Slashdot Mirror


Apple Responds to Exploit

Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

6 of 351 comments (clear)

  1. Yikes! by Quasar1999 · · Score: 5, Funny

    This is horrible... First the machine comes with a pre-configured backdoor/exploit, and they want to leave it like this? Second, if you can just plug in the machine in a network, and have it totally configure itself, you've just killed a job for an IT guy... and we need all the jobs we can get...

    Oh, wait... once the new machine gets owned by some script kiddies, then the IT guy gets called... okay... phew... nearly thought that a job was eliminated... nevermind... as you were... ;)

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
  2. Re:Finally... by Jonny+Ringo · · Score: 5, Funny

    Yeah but there explanation seems like they are talking with you, and instead of at you.

    I feel like Steve Jobs just bought me a drink and explained the problem, then gave me a hug when it was time to go home.
    I'll miss him.

  3. Re:Honestly.. by TheBillGates · · Score: 5, Funny

    You fool, have you even tried using a Mac lately? No? Just what I thought.

    I'm a tech support (24+ years) who will have nothing but Macs in my house. Why? Because they work, don't crash, and my wife and son can't fuck them up.

    After spending all day fixing other people's computer problems, the last thing I want to do at home is fix my own.

    I'll stick with Macs.

  4. Oh... by MiniChaz · · Score: 5, Funny

    This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

    Slashdotter A: "Are we being sarcastic?"

    Slashdotter B: "I can't even tell anymore."

  5. Re:It's an old argument by Catnapster · · Score: 5, Funny

    No, the parent is right. The security holes in MS products are all about ease-of-use; just to the cracker, though, not the user.

    --
    The world can be wrong today for once.
  6. Re:It's an old argument by Maserati · · Score: 5, Funny
    --
    Veteran, Bermuda Triangle Expeditionary Force, 1992-1951