Slashdot Mirror


Apple Responds to Exploit

Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

9 of 351 comments (clear)

  1. Yikes! by Quasar1999 · · Score: 5, Funny

    This is horrible... First the machine comes with a pre-configured backdoor/exploit, and they want to leave it like this? Second, if you can just plug in the machine in a network, and have it totally configure itself, you've just killed a job for an IT guy... and we need all the jobs we can get...

    Oh, wait... once the new machine gets owned by some script kiddies, then the IT guy gets called... okay... phew... nearly thought that a job was eliminated... nevermind... as you were... ;)

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
  2. Re:Finally... by Jonny+Ringo · · Score: 5, Funny

    Yeah but there explanation seems like they are talking with you, and instead of at you.

    I feel like Steve Jobs just bought me a drink and explained the problem, then gave me a hug when it was time to go home.
    I'll miss him.

  3. Re:It's an old argument by jazman_777 · · Score: 3, Funny
    Apple choose ease-of-use, and get criticised for leaving an open security "hole". Microsoft choose the same, and get criticised for (well, just about everything except wonderful marketing), and Linux chooses the other, and is criticised for poor ease-of-use.

    Uh, you mean Red Hat Linux, where every service and it's 3rd cousin is running?

    Try OpenBSD, which has just about nothing running default.

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  4. Re:Honestly.. by TheBillGates · · Score: 5, Funny

    You fool, have you even tried using a Mac lately? No? Just what I thought.

    I'm a tech support (24+ years) who will have nothing but Macs in my house. Why? Because they work, don't crash, and my wife and son can't fuck them up.

    After spending all day fixing other people's computer problems, the last thing I want to do at home is fix my own.

    I'll stick with Macs.

  5. Oh... by MiniChaz · · Score: 5, Funny

    This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

    Slashdotter A: "Are we being sarcastic?"

    Slashdotter B: "I can't even tell anymore."

  6. Re:It's an old argument by Catnapster · · Score: 5, Funny

    No, the parent is right. The security holes in MS products are all about ease-of-use; just to the cracker, though, not the user.

    --
    The world can be wrong today for once.
  7. Re:It's an old argument by Maserati · · Score: 5, Funny
    --
    Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
  8. Re:It's an old argument by Webmonger · · Score: 4, Funny

    Hey, buffer overflows mean that the functionality provided is limited only by your imagination!

  9. Re:Quick fix, just not easy for Mac users.. by tgibbs · · Score: 3, Funny
    Not too simple indeed, since I run Mac OS X 10.1.5 and there is no application called "Directory Access".

    Yes, perhaps they'll eventually come out with an advisory for the people who are lagging two generations behind on their OS version and who are on untrusted networks. Not too surprising that they dealt with the bulk of current users first.