Corporate managers who are facing pressure from their Apple fanboy staff might well take note of some warnings that are popping up from outfits which installed the new Lion software on their networks. Now we will not say “we told you so” but Apple's security is not the best and installing it onto a corporate network appears to be an accident waiting to happen.
The weak point in Lion is when it is used with a corporate Lightweight Directory Access Protocol, which is used on an authentication server. The problem with Lion is that the LDAP server seems to be breaking down quite a lot according to the world wide wibble. Once the crash has happened Lion users can log in with any password and the operating system accepts whatever pass code it's given.
The problem does not seem to hit other operating systems running Lion on the same LDAP server. As one user wrote “Simply having Lion installed is a security vulnerability, as any user who can access OD settings can connect to the datacenter as any other users. It's a HUGE hole.” The user said his company has delayed a company-wide upgrade to Lion because of the problem.
Faith based security is not enough
Nick Farell
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view itLatest from Nick Farell