Slashdot Mirror


Apple Responds to Exploit

Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

18 of 351 comments (clear)

  1. What's this? by Anonymous Coward · · Score: -1, Flamebait

    Cognitive dissonance for the Mac cult?

  2. Honestly.. by Anonymous Coward · · Score: -1, Flamebait
    I've always wondered why Macs and other Apple products are so popular with the arty types. Is it something that the fruity design and styling that attracts these fruits to become blind zealots?

    Please respond if you are a non-fudgepacker that own these overpriced, underpowered machines. I'd like to know if anyone with tight sphincters are macheads.

  3. typical slashdot headline. by x736e65616b · · Score: 0, Flamebait

    calling this an exploit is downright foolish. -j

  4. shut up, Mac Zealot by Anonymous Coward · · Score: 0, Flamebait

    Its an exploit by all means.

    Its like calling a bug a "feature"

    1. Re:shut up, Mac Zealot by falcon5768 · · Score: 0, Flamebait
      no jackass, its a exploit only if certain things happen, in this case, if you knew how OS X worked, it actually IS a product of its features (ability to have your computer be self aware of the network then set the settings on the fly after plugging in, ie no going through a windows like setup applet)

      In most windows cases its because code wasnt wiped or was left in that should have been taken out over the evolution (like windows messanger) here this was ACTUALLY coded to do this, which is why there is a gui window to unset the settings that isnt too hard to find, (just launch netsat and there you are) if you wanted to. Someone just found that if you put a rouge computer on the network and had the skills and knowhow to do it, you could hack in.

      IE YOU HAVE TO BE PRESENT AND ON SAID LAN TO HACK IT.

      And honestly I could think of MANY easier ways to hack a LAN than use this exploit if I can actually get physical access to the LAN.

      --

      "Slashdot, where telling the truth is overrated but lying is insightful."

  5. YHBT YHL HAND. by Anonymous Coward · · Score: -1, Flamebait

    FOAD

  6. Dear Apple by Anonymous Coward · · Score: -1, Flamebait
    Dear Apple:

    I bought an Apple computer because of its native support for teledildonics. I bought a USB FUFME and MacOS immediately recognized it and installed drivers instantly! As a gay Catholic priest who often can't be at the altar all the time, you can understand how the ability to have sex with children whilst on the airplane with my Powerbook and wireless internet service is a lifesaver.

    I just have a single question, will Apple be releasing a firewire version of the FUFME anytime soon?

    With much gayness,

    Father Michael "Arminass" Sims

  7. Re:Quick fix, just not easy for Mac users.. by Anonymous Coward · · Score: -1, Flamebait

    Sure it is. Just tell them that LDAP is MS's new DRM for Apple. It will be unchecked worldwide within 24 hours, with all sorts of unfounded conspiracy theories.

    It's amazing what you can get done when you falsely claim MS is up to no good. Just see the BIOS story for all the "+5, baseless guess at MS using your spare computing cycles" crap.

  8. Re:Finally... by Anonymous Coward · · Score: -1, Flamebait

    Sure Steve Jobs will have a drink with you, right after you pay him the $150 to upgrade to the latest service pack for os x that should be free. Then get ready to do it again in a few months.

  9. Re:It's not about the exploit... by Anonymous Coward · · Score: -1, Flamebait

    "How will company x handle themselves when a vunlerability is discovered in their product?"

    By charging you $150 to upgrade to the latest service pack of course.

  10. Damn those Macs are Homo! by Anonymous Coward · · Score: -1, Flamebait

    Thats like saying "We have dozens of crimes in those countries that allow more freedoms than us"

    Apple = Dictators.

    Apple Users = Sheep.

    Apple Zealot = Particularly angry sheep.

    Windows = Freedom
    Microsoft = USA
    God Bless America.

  11. Re:Finally... by Anonymous Coward · · Score: -1, Flamebait

    More like he shoved it up your ass and you bleated "thank you sir, may I have another!" with love in your eyes.

    Macinistas... ya gotta love 'em!

  12. Re:Quick fix, just not easy for Mac users.. by spare.dave · · Score: -1, Flamebait

    Okay, the joke is lame but it's a good point.

    Macs have come a long way in the last few years. It seems like there are as many ex *nix people using them as there are old time mac users.

    The whole 'dumb mac user' thing really doesn't apply any more. Since Macs started working right, they've migrated over to XP where they found solace with bonzai buddy and his gator friends.

  13. Mac and DHCP?? by Tim+Ward · · Score: -1, Flamebait

    Anyone know how to make a Mac work as a DHCP client in the first place??

    We plugged one into our network, just wanting to use the web browser, and spent several hours wandering round all the network configuration dialogs we could find. We could find nothing at all that would persuade the Mac to actually go and ask the DHCP server for an IP address. (So we junked it and carried on just using real computers.)

  14. Re:Oh give it a rest by drinkypoo · · Score: 2, Flamebait

    By the way, if you have to reinstall Windows continually, you need to get some skills with Windows. To fuck it up that often and that bad indicate poor skills of the user.

    You asinine troll. Windows is quite simply broken. Want proof? If something is f*cked up on your Windows system, and you reboot it, it frequently fixes the problem. Try that with another operating system. A reboot shouldn't fix anything, it's a symptom of the operating system breaking itself.

    I've been using NT since 3.51, I've been using computers since I was four years old, and I have always had to periodically reinstall windows. Oh sure, I could fuck with it for weeks and figure out which program has done what strange and undocumented thing to my registry, or my DLLs in spite of the system restore, or some third stupid thing, but it's a lot faster and easier to simply do a repair install, and then reinstall service packs and patches.

    Now, I have had my XP system running without a reinstall for quite some time now, but things are not as simple as you imagine them to be. Windows is seriously flawed in just about every department except ease of use -- when it works. When everything is working fine I find Windows XP to be the most pleasant user desktop experience around, and yes I have run OS X. But when it's not working, Windows is worse than any other operating system than I have ever encountered short of MacOS 6 through 9, which are all now dead or dying. (If you're handy with a debugger, which you should not have to be to simply run some programs, you can figure out what's going on with older versions of MacOS. To me, it was not encouraging when Apple provided the debugger free, because you were going to need it.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  15. Homosexuality - An Apple Anthem by Troll_Rex · · Score: -1, Flamebait
    To the tune of Individuality by Area 7.

    They always said that you would never be anything.
    Everything you tried to do was just a waste of time.
    But you believed you could do any sex you wanted to.
    You made your mind up and you came from behind.

    Don't let them try to tell you what computer to buy
    Don't let them hold you back, don't ever change your mind.

    Homosexuality - Be proud of what you are
    Homosexuality - Don't let them cut you down
    You can buy whatever comp you want to buy,
    But don't change from Apple for society.
    Don't lose your Homosexuality.

    The years go by, you find that pudge cums easily.
    And the world is full of people tryin' to rape your ass.
    Don't ever turn your back on anything you've ever been.
    You don't need to prove yourself to anybody else.

    Don't let them try to tell you what computer to buy
    Don't let them hold you back, don't ever change your mind.

    Homosexuality - Be proud of what you are
    Homosexuality - Don't let them cut you down
    You can buy whatever comp you want to buy,
    But don't change from Apple for society.
    Don't lose your Homosexuality.

    There's no room for second best, no second chance, don't fail the test,
    Gotta rise above the rest, gotta try to make your mark.
    You don't need to be so vain, no need to act so proud,
    Follow the trendies, don't ever stand out from the Apple crowd.

    Do you really care what other people want to do to you?
    Does it really matter what they do or if they're gay?
    You've fucked too hard to let them cum all back in your face.
    When their Apples never mattered anyway.

    Don't let them try to tell you what computer to buy
    Don't let them hold you back, don't ever change your mind.

    Homosexuality - Be proud of what you are
    Homosexuality - Don't let them cut you down
    You can buy whatever comp you want to buy,
    But don't change from Apple for society.
    Don't lose your Homosexuality.
    Don't lose your Homosexuality.
    Don't lose your Homosexuality.

  16. Re:Quick fix, just not easy for Mac users.. by Uma+Thurman · · Score: 0, Flamebait

    Hey, you're in my opt-in list now, jerk.

    --
    This is America, damnit. Speak Spanish!
  17. Re:Quick fix, just not easy for Mac users.. by Uma+Thurman · · Score: 0, Flamebait

    I am a strictly a tit-for-tat fellow. More tit than tat, possibly, but that probably because I'm actually a guy.

    My freaks list is the "opt-in". I follow them around and abusively point out their lies in the manner of Ann Coulter.

    Don't know about your journal problem. Seems like you've got a real dilemma here.

    I don't have any enemies either. Spreadin' the love around.

    --
    This is America, damnit. Speak Spanish!