<strong> If you are so worried, you can create a HOSTS file pointing directly to the IP address and not use your DNS servers to take you there.</strong>
IP <-> MAC address translation is not the same as DNS lookup. The .hosts file is useless (against arp spoofing).
<strong>For the really paranoid, just wait a few days and download them directly from apple's web site, provided no one has hacked it.</strong>
What exactly should that change? If all incoming traffic is controlled by someone else, the website is not any better than software update.
Maybe it's not clear yet: This attack is only relevant for those who are extremely security concerned. Meaning: people who never install software from download.com, apple.com or anywhere else anyway (unless it's over a secure line with authenticated servers or the files are signed). Of course, most users don't fall into this category. BUT: Although Apple can't control what the users are doing, they must at least try to make the basic system as secure as possible, at least if MacOS X is supposed to be a secure OS.
<strong>I have always manually downloaded and installed all updates, and I don't see why apple couldn't post the updates on their site. I have never heard of anyone having a problem downloading files directly from apple's website. <img src="graemlins/oyvey.gif" border="0" alt="[No]" /> This "software update" program is slow, and unnecessary. Netscape is fine for me. (and more reliable.)</strong><hr></blockquote>
Downloads fine for me, no slower or faster than downloading a file in IE or Omniweb, except that SU automatically installs the update as well.
But if you like doing it all yourself, why don't you be a real man and use nothing but the terminal? True haxxors use the terminal to download and install updates. Then they bust out another shell to sniff their local TCP packets for suspicious traffic. And if such a haxxor were to find someone running some bots to attack his Powermac, said haxxor would take out the varmint's Wintel with a few swift keystrokes in the terminal.
... This is a DNS spoof and not an ARP one...</strong><hr></blockquote>
No, this is a MIM attack that can be done in every imaginable way (including ARP spoofing), in the same subnet or not (ARP is in the same subnet).
As ARP spoofing is much more poweful than DNS spoofing (works in switched networks, .hosts file is useless), you better download that update instead of trying to find (useless) solutions yourself.
Apple has posted a fix on this issue (as of Friday7-12-02). You can find it on a link off their support page, and it should be available on Software Update soon, according to MacCentral.
[quote] But if you like doing it all yourself, why don't you be a real man and use nothing but the terminal? True haxxors use the terminal to download and install updates. Then they bust out another shell to sniff their local TCP packets for suspicious traffic. And if such a haxxor were to find someone running some bots to attack his Powermac, said haxxor would take out the varmint's Wintel with a few swift keystrokes in the terminal.
I mentioned nothing about MAC address translation.
This is a DNS spoof and not an ARP one. One must be on the same subnet to be susceptible to this attack.</strong><hr></blockquote>
You don't know what you're talking about MacTech. It is an ARP attack where an ARP reply is sent to the target computer and updates the cache to the new IP - MAC translation. I've been to the website and iv'e looked at the tools and it can be done. Like someone said before, I don't know why everyone's so worried it's nothing new. It's possible for someone to replicate download.com and trick someone into downloading a trojan or something. If someone was serious about hacking you (not just script-kiddies) then they most probably could. But why out of the millions of people on the internet would they pick you!
Comments
IP <-> MAC address translation is not the same as DNS lookup. The .hosts file is useless (against arp spoofing).
<strong>For the really paranoid, just wait a few days and download them directly from apple's web site, provided no one has hacked it.</strong>
What exactly should that change? If all incoming traffic is controlled by someone else, the website is not any better than software update.
Maybe it's not clear yet: This attack is only relevant for those who are extremely security concerned. Meaning: people who never install software from download.com, apple.com or anywhere else anyway (unless it's over a secure line with authenticated servers or the files are signed). Of course, most users don't fall into this category. BUT: Although Apple can't control what the users are doing, they must at least try to make the basic system as secure as possible, at least if MacOS X is supposed to be a secure OS.
123
[QB]IP <-> MAC address translation is not the same as DNS lookup. The .hosts file is useless (against arp spoofing).<hr></blockquote>
I mentioned nothing about MAC address translation.
This is a DNS spoof and not an ARP one. One must be on the same subnet to be susceptible to this attack.
<a href="http://docs.info.apple.com/article.html?artnum=75304"; target="_blank">http://docs.info.apple.com/article.html?artnum=75304</a>;
Cheers
<strong>I have always manually downloaded and installed all updates, and I don't see why apple couldn't post the updates on their site. I have never heard of anyone having a problem downloading files directly from apple's website. <img src="graemlins/oyvey.gif" border="0" alt="[No]" /> This "software update" program is slow, and unnecessary. Netscape is fine for me. (and more reliable.)</strong><hr></blockquote>
Downloads fine for me, no slower or faster than downloading a file in IE or Omniweb, except that SU automatically installs the update as well.
But if you like doing it all yourself, why don't you be a real man and use nothing but the terminal? True haxxors use the terminal to download and install updates. Then they bust out another shell to sniff their local TCP packets for suspicious traffic. And if such a haxxor were to find someone running some bots to attack his Powermac, said haxxor would take out the varmint's Wintel with a few swift keystrokes in the terminal.
Do you have what it takes?
<strong>
... This is a DNS spoof and not an ARP one...</strong><hr></blockquote>
No, this is a MIM attack that can be done in every imaginable way (including ARP spoofing), in the same subnet or not (ARP is in the same subnet).
As ARP spoofing is much more poweful than DNS spoofing (works in switched networks, .hosts file is useless), you better download that update instead of trying to find (useless) solutions yourself.
123
Five days to respond...not bad!
[quote] But if you like doing it all yourself, why don't you be a real man and use nothing but the terminal? True haxxors use the terminal to download and install updates. Then they bust out another shell to sniff their local TCP packets for suspicious traffic. And if such a haxxor were to find someone running some bots to attack his Powermac, said haxxor would take out the varmint's Wintel with a few swift keystrokes in the terminal.
Do you have what it takes? <hr></blockquote>
<img src="graemlins/lol.gif" border="0" alt="[Laughing]" /> <img src="graemlins/lol.gif" border="0" alt="[Laughing]" /> <img src="graemlins/lol.gif" border="0" alt="[Laughing]" />
Usually, I find your posts hit or miss, but that's the first good laugh I've had today. Right on.
<strong>
I mentioned nothing about MAC address translation.
This is a DNS spoof and not an ARP one. One must be on the same subnet to be susceptible to this attack.</strong><hr></blockquote>
You don't know what you're talking about MacTech. It is an ARP attack where an ARP reply is sent to the target computer and updates the cache to the new IP - MAC translation. I've been to the website and iv'e looked at the tools and it can be done. Like someone said before, I don't know why everyone's so worried it's nothing new. It's possible for someone to replicate download.com and trick someone into downloading a trojan or something. If someone was serious about hacking you (not just script-kiddies) then they most probably could. But why out of the millions of people on the internet would they pick you!
But I'm having trouble installing it over my 10.1.3.1337 installation
Barto
[shamelessly lifted from a slashdot post]
Barto
later