Link 

In other news some swiss guys (P.S. I LOVE your pancakes!) did a pretty good analysis of the time it takes for Apple and Microsoft to patch there disclosed vulnerabilities.  Apple sadly has a ways to go. I think they are still at the Microsoft in 1999 phase. Hopefully they wake up.

 Link

Post from: Grumpy Security Guy

Mac Hacked in 2 Minutes, Apple is a lame patcher

I think Apple has really taken a playbook from Oracle (ie, "Unbreakable marketing") with respect to security in the past year with unsupported security claims in their marketing, drawing the attention of security researchers. 

At Black Hat today, researchers from the Swiss Federal Institute of Technology looked at Apple and Microsoft vendor responsiveness to zero-day vulnerabilities and found ... surprise, Apple consistently has more unpatched issues.

Read about the findings in ComputerWorld at Microsoft vs. Apple: Who patches zero-days faster?

If you don't want to do that, here is a key quote from the article:

What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching.

"Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," Frei said. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple."

For half a century, Crypto AG, a Swiss company located in Zug, has sold to more than 100 countries the encryption machines their officials rely upon to exchange their most sensitive economic, diplomatic and military messages. Crypto AG was founded in 1952 by the legendary (Russian born) Swedish cryptographer Boris Hagelin. During World War II, Hagelin sold 140,000 of his machine to the US Army.

"In the meantime, the Crypto AG has built up long standing cooperative relations with customers in 130 countries," states a prospectus of the company. The home page of the company Web site says, "Crypto AG is the preferred top-security partner for civilian and military authorities worldwide. Security is our business and will always remain our business."

And for all those years, US eavesdroppers could read these messages without the least difficulty. A decade after the end of WWII, the NSA, also known as No Such Agency, had rigged the Crypto AG machines in various ways according to the targeted countries. It is probably no exaggeration to state that this 20th century version of the "Trojan horse" is quite likely the greatest sting in modern history.

We don't know the truth here, but the article lays out the evidence pretty well.