Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Responds to Exploit

Posted by pudge on from the feature-not-bug dept.

Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

6 of 351 comments (clear)

  1. typical slashdot headline. by x736e65616b · · Score: 0, Flamebait

    calling this an exploit is downright foolish. -j

  2. shut up, Mac Zealot by Anonymous Coward · · Score: 0, Flamebait

    Its an exploit by all means.

    Its like calling a bug a "feature"

    1. Re:shut up, Mac Zealot by falcon5768 · · Score: 0, Flamebait
      no jackass, its a exploit only if certain things happen, in this case, if you knew how OS X worked, it actually IS a product of its features (ability to have your computer be self aware of the network then set the settings on the fly after plugging in, ie no going through a windows like setup applet)

      In most windows cases its because code wasnt wiped or was left in that should have been taken out over the evolution (like windows messanger) here this was ACTUALLY coded to do this, which is why there is a gui window to unset the settings that isnt too hard to find, (just launch netsat and there you are) if you wanted to. Someone just found that if you put a rouge computer on the network and had the skills and knowhow to do it, you could hack in.

      IE YOU HAVE TO BE PRESENT AND ON SAID LAN TO HACK IT.

      And honestly I could think of MANY easier ways to hack a LAN than use this exploit if I can actually get physical access to the LAN.

      --

      "Slashdot, where telling the truth is overrated but lying is insightful."

  3. Re:Oh give it a rest by drinkypoo · · Score: 2, Flamebait

    By the way, if you have to reinstall Windows continually, you need to get some skills with Windows. To fuck it up that often and that bad indicate poor skills of the user.

    You asinine troll. Windows is quite simply broken. Want proof? If something is f*cked up on your Windows system, and you reboot it, it frequently fixes the problem. Try that with another operating system. A reboot shouldn't fix anything, it's a symptom of the operating system breaking itself.

    I've been using NT since 3.51, I've been using computers since I was four years old, and I have always had to periodically reinstall windows. Oh sure, I could fuck with it for weeks and figure out which program has done what strange and undocumented thing to my registry, or my DLLs in spite of the system restore, or some third stupid thing, but it's a lot faster and easier to simply do a repair install, and then reinstall service packs and patches.

    Now, I have had my XP system running without a reinstall for quite some time now, but things are not as simple as you imagine them to be. Windows is seriously flawed in just about every department except ease of use -- when it works. When everything is working fine I find Windows XP to be the most pleasant user desktop experience around, and yes I have run OS X. But when it's not working, Windows is worse than any other operating system than I have ever encountered short of MacOS 6 through 9, which are all now dead or dying. (If you're handy with a debugger, which you should not have to be to simply run some programs, you can figure out what's going on with older versions of MacOS. To me, it was not encouraging when Apple provided the debugger free, because you were going to need it.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:Quick fix, just not easy for Mac users.. by Uma+Thurman · · Score: 0, Flamebait

    Hey, you're in my opt-in list now, jerk.

    --
    This is America, damnit. Speak Spanish!
  5. Re:Quick fix, just not easy for Mac users.. by Uma+Thurman · · Score: 0, Flamebait

    I am a strictly a tit-for-tat fellow. More tit than tat, possibly, but that probably because I'm actually a guy.

    My freaks list is the "opt-in". I follow them around and abusively point out their lies in the manner of Ann Coulter.

    Don't know about your journal problem. Seems like you've got a real dilemma here.

    I don't have any enemies either. Spreadin' the love around.

    --
    This is America, damnit. Speak Spanish!