Apple Responds to Exploit

Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.

The Real Problem

[Doc+Squidly]

Problems such as this show that any computer can be insecure. It's not just an Apple or M$ issue. Every system has weaknesses (even a *nix box) and the only why the guard against them is through vigilance and education. Learning of the exploits and fixing them. In my opinion the more knowledgeable the user (or Admin for networks) the more secure the system. 'Nuff said. Now we can get back to the usual M$ vs. Apple pissing contest that we all love.

Baggy pants

[adrianbaugh]

Tihs is a public service announcement.Adrian has incredibly baggy pants. Really - they're like tents!

Google

[garymm]

Unless I'm mistaken, I read that Google uses a similar autoconfiguration for servers. They buy the server, plug it in, turn it on, and the rest is all automatic. I'm pretty sure they use a Linux distro, but it'd be cool for big institutions if OS X could have this functionality.