Re: [Fed-Talk] OS X DNS clients still unpatched?
Re: [Fed-Talk] OS X DNS clients still unpatched?
- Subject: Re: [Fed-Talk] OS X DNS clients still unpatched?
- From: "Dan O'Donnell" <email@hidden>
- Date: Fri, 08 Aug 2008 10:26:08 -0700
- Thread-topic: [Fed-Talk] OS X DNS clients still unpatched?
OSX Server is not required to run DNS. A standard OSX client has BIND DNS
and it can be argued that this would be a cheaper DNS server than paying for
a full OSXS just to run DNS.
However, since Apple has not yet patched DNS on client OSX, this would be a
potential security risk.
On 8/8/08 9:59 AM, "Peter R. Link" <email@hidden> wrote:
> I saw this website and DNS check application posted a couple of days
> ago. I tried it from a home computer to see what it said. My Comcast
> connection seems to have additional controls that safeguard against
> DNS spoofing. I also saw an article that supports Ed's comments about
> the client being the less critical part. I haven't tried setting up a
> Leopard server with its DNS server application turned on to see what
> the DNS check application tells me.
>
> http://www.doxpara.com/
>
>
> On Aug 8, 2008, at 9:46 AM, ED Fochler wrote:
>
>> I strongly disagree. Although Apple was a little slow to address
>> DNS and the ARD-applescript problems, they appear to be addressed.
>> As for the DNS client being vulnerable, that would imply that you
>> can't trust your local DNS server or your local network. If that's
>> the case, then you have bigger problems than how random your ports
>> are.
>>
>> ED Fochler.
>>
>>
>>
>> On Aug 8, 2008, at 12:23 PM, Jason Levine wrote:
>>
>>> Wow -- I didn't know that the DNS patch pushed out by Apple (three-
>>> plus
>>> weeks later than every other provider) actually doesn't patch what
>>> might be
>>> argued to be the more *critical* side of the DNS bug, the client
>>> side:
>>>
>>> http:// www. sans.org/newsletters/newsbites/newsbites.php?
>>> vol=10&issue=61#sID3
>>> 04
>>> http:// www. computerworld.com/action/article.do?
>>> command=viewArticleBasic&arti
>>> cleId=9111363&source=rss_topic17
>>> http:// www. informationweek.com/news/hardware/mac/
>>> showArticle.jhtml?articleID
>>> =209901566
>>>
>>> Given how tight-lipped Apple is with any security-related info, I
>>> won't
>>> presume that this post will generate any official Apple response...
>>> but
>>> Apple reps, know that this looks *BAD*, and makes it that much
>>> harder to
>>> convince my folks here that using Macs on the desktop is a secure
>>> option.
>>>
>>> Jason
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>> @mail.nih.gov
>>>
>>> This email sent to email@hidden
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>>
>
> Peter Link
> Cyber Security Analyst
> Cyber Security Program
> Lawrence Livermore National Laboratory
> PO Box 808, L-315
> Livermore, CA 94550
> email@hidden
>
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
__________________________________________________________________________
This email message is for the sole use of the intended recipient(s) and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden