Apple Fails to Patch Critical Exploited DNS Flaw by Rich Mogull TidBITS 24 Jul 2008
On 08-Jul-08, a massive security patch was released by dozens of vendors for a major vulnerability in DNS [1] (Domain Name Service), discovered by security researcher Dan Kaminsky. DNS [2] is one of the fundamental underpinnings of the Internet; translating domain names (like tidbits.com) into IP addresses (like 192.168.0.12). Because DNS is so core to the functioning of the Internet, this vulnerability is perhaps the most significant security problem to face the Internet in the last decade. All users who connect to Mac OS X servers for DNS lookups are at risk: Apple has not yet provided a patch, unlike dozens of other companies that make or distribute operating systems or DNS server software. Apple was clearly distracted by the largest set of launches in its history: the iPhone 3G, the iPhone 2.0 software, the .Mac-to-MobileMe transition, and the App Store. Nonetheless, their customers are now in danger and Apple needs to respond immediately. All companies that provide DNS service to their customers should have already updated their DNS servers. Many have not. You can determine whether your ISP is at risk by visiting Kaminsky's site and clicking Check My DNS [3]. If the site says your DNS is at risk of being poisoned, contact your ISP or your company's IT department immediately. ... http://db.tidbits.com/article/9706 ******************************* * POST TO [EMAIL PROTECTED] * ******************************* Medianews mailing list [EMAIL PROTECTED] http://lists.etskywarn.net/mailman/listinfo/medianews
