Apple Patches Kaminsky DNS Vulnerability

← Back to Stories (view on slashdot.org)

Apple Patches Kaminsky DNS Vulnerability

Posted by kdawson on Friday August 1, 2008 @12:48AM from the cache-me-if-you-can dept.

Alexander Burke writes "Apple has just released Security Update 2008-005, which patches BIND against the Kaminsky DNS poisoning issue. 'This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1.' It also closes the script-based local privilege escalation vulnerabilities, the most common examples of which were ARDAgent and SecurityAgent, and addresses other less-publicized security issues as well." A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue.

11 of 89 comments (clear)

Min score:

Reason:

Sort:

Good job apple by Erie+Ed · 2008-08-01 00:53 · Score: 3, Funny

for a moment there I was worried about what could happen, but then it hit me nothing important runs on apple servers...
1. Re:Good job apple by Anonymous Coward · 2008-08-01 00:57 · Score: 2, Funny
  
  Tons of video artists and mountain climbers publish on Apple servers.
2. Re:Good job apple by Kamokazi · 2008-08-01 01:05 · Score: 3, Funny
  
  Right, just like he said, nothing important is hosted on Apple servers.
  (Side note: Mountain climbers???)
  
  --
  As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable Slashdot 2.0.
3. Re:Good job apple by MightyYar · 2008-08-01 02:49 · Score: 5, Funny
  
  I don't think "tons" will get you very far when it comes to statistics.
  I don't know... have you ever priced out a ton of artists? Those things are really skinny and you really get your money's worth.
  The biggest rip-off is a ton of IT guys. You get like 1, maybe 1-1/2 in the whole damned load.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
They might have been slow... by PsyQo · 2008-08-01 00:56 · Score: 5, Funny

They might have been slow with this patch, but boy does it look good!
1. Re:They might have been slow... by 4D6963 · 2008-08-01 01:10 · Score: 4, Funny
  
  They might have been slow with this patch, but boy does it look good!
  No OS X 10.3 version. Less secure than the PF workaround. Lame.
  
  --
  You just got troll'd!
Ahhhhhh by segedunum · 2008-08-01 00:57 · Score: 4, Funny

The Slashdot effect that can make Apple actually patch something.
Re:Maybe they took the time to get it right? by itsdapead · 2008-08-01 01:22 · Score: 2, Funny

Maybe Apple had to take the extra time to get it right.
What, you mean, like, actually realize that any sort of hasty patch to a production system carries a risk of downtime or data loss which has to be weighed up against the risk posed by a security vulnerability?
Nah - never attribute to rationality that which can be satisfactorally explained by incompetence.

--
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Re:leopard and syslogd by whyloginwhysubscribe · 2008-08-01 02:19 · Score: 5, Funny

It must be bad - even cuil has hits relating to this: http://www.cuil.com/search?q=leopard+syslogd
Re:leopard and syslogd by Anonymous Coward · 2008-08-01 02:35 · Score: 2, Funny

"Aha! A Slashdot article about an unrelated bug on Apple machines being fixed! Now that I have Apple's undivided attention, I'll mention a completely different bug in Slashdot's comment system! THAT'LL get it fixed!"
Re:leopard and syslogd by chromatic · 2008-08-01 08:09 · Score: 2, Funny

This is why Mac OS X will never be ready for the desktop!

--
how to invest, a novice's guide