Apple Patches Kaminsky DNS Vulnerability

← Back to Stories (view on slashdot.org)

Apple Patches Kaminsky DNS Vulnerability

Posted by kdawson on Friday August 1, 2008 @12:48AM from the cache-me-if-you-can dept.

Alexander Burke writes "Apple has just released Security Update 2008-005, which patches BIND against the Kaminsky DNS poisoning issue. 'This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1.' It also closes the script-based local privilege escalation vulnerabilities, the most common examples of which were ARDAgent and SecurityAgent, and addresses other less-publicized security issues as well." A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue.

89 comments

Min score:

Reason:

Sort:

Good job apple by Erie+Ed · 2008-08-01 00:53 · Score: 3, Funny

for a moment there I was worried about what could happen, but then it hit me nothing important runs on apple servers...
1. Re:Good job apple by Anonymous Coward · 2008-08-01 00:57 · Score: 2, Funny
  
  Tons of video artists and mountain climbers publish on Apple servers.
2. Re:Good job apple by Kamokazi · 2008-08-01 01:05 · Score: 3, Funny
  
  Right, just like he said, nothing important is hosted on Apple servers.
  (Side note: Mountain climbers???)
  
  --
  As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
3. Re:Good job apple by Anonymous Coward · 2008-08-01 01:48 · Score: 0
  
  Move To Iceland!
4. Re:Good job apple by odiroot · 2008-08-01 01:56 · Score: 1
  
  And none of the value was lost!
5. Re:Good job apple by MacColossus · 2008-08-01 02:23 · Score: 5, Informative
  
  Quicktime streaming server, podcast producer, Fortune 500 companies with Macs needing a decent AFP stack and Workgroup Manager to control client side privileges on Mac workstations. Another reason might be a desire not to be financially sodomized by Microsoft on CAL's but the admin has a fear of Linux due to inexperience. (Not every GUI junkie has seen Webmin, KDE, Ubuntu desktop and such). A couple of good Mac Server/Administration sites are www.afp548.com and www.macenterprise.org. Hope this has been educational.
6. Re:Good job apple by j-min · 2008-08-01 02:24 · Score: 0
  
  Tons of video artists and mountain climbers publish on Apple servers.
  I don't think "tons" will get you very far when it comes to statistics.
7. Re:Good job apple by Anonymous Coward · 2008-08-01 02:43 · Score: 0
  
  Quicktime streaming server, podcast producer, Fortune 500 companies with Macs needing a decent AFP stack and Workgroup Manager to control client side privileges on Mac workstations. Another reason might be a desire not to be financially sodomized by Microsoft on CAL's but the admin has a fear of Linux due to inexperience. (Not every GUI junkie has seen Webmin, KDE, Ubuntu desktop and such). A couple of good Mac Server/Administration sites are www.afp548.com and www.macenterprise.org. Hope this has been educational.
  so, that would be the 0.001% percent of the world servers, sure.. very informative indeed.... I'm worried.
8. Re:Good job apple by MightyYar · 2008-08-01 02:49 · Score: 5, Funny
  
  I don't think "tons" will get you very far when it comes to statistics.
  I don't know... have you ever priced out a ton of artists? Those things are really skinny and you really get your money's worth.
  The biggest rip-off is a ton of IT guys. You get like 1, maybe 1-1/2 in the whole damned load.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
9. Re:Good job apple by catwh0re · 2008-08-01 03:05 · Score: 3, Insightful
  
  other than that silly largest music retailer in the usa thing they've been toying with for a while.
10. Re:Good job apple by Anonymous Coward · 2008-08-01 03:48 · Score: 0
  
  Like he said, important.
11. Re:Good job apple by falcon5768 · 2008-08-01 03:58 · Score: 0, Flamebait
  
  Hundreds of thousands of education institutions, the US Military (Navy and Army in particular), and a number of Fortune 500 companies are nothing huh?
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
12. Re:Good job apple by Shados · 2008-08-01 05:09 · Score: 1
  
  hundreds of -thousands- of education institutions use apple -server-?
  How many education institutions are there in the freagin world? I can count them on my fingers in my city of 150 thousand people. If there's just 200000 of em (required so it can be "hundredS" with an S), and we estimate 7 billion people on earth (thats much more than there actually is), and EVERY man, woman and child on earth, including babies, 3rd world country people, etc, attend on average 1 institution (I realise some people attend more than one, but many, many more don't attend any at all), we get 35 person per education institution.
  And thats if every last one of them use Apple -Server- (which, while Macs are common now, servers running on them are quite a bit less common).
  All that to say: I loled.
13. Re:Good job apple by Hairy+Heron · 2008-08-01 05:33 · Score: 1
  
  Were you intentionally trying to make the GP's point?
14. Re:Good job apple by Hairy+Heron · 2008-08-01 05:38 · Score: 1
  
  Hundreds of thousands of education institutions, the US Military (Navy and Army in particular), and a number of Fortune 500 companies[Citation Required]
  Fixed that for ya.
15. Re:Good job apple by linuxpyro · 2008-08-01 06:04 · Score: 1
  
  It depends too on what they're running on the servers; I'm sure several say Xserve installations run something YellowDog. Just a thought.
  
  --
  Saying "I'll probably get modded down for this" in a post is the best way to get it modded up.
16. Re:Good job apple by Gyppo · 2008-08-01 06:46 · Score: 1
  
  Yes, mountain climbers. Not to mention Ultimate players.
17. Re:Good job apple by Anonymous Coward · 2008-08-01 06:48 · Score: 0
  
  In this day of rampant innumeracy, being off by a factor of 1000 isn't obvious enough to make this a decent troll. You are just plain wrong. 35,000.
18. Re:Good job apple by CanadianBeaver · 2008-08-01 07:18 · Score: 1
  
  Right, just like he said, nothing important is hosted on Apple servers.
19. Re:Good job apple by Overly+Critical+Guy · 2008-08-01 11:01 · Score: 1
  
  Except for the army's web server...
  
  --
  "Sufferin' succotash."
They might have been slow... by PsyQo · 2008-08-01 00:56 · Score: 5, Funny

They might have been slow with this patch, but boy does it look good!
1. Re:They might have been slow... by maxume · 2008-08-01 01:05 · Score: 4, Interesting
  
  They were notified in January.
  
  --
  Nerd rage is the funniest rage.
2. Re:They might have been slow... by 4D6963 · 2008-08-01 01:10 · Score: 4, Funny
  
  They might have been slow with this patch, but boy does it look good!
  No OS X 10.3 version. Less secure than the PF workaround. Lame.
  
  --
  You just got troll'd!
3. Re:They might have been slow... by NotWorkSafe · 2008-08-01 01:56 · Score: 0, Flamebait
  
  No 10.3 version? Cry me a river. Are you going to complain about the lack of Windows 98 version as well?
  
  --
  There is no theory of evolution. Just a list of animals Chuck Norris allows to live.
4. Re:They might have been slow... by Anonymous Coward · 2008-08-01 02:06 · Score: 0
  
  I believe Windows 98 came out in, well, 1998, and was discontinued in 2000. By comparison, 10.3 came out in 2004 and was discontinued in 2005. Its replacement, Tiger, was unable to run on a significant number of Macs 10.3 was capable of running on. So you're talking about not supporting an operating system barely four years old.
5. Re:They might have been slow... by 4D6963 · 2008-08-01 02:19 · Score: 2, Informative
  
  No 10.3 version? Cry me a river. Are you going to complain about the lack of Windows 98 version as well?
  Whooosh?
  
  --
  You just got troll'd!
6. Re:They might have been slow... by Kamokazi · 2008-08-01 02:19 · Score: 2, Interesting
  
  To be fair, 10.3 was released in 2003. Windows 98 was released in....1998. A little bit of a difference there.
  Basically, you are forced to pay to get a security update that older OSes, even Microsoft ones are recieving for free (as they should). I'd be really pissed if MS forced us to pay to upgrade our Win2k3 domain controller for the update. You could have bought an Xserve in 2005 with 10.3, and not be able to get this update without upgrading your entire OS. Only 3-year support on a server? That's ludicrious. Anyone remotely considering Apple for their enterprise hardware will probably immediately disregard them after this.
  
  --
  As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
7. Re:They might have been slow... by Lars+T. · 2008-08-01 02:48 · Score: 1
  
  To be fair, 10.3 was released in 2003. Windows 98 was released in....1998.
  And SUSE 9.3 was released in 2005 - no automatic update there either.
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
8. Re:They might have been slow... by Midnight+Thunder · 2008-08-01 02:51 · Score: 1
  
  Whooosh?
  Wow, that is a blast from the past. Reading that just goes to show why you shouldn't be using the /. readership for judging a market.
  
  --
  Jumpstart the tartan drive.
9. Re:They might have been slow... by Anonymous Coward · 2008-08-01 02:51 · Score: 2, Informative
  
  ...and the BIND patch wasn't available from their upstream source until June based on the dates I see. Slow turn around on Apples part given June availability but it looks like it was in the queue behind a few other security fixes that are actually of more importance to your average Mac OS X user (very few run named and few still in a configuration that would be vulnerable).
  Note folks running named could have updated BIND on their own (installed an alternate version until Apple release this software update).
10. Re:They might have been slow... by Anonymous Coward · 2008-08-01 03:40 · Score: 0
  
  actually there are patches for Novell's 9 Series SUSE that people paid for. instead of the .3 version they used SP3
  http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
11. Re:They might have been slow... by Anonymous Coward · 2008-08-01 03:40 · Score: 0
  
  But you can grab a new release of SuSe for free. A new version of MacOS is a tad more expensive.
  I have a friend who has an older MacBook, and I believe they are running on 10.2.something. Whatever the latest 10.2.x update was. I am unsure if their laptop could handle much newer than that, but she isn't in a financial position to be able to afford a new OS (or even a new laptop).
12. Re:They might have been slow... by Sancho · 2008-08-01 04:03 · Score: 1
  
  Well, you can grab the latest Bind for free, too. In fact, you can upgrade much of the OS X userland for free. Can you do that with Microsoft?
  Looks like it's all quite the mishmash.
13. Re:They might have been slow... by Lars+T. · 2008-08-01 04:13 · Score: 1
  
  But you can grab a new release of SuSe for free.
  
  So to fix the DNS vulnerability on SUSE 9, all I have to do is install a new OS?
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
14. Re:They might have been slow... by anonymousbob22 · 2008-08-01 05:10 · Score: 1
  
  MacBooks have Intel processors and can't support 10.3 or earlier. If the laptop is running 10.2, it's an iBook.
15. Re:They might have been slow... by Anonymous Coward · 2008-08-01 05:42 · Score: 0
  
  I wouldn't complain about the lack of Windows 98 patches any more than I'd complain about the lack of patches for its contemporary, Mac OS 8.6
  But I'd certainly complain about the lack of a Windows Server 2003 patch, which is the actual Microsoft contemporary and market-segment equivalent of Mac OS X 10.3 Server.
  (One might ask what it says about you that you'd consider Mac OS X 10.3 Server to be the equivalent of a non-server OS made by Microsoft five years earlier.)
16. Re:They might have been slow... by billcopc · 2008-08-01 06:09 · Score: 1
  
  Anyone remotely considering Apple for their enterprise hardware will probably immediately disregard them after this.
  Anyone remotely considering Apple for their enterprise hardware has already drunk the koolaid.
  Seriously, if you think Apple is the right solution for your server, I see two possibilities:
  1. you're running something very Apple-centric, that's cool
  -or-
  2. you don't even know of the alternatives and are deaf blind and stupid.
  
  --
  -Billco, Fnarg.com
17. Re:They might have been slow... by Anonymous Coward · 2008-08-01 06:21 · Score: 0
  
  I guess your just going to ignore my post where I show that Novell's SUSE 9 is actually patched, so in fact one doesn't have to install a new OS.
18. Re:They might have been slow... by FictionPimp · 2008-08-01 06:44 · Score: 1
  
  why not, that was what sun told us about solaris 9. They said there is not an automatic patch for solaris 9, but to update to solaris 10 or install our own version.
19. Re:They might have been slow... by jc42 · 2008-08-01 07:52 · Score: 1
  
  Seriously, if you think Apple is the right solution for your server, I see two possibilities:
  1. you're running something very Apple-centric, that's cool
  -or-
  2. you don't even know of the alternatives and are deaf blind and stupid.
  -or-
  3. you do know of an alternative, but it's from Microsoft.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
20. Re:They might have been slow... by Kamokazi · 2008-08-01 08:46 · Score: 1
  
  Shhh....there are Apple fanboys on Slashdot. And you know damn well what that koolaid does to them. It changes them. Makes them all 'wierd' in the head. You can't win against them in a glorious online geek battle of logic and reasoning because they don't have a logical thought left in them.
  
  --
  As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
21. Re:They might have been slow... by Phroggy · 2008-08-01 18:13 · Score: 2, Informative
  
  (very few run named and few still in a configuration that would be vulnerable).
  Most Mac OS X client users do not run named, but they do use the system's stub resolver, which I believe is linked to BIND and does not randomize source ports when querying your local DNS server. This means someone could spoof replies from your DNS server in response to queries coming from your Mac. This is MUCH less of a problem than a vulnerable DNS server, because it requires a very localized attack, but it's still an issue.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Ahhhhhh by segedunum · 2008-08-01 00:57 · Score: 4, Funny

The Slashdot effect that can make Apple actually patch something.
The clients still vulnerable ?? by Anonymous Coward · 2008-08-01 00:58 · Score: 3, Informative

ISC seems to think so : http://isc.sans.org/diary.html?storyid=4810
Anybody care to test it for real using both an apple server and laptop, using dnsoarc, to get some real info?
1. Re:The clients still vulnerable ?? by BuhDuh · 2008-08-01 01:36 · Score: 5, Informative
  
  Anybody care to test it for real using both an apple server and laptop, using dnsoarc, to get some real info?
  Done! See Swa Frantzen's update at the isc Seems like they may have patched the server code, but the client is still using sequentially incrementing ports.
  
  --
  Enlightenment? It's just a flush in the pan.
No patch for OS X 10.3 ? by Katchina'404 · 2008-08-01 01:00 · Score: 4, Interesting

As much as I love Apple, it bothers me that they do not release security patches for versions earlier than n-1 (where n is the current release).
Mac OS X 10.3 server dates back to October 2003 (http://www.apple.com/pr/library/2003/oct/08pantherserver.html), so it's just short of 5 years. It's not THAT old, especially for a server products that's likely to be used in some SMEs.
Or is 10.3 not affected ?

--
Ceci n'est pas une signature
1. Re:No patch for OS X 10.3 ? by Anonymous Coward · 2008-08-01 01:29 · Score: 0
  
  I don't think it is affected by the ARDAgent exploit. I don't know about the other exploits.
2. Re:No patch for OS X 10.3 ? by MobyDisk · 2008-08-01 02:18 · Score: 0
  
  Who runs a critical server like DNS on a version of the OS that is 5 years old?
3. Re:No patch for OS X 10.3 ? by Anonymous Coward · 2008-08-01 03:02 · Score: 0
  
  Who runs a critical server like DNS on a version of the OS that is 5 years old?
  Who writes attacks for an OS that is 5 years old? (Except Windows, that is, since there are so many Windozers who never update, and so many children trying to be famous for being diseased.)
  Locally, I've run DNS and similar non-CPU-intensive tasks on antiques that don't run modern OSes. Like 25MHz Mac Quadras.
4. Re:No patch for OS X 10.3 ? by Katchina'404 · 2008-08-01 03:04 · Score: 1
  
  Who runs a critical server like DNS on a version of the OS that is 5 years old?
  SMEs using a local DNS cache ? Well, of course they shouldn't do it considering the OS is not maintained anymore. But this does not make their desire to do it any less legitimate.
  You can't blame SMEs wanting to use an asset that still has value in their books. Depreciating a server over a 5 years lifespan doesn't even seem all that unreasonable.
  
  --
  Ceci n'est pas une signature
5. Re:No patch for OS X 10.3 ? by Graff · 2008-08-01 03:34 · Score: 1
  
  As much as I love Apple, it bothers me that they do not release security patches for versions earlier than n-1 (where n is the current release).
  You know that under the hood Mac OS X is Unix. It's not that hard to simply get the latest version of Bind and install it yourself. Here are some simple instructions on how to do it but it's basic stuff that any system administrator should know. (Personally, I'd install it in /usr/local instead of /usr and symlink to that rather than blowing away the version installed by Apple but then again that's something any computer admin worth his salt should also know.)
  Apple doesn't patch versions of Mac OS X that are more than 1 version old because by far the majority of its users upgrade. If you look at the estimated numbers of people using Mac OS X 10.3 you can see that it's down in the low single percentage points, maybe even under 1% depending on who you ask. It just doesn't make sense for them to provide support when so very few people are affected.
  Not only that but there have been some major changes in Mac OS X over the years which make it difficult to patch too far back. The differences between 10.5 and 10.4 are a lot smaller than the differences between 10.4 and 10.3. Those sort of changes are slowing down so I'd expect Apple to more easily be able to back-support more versions of its OS. By all accounts the next version, 10.6 or Snow Leopard, will just be a more refined 10.5 with very little structural changes. I'd expect that Apple will find it very easy to continue to provide patches to 10.4 for quite some time.
  
  --
  Sapere aude!
6. Re:No patch for OS X 10.3 ? by Macthorpe · 2008-08-01 03:50 · Score: 2, Insightful
  
  Well, Microsoft, a company famed around here for 'planned obsolescence', managed to patch both XP and 2000. You'll note that both of those are more than 7 years old.
  
  --
  "It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
7. Re:No patch for OS X 10.3 ? by MobyDisk · 2008-08-01 04:45 · Score: 2, Insightful
  
  I really am surprised that they patched Windows 2000. But Microsoft has never released an OS to replace XP yet. :)
8. Re:No patch for OS X 10.3 ? by Anonymous Coward · 2008-08-01 08:34 · Score: 0
  
  Woah, hold on there. Most Macs don't have a system administrator.
  And what you say about Apple's reason for not patching is crap. They don't patch because it costs money, both in time spent supporting the older OS, and upgrade fees lost from people who'd otherwise stay at the older OS.
  And they are lazy. What if I'm not running 10.4.11? Will I be able to apply security patches? The answer is no. Even if a patch has nothing to do with if you are at 10.4.11 or 10.4.9 you'll have to update to the most recent version. It plays hell with anyone trying to have a stable, yet secure, environment.
  Anyway, "a sysadmin worth his salt" wouldn't run an OS where there wasn't official support for older OS's. They'd run an OS where the vendor has an official policy where you know for years out you'll get needed security patches. For example: Red Hat, Sun, Microsoft, IBM, and other Enterprise-ready vendors.
  IMHO.
9. Re:No patch for OS X 10.3 ? by Graff · 2008-08-01 09:13 · Score: 1
  
  Woah, hold on there. Most Macs don't have a system administrator.
  We are talking about a vulnerability for SERVERS.
  Bind is DNS SERVER software. The vulnerability targets SERVERS, not your home operating system. SERVER administrators should know how to patch their SERVERS.
  For non-servers this is not a serious vulnerability since you have to explicitly enable Bind and set it up to use it on your system. Guess what, if you are doing that then YOU have become a SERVER ADMINISTRATOR and you better know what you are doing!
  
  What if I'm not running 10.4.11? Will I be able to apply security patches? The answer is no. Even if a patch has nothing to do with if you are at 10.4.11 or 10.4.9 you'll have to update to the most recent version. It plays hell with anyone trying to have a stable, yet secure, environment.
  If you are a normal home user there is very little reason not to update to the latest patches for your operating system. If you are running 10.4 then update to 10.4.11 or whatever! The patches are free, they fix bugs (thus more stability), and they often provide additional functionality. Wait a week or so to make sure the patch didn't break anything for other people and if everything is good then apply it yourself. If you don't want to patch then fine, you won't get the benefit of having ANY of the latest patches - that's your (poor) decision.
  As for system administrators not using the latest version of the operating system, I can understand being 1 version behind while you let the bugs shake out of the newest version. However, no good system administrator runs a machine that is 2 major versions behind without having some very good reasons and without knowing what they are doing. When the time comes to patch something like Bind, that admin better know enough to go to the Bind website, download the patch, build it and install it. Yes Apple bundles up these patches occasionally as a convenience to the user but that doesn't mean you have to wait for Apple in order to patch your system, especially when you are a professional running mission-critical equipment.
  
  --
  Sapere aude!
10. Re:No patch for OS X 10.3 ? by Phroggy · 2008-08-01 18:31 · Score: 1
  
  As much as I love Apple, it bothers me that they do not release security patches for versions earlier than n-1 (where n is the current release).
  Mac OS X 10.3 server dates back to October 2003 (http://www.apple.com/pr/library/2003/oct/08pantherserver.html), so it's just short of 5 years. It's not THAT old, especially for a server products that's likely to be used in some SMEs.
  Or is 10.3 not affected ?
  As much as I love Linux, it bothers me that many Linux distributions are even worse. For example, Fedora Core 6 and Ubuntu 6.10 were both released in October 2006 (a year and a half after the still-supported Mac OS X 10.4), but support for both of them was dropped several months ago.
  And yes, of course Mac OS X 10.3 is affected.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
11. Re:No patch for OS X 10.3 ? by Phroggy · 2008-08-01 18:34 · Score: 1
  
  Who runs a critical server like DNS on a version of the OS that is 5 years old?
  Who upgrades the operating system on a critical server like DNS more often than every 5 years? I usually only reboot my servers about once a year, and you want me to reinstall the OS every time I do?
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
12. Re:No patch for OS X 10.3 ? by ohmpossum · 2008-08-04 02:35 · Score: 1
  
  Mountain Climbers?
  
  --
  Just set me up a basic sig... 10 PRINT "Gordon Aplin" : GOTO 10
Maybe they took the time to get it right? by homesnatch · 2008-08-01 01:11 · Score: 5, Interesting

Someone mentioned that Apple's delay was due to the patch causing a problem with some environment... Maybe Apple had to take the extra time to get it right.
I would have preferred that Redhat did as well... The Redhat ES 4 patch for BIND left a couple of my DNS domains offline for a few hours.
1. Re:Maybe they took the time to get it right? by itsdapead · 2008-08-01 01:22 · Score: 2, Funny
  
  Maybe Apple had to take the extra time to get it right.
  What, you mean, like, actually realize that any sort of hasty patch to a production system carries a risk of downtime or data loss which has to be weighed up against the risk posed by a security vulnerability?
  Nah - never attribute to rationality that which can be satisfactorally explained by incompetence.
  
  --
  In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
This is Wonderful News by Anonymous Coward · 2008-08-01 01:12 · Score: 0, Redundant

For the three people on the Internet that run OS X servers!
1. Re:This is Wonderful News by martin_henry · 2008-08-01 01:26 · Score: 1
  
  Apple Servers(TM) are servers too, you insensitive clod!
  
  --
  www.purevolume.com/martyd
leopard and syslogd by Speare · 2008-08-01 01:25 · Score: 5, Informative

Now if only they'd fix the 100% CPU syslogd problem that's been around since Leopard's release. leopard syslogd I don't use TimeMachine at all, so most people's theories implicating TM is probably not accurate. I'll leave the MBP on overnight and when I wake up the CPU heat is way above normal because syslogd crapped itself again. (The fan speed vs CPU heat function is also pretty sucky.) Some video glitches even start appearing when the CPU heat stays high for a while. I'm going to just kill it hourly by cron, but Apple should also get its butt in gear and just fix it.

--
[ .sig file not found ]
1. Re:leopard and syslogd by Anonymous Coward · 2008-08-01 02:02 · Score: 4, Informative
  
  Fix the syslogd problem:
  launchctl stop com.apple.syslogd
  rm -rf /var/log/asl.db
  launchctl start com.apple.syslogd
2. Re:leopard and syslogd by whyloginwhysubscribe · 2008-08-01 02:19 · Score: 5, Funny
  
  It must be bad - even cuil has hits relating to this: http://www.cuil.com/search?q=leopard+syslogd
3. Re:leopard and syslogd by Anonymous Coward · 2008-08-01 02:27 · Score: 0
  
  This has been proven to be the spotlight indexing. It happened to me right after I installed Xcode, as soon as the indexing was finished the 100% process went back to normal. Try going into your Spotlight settings and un-checking everything that is set to index. Perhaps you have a directory or program that is constantly updating and the indexer is looping.
4. Re:leopard and syslogd by illumin8 · 2008-08-01 02:33 · Score: 2, Interesting
  
  Now if only they'd fix the 100% CPU syslogd problem that's been around since Leopard's release. leopard syslogd I don't use TimeMachine at all, so most people's theories implicating TM is probably not accurate.
  Dude, that problem has been around since October of 2007, when Leopard was first released. It's been fixed and I think it's related to spotlight trying to index your syslog files. Seriously, if it's still bothering you that much, google for a fix or call Apple tech support.
  
  --
  "When the president does it, that means it's not illegal." - Richard M. Nixon
5. Re:leopard and syslogd by Anonymous Coward · 2008-08-01 02:35 · Score: 2, Funny
  
  "Aha! A Slashdot article about an unrelated bug on Apple machines being fixed! Now that I have Apple's undivided attention, I'll mention a completely different bug in Slashdot's comment system! THAT'LL get it fixed!"
6. Re:leopard and syslogd by Anonymous Coward · 2008-08-01 03:46 · Score: 0
  
  Apple index program eating all CPU, slowing the machine down. Please Apple fix the issue. Let the index program finish and all is good. Apple Rules.
  MS's index program doing the same thing, it sucks it is slow, get Apple. If you let the indexer finish on windows (it happens on Vista and XP64). The CPU goes back to normal. But MS still sucks and the OS still runs slow.
  Odd, same problem happens on both OS, same easy fix (let the program finish). Two totally different responses and actions from people.
7. Re:leopard and syslogd by chromatic · 2008-08-01 08:09 · Score: 2, Funny
  
  This is why Mac OS X will never be ready for the desktop!
  
  --
  how to invest, a novice's guide
8. Re:leopard and syslogd by Phroggy · 2008-08-01 18:36 · Score: 1
  
  rofl, I'd mod you up but I already posted.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Re:Why So Long? by djveer · 2008-08-01 01:27 · Score: 0, Redundant

I agree there had to be a reason why Apple was so late in delivering this update. My guess was that they wanted to make absolutely sure they didn't break anything in OS X in the process.

Just curious though, does the BIND daemon run only on OS X Server or is it running on the version for laptops and desktops too?
Re:Why So Long? by djveer · 2008-08-01 01:29 · Score: 1

Whoops I didn't read the article in-depth enough, but what I mean is does it run by default or is there something you have to enable to be vulnerable?
"not enabled by default" by Anonymous Coward · 2008-08-01 02:22 · Score: 2, Informative

The release notes for this patch say Bind "is not enabled by default". Why is everyone leaving out that detail when most of us do not run servers.
1. Re:"not enabled by default" by jscotta44 · 2008-08-02 04:19 · Score: 1
  
  This is /. Don't expect a reading of the article. Even if, by chance, the article happened to be read, don't expect a rational response. Many here like to practice their technology religion, in spite of facts. Please don't confuse them by trying to act and post rationally yourself.
DNS patch causes BIND blunder by MacColossus · 2008-08-01 02:40 · Score: 5, Interesting

http://www.zdnet.com.au/news/security/soa/DNS-patch-causes-BIND-blunder/0,130061744,339290928,00.htm Could this have been what took Apple so long? Not as entertaining as posting "Apple sucks", but worth a look nonetheless.
1. Re:DNS patch causes BIND blunder by 99BottlesOfBeerInMyF · 2008-08-01 04:08 · Score: 1
  
  Could this have been what took Apple so long? Not as entertaining as posting "Apple sucks", but worth a look nonetheless.
  That's an interesting theory, but doesn't look too likely. The flawed patches are the ones ending in "P1" which seem to be what OS X systems are upgraded to. Maybe they worked around that with other code, but there is not really any evidence to support that theory. Someone should probably test it.
As Usual by Anonymous Coward · 2008-08-01 02:59 · Score: 0

A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue.
I'm not sure I would call that news. Apple is always excruciatingly slow to fix problems. Not that they could ever have any, of course.
1. Re:As Usual by Anonymous Coward · 2008-08-01 07:41 · Score: 0
  
  It's pretty sad, but that's the way Apple rolls. They used to not even admit there was a problem until the patch came out, at least now they occasionally will say there is an issue and they are working on a patch. Sometimes.
  7-8 years ago when Microsoft was this way, everyone in the industry gave them shit about it until they started doing a pretty decent job of patching and notifying users. Apple won't ever get that kind of attention though, because if its Apple its awesome, amirite?
KaminskyKaminskyKaminsky by Timothy+Brownawell · 2008-08-01 03:09 · Score: 2, Interesting

At least they're down to only using his name twice in the summary, even if one of them is in the title... I'd been starting to wonder if all the articles about the DNS bug were really just about how l33t he was for publicizing it and having it fixed.
1. Re:KaminskyKaminskyKaminsky by Anonymous Coward · 2008-08-01 07:08 · Score: 0
  
  Kaminsky Kaminsky, Kaminksy. Kaminksy Kaminksy Kaminksy, Kaminksy Kaminksy?
That would be a lookupd issue... by argent · 2008-08-01 03:11 · Score: 1

That would be an issue for lookupd...
Personally, I'm pretty down on the whole idea of caching resolvers like lookupd, nscd, and Microsoft DNS Client.
Why did they bother? by Anonymous Coward · 2008-08-01 03:58 · Score: 0

It was an Apple vulnerability. That means it was more of a "non-issue" or "not relevant", or "unseen in the wild" or.......
DNS exploit affects OSX 10.x and up by Anonymous Coward · 2008-08-01 04:06 · Score: 2, Informative

http://www.juniper.net/security/auto/vulnerabilities/vuln30131.html
That's a whopping list of vulnerable stuff there.
I wonder if Apple took a survey, of who was still using older versions.
I have read probably over 40% of internet users don't use updated browsers. http://blogs.stopbadware.org/articles/2008/07/01/forty-percent-of-users-use-insecure-web-browser
If that many users can't update browsers, how many can update their OS? Especially since browsers (and updates) are mostly free, you'd think they'd be more likely to be updated!
This patch is really good! by commodoresloat · 2008-08-01 04:47 · Score: 1

It seems to do more than patch DNS; my whole system is a lot snappier because of it. And I haven't even installed it yet!