So that's a good point, but I feel compelled to point out that I've never seen a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on May 6, 2012 \| parent \| context \| favorite \| on: Apple security blunder exposes Lion login password... So that's a good point, but I feel compelled to point out that I've never seen a large organization with AFP shared user directories. There are far more important vulnerabilities --- clientside drive-by remote code execution, for instance --- that have gone unpatched for longer than this. Do I think 3 months is a reasonable time-to-fix? No comment.

fpgeek on May 6, 2012 [–]

Can these far more important vulnerabilities be fixed as easily as turning off a debug flag?

Personally, in the rare cases when a fix is easy I'd expect it to be deployed promptly (and 3 months doesn't sound reasonable to me).

tptacek on May 6, 2012 | [–]

Yes.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact