« A User Study of Off-the-Record Messaging | Main | Privacy for Thee, But Not for Me »

July 28, 2008

Secrecy About the Next iPod? Fine. A Major Vulnerability? No. - heise Security UK

No patch from Apple for that DNS vulnerability just yet:

“On July 8, Microsoft, Cisco, ISC, Red Hat, Ubuntu and many other vendors, for the first time, released simultaneous updates to make it more difficult to exploit the DNS hole and urged users to install the updates immediately. At the time, the vulnerability details were still being kept under cover to allow users and especially server operators, enough time to install and test the patches.

“Now, however, the cat is out of the bag; the nature of the vulnerability has been revealed and the first tools already demonstrate how little effort is required to compromise the name translation of a DNS server and redirect web pages. First exploits have already appeared.

“We have no explanation why Apple hasn’t yet released any relevant security alerts and updates. After all, OS X servers use BIND, which is one of the most popular DNS server implementations and BIND is also affected by this problem. However, early on, the BIND developers themselves did release an update which is said to be portable to the UNIX-like OS X without much effort. According to Mogull, as with the other operating systems, in principle the client implementations of the DNS are also vulnerable. There should be no need to panic just yet because attacks are currently focusing on servers.”

The article suggests that Apple is “perhaps distracted” by recent product launches.

I suppose if Apple were a small team of developers hanging out in its rented offices I could accept the idea that it is “distracted” by other parts of the business. It’s not, though, and there’s not much excuse for failing to at least issue an advisory and a timeframe for a patch. That’s not exactly Apple’s way, though.

When it comes to things like “What color will the new iPods be?” or “Is Apple secretly working on a white Newton that folds out to a 24” all-in-one Mac?” I find Apple’s secrecy almost charming. The company’s habit of uncommunicativeness doesn’t have any place in security matters.

(Link)

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 12:20 PM | Add Comment

Leave a comment











Type the characters you see in the picture above.

 




JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers