NewsDude
08-04-2008, 10:10 PM
Once again, Apple users are being left with a sour taste. Last week, the company released a downloadable patch to correct a critical Domain Name System vulnerability that could redirect browsers to malicious sites.
Researchers have confirmed that attacks based on the glitch have begun. On a hacked system, users entering a normal URL can fall victim to phishing scams when they are led to a fake address. Known as cache poisoning, this level of attack allows hackers to corrupt the database a DNS server holds in memory. Some users have been able to spot bogus sites, but others haven't been as lucky.
More Than One Bad Apple
If a user is duped, social-engineering tricks can be used to trick a visitor into entering sensitive information, or directly attack the infected machine through Web-browser vulnerabilities. Mac users are more likely to be redirected than suffer a direct attack, since there are currently no known public Mac OS X exploits that are launched by visiting a Web site.
According to a blog posting by Andrew Storms, nCircle's director of security operations, Apple appears to have left out critical coding that would make the patch viable.
"The current countermeasure to this DNS cache-poisoning vulnerability is to introduce increased entropy by forcing randomization of the query ID and the source port. Essentially, making it all the more difficult to spoof the DNS response," he wrote.
"Incident handler" Swa Frantzen of the SANS Institute, an independent provider of information-security training, certification and research, agreed with Storms and was also critical of the patch on his blog, writing that Apple might have fixed some of the more important parts for servers, but is far from done yet, as all the clients linked against a DNS client library still need to get the workaround.
Other Patches Fail, Too
ISPs have fallen victim...
More... (http://www.toptechnews.com/story.xhtml?story_id=61133)
Researchers have confirmed that attacks based on the glitch have begun. On a hacked system, users entering a normal URL can fall victim to phishing scams when they are led to a fake address. Known as cache poisoning, this level of attack allows hackers to corrupt the database a DNS server holds in memory. Some users have been able to spot bogus sites, but others haven't been as lucky.
More Than One Bad Apple
If a user is duped, social-engineering tricks can be used to trick a visitor into entering sensitive information, or directly attack the infected machine through Web-browser vulnerabilities. Mac users are more likely to be redirected than suffer a direct attack, since there are currently no known public Mac OS X exploits that are launched by visiting a Web site.
According to a blog posting by Andrew Storms, nCircle's director of security operations, Apple appears to have left out critical coding that would make the patch viable.
"The current countermeasure to this DNS cache-poisoning vulnerability is to introduce increased entropy by forcing randomization of the query ID and the source port. Essentially, making it all the more difficult to spoof the DNS response," he wrote.
"Incident handler" Swa Frantzen of the SANS Institute, an independent provider of information-security training, certification and research, agreed with Storms and was also critical of the patch on his blog, writing that Apple might have fixed some of the more important parts for servers, but is far from done yet, as all the clients linked against a DNS client library still need to get the workaround.
Other Patches Fail, Too
ISPs have fallen victim...
More... (http://www.toptechnews.com/story.xhtml?story_id=61133)