[X4U] The ARDAgent security hole: What you need to know

John F. Richardson richards at spawar.navy.mil
Mon Jun 30 12:10:00 PDT 2008 

Hello,

First, a very important XML tag

<HYPNOSIS
     YOU WILL USE ANTI-VIRUS SOFTWARE AND KEEP IT UPDATED
     YOU WILL USE ANTI-VIRUS SOFTWARE AND KEEP IT UPDATED
     YOU WILL USE ANTI-VIRUS SOFTWARE AND KEEP IT UPDATED
     YOU WILL APPLY SECURITY PATCHES IMMEDIATELY
     YOU WILL APPLY SECURITY PATCHES IMMEDIATELY
     YOU WILL APPLY SECURITY PATCHES IMMEDIATELY
     REMINDER TO SELF: PRACTICE WHAT YOU PREACH
     REMINDER TO SELF: PRACTICE WHAT YOU PREACH
     REMINDER TO SELF: PRACTICE WHAT YOU PREACH
/HYPNOSIS>

One of the comments in the article mentions downloading only from trusted
sites.

Does this list have a validated list of "trusted sites".

I'll start with one specific site

1) http://www.apple.com/downloads/

Then add two generally safe categories

2) Upgrade website for software you already have installed [not upgrade
sites listed in popups from websites]
Example: The Roxio Toast upgrade site.
Example: Adobe upgrade site.
Example: HP printer driver site.

3) Electronic download sites for purchases you make. Hopefully with an https
protocol.

Then add possible trusted categories

www.macworld.com [magazine category]

VersionTracker and MacUpdate [the macworld article lists them as trusted]

Any more such as MacAdict, Mac Home magazines? Trusted Mac gaming sites?
Driver sites [ATI, NVIDIA, Printers, ...]? Others?

Do we have a list of ORG's, EDU, GOV and open source sites that have
sufficient security [Example: gnu, source forge have decent security; I.E.
it exists and the system is under configuration management]. Is there an
independent method for the list members to evaluate site security? A good
surffing seal of approval.

Discussion is welcome on any of the above.

John F. Richardson

-----Original Message-----
From: x4u-bounces at listserver.themacintoshguy.com
[mailto:x4u-bounces at listserver.themacintoshguy.com] On Behalf Of Paul
Moortgat
Sent: Monday, June 30, 2008 9:41 AM
To: A place to discuss Mac OS X for the casual user.
Subject: [X4U] The ARDAgent security hole: What you need to know

 From Macworld:

<http://www.macworld.com/article/134165/2008/06/ardagent.html?lsrc=mwweek 
 >

Paul Moortgat
_______________________________________________
X4U mailing list
X4U at listserver.themacintoshguy.com
http://listserver.themacintoshguy.com/mailman/listinfo/x4u

Seven Cent Deals - Great legacy stuff Great Legacy Price 
http://www.drbott.com/prod/db.lasso?cat=Seven+Cent+Deal

More information about the X4U mailing list