Author Topic: Yesterday's OS X Security Update patches DNS Flaw!  (Read 4093 times)

Offline sandyman

  • TS Addict
  • *****
  • Posts: 978
    • View Profile
    • http://
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #15 on: August 03, 2008, 01:28:31 PM »
QUOTE(sandbox @ Aug 3 2008, 09:28 AM) <{POST_SNAPBACK}>
QUOTE(gunug @ Aug 2 2008, 08:58 PM) <{POST_SNAPBACK}>
Apparently these guys think Apple Clients are still vulnerable:

http://db.tidbits.com/article/9721


I just ran the terminal test on Panther and it's OK.


It will not work if you use a router and use that as your DNS Server.

However the fact that you "Passed" suggests to me that your ISP has patched their DNS servers.

Sandy

Edit

I had a quick think about all this and it might be a good idea to upgrade your router's firmware if you are using one.  I use DD-WRT and they updated their firmware last week.  Sandy gets a kick where the sun don't shine for not checking sooner  whew.gif
« Last Edit: August 03, 2008, 01:49:25 PM by sandyman »

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #16 on: August 03, 2008, 03:23:40 PM »
QUOTE(sandyman @ Aug 3 2008, 02:28 PM) <{POST_SNAPBACK}>
QUOTE(sandbox @ Aug 3 2008, 09:28 AM) <{POST_SNAPBACK}>
QUOTE(gunug @ Aug 2 2008, 08:58 PM) <{POST_SNAPBACK}>
Apparently these guys think Apple Clients are still vulnerable:

http://db.tidbits.com/article/9721


I just ran the terminal test on Panther and it's OK.


It will not work if you use a router and use that as your DNS Server.

However the fact that you "Passed" suggests to me that your ISP has patched their DNS servers.

Sandy

Edit

I had a quick think about all this and it might be a good idea to upgrade your router's firmware if you are using one.  I use DD-WRT and they updated their firmware last week.  Sandy gets a kick where the sun don't shine for not checking sooner  whew.gif


yup, just ran it off the modem.

I've had many routers given to me or that I found here and there, today I'm using this one http://www.netgear.com/Products/PrintServe...rs/WGPS606.aspx which doesn't work with DD-WRT, my last one did but I gave it away.

A friend brought one of these back from London, it was a gift from Belkin.

http://catalog.belkin.com/IWCatProductPage...oduct_Id=377018


this is the support page for DD-WRT
http://www.dd-wrt.com/wiki/index.php/Suppo..._Devices#Belkin

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #17 on: August 03, 2008, 03:37:22 PM »

Two Black Hat Talks On Apple Security Cancelled
Posted by kdawson on Sunday August 03, @08:04AM
from the can't-say-that dept.
Security Apple
An anonymous reader writes
QUOTE
"Two separate Apple security talks have been nixed at the last minute from next week's Black Hat security conference in Las Vegas. The Washington Post's Security Fix blog reports that Apple researcher Charles Edge was to present on flaws in Apple's FileVault encryption plan, but asked Black Hat to cancel the talk, citing confidentiality agreements with Apple. Then on Friday, Apple pulled its security engineering team out of a planned public discussion on the company's security practices — which would have been a first for Apple. 'Marketing got wind of it, and nobody at Apple is ever allowed to speak publicly about anything without marketing approval,' a Black Hat spokesman said."

http://it.slashdot.org/it/08/08/03/0031228.shtml

Offline tacit

  • TS Addict
  • *****
  • Posts: 1628
    • View Profile
    • http://www.xeromag.com/
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #18 on: August 04, 2008, 05:46:57 PM »
I think there's a lot of confusion and misunderstanding about this security flaw.

First of all, you do not need to apply the patch; the flaw in BIND will not affect you unless you are running your Mac as a name server, for example if you are the owner of an ISP and you use Macs as DNS servers. If you are just a consumer using your Mac, then patching your Mac makes no difference. The patch only affects if you happen to be running the name server software called BIND on your computer and using your computer as a name server.

The thing that tells if you are affected or not does not tell you if your computer is vulnerable. Your particular computer is never vulnerable if it is not running as a name server. Instead, that test tells you if your ISP has fixed the problem on their name servers. So it is possible that you may not apply the patch and you'll get an OK response from the test, or you may apply the patch and get a not OK response from the test, because the test does not test your computer at all. It tests the computers in your ISP's data center.
A whole lot about me: www.xeromag.com/franklin.html

Offline gunug

  • TS Addict
  • *****
  • Posts: 6710
  • TS Palindrome
    • View Profile
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #19 on: August 04, 2008, 06:25:22 PM »
I talked to the official Apple Technician who works in our part of the state today and he confirmed that whatever risks there were have been patched and that only in the most extreme conditions would it every lessen the security in a client workstation anyway!  I didn't seek him out we were just in the same meeting!
« Last Edit: August 04, 2008, 06:25:59 PM by gunug »
"If there really is no beer in heaven then maybe at least the
computers will work all of the time!"

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #20 on: August 08, 2008, 01:44:19 PM »
QUOTE(tacit @ Aug 4 2008, 06:46 PM) <{POST_SNAPBACK}>
I think there's a lot of confusion and misunderstanding about this security flaw.

First of all, you do not need to apply the patch; the flaw in BIND will not affect you unless you are running your Mac as a name server, for example if you are the owner of an ISP and you use Macs as DNS servers. If you are just a consumer using your Mac, then patching your Mac makes no difference. The patch only affects if you happen to be running the name server software called BIND on your computer and using your computer as a name server.

The thing that tells if you are affected or not does not tell you if your computer is vulnerable. Your particular computer is never vulnerable if it is not running as a name server. Instead, that test tells you if your ISP has fixed the problem on their name servers. So it is possible that you may not apply the patch and you'll get an OK response from the test, or you may apply the patch and get a not OK response from the test, because the test does not test your computer at all. It tests the computers in your ISP's data center.


Ops, your right.... and I don't run a name server any longer.  Thinking.gif

Offline krissel

  • Administrator
  • TS Addict
  • *****
  • Posts: 14735
    • View Profile
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #21 on: August 09, 2008, 03:00:25 AM »
Well folks, seems as though the patch is not exactly flawless either:

http://www.nytimes.com/2008/08/09/technolo...xprod=permalink


A Techsurvivors founder

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
Yesterday's OS X Security Update patches DNS Flaw!
« Reply #22 on: August 09, 2008, 09:07:39 AM »
See posts #10 & 12. wallbash.gif
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes: