[At-Large] [ga] Apple Still Has Not Patched the DNS Hole
Patrick Vande Walle
patrick at vande-walle.eu
Tue Jul 29 14:16:20 EDT 2008
Jeffrey A. Williams wrote:
> All,
>
> As an example to another thread and for Joe's edification.
>
> An article up at TidBITS on http://db.tidbits.com/article/9706
> Apple's unexplained failure to patch the DNS vulnerability that we have
> been http://it.slashdot.org/article.pl?sid=08/07/25/1334254&tid=172
> discussing for a
> http://it.slashdot.org/article.pl?sid=08/07/21/2212227&tid=172
> few weeks now. "Apple uses the popular Internet Systems
> Consortium BIND DNS server which was one of the first tools patched,
> but Apple has yet to include the fixed version in Mac OS X Server,
> despite
> being notified of vulnerability details early in the process and being
> informed of the coordinated patch release date.
>
Sometimes, it may be wise to wait:
"The group responsible for maintaining the internet's most popular
domain name software BIND has admitted it caused problems by
fast-tracking a security patch designed to fix the widescale DNS flaw
discovered by researcher Dan Kaminsky this month."
http://www.zdnet.com.au/news/security/soa/DNS-patch-causes-BIND-blunder/0,130061744,339290928,00.htm
Patrick Vande Walle
--
Patrick Vande Walle
Check my blog: http://patrick.vande-walle.eu
More information about the At-large
mailing list