Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 28 July 2008 06:30

Apple in a bind over BIND

By
I've criticised Apple before for being slow to deliver patched versions of open source and other third-party software, but the latest example involving BIND, the software that provides DNS services, is hard to fathom.

Other vendors, including Microsoft and Cisco, released DNS patches earlier this month to protect their customers from the risk of Internet traffic being diverted to malicious servers. Apple's delay means users at sites running Mac OS X Server are still vulnerable to this attack.

Earlier this year, security researchers discovered a weakness in DNS protocols and implementations. DNS (Domain Name System) is the mechanism that converts human-friendly domain names such as www.itwire.com to numeric IP addresses such as 192.168.0.1.

The weakness could be used relatively easily by an attacker to 'poison' (maliciously change) the list of name-to-number mappings already established by a system.

The danger is that users would then be invisibly redirected to web sites other than those they intended to visit. This situation could be used for phishing (capturing people's account credentials for Internet banking and other sites involving value) or to lure visitors to servers loaded with malware that is silently transferred along with the web page (more a problem with Windows than other operating systems).

In a co-ordinated effort, most major vendors released fixes for affected software earlier this month. That included an update for Internet Systems Consortium's BIND, which is the most widely used DNS server.

So where is Apple's update? Please read on.


Although BIND is part of Mac OS X (both the regular and server versions, although the latter is the most significant in this situation), Apple has yet to release a BIND update for its customers.

Given that an exploit is publicly available, it makes you wonder why Apple has been so slow to react, especially when other vendors are advising their customers to apply corresponding patches as soon as possible.

It doesn't seem to be a problem for most users in homes and small businesses that rely on their ISPs for DNS, but it's hard to see why Mac OS X Server wasn't updated promptly. And by the time Apple had done that, how much more effort would it have been to release it for the client version of Mac OS X as well?

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments