7 Aug 16:30
root hints file
From: William Ehrich <ehrich@...>
Subject: root hints file
Newsgroups: gmane.comp.macosx.general
Date: 2008-08-07 14:34:29 GMT
Subject: root hints file
Newsgroups: gmane.comp.macosx.general
Date: 2008-08-07 14:34:29 GMT
>From comp.risks 25.26: > Date: Tue, 5 Aug 2008 18:49:27 +0100 > From: Robin Stevens <rejs@...> > Subject: Re: Apple Fails to Patch Critical Exploited DNS Flaw (RISKS-25.25) > > I too was unimpressed by Apple's slow response to Kaminsky's DNS flaw (which > appears to be inadequate - see <http://db.tidbits.com/article/9721>). > Unfortunately it's far from the only flaw they've been slow to correct. > > Their latest version of the operating system (OS X 10.5) still ships with a > root hints file dating from 2002. This hints file is that used to > "bootstrap" the whole process of DNS resolution, by listing the IP addresses > of the thirteen top-level servers. Unfortunately, since 2002, two of the IP > addresses have changed. This isn't generally a problem; if the first > address tried fails to respond, then a nameserver will simply try another. > > But what if, instead of getting no response from an obsolete root server > address, a malicious response is received from a third party? This isn't > purely scare-mongering. Hijacking of an old address has already been seen, > e.g.: > <http://www.renesys.com/blog/2008/05/identity_theft_hits_the_root_n_1.shtml> > following the most recent address change. There's no reason to suspect any > malicious intent in this case, but it could have happened. > > I reported to Apple in early 2006 that their root hints file was out of > date. They responded, telling me they were already aware of this. OS X > 10.5 shipped last year, with the same outdated hints file. It's *still* > unfixed - why? >(Continue reading)
RSS Feed