billso.com

The latest patch for Mac OS X finally closes a major hole in the operating system’s DNS (domain name system) software. Apple’s description is in this knowledge base article (About the security content of Mac OS X v10.5.5 and Security Update 2008-006 ).

Of course, Apple is late to the party. By early July 2008, Microsoft had a Windows patch ready for distribution, and the major *NIX systems had their own patches ready. This Cnet article called Massive, coordinated DNS patch released has more information about this project, which preceded the public announcements about the flaw.

It’s sad that Dan Kaminsky’s warnings, detailed in a 24 July 2008 Cnet article called Kaminsky (finally) provides DNS flaw details, did not inspire an urgent response form Cupertino. Apple’s July 2008 patch addressed DNS server issues, but left most Mac users without a fix.

There are still other ways to redirect a computer to a bad domain name, of course. Another piece of prevention involves using OpenDNS instead of your ISP’s domain name servers. OpenDNS is free, fast, and provides spellchecking and phishing protection that is better than most PC and Mac security software.

See these articles from the New York Times (Apple Update Finally Fixes Important DNS Bug ) and ComputerWorld (Apple releases Mac OS X 10.5.5, patches nearly 70 bugs) for more details.

Related posts and pages on billso.com

• OpenDNS
• Hawaiian Telcom
• 25 July 2008: Fixing the DNS security hole
• 24 February 2008: Pakistan blocks YouTube, breaks trust
• 15 January 2008: OpenDNS update
• 3 September 2007: When users block the ads, should web sites block the users?
• 13 July 2007: Speed up your broadband connection with OpenDNS

Wikipedia has a stub article about AFCYBER, a new Air Force command that, for now, is based in Bossier City, Louisiana. Several cities are contending for the command’s permanent headquarters, but I am not sure if Honolulu is one of the candidates.

I discussed the Cyber Command on 2 November 2006, when the funding request was first announced.

See these two Wired articles for some more information.

The Air Force has a new marketing slogan that incorporates its new emphasis on cyberspace, but the tagline sounds a bit too German to BoingBoing and tongodeon – and I agree with both blogs. The German national anthem during World War II was “Deutschland Ueber Alles”.

I mentioned OpenDNS on 3 September and 13 July of 2007. This is a free service that looks up domain names. Domain names represent the numeric IP (Internet Protocol) addresses that are used on every server. The Domain Name System (DNS) is highly distributed, and a good target for all sorts of legal and illegal opportunities.

OpenDNS is much faster than the domain name servers I’ve used at other ISPs. Every ISP has to provide DNS services to subscribers. The DNS servers are an important part of maintaining a fast connection, but some ISPs just do not manage their DNS servers well.

OpenDNS a great way to speed up an Internet connection, especially for residential and WiFi users, by outsourcing every domain name lookup request to a dedicated set of very fast servers in North America and Europe.

It’s hard to beat secure, fast and free.

OpenDNS also includes some nice security features. The service will block phishing and adult web sites, using a constantly updated list of known servers. This is a more elegant solution that proprietary security software that usually slows down a Windows or Mac computer.

Late last year, OpenDNS asked users to recommend the service to schools and universities. A recent article in THE Journal reports that over 10,000 educational organizations have adopted OpenDNS services.

Crackers have started to attack domain name servers, inserting false domain name entries that redirect users from well-known sites to forgeries. Schools and educational institutions are an attractive target for these attacks, as their IT security is sometimes less than adequate. In the past, school email servers have been a primary target for botnets. Hackers break into these servers, which can then be used to send spam. The legitimate users of these servers may not realize their email system has been compromised until their ISP cuts off their email access.

Installing OpenDNS on a personal computer is easy to do. I would not recommend that employees do this on their company computer without the support of their IT department, as some companies maintain specific entries in their own domain name servers.

This post first appeared on my old log at http://www.bloglines.com/blog/wsodeman?id=219

http://www.forbes.com/entrepreneurs/2006/10/25/microsoft-mozilla-malware-ent-tech-cx_sb_1025smallbizresource.html

From Forbes and SmallBizResource.com, here’s a good article about everyday mistakes that employees make online. How many of these mistakes have you made? Read the article and find out the dangers, and how to avoid these errors.

1. Clicking on e-mail attachments from unknown senders
2. Installing unauthorized applications
3. Turning off or disabling automated security tools
4. Opening HTML or plain-text messages from unknown senders
5. Surfing gambling, porn or other dicey Web sites
6. Giving out passwords, tokens or smart cards
7. Random surfing of unknown, untrusted Web sites
8. Attaching to any old Wi-Fi network
9. Filling out Web scripts, forms or registration pages
10. Participating in chat rooms or social networking sites

This just in from HowToWeb: a stunning 95 percent of all e-mail is unsolicited commercial e-mail.

This Washington Post article from May details an anti-spamming effort that went awry when spammers retaliated.

Spam counts have continued to rise as more e-mail administrators choose passive management approaches such as filtering. On my e-mail servers, the most obvious spam is scanned, identified and tagged by programs such as SpamAssassin. My servers then send the high-scoring spam directly to the trash without delivering these messages to an inbox. This process eliminates most of my incoming spam.

Because I have many international students, I don’t filter messages by top-level domain, language or code pages. But many companies do use these criteria as filters. A mainland company that has no Korean customers or suppliers can afford to dump any e-mail message from South Korea. That country has been a popular mailing point for spam messages, as it offers a high concentration of broadband subscribers.

I still agree with Joi Ito’s statement from three years ago - e-mail is broken.