 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Has Apple really fixed its BIND?
Our Blogs Core Dump Has Apple really fixed its BIND? | Has Apple really fixed its BIND? |
|
| by Stephen Withers | |
| Monday, 04 August 2008 | |
|
Page 2 of 2 The point appears to be that Mac OS X client does not normally use its own BIND, but instead relies on an external DNS server, typically provided within the organisation (company, school, etc, if it runs its own servers) or by the ISP providing Internet connectivity. So if BIND normally isn't active on non-server Macs, then whatever Franzen and Storms were testing probably wasn't BIND.The underlying issue was discovered in February, but not publicly disclosed until early July when several major vendors including Microsoft and Cisco released updates for their DNS software. Knowing that DNS servers were using consecutive port numbers for requests provided attackers with a chance to add false entries to a server's cache of domain name to IP address mappings, which could cause the diversion of Internet traffic to malicious sites. There have been documented cases of attacks on commercially run DNS servers. One of them redirected Google traffic to a fake site. Although a more rapid response from Apple would have been to the benefit of its server customers, your scribe is firmly in the Alfred E Neumann camp: "what, me worry?" If my ISP hadn't patched its DNS servers (it has, as best I can tell), there's nothing I could do about it. But once a security fix is available, shouldn't it be rolled out to customers as soon as possible?
|
Tags
| < Next story in category | Previous story in the category > |
|---|
