Apple Still Has Not Patched the DNS Hole

Steve Shockley notes an article up at TidBITS on Apple's unexplained failure to patch the DNS vulnerability that we have been discussing for a few weeks now. "Apple uses the popular Internet Systems Consortium BIND DNS server, which was one of the first tools patched, but Apple has yet to include the fixed version in Mac OS X Server, despite being notified of vulnerability details early in the process and being informed of the coordinated patch release date."

Re:Apple meet real world

[sxeraverx]

apple was never secure. It was just unused. The exact same thing is going ATM with their X server. Not so much a security flaw (though it might be) as much as a major bug. If you send too many events at once (not insane amounts, just a lot) it simply crashed, bringing down all the X apps with it. Upstream was fixed over a year ago, they just refuse to roll out an update. I guess it's an attempt to make debs port to coco/carbon/whatever-it's-called, but for some of us, that's just not an option. More specifically, it's a program developed by part of a university bioinformatics lab, and we just don't have the manpower or the grant support to do it. So we're either stuck with only supporting Linux, trying to find a wrkaround, or just ignoring it and hope it doesn't happen to often. The last option is what we ended up choosing.

Apple + patches == ohnoes

[HEMI426]

As someone that's cursed to administer an OS X Server machine, I have nothing good to say about Apple in general and OS X Server in particular. Apple's history of patching---or, in this case, not patching---stuff has been lukewarm at best and downright abysmal at worst. The Server 10.5.3 update introduced something that causes ClamAV to crash/reboot a Server machine when mail is turned on (since ClamAV is on by default. Nice one. They've had other stellar examples of their extreme lack of QA for their Server software, such as updating their included PHP to a version that was known to break Squirrelmail (the default webmail that comes with OS X Server), even though a fix had been available for months from the PHP maintainers.

I'm a huge fan of FreeBSD. I have been doing this OS X Server thing for more than two years now. I went in to it with an open mind, hoping that Apple wouldn't screw things up too badly. I was disappointed. The only things I've learned is that their Server QA is awful, they don't actually use their own Server software internally, their customer service is horrible when it comes to their Server stuff and their Server documentation is awful. I could rant about that for several pages. All of this leads me to believe that Apple really doesn't want to do well in the "server" segment of the market...Which is really too bad, cause they've finally got the hardware side of it to the point where there's not much separating them from most other low-end server vendors.

Now, that I've got that all that off my chest, Apple's dropped the ball on the BIND update. This is not surprising. Anyone that's administered OS X Server for any length of time probably feels the same way. It's so bad that I will suppress my OS X experience next time I am in the job market again; I hope to never work with OS X (particularly as a server) again and will do everything in my power to avoid doing so. I'm batting a thousand on persuading people interested in using OS X Server to use anything else...Apple really has to get things together or get out of the "server" market.

Apple not alone in leaving DNS hole unpatched

[ericferris]

I have a DSL broadband subscription with AT&T (it used to be a small local company and they got bought by whatever is now called AT&T).

I noticed that their DNS was unpatched and I used their support forms to report the problem.

The reply came only a few hours later. To quote: "We regret we cannot help you with your WorldNet dialup problem".

Huh?

So their networking department is not patching critical protocol flaws, and they programmed their answerbots to laugh at us users if we attempt to point out said flaws. Since when does Simon the BOFH work for AT&T DSL support?

AT&T network admin? It's a great job if you can get it.