Re: [At-Large] [ga] Apple Still Has Not Patched the DNS Hole

To: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
Subject: Re: [At-Large] [ga] Apple Still Has Not Patched the DNS Hole
From: Patrick Vande Walle <patrick@xxxxxxxxxxxxxx>
Date: Tue, 29 Jul 2008 20:16:20 +0200
Cc: Ga <ga@xxxxxxxxxxxxxx>, ALAC <alac@xxxxxxxxxxxxxxxxxxxxxxx>, ALAC NA Discuss <na-discuss@xxxxxxxxxxxxxxxxxxxxxxx>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=atlarge-lists.icann.org; h=Received:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:References:In-Reply-To:X-Greylist:X-ISOC-Luxembourg-MailScanner-Watermark:X-ISOC-Luxembourg-MailScanner-Information:X-ISOC-Luxembourg-MailScanner-ID:X-ISOC-Luxembourg-MailScanner:X-MailScanner-From:X-Spam-Status:X-Spam-Status:X-Spam-Score:X-Spam-Bar:X-Spam-Flag:Cc:Subject:X-BeenThere:X-Mailman-Version:Precedence:Reply-To:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender:Errors-To:X-AntiAbuse:X-AntiAbuse:X-AntiAbuse:X-AntiAbuse:X-AntiAbuse; b=PkGALo/i+6wB/rwDxibhOEBUR4cs5PzPLdG2nMjvxyP/rg+sCBmpJ/dOcQozB1DmafnsXE6ArYjgeqM+R872GZwIYmFS/flA4vlDL2uwNkUv7p/QY8iWheL1ApDcVroO;
In-reply-to: <488D7A5B.D78573DE@xxxxxxxxxxxxx>
List-archive: <http://atlarge-lists.icann.org/pipermail/alac_atlarge-lists.icann.org>
List-help: <mailto:alac-request@atlarge-lists.icann.org?subject=help>
List-id: At-Large Worldwide Community <alac_atlarge-lists.icann.org.atlarge-lists.icann.org>
List-post: <mailto:alac@atlarge-lists.icann.org>
List-subscribe: <http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org>, <mailto:alac-request@atlarge-lists.icann.org?subject=subscribe>
List-unsubscribe: <http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org>, <mailto:alac-request@atlarge-lists.icann.org?subject=unsubscribe>
References: <488D7A5B.D78573DE@xxxxxxxxxxxxx>
Reply-to: patrick@xxxxxxxxxxxxxx
Sender: alac-bounces@xxxxxxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.14 (Macintosh/20080615)

Jeffrey A. Williams wrote:
> All,
>
>   As an example to another thread and for Joe's edification.
>
> An article up at TidBITS on  http://db.tidbits.com/article/9706
> Apple's unexplained failure to patch the DNS vulnerability that we have
> been  http://it.slashdot.org/article.pl?sid=08/07/25/1334254&tid=172
> discussing for a
> http://it.slashdot.org/article.pl?sid=08/07/21/2212227&tid=172
> few weeks now. "Apple uses the popular Internet Systems
> Consortium BIND DNS server which was one of the first tools patched,
> but Apple has yet to include the fixed version in Mac OS X Server,
> despite
> being notified of vulnerability details early in the process and being
> informed of the coordinated patch release date.
>   
Sometimes, it may be wise to wait:

"The group responsible for maintaining the internet's most popular 
domain name software BIND has admitted it caused problems by 
fast-tracking a security patch designed to fix the widescale DNS flaw 
discovered by researcher Dan Kaminsky this month."

http://www.zdnet.com.au/news/security/soa/DNS-patch-causes-BIND-blunder/0,130061744,339290928,00.htm


Patrick Vande Walle

-- 
Patrick Vande Walle
Check my blog: http://patrick.vande-walle.eu


_______________________________________________
ALAC mailing list
ALAC@xxxxxxxxxxxxxxxxxxxxxxx
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org

At-Large Official Site: http://atlarge.icann.org

Prev by Date: [At-Large] ICANN's Internet for the Rich vs. WSIS Internet for the People
Next by Date: [At-Large] Comprehensive Study Shows IPv6 Shift Isn't Happening
Previous by thread: [At-Large] ICANN's Internet for the Rich vs. WSIS Internet for the People
Next by thread: [At-Large] Comprehensive Study Shows IPv6 Shift Isn't Happening
Index(es):
- Date
- Thread