Slashdot Mirror
Worm Threat Forces Apple To Disable Software?
SkiifGeek writes "After the debacle that surrounded the announcement and non-disclosure of a worm that targets OS X, the vulnerability in mDNSResponder may have forced Apple to remove support for certain mDNSResponder capabilities with the recently released Security Update 2007-007. 'Seeming to closely follow the information disclosed by InfoSec Sellout, Apple's mDNSResponder update addresses a vulnerability that can be exploited by an attacker on the local network to gain a denial of service or arbitrary code execution condition. Apple goes on to identify that the vulnerability that they are addressing exists within the support for UPnP IGD... and that an attacker can exploit the vulnerability through simply sending a crafted network packet across the network. With the crafted network packet triggering a buffer overflow, it passes control of the vulnerable system to the attacker. Rather than patching the vulnerability and retaining the capability, Apple has completely disabled support for UPnP IGD (though there is no information about whether it is only a temporary disablement until vulnerabilities can be addressed).'"
An Apple employee (Stuart Cheshire) is one of the authors of the RFC(s) related to mDNS, etc.
mDNSResponder originated from Apple.
I don't think the issue is the spec, it's the asinine cute features that M$ decided to implement. Like UPnP, BHO, etc etc. Maybe we should follow Apple's example, and eliminate all vulnerabilities by disabling the TCP/IP stack?
Enlightenment? It's just a flush in the pan.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
You mean like how MS crippled the stack in SP2 by lowering the cap on half-open connections to 10 to slow worm propagation? (I know there are times when a solution isn't always immediately obvious, but I'd rather not have my OS force me to live in a bubble.)
I just read Slashdot for the articles.
UPnP kind of sucks anyway. Maybe this will get people to move to MDNS-SD, which is simple, straightforward, has several implementations (both open source and not).
"OS X is every bit as crash prone and unreliable as Windows" (It's crash prone, but not "every bit as crash prone")
"not so with Apple, which radically changes their OS every few years" (Two points here: 1. if this is true, it belies your following statement 2. it's not true)
"There is no inherently superior security in OS X" (the overall design and implementation of OS X is more secure than the overall design and implementation of XP. Vista is a vast improvement over XP, but it remains to be seen how this works out)
"those people who blame Microsoft for vendor lock-in" (straw man, no one claims this)
"OS X is the ultimate in vendor lock-in" (OS X is an extremely open system. The only "lock-in" is with their hardware, which really isn't that big of a deal.) For someone who claims to be fighting against religious zeal, you sure come across fanatically angry. You make the basic fallacy that, "Windows is flawed, OS X is flawed, therefore Windows and OS X are equally flawed," which is complete nonsense.
There are people who get fanatical about Macs, but you're lumping a whole lot of rational people in with them, and fully deserve flaimbait or troll modding for it. the minute you take a bite of the precious worm-ridden Apple, mods put you to sleep for a year No, stupid shit like, "eat crow" gets modded down. Eat crow for what? A security flaw existed? It was patched? WTF? A lot of anti-Apple sentiment gets modded up, as well, though generally the more rational stuff, like people complaining about vendor lock-in (like you did above) or various other things that actually make sense.
Not to mention the fact that both you, and the OP are both (at present) modded positively, which makes your cries of being oppressed a bit silly.