Apple Safari Security Issue
A couple hours ago I posted a short message on the Windows itunes forum board with a link to an article similar to this one concerning the Safari security issue. Within thirty minutes or less I received the following e-mail message:
(Big Mouth Barker),
Apple removed your post on Apple Discussions, titled "Heads up everybody regarding Safari," because it contained the following:
* Off-topic or non-technical posts
We are including a copy of your post at the end of this email for your reference.
If you would like to send feedback to Apple about a product, please use the appropriate selection here: http://www.apple.com/feedback
As part of submitting feedback, please read the Unsolicited Idea Submission Policy linked to the feedback page.
Apple Discussions staff
A copy of your message for reference:
Security Issues. Must read article.
Issue No 1: Talk about double standards from Apple. Keep the following in mind when considering this issue: When I installed the iTunes desktop player Safari was not present nor did I want to download the browser. I tried it once and I realized from the getgo that this browser was going to be trouble. So I immediately removed it from my system. In this case, the iTunes player is downloading the browser for setup through the automatic updater. I feel that the subject matter that I posted on the forum was very relevant since it was being downloaded by the desktop player. It appears by the links that was provided in the e-mail that Apple does not like to hear critics talking about their products. Also, in their lack of response to the security issues by Apple, it also seem like they do not care about anything but profit.
Issue No 2: The iTunes Desktop Player may also have security issues as well. In the past couple of days I found the following entry in my DNS Cache Table:
C:\WhosIP\whosip>whosip -r 18.104.22.168
WHOIS Source: RIPE NCC
IP Address: 22.214.171.124
Country: EU # Country is really world wide
Network Name: EU-ZZ-151
Owner Name: Various Registries
From IP: 126.96.36.199
To IP: 188.8.131.52
Contact Name: Internet Assigned Numbers Authority
Address: see http://www.iana.org.
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Information related to '184.108.40.206 - 220.127.116.11'
inetnum: 18.104.22.168 - 22.214.171.124
descr: Various Registries
country: EU # Country is really world wide
remarks: These addresses were issued by
The IANA before the formation of
Regional Internet Registries.
status: ALLOCATED UNSPECIFIED
changed: firstname.lastname@example.org 20030502
changed: email@example.com 20030621
changed: firstname.lastname@example.org 20050202
org-name: RIPE NCC
address: RIPE Network Coordination Centre
address: P.O. Box 10096
address: 1001 EB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
changed: email@example.com 20040417
changed: firstname.lastname@example.org 20070319
role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
changed: email@example.com 20010411
I take security very seriously by keeping a close eye on my Host File as well as the DNS Table. The only program running at the time of this discovery was iTunes and I had not sufred the web when I descovered the entry. The following message was with the IP entry: “Scan iTunes”. In my view I believe it is time to form a coalition to approach iTunes and flat out tell them that they should pull these products with security issues if they are not going to do anything about it.
Big Mouth Barker