RE: [Fed-Talk] OS X DNS clients still unpatched?
RE: [Fed-Talk] OS X DNS clients still unpatched?
- Subject: RE: [Fed-Talk] OS X DNS clients still unpatched?
- From: "Miller, Timothy J." <email@hidden>
- Date: Fri, 8 Aug 2008 15:55:27 -0400
- Thread-topic: [Fed-Talk] OS X DNS clients still unpatched?
I highly recommend everyone read Dan Kaminsky's Blackhat briefing:
http://www.doxpara.com/?p=1204
-- Tim
-----Original Message-----
From: fed-talk-bounces+tmiller=email@hidden
[mailto:fed-talk-bounces+tmiller=email@hidden] On Behalf Of ED
Fochler
Sent: Friday, August 08, 2008 11:46 AM
To: email@hidden
Cc: Jason Levine
Subject: Re: [Fed-Talk] OS X DNS clients still unpatched?
I strongly disagree. Although Apple was a little slow to address DNS
and the ARD-applescript problems, they appear to be addressed. As for
the DNS client being vulnerable, that would imply that you can't trust
your local DNS server or your local network. If that's the case, then
you have bigger problems than how random your ports are.
ED Fochler.
On Aug 8, 2008, at 12:23 PM, Jason Levine wrote:
> Wow -- I didn't know that the DNS patch pushed out by Apple (three-
> plus
> weeks later than every other provider) actually doesn't patch what
> might be
> argued to be the more *critical* side of the DNS bug, the client side:
>
>
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=10&issue=61#sID3
> 04
>
http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
> cleId=9111363&source=rss_topic17
>
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID
> =209901566
>
> Given how tight-lipped Apple is with any security-related info, I
> won't
> presume that this post will generate any official Apple response...
> but
> Apple reps, know that this looks *BAD*, and makes it that much
> harder to
> convince my folks here that using Macs on the desktop is a secure
> option.
>
> Jason
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> @mail.nih.gov
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden