<<< Date Index >>>     <<< Thread Index >>>

Re: [At-Large] [ga] Apple Still Has Not Patched the DNS Hole



Jeffrey A. Williams wrote:
> All,
>
>   As an example to another thread and for Joe's edification.
>
> An article up at TidBITS on  http://db.tidbits.com/article/9706
> Apple's unexplained failure to patch the DNS vulnerability that we have
> been  http://it.slashdot.org/article.pl?sid=08/07/25/1334254&tid=172
> discussing for a
> http://it.slashdot.org/article.pl?sid=08/07/21/2212227&tid=172
> few weeks now. "Apple uses the popular Internet Systems
> Consortium BIND DNS server which was one of the first tools patched,
> but Apple has yet to include the fixed version in Mac OS X Server,
> despite
> being notified of vulnerability details early in the process and being
> informed of the coordinated patch release date.
>   
Sometimes, it may be wise to wait:

"The group responsible for maintaining the internet's most popular 
domain name software BIND has admitted it caused problems by 
fast-tracking a security patch designed to fix the widescale DNS flaw 
discovered by researcher Dan Kaminsky this month."

http://www.zdnet.com.au/news/security/soa/DNS-patch-causes-BIND-blunder/0,130061744,339290928,00.htm


Patrick Vande Walle

-- 
Patrick Vande Walle
Check my blog: http://patrick.vande-walle.eu


_______________________________________________
ALAC mailing list
ALAC@xxxxxxxxxxxxxxxxxxxxxxx
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org

At-Large Official Site: http://atlarge.icann.org