Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Responds to Exploit

Posted by pudge on from the feature-not-bug dept.

Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

14 of 351 comments (clear)

  1. Quick fix, just not easy for Mac users.. by Anonymous Coward · · Score: 2, Funny

    The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3.

    Yes that should be obvious to Mac users

    1. Re:Quick fix, just not easy for Mac users.. by tgibbs · · Score: 3, Funny
      Not too simple indeed, since I run Mac OS X 10.1.5 and there is no application called "Directory Access".

      Yes, perhaps they'll eventually come out with an advisory for the people who are lagging two generations behind on their OS version and who are on untrusted networks. Not too surprising that they dealt with the bulk of current users first.

  2. Finally... by Gothic_Walrus · · Score: 2, Funny
    I'm sick of hearing about Windows exploits!

    It's about damn time they found an explot for an Apple computer!

    --
    Goo goo g'joob.
    1. Re:Finally... by Jonny+Ringo · · Score: 5, Funny

      Yeah but there explanation seems like they are talking with you, and instead of at you.

      I feel like Steve Jobs just bought me a drink and explained the problem, then gave me a hug when it was time to go home.
      I'll miss him.

  3. Yikes! by Quasar1999 · · Score: 5, Funny

    This is horrible... First the machine comes with a pre-configured backdoor/exploit, and they want to leave it like this? Second, if you can just plug in the machine in a network, and have it totally configure itself, you've just killed a job for an IT guy... and we need all the jobs we can get...

    Oh, wait... once the new machine gets owned by some script kiddies, then the IT guy gets called... okay... phew... nearly thought that a job was eliminated... nevermind... as you were... ;)

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
  4. Re:It's an old argument by jazman_777 · · Score: 3, Funny
    Apple choose ease-of-use, and get criticised for leaving an open security "hole". Microsoft choose the same, and get criticised for (well, just about everything except wonderful marketing), and Linux chooses the other, and is criticised for poor ease-of-use.

    Uh, you mean Red Hat Linux, where every service and it's 3rd cousin is running?

    Try OpenBSD, which has just about nothing running default.

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  5. Re:Home vs. Work by Anonymous Coward · · Score: 1, Funny

    Damn you must have some smart janitors if they are bright enough to mod a dreamcast.

  6. Re:Honestly.. by TheBillGates · · Score: 5, Funny

    You fool, have you even tried using a Mac lately? No? Just what I thought.

    I'm a tech support (24+ years) who will have nothing but Macs in my house. Why? Because they work, don't crash, and my wife and son can't fuck them up.

    After spending all day fixing other people's computer problems, the last thing I want to do at home is fix my own.

    I'll stick with Macs.

  7. Oh... by MiniChaz · · Score: 5, Funny

    This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

    Slashdotter A: "Are we being sarcastic?"

    Slashdotter B: "I can't even tell anymore."

  8. Re:It's an old argument by Catnapster · · Score: 5, Funny

    No, the parent is right. The security holes in MS products are all about ease-of-use; just to the cracker, though, not the user.

    --
    The world can be wrong today for once.
  9. No, that's not so bad by Anonymous Coward · · Score: 1, Funny


    Hmm, as long as they don't have to right-click anything, I guess they should be able to handle it.

  10. Re:It's an old argument by Maserati · · Score: 5, Funny

    Universal Plug and Play.

    --
    Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
  11. Re:Home vs. Work by cscx · · Score: 2, Funny

    Hell yeah, my boy is wicked smahht!

  12. Re:It's an old argument by Webmonger · · Score: 4, Funny

    Hey, buffer overflows mean that the functionality provided is limited only by your imagination!