ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Apple Still Has Not Patched the DNS Hole

  • To: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Subject: Re: [ga] Apple Still Has Not Patched the DNS Hole
  • From: Patrick Vande Walle <patrick@xxxxxxxxxxxxxx>
  • Date: Tue, 29 Jul 2008 20:16:20 +0200


Jeffrey A. Williams wrote:
All,

  As an example to another thread and for Joe's edification.

An article up at TidBITS on  http://db.tidbits.com/article/9706
Apple's unexplained failure to patch the DNS vulnerability that we have
been  http://it.slashdot.org/article.pl?sid=08/07/25/1334254&tid=172
discussing for a
http://it.slashdot.org/article.pl?sid=08/07/21/2212227&tid=172
few weeks now. "Apple uses the popular Internet Systems
Consortium BIND DNS server which was one of the first tools patched,
but Apple has yet to include the fixed version in Mac OS X Server,
despite
being notified of vulnerability details early in the process and being
informed of the coordinated patch release date.
Sometimes, it may be wise to wait:

"The group responsible for maintaining the internet's most popular domain name software BIND has admitted it caused problems by fast-tracking a security patch designed to fix the widescale DNS flaw discovered by researcher Dan Kaminsky this month."

http://www.zdnet.com.au/news/security/soa/DNS-patch-causes-BIND-blunder/0,130061744,339290928,00.htm


Patrick Vande Walle

--
Patrick Vande Walle
Check my blog: http://patrick.vande-walle.eu




<<< Chronological Index >>>    <<< Thread Index >>>