Apple Safari Security Issue
A couple hours ago I posted a short message on the Windows itunes forum board with a link to an article similar to this one concerning the Safari security issue. Within thirty minutes or less I received the following e-mail message:
(Big Mouth Barker),
Apple removed your post on Apple Discussions, titled "Heads up everybody regarding Safari," because it contained the following:
* Off-topic or non-technical posts
We are including a copy of your post at the end of this email for your reference.
Our terms of use, which include helpful information about using Apple Discussions, are located here: http://discussions.apple.com/help.jspa we encourage you to continue using the Apple Discussions while abiding by our terms of use.
If you would like to send feedback to Apple about a product, please use the appropriate selection here: http://www.apple.com/feedback
As part of submitting feedback, please read the Unsolicited Idea Submission Policy linked to the feedback page.
Kind regards,
Apple Discussions staff
++++++++++
A copy of your message for reference:
http://www.theregister.co.uk/2009/03/03/safari_at_pwn2own/
Security Issues. Must read article.
Issue No 1: Talk about double standards from Apple. Keep the following in mind when considering this issue: When I installed the iTunes desktop player Safari was not present nor did I want to download the browser. I tried it once and I realized from the getgo that this browser was going to be trouble. So I immediately removed it from my system. In this case, the iTunes player is downloading the browser for setup through the automatic updater. I feel that the subject matter that I posted on the forum was very relevant since it was being downloaded by the desktop player. It appears by the links that was provided in the e-mail that Apple does not like to hear critics talking about their products. Also, in their lack of response to the security issues by Apple, it also seem like they do not care about anything but profit.
Issue No 2: The iTunes Desktop Player may also have security issues as well. In the past couple of days I found the following entry in my DNS Cache Table:
C:\WhosIP\whosip>whosip -r 151.159.218.216
WHOIS Source: RIPE NCC
IP Address: 151.159.218.216
Country: EU # Country is really world wide
Network Name: EU-ZZ-151
Owner Name: Various Registries
From IP: 151.0.0.0
To IP: 151.255.255.255
Allocated: Yes
Contact Name: Internet Assigned Numbers Authority
Address: see http://www.iana.org.
Email: bitbucket@ripe.net
Abuse Email:
Phone:
Fax:
WHOIS Record:
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Information related to '151.0.0.0 - 151.255.255.255'
inetnum: 151.0.0.0 - 151.255.255.255
netname: EU-ZZ-151
descr: Various Registries
country: EU # Country is really world wide
remarks: These addresses were issued by
The IANA before the formation of
Regional Internet Registries.
http://www.iana.org/assignments/ipv4-address-space
org: ORG-NCC1-RIPE
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-RPSL-MNT
changed: ripe-dbm@ripe.net 20030502
changed: hostmaster@ripe.net 20030621
changed: hostmaster@ripe.net 20050202
source: RIPE
organisation: ORG-NCC1-RIPE
org-name: RIPE NCC
org-type: RIR
address: RIPE Network Coordination Centre
address: P.O. Box 10096
address: 1001 EB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: hostmaster@ripe.net
admin-c: CREW-RIPE
\tech-c: CREW-RIPE
ref-nfy: hm-dbm-msgs@ripe.net
mnt-ref: RIPE-NCC-RIS-MNT
mnt-ref: RIPE-NCC-HM-MNT
notify: hm-dbm-msgs@ripe.net
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20040417
changed: hostmaster@ripe.net 20070319
source: RIPE
role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
e-mail: bitbucket@ripe.net
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
nic-hdl: IANA1-RIPE
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: RIPE-NCC-MNT
changed: bitbucket@ripe.net 20010411
source: RIPE
I take security very seriously by keeping a close eye on my Host File as well as the DNS Table. The only program running at the time of this discovery was iTunes and I had not sufred the web when I descovered the entry. The following message was with the IP entry: “Scan iTunes”. In my view I believe it is time to form a coalition to approach iTunes and flat out tell them that they should pull these products with security issues if they are not going to do anything about it.
Big Mouth Barker