit disappointed with this fix as it took almost 2 years to remove a checkbox which doesn’t even come close to fixing the problem. Nice job, Apple!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the answer to the math equation shown in the picture. Click on the picture to hear an audio file of the equation.
Click to hear an audio file of the anti-spam equation