| What is RSS feed? | About Us |
 |
 Search Score: 5/10
Source: uk.news.yahoo.com --- 31 days ago
Security researchers are claiming that Apple has failed to fully Patch the high profile DNS cache poisoning error. ... Source: discussions.apple.com --- 34 days ago
Is it alright to use this update (Security Update 2008-005 (Intel)--DNS hole Patch) on an Intel iMac running OS X Ver. 10.4.9 even thought it states ... Source: www.news.com --- 35 days ago
Apple releases a security update for its Tiger and Leopard operating systems to Patch a critical Domain Name System flaw, along with a dozen other updates. ... Source: slashdot.org --- 34 days ago
Glenn Fleishman sends word that SANS Institute testing indicates that, even after installing Apple's latest Patch for the DNS vulnerability, Leopard desktops (not servers) are still vulnerable — or at least perpetuate risky behavior that makes exploitation easier. This matters because "With servers rapidly being patched worldwide, it's likely that the low-hanging fruit disappears, and vectors [will be] designed to attack massive numbers of clients on ISP networks." Read more of this story at Slashdot. ... Source: www.theregister.co.uk --- 34 days ago
Cache from chaos Apple has finally gotten around to defending against a high-profile Domain Name System flaw, days after security researchers called it out for dragging its heels on releasing a Patch.… ... Source: www.theregister.co.uk --- 34 days ago
Tiger, Leopard (still) wide open Apple was widely skewered for being among the last to fix a gaping security hole in the net's address lookup system that could allow the wholesale hijacking of users' internet connections. And now that the company has finally got around to issuing a Patch , there's just one problem: it doesn't work on client versions of Mac OS X.… ... Source: www.informationweek.com --- 34 days ago
Despite Apple's Patch, the fix for the DNS cache poisoning vulnerability is far from done, according to a SANS security researcher. ... Source: news.zdnet.co.uk --- 35 days ago
The comapny has released a security update for its Tiger and Leopard operating systems to address a critical and well-publicised Domain Name System flaw ... Source: www.moreover.com --- 33 days ago
Linux Today Aug 1 2008 11:21PM GMT ...
Source: www.zdnet.com.au --- 31 days ago
Apple's Domain Name System Patch for Mac OS X systems is not completely effective, according to security experts. ... Source: forums.techarena.in --- 31 days ago
Can someone provide a direct link to the page which allows me to d/l this Patch for Windows 2000 Server SP4? I can't seem to find it. Thanks. -- George Hester _________________________________ ... Source: www.pcadvisor.co.uk --- 30 days ago
Researcher says it won't fix cache poisoning error Apple's DNS Patch, which was released last week, doesn't fix the high profile DNS cache poisoning error, according to security researchers. ... Source: www.pcadvisor.co.uk --- 34 days ago
Computer giant slow to react to dangerous bug A Patch that will fix the Berkeley Internet Name Domain (BIND) DNS server flaw has been released by Apple. ... Source: www.itbusinessedge.com --- 31 days ago
Firewall vendors like Cisco, Juniper and Citrix are scrambling to fix a problem that can undo a feature that was introduced in the DNS patches, according to InfoWorld. Firewall software that uses Internet Protocol address translation has the potential to undo the source port randomization, which would allow attackers to pull off a cache-poisoning attack against [...] ... Source: www.itbusinessedge.com --- 34 days ago
Though Apple released a Patch for the Domain Name System vulnerability, this Computerworld story says the Patch doesn’t work. It quotes Andrew Storms, director of security operations at nCircle Network Security, and Swa Frantzen of the SANS Institute’s Internet Storm Center, who independently tested the Patch on systems running the client version of Mac OS X [...] ... Source: www.bmighty.com --- 33 days ago
Apple's release of a raft of patches included an overdue one for the DNS hole that's gotten so much attention over the past few weeks. Unfortunately the Patch leaves some DNS problems still in the hole. ... Source: www.topix.com --- 32 days ago
The Domain Name Security vulnerability is not being patched quickly. And some patches, such as those for BIND systems, are causing performance problems. ... Source: www.soft-go.com --- 2 days ago
A domain-name system (DNS) researcher proposed on Wednesday that the addition of a single character to the popular BIND name server software could severely limit cache poisoning attacks, such as those described by researcher Dan Kaminsky. By changing a ‘< ' to ' ... Source: www.winxpcentral.com --- 34 days ago
For all you Apple fans. Apple has released Security Update 2008-005 via Software Update. The update patches several vulnerabilities including... ... Find more results for DNS Patch on RSSMicro.com |
Copyright © 2008 RSSMicro.com
Filed under: OS , Bad Apple , Security The distance between good intentions and actual results seems to be getting longer and longer. While Apple did release a security Patch yesterday that included a fix to BIND for the highly publicized cache poisoning exploit -- some time after most other vendors got updates out to customers -- that fix doesn't seem to be, you know, actually working. Multiple sources have noted that Apple's DNS Patch, at least on Mac OS X 10.4 and 10.5 client versions, isn't implementing the key feature that's meant to block cache poisoning: port randomization on requests. While the same version of BIND running on Linux systems behaves as expected, Mac OS X machines doggedly issue DNS requests on sequential ports, making them far more vulnerable to spoofing by malicious folk. This may seem like an esoteric vulnerability, and indeed for most Mac users the more important question is whether or not your ISP or network manager has patched the primary DNS servers you rely on (you can check your DNS server status via Dan Kaminsky's tool here ). The behavior of Apple on this security issue, however, is very troubling. Waiting weeks to issue a Patch for a key vulnerability and lagging behind other OS vendors is bad enough; shipping that Patch only to have the user community discover that it doesn't work worth a bucket of warm spit ... that's not the act of a company that claims to care deeply about the security of its custo ...