Apple released patches for 17 different flaws of its Mac OS X server. But, as per latest research the patch didn’t do anything. Andrew Storms, director of security operations at nCircle Network Security Inc. conducted a system test with the new patch. Still the Mac OS X client is adding the port on incremental basis.
“The current countermeasure to this DNS cache-poisoning vulnerability is to introduce increased entropy by forcing randomization of the query ID and the source port. Essentially, making it all the more difficult to spoof the DNS response,” said Andrew Storms.
The DNS flaw allows an attacker to execute a cache poisoning attack, where traffic to a legitimate domain name is redirected to a malicious one after an attack on a DNS server. The user types a good URL and can be redirected to a fake one. This can enable phishing attack. Users can be fooled easily in this process. In cache poisoning, this level of attack allows hackers to corrupt the database a DNS server holds in memory. Cisco and Microsoft rolled out patches immediately when the vulnerability was discovered on July 8.
Although, Apple rolled out patches for all Macs running OS X 10.4.11 and 10.5.4 (Server and desktop, Intel and PowerPC, Leopard and Tiger), the fix only repaired the most vulnerable part of DNS, the server software, even on systems that don’t use it. Client DNS software, used by an operating system to request a DNS lookup from a full-scale DNS server, is still at risk. Apple did not immediately respond to questions about the DSN patch.
Source: Network World.
Filed under
Enterprise Software,
Service Pack and Patches | Tags:
Apple,
Cache,
DNS,
Intel,
Leopard,
Mac os x,
Phishing,
PowerPc,
Server,
URL | Comment Below
Related?
Windows XP SP3 Ships with Vulnerable Flash PlayerJune 3rd, 2008 Microsoft's Windows XP Service Pack 3 (SP3) includes an older version of Adobe's Flash Player that's vulnerable to recently-spotted attacks. Windows XP SP3 includes Flash Player 9.0.115.0, a version released by Adobe Systems Inc.
The New $199 iPhone for AT & T Customers?April 30th, 2008 Fortune reports that AT&T is preparing to offer a $200 subsidy for buyers of the next-generation Apple iPhone, widely expected to be introduced this summer. It writes that since the new, presumably faster models will start at the same $399 base price as the current iPhones, that will drop the effective price to $199.
Twitter is also Vulnerable to HackingMarch 21st, 2009 Secure Science researchers found vulnerability of Twitter Microblogging site. Hackers can attack user accounts as well as make your computer a compromising position with the help of the cross scripting code(XSS).
How You can Protect Your Wireless NetworkJuly 4th, 2009 The advent of wireless networking has made a big impact on the people about the way they use computers. Wireless networking is so inexpensive now a days that anyone can set up WLAN in an easy way.
Google Launched Media ServerJune 27th, 2008 Google just announced its odd Google Media Server, a Windows app that finds photos, music, and video and makes it available to DLNA devices like the PlayStation 3, XBox 360, and most Media Center PCs. The Google Media Server can connect a PC to any device that supports Universal Plug and Play, or UPnP, a set of computer network protocols that enable devices to share data across a home network.
Sale Declined Significantly for the Top 5 Server VendorsJune 2nd, 2009 The server market regardless of x86 or Unix is impacted badly due to recession. The data shows that overall sales for Servers went down by 24% worldwide.
Cisco and Microsoft Launched New Windows Server ProductOctober 4th, 2008 Cisco and Microsoft jointly unveiled new product Windows Server on WAAS. The company can deploy corporate applications and infrastructure services across branch and data center with the help of this product which is an integration of Windows Server 2008 with the Cisco Wide Area Application Services (WAAS).
Spring Source Digs Up Tomcat to Better Your Enterprise Web ServerDecember 2nd, 2008 SpringSource, maker of the popular open-source Spring Framework for Java, announced new open source Web Application Server for Enterprises based on Apache Tomcat server. The new server preserves all of the features of Tomcat but adds some capabilities like enterprise management and diagnostic features.
