Click here to receive your FREE subscription to Campus Technology
News
Apple Reacts to Spoof Threats, Issues DNS Hotfix
8/4/2008
|
|
Apple Inc. took action Friday to address the infamous Domain Name System (DNS) problem. And none too soon.
Last week saw a DNS server exploit divert AT&T Internet service users in Austin, Texas. The DNS trouble, which caused users to be sent to a bogus Web page, occurred more than a week after Microsoft issued its own warning about the dangers of a weak DNS framework.
In response to the threat, Apple released Security Update 2008-005, saying that its latest hotfix protects open scripting architecture libraries from certain vulnerabilities. If left unfixed, a hacker or internal enterprise user might leverage the exploit to "execute commands with elevated privileges."
On the whole, the patch addresses the DNS issue by implementing what the company calls "source port randomization to improve resilience against [DNS] cache poisoning attacks."
The patch is for Mac OS X Server 10.4 and 10.5, as well as for Mac OS X 10.4.11 and 10.5.4 operating systems.
For Mac OS X v10.4.11 systems, the Berkeley Internet Name Domain (BIND) is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1. The hotfix also closes the script-based local privilege escalation vulnerabilities in the MAC for Windows programs.
Apple responded to one of this year's most controversial security issues in issuing the hotfix, but there is already some push back. Security researcher Swa Frantzen, who works at the SANS Internet Storm Center, asserted that the hotfix is incomplete. Apple's fix hasn't quite done the trick.
"Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the [Internet] Protocol weakness," Frantzen wrote in a blog post on Friday.
The issue appears to be that, despite Apple's patch, BIND under OS X is incrementing the ports it uses to communicate DNS information in a predictable instead of random pattern.
Recommended Reading
- UNLV Hospitality Students Learn on Micros Opera
The William F. Harrah College of Hotel Administration at the University of Nevada, Las Vegas (UNLV) has received a donation from Micros Systems that will allow the college's students to use its Opera hospitality software in classes.
- Cambridge Reduces Support Needs in Move to New Wireless System
The University of Cambridge is deploying Aruba Networks' wireless LAN equipment to replace a legacy network that had become unmanageable and a drain on resources. Since early 2008, about 100 Aruba AP-65 access points have been deployed, along with dual MMC-6000 Multi-Service Mobility Controllers.
- iKnow Social Learning Platform Expands Language Support
Cerego has released new content creation tools for its iKnow social learning platform, adding support for creating learning modules in any of 188 languages. The company has also expanded language support for the text-to-speech technology used in the iKnow platform.
- Smart Debuts Updated Whiteboard Lineup
Smart Technologies last week unveiled updates to its Smart Board 600i interactive whiteboard system. The new lineup includes both a standard 4:3 and a widescreen 16:10 model, each featuring new boom-mounted, short-throw projectors.
- SUNY's Binghamton Monitors Network with Lancope's StealthWatch
Binghamton University, part of the State University of New York (SUNY) system, is using StealthWatch from Lancope to help streamline network management, control, and security with visibility of network behavior. Binghamton has an IT network that spans 20,000 client endpoints and six geographic locations. After contending with worm propagation and other security threats that affected network performance, the university's network management team sought a way to increase visibility of network traffic and analyze network behavior for potential threats.
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
