The latest patch for Mac OS X finally closes a major hole in the operating system’s DNS (domain name system) software. Apple’s description is in this knowledge base article (About the security content of Mac OS X v10.5.5 and Security Update 2008-006 ).
Of course, Apple is late to the party. By early July 2008, Microsoft had a Windows patch ready for distribution, and the major *NIX systems had their own patches ready. This Cnet article called Massive, coordinated DNS patch released has more information about this project, which preceded the public announcements about the flaw.
It’s sad that Dan Kaminsky’s warnings, detailed in a 24 July 2008 Cnet article called Kaminsky (finally) provides DNS flaw details, did not inspire an urgent response form Cupertino. Apple’s July 2008 patch addressed DNS server issues, but left most Mac users without a fix.
There are still other ways to redirect a computer to a bad domain name, of course. Another piece of prevention involves using OpenDNS instead of your ISP’s domain name servers. OpenDNS is free, fast, and provides spellchecking and phishing protection that is better than most PC and Mac security software.
See these articles from the New York Times (Apple Update Finally Fixes Important DNS Bug ) and ComputerWorld (Apple releases Mac OS X 10.5.5, patches nearly 70 bugs) for more details.
Related posts and pages on billso.com
- OpenDNS
- Hawaiian Telcom
- 7 April 2011: Linux is 20
- 25 July 2008: Fixing the DNS security hole
- 24 February 2008: Pakistan blocks YouTube, breaks trust
- 15 January 2008: OpenDNS update
- 3 September 2007: When users block the ads, should web sites block the users?
- 13 July 2007: Speed up your broadband connection with OpenDNS
Comments on this entry are closed.