Slashdot Mirror
Apple Responds to Exploit
Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.
What?Yyou are all guys filled with turkey birds?
The domino effect is in place, and now that one backdoor is covered, I just read about a brand new one.
There goes' apples' "advantage" of supposedly being virus free.
apple should throw some of those boxes towards the debian sys admins and save them some time. god forbid one configures a new server on the internet
and they will send a refurbished mac back to you.
All for the low, low price of $300. As a bonus you get a free iPod battery and a 50 page installation manual.
Just press the # key when you ring Apple support and tell them that Pudge sent you.
Problems such as this show that any computer can be insecure. It's not just an Apple or M$ issue. Every system has weaknesses (even a *nix box) and the only why the guard against them is through vigilance and education. Learning of the exploits and fixing them. In my opinion the more knowledgeable the user (or Admin for networks) the more secure the system. 'Nuff said. Now we can get back to the usual M$ vs. Apple pissing contest that we all love.
I think I think, therefore I think I am.
You mean a pudgepacker?
Tihs is a public service announcement.Adrian has incredibly baggy pants. Really - they're like tents!
"'I pass the test,' she said. 'I will diminish, and go into the West, and remain Galadriel.'"
- JRR Tolkien.
not that there's anything wrong with that.
Despite their preference for using Macintoshes, they're for the most part regular people just like you and me. People really need to learn some tolerance for people that are different.
Mod me down if you must, but if we don't learn to live together harmoniously it's just going to cause more suffering in the future. And I don't want to hear any stupid comments like, "Well, they should just switch to PC's" because it's not a choice that they make. They're just born that way.
Glad I got that off my chest.
Unless I'm mistaken, I read that Google uses a similar autoconfiguration for servers. They buy the server, plug it in, turn it on, and the rest is all automatic. I'm pretty sure they use a Linux distro, but it'd be cool for big institutions if OS X could have this functionality.