Slashdot Mirror
Worm Threat Forces Apple To Disable Software?
SkiifGeek writes "After the debacle that surrounded the announcement and non-disclosure of a worm that targets OS X, the vulnerability in mDNSResponder may have forced Apple to remove support for certain mDNSResponder capabilities with the recently released Security Update 2007-007. 'Seeming to closely follow the information disclosed by InfoSec Sellout, Apple's mDNSResponder update addresses a vulnerability that can be exploited by an attacker on the local network to gain a denial of service or arbitrary code execution condition. Apple goes on to identify that the vulnerability that they are addressing exists within the support for UPnP IGD... and that an attacker can exploit the vulnerability through simply sending a crafted network packet across the network. With the crafted network packet triggering a buffer overflow, it passes control of the vulnerable system to the attacker. Rather than patching the vulnerability and retaining the capability, Apple has completely disabled support for UPnP IGD (though there is no information about whether it is only a temporary disablement until vulnerabilities can be addressed).'"
Come here Apple fanboys-and-girls. Lunch is served.
Researchers find hole, act like 1337 733ns about it. Company can't be sure that they've fixed hole, so they temporarily disable the reportedly-vulnerable function.
Yawn.
The real litigious bastards...
I'm not opposed to temporarily disabling functionality to fix something potentially disastorous. However, I do hope Apple doesn't make it a practice of just turning things off once exploits are found. Turn it off, patch it, then re-enable it is fine by me.
Don't waste time... procrastinate now!
Apple find a vulnerability (before the worm is announced, according to TFA), and remove that vulnerability in their next security update.
I'm guessing there's a regular scheduled security update process in Apple. If you can't fix it in time for the next patch-release, isn't is *better* to temporarily disable it ? I really doubt it's a permanent removal of the feature - they're just being responsible.
Simon.
Physicists get Hadrons!
I'm sorry but the article must be a lie. The Apple fanboys assure me that there's no risk of vulnerabilities. Therefore, the article is wrong - it does not exist.
Conor "You're not married,you haven't got a girlfriend and you've never seen Star Trek? Good Lord!" - Patrick Stewart
I often wonder why the British (and now some Americans) say "Apple go on to identify..." Apple is ONE company. Shouldn't that be the singular "Apple goes on to identify"? If it were both Apple and Microsoft than indeed it would be "Apple and Microsoft go on to identify".
Yes, Apple is made up of many people; but my car is made up of many parts. You don't say "my car need gas" do you?
This perplexes me, can someone explain it? Sorry if it's completely OT (except that this (to me) error is in the blurb).
-mcgrew
(amusingly, the capcha is "contrary". Again sorry for being OT)
So an "apple" is threatened by a "worm"... you don't say.
-zariok-
Isn't mDNSResponder and Open Source package ported for OS X?
n jour.html
http://developer.apple.com/opensource/internet/bo
Is Apple the developer of mDNSResponder or are they just using it?
I might know what I'm talkin' about, but then again, this is Slashdot...
Years of reading Slashot has pre programmed me to think Macs can only be infected with viruses. And I'm not talking about GRID computing.
Hey Zonk, how about using more reputable sources than one guy's blog for your links? I know they were picked by the submitter, but linking only to a blog and then putting a question mark after the headline is sketchy. I can't put much faith in the article if I can't be sure that it's not just a blogger talking out of his ass.
Although I can understand the "secure-by-default" ethos, it would seem to me that some people could leave the vulnerable service active because they only use their computer in firewalled physical LAN environment. Does this update come with a new preference panel entry to reenable this mDNS service?
Two wrongs don't make a right, but three lefts do.
Does this mean that the MAC guy from the TV add will get fired?
I mean, it was a given that, given increasing market share, Apple becomes interesting for malware. No system is 100% secure.
But at least they decided that it's better to disable the feature and minimize the damage to the net as a whole (and yes, even if you don't have an Apple, a worm damages you by clogging your tubes with packets trying to spread itself). MS decided that it's better to keep the insecure service up and running 'til it can be addressed.
Question for 100: Still getting sober/blaster packets? I do.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A) Pick a feature that's dumb. (like embed a scripting language into an image format, or give a spreadsheet scripting language access to the filesystem)
B) Choose to preserve the dumb feature in spite of known security problems.
C) Treat the resulting backlash as a "PR issue" rather than a technical one.
D) Sometimes, if the backlash gets bad enough, they'll hack in security restrictions in response to specific known implementations that take advantage of the vulnerability rather than fix the vulnerability. EG: fixes that look for a XXX worm trace, rather than fix the thing that XXX worm exploits. (See anti-virus)
Apple is doing the right thing, here, folks! It may or may not be that the feature mentioned is analogous to (A) above. Either way, Apple is chosing security over features, even though features are important.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Switch to Avahi!
...EXCUSE CITY!
Clearly something is unclear since iChat is obviously still using UPnP IGD, likely as a client?
But why is the mDNSResponder using UPnP IGP anyway? mDNS is for service discovery etc and is basically a competitor to UPnP (I thought). Perhaps there is a way for mDNSResponder to leverage UPnP IGP to broadcast service messages (e.g. bonjour) across a local NAT? If so I've never seen nor heard of this working -- so perhaps what they're disabling is vulnerable code that wasn't doing anything anyway?
Installing the latest dreamweaver puts that mDNSResponder and bonjour service on my PC (along with hundreds and hundreds of megs of other useless shit).
I wonder if the PC version is also vulnerable?
... on a slashdot article?
;)
You must be new here
--I thought I was wrong once, but I was mistaken.
Can't you write it in English? You supposedly wrote something "Insightful" but I can't tell. And when I Google "1336 733ns", I get electronics suppliers. Apparently, that's a part number for something.
Along with tatoos, and piercings, I hope that trendy style of spelling words goes into the annals of stupid fads.
I prefer Flambe as apposed flamebait.
... that the iPhone will be the vector that finally gets Macs infected with a virus/worm that will replicate in the wild?
I bet there's a secret cabal at Microsoft that is working on this very thing.
This stupid mDNS thing is always enabled on every system I install and I always have to disable it. Does anyone actually use this Microsoft crap?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Soon you'll be able to take advanced courses on "1337 5p34" to supplement those on "ebonics".
A worm in your Apple, or half a worm?
Just because you mark it flamebait doesn't make it less true.
to a world where the more famous you become(as in increased user base) the more will be your enemies. Microsoft is fighting this battle for a long long time.
Apple will realize this in very soon.
Now that Apple has disabled uPnP compatibility will the original anonymous extortionist reveal the hole that he claims he didn't want to reveal lest Apple come up with some excuse for not disabling whatever his hole was, or will we hear more FUD from him?
Now will Apple disable "Open Safe Files after Downloading" in Safari, or at the very least stop treating SOFTWARE INSTALLERS, ZIP ARCHIVES, and DISK IMAGES as "Safe" files? OK, this isn't a Mack Truck sized hole like ActiveX (you can only drive *small* trucks through it) but it's still vastly dumb.
Watch I'll show you how it works. The apple fanboi moderator club is pretty big and like all monomaniacs are poised to protect their little gem from any tarnish.
"I mean, imagine the fallout if there was a bug that allowed malformed MS word documents being loaded by Office 2007 to result in security issues, and Microsoft responded by disabling the load feature."
Apple didn't disable Bonjour, they disabled one of the components of Bonjour. That's not like disabling loading, it's like refusing to load certain files.
There was a bug that allowed autoexec macros in MS Word documents being loaded by Office 97 to result in security issues, so Microsoft responded by making it impossible for a user to simply deactivate autoexec and forcing them to make the choice of completely disabling macros (to the point where it was impossible to even inspect the macros to see if they were safe), or leaving them all open.
This resulted in an increase in the incidence of infections.
Somehow Microsoft manages to avoid the kind of bad press that this kind of user abuse deserves.
Collective nouns in English trigger agreement either in singular in plural, and the rate at which they trigger the latter is greater in the UK than in the USA, though it still happens in the USA. The choice of agreement actually corresponds to a very subtle semantic distinction: the collective noun can be interpreted as a reference to a single entity (the group), or as a reference to the aggregate of its members. This semantic distinction hardly ever matters, but there are examples where it does: you can say The committee were pleased, because the members of the committee were pleased, but you can't say The committee were formed, because what was formed was the committee itself, not its members.
Same thing happens with constructions like a group of people or a dozen of books, to different degrees.
Are you adequate?
Even if your post gets modded down...it is very true.
UPnP kind of sucks anyway. Maybe this will get people to move to MDNS-SD, which is simple, straightforward, has several implementations (both open source and not).
"It almost certainly took them more effort to disable the feature than it would have to fix the broken code."
Leaving out a module? It's questionable whether they should be trying to hack some kind of limited uPnP compatibility into Zeroconf in the first place, especially if (as alleged) they're using it for "legacy NAT traversal"... this just screams "bad idea" to me.
They brag about how little they know compared to what it takes to keep a Windows machine happy
They brag about how little they NEED TO KNOW compared to what Windows users NEED TO KNOW.
The problem is that most Windows users are no better informed. They brag about how people who really do keep track of that stuff are "dumber" than the "dumb" users they want to be. They don't think they should have as much training as you need for a driver's license... even though they're operating a machine thousands of times more complex. This willful ignorance is not limited to Mac users by any means, and the gap between what Windows users DO know and what they NEED to know is vastly greater.
So they won't have the first idea of what to do when iChat suddenly breaks for no apparent reason.
You didn't read the advisory, did you?
Is there any way (aside from not patching) that someone can avoid having the functionality turned off? Its one thing to disable it and leave an option to turn it back on, if you understand the security risk involved. Its another to simply turn it off, unilaterally.
Granted, most Apple users won't understand the security risk involved and shouldn't turn it back on until the mothership fixes the problem. But then again, most Apple users are too busy sticking fingers in their ears and yelling "la-la-la" to notice a worm even exists.
If you can't find a real troll, just mod down whoever you don't agree with!
"Here is a hint: A pretend army of supporters is still a pretend army." - by Jeremy_Bee (1064620) on Friday August 03, @12:49PM (#20103205)
t icleid=41095&cpage=213#feedbackAnchor
I've seen that before, and I'd wager it's the forums board crowd from arstechnica.com, as they tend to often do that kind of thing:
E.G.-> Arstechnica forums members will each post as multiple users (each of them has like 3-4 diff. id's on any forums online or make them, as required) to support one another, whenever anyone online gets the better of them (which is quite often, mind you (ones named Jeremy Reimer, Jay Little, & others from arstechnica)), such as here for example:
http://www.windowsitpro.com/articles/index.cfm?ar
What a pack of losers the arstechnica people are from their forums.
(They were caught in doing it, rotflmao, as well as being caught email harassing, impersonating other people online, & having their websites removed from their hosting providers)
I'd have to say it is probably the "Jeremy Reimer posse" hehe, from arstechnica!
I don't know a lot about programming or security issues, so correct me if I'm wrong, but if the above is true, what I am hearing is that (1) OS X isn't as secure as I thought (as an unabashed Apple fanboy, I consider this a bad thing), (2) It's so insecure that Apple had to sacrifice some functionality in order to patch it (again, this is a bad thing, even though I've never heard of UPnP before today and have no idea whether I will miss it). BUT (3) In the end, this is all Microsoft's fault.
All I can say is... Sweeeeet.
I mean, imagine the fallout if there was a bug that allowed malformed MS word documents being loaded by Office 2007 to result in security issues, and Microsoft responded by disabling the load feature.
Consumers: Computer is patched En Masse, network as a whole is protected.
Company: Would note that vulnerability disables something they use, so they simply would not deploy the patch. Companies have control over Microsoft patches unless they are very small, and if they are that small they are probably not going to be using some corner feature.
Why should Microsoft fail to act to prevent MILLIONS of consumer systems from becoming zombies, for the sake of a few companies that wouldn't apply the patch right away anyway?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I can't wait to see that...
Mark as spam if message contains:
[x] fanboy/fanboi
[x] goatse
[x] 17 megabyte file
[ ] Kreskin
[x] Soviet Russia
[x] Profit!
[x] Beowulf
[x] I, for one
[x] hot grits
[ ] CowboyNeal
UnPlug n Play
Besides the blog cited, I saw something about this at this link.
Silly Apple, fixing the problems. Don't they know this leaves them open for taunting.
Knee-jerk PC fanboi: "Oh, I guess Apple isn't so secure after all, huh?"
Mac-fanboi: "Umm, they fixed a problem with some 3rd-party software before it became an issue."
Knee-jerk PC fanboi: "Yeah, old Apple finally getting some of what Windows gets."
Mac-fanboi: "No, they proactively fixed the problem"
Knee-jerk PC fanboi: "Yep, might as well just use Windows"
Mac-fanboi: "You do that, then."
-- Boycott Shell
Whoever modded the parent troll has no idea what a troll is. Whoever modded the grandparent troll has no idea what a troll is, and I will keep doing this until all of your mod points are gone. :-P
Well, milfy is obviously a typo. The author probably thought the k in milk was supposed to be a c, then his/her finger slipped and typed an f.
In a similar way, bewbs is almost certainly an off-by-one typo, and is supposed to be newbs, a term used largely by illiterate pre-teen girls in internet message board posts as a short form for the word newbies.
So therefore, they're going to show us pictures of AOL me-tooers getting milk poured on them by Natalie Portman.
Yeah. That's it.
if(Apple.isCriticalOf() == true)
c ase DENIAL:e PRAY_TO_STEVE_JOBS: a k;
fanboi2.ModInteresting(fanboi);
{
Fanboy fanbois[LEGION] = new [] Fanboy();
AnonymousCoward goodguy = new AnonymousCoward();
foreach(Fanboy fanboi in fanbois)
{
while(Slashdot.running() == true)
{
// Fanboi state engine
switch(SlashDotPost.ContentType)
{
case JOKE:
fanboi.ModTroll(goodguy);
break;
case HONESTY:
fanboi.ModFlamebait(goodguy);
break;
fanboi.ModInsightful(peer);
break;
cas
fanboi.ModInteresting(peer);
break;
case IT_JUST_WORKS:
fanboi.ModInteresting(peer);
bre
case THINK_DIFFERENT:
Fanboi fanboi2 = fanboi.Clone();
fanboi.ModInteresting(fanboi2);
break;
}
}
}
He's probably already on this thread, calling everyone "fanboiz," and that is about as much as he has ever contributed IMO.
It's "Apple has," not "Apple have."
Don't worry though, it will be so misused that at some point we'll forget any Latin at all and won't even know what datum is, let alone the etymology of a word like data. Maybe we'll even start saying datas. Won't that be cool?!
Newspeak will solve all of this.
Cheers.
And that is why they want the option of disablement right away.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Type in "1337 733ns" into Google yourself and find out how (I'll refrain) you appeared.
I prefer Flambe as apposed flamebait.