Updated: 8/3/02; 12:20:19 AM.
The Daily Blog
Network Computing Site News and Stuff

syndicate this site

        

Thursday, July 11, 2002

Hi Folks, as a part of our special Life Time Fitness coverage, we invite you to try your hand at a special TechQuiz on the one truly useful Web services technology, SOAP -- a technology very much in use at Life Time. If you outsmart the Network Computing editors, you won't win a thing, except for some pretty hefty bragging rights of course. Good luck!

We're actually working on a special Five-Minute Workout on this very topic, illustrating how the folks at Life Time Fitness are utilizing SOAP to open their Membership Management System up to disparate and remote client locations. So stay tuned.

Posted by Network Computing at 12:23:30 PM


Well, I guess it was only a matter of time before someone figured out a way to infiltrate the one feature of Mac OS X that requires full trust -- Apple's SmartUpdate. A few days ago Russell Harding posted to BugTraq a detailed exploit of SmartUpdate that takes advantage of a rather a naive trust in Web services standards (HTTP and XML). Basically, Apple's programmers chose to allow client machines to connect with and download software from Apple servers without so much as a by your leave (translation: no authentication). That is a serious no no on any platform.

Now, since OS X requires you to agree to install any downloaded software (logging in as root/admin), you still have control over your own machine. But until Apple adopts a more secure practice like XMLsig or maybe just good old Digital Certificates (we talk about that in our recent Five-Minute Workout on securing Web Services), I'd recommend that you verify with a second and third party any software that's available through SmartUpdate -- especially an update that looks like a security fix for this very problem.

Posted by Network Computing at 11:35:01 AM


© Copyright 2002 CMP Media LLC.
 
July 2002
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
Jun   Aug



site surf