July 28

Security news – DNS Holes being fixed

Most venders have been working steadily on the recently revealed DNS Security Hole

If you are not aware of the DNS Hole, here is an except from PC World.

In brief, the flaw relates to how DNS requests are made to servers and fulfilled. The weak point in DNS is that when a computer asks for the translation of a name into a number, malicious parties can try to "poison" the response, by feeding out inaccurate information. The current DNS system uses some random components to made it hard to poison, but Kaminsky discovered that due to an overlooked hole, a peristent malicious party could ultimately succeed.

It appears that most vendors have released and deployed security fixes for the problem.  The surprising holdout is Apple.  As of the publishing of this article, Apple has yet to release the fix for their servers.  According to the Tidbits website, this could pose a huge problem for uses of Apple servers.

All users who connect to Mac OS X-based servers for DNS lookups are at risk: Apple has not yet provided a patch, unlike dozens of other companies that make or distribute operating systems or DNS server software.

Hopefully Apple will address this issue soon.

Posted July 28, 2008 by bk in category Operating Systems, Safety, Tech News

Leave a Comment