Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Worm Threat Forces Apple To Disable Software?

Zonk posted more than 6 years ago | from the batten-down-the-hatches dept.

Security 201

SkiifGeek writes "After the debacle that surrounded the announcement and non-disclosure of a worm that targets OS X, the vulnerability in mDNSResponder may have forced Apple to remove support for certain mDNSResponder capabilities with the recently released Security Update 2007-007. 'Seeming to closely follow the information disclosed by InfoSec Sellout, Apple's mDNSResponder update addresses a vulnerability that can be exploited by an attacker on the local network to gain a denial of service or arbitrary code execution condition. Apple goes on to identify that the vulnerability that they are addressing exists within the support for UPnP IGD... and that an attacker can exploit the vulnerability through simply sending a crafted network packet across the network. With the crafted network packet triggering a buffer overflow, it passes control of the vulnerable system to the attacker. Rather than patching the vulnerability and retaining the capability, Apple has completely disabled support for UPnP IGD (though there is no information about whether it is only a temporary disablement until vulnerabilities can be addressed).'"

cancel ×

201 comments

*Pulls out a plate 'o crow* (5, Funny)

Anonymous Coward | more than 6 years ago | (#20102701)

Come here Apple fanboys-and-girls. Lunch is served.

Re:*Pulls out a plate 'o crow* (3, Funny)

teknopurge (199509) | more than 6 years ago | (#20103309)

I wonder who wrote the UPnP spec - perhaps they are the ones at fault? (*cough*BILL GATES' University of chair-throwing throwers*cough*)

Re:*Pulls out a plate 'o crow* (3, Informative)

BuhDuh (1102769) | more than 6 years ago | (#20103931)

I wonder who wrote the UPnP spec - perhaps they are the ones at fault? (*cough*BILL GATES' University of chair-throwing throwers*cough*)

I don't think the issue is the spec, it's the asinine cute features that M$ decided to implement. Like UPnP, BHO, etc etc. Maybe we should follow Apple's example, and eliminate all vulnerabilities by disabling the TCP/IP stack?

Re:*Pulls out a plate 'o crow* (2, Funny)

joeytmann (664434) | more than 6 years ago | (#20104051)

GO APPLETALK!

Re:*Pulls out a plate 'o crow* (2, Informative)

teknopurge (199509) | more than 6 years ago | (#20104349)

Looks like Apple just followed Wikipedia [wikipedia.org] :

Problems with UPnP * UPnP uses HTTP over UDP (known as HTTPU and HTTPMU for unicast and multicast), even though this is not standardized and is specified only in an Internet-Draft that expired in 2001. [1] * UPnP does not have a lightweight authentication protocol, while the available security protocols are complex. As a result, many UPnP devices ship with UPnP turned off by default as a security measure.

Re:*Pulls out a plate 'o crow* (3, Informative)

Nullav (1053766) | more than 6 years ago | (#20105129)

You mean like how MS crippled the stack in SP2 by lowering the cap on half-open connections to 10 to slow worm propagation? (I know there are times when a solution isn't always immediately obvious, but I'd rather not have my OS force me to live in a bubble.)

Now If This Was Microsoft... (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#20102743)

No doubt the vitriol and hatefulness of the comments would be increased and the tone of the writeup completely less sober than when it's Apple or Linux.

Moderations tell all (1, Troll)

mattgreen (701203) | more than 6 years ago | (#20104467)

Just because you mark it flamebait doesn't make it less true.

Re:Moderations tell all (1, Interesting)

Anonymous Coward | more than 6 years ago | (#20105231)

Hahah, no kidding man. Easy enough to crack a joke about Windoze or M$ and get +5 funny, but the minute you take a bite of the precious worm-ridden Apple, mods put you to sleep for a year.

Apple failed because for the longest time its software development process was the most closed, convoluted and anti-developer process of all. Even though I'm no fan of Microsoft, it is readily apparent why they are the #1 OS, and I shudder to think what would have happened had the roles been reversed.

Slashdot is full of holier-than-thou, religiously idealistic fanatics and OS X is every bit as crash prone and unreliable as Windows, and I know the argument has probably been made to death but I entertain no doubts that had Apple become a dominant player instead of Windows, there would be a plethora of exploits out for OS X, and since Microsoft focused on something called backward-compatibility because it's what people wanted, numerous old viruses will still work - not so with Apple, which radically changes their OS every few years. There is no inherently superior security in OS X; the plain fact is that pretty much every OS out there that is little more than a curiosity has very few exploits, and for those people who blame Microsoft for vendor lock-in, OS X is the ultimate in vendor lock-in, and Apple historically has done everthing within its power to bury what competition it can actually compete with, such as by withholding specifications from Be Inc and forcing that company, which had a technically superior OS at the time, to target a more open Intel-based platform.

For all the complaints about Microsoft, maybe the people here who mod honest facts down or take jokes way too seriously should pull their head out of their collective ass and realize that in the end we're just talking about an operating system and not a god damned religion.

Re:Moderations tell all (1)

Nullav (1053766) | more than 6 years ago | (#20105481)

Modding someone flamebait is usually a way to say you disagree without taking the time to write a response.
Anyway, I'll have to say the AC hit the nail on the head here. I think it has more to do with the 'Macs don't get viruses.' ads we see every now and then. We've just come to expect this kind of thing from Windows (although there was quite a bit of acrid comments after MS boldly claimed Vista wouldn't even need an AV in the hands of the average newbie). Linux/*BSD get their fair share of worms, but also have legions of nerdy fanboys to fix vulnerabilities, and no one important foolishly calls them impenetrable. Most of us just hate to see software companies get so damn cocky.

News at 11... (5, Insightful)

maztuhblastah (745586) | more than 6 years ago | (#20102747)

Researchers find hole, act like 1337 733ns about it. Company can't be sure that they've fixed hole, so they temporarily disable the reportedly-vulnerable function.

Yawn.

Re:News at 11... (0, Troll)

Frankie70 (803801) | more than 6 years ago | (#20102835)

Researchers find hole, Fanboi's defend Apple. Company can't be sure that they've fixed hole, so they temporarily disable the reportedly-vulnerable function. Fanboi's defend Apple again.

Then Fanboi's go and mod me down to obscurity.

Re:News at 11... (3, Insightful)

Jeremy_Bee (1064620) | more than 6 years ago | (#20103205)

Isn't it interesting that Slashdot threads that have anything to do with the adventures and histrionics of David Maynor instantly become peppered with a large number of idiotic, unsupported comments railing against Apple and "Apple FanBoiz," made by a variety of Slashdot accounts that rarely show up commenting on anything else?

Here is a hint: A pretend army of supporters is still a pretend army.

Isn't it fascinating to watch as shitty comments (like we see above), vacillate back and forth between "+5 Insightful" and "Flamebait" as the pretend army fights the good fight against Apple "FanBoiz" everywhere?

Why can't we just install a filter that gets rid of any post that uses "fanboy" or fanboi" or the like? No one making a serious point or with any kind of intellectual integrity uses it except as a joke.

Re:News at 11... (2, Insightful)

mikeabbott420 (744514) | more than 6 years ago | (#20103513)

The configurable spam filter would be a great idea for slashdot.

I can think of a lot of phrases that would increase the signal to noise ratio (for me) if I could use them to exclude noise.

I believe a site mandated filter would be both useless and undemocratic.

Re:News at 11... (0)

Anonymous Coward | more than 6 years ago | (#20104895)

How dare people have an opinion that reflects negatively upon our precious Apple. We must install filters so that our pristine eyes are never forced to gaze upon such blasphemy. All hail Apple or be smitten down by the gods themselves!

Re:News at 11... (1)

d34thm0nk3y (653414) | more than 6 years ago | (#20105057)

Here is a hint: A pretend army of supporters is still a pretend army.

Isn't it fascinating to watch as shitty comments (like we see above), vacillate back and forth between "+5 Insightful" and "Flamebait" as the pretend army fights the good fight against Apple "FanBoiz" everywhere?


A pretend army that happens to have mod points. Interesting...

Re:News at 11... (0)

Anonymous Coward | more than 6 years ago | (#20105193)

Oh Jeremy, it's not nice calling digg.com comment forum users a pretend army. Just because someone has a mental disability doesn't mean we don't acknowledge their existence.

Re:News at 11... (0)

Anonymous Coward | more than 6 years ago | (#20105453)

Aww, what happened, did the term "Apple Fanboi" hit too close to home for you?
If the shoe fits, wear it.

you apple fanboi!!

Re:News at 11... (1, Insightful)

I'm Don Giovanni (598558) | more than 6 years ago | (#20103261)

But Apple fanboys like to pretend that OSX is "secure by design", and "inherently secure". If so, why does Apple have to remove functionality to fight off a worm? Shouldn't the "security by design" thwart the worm? I speaking facetiously, but Apple fanboys are very smug and need to understand that OSX isn't "inherently secure", that Apple's programmers are not infallible gods.

Re:News at 11... (5, Insightful)

gutter (27465) | more than 6 years ago | (#20104383)

Hello, Artie McStrawman! Sure, there are a few idiots out there that believe that OS X is infallible - there are also some idiots out there that believe the same about windows or linux. However, you aren't likely to find them around here. You'll find plenty of people that believe that OS X is MORE secure than the some of the alternatives, largely because their heavy use of open source and their default configuration that ships with no open ports, but very few that think it is "inherently secure".

The proof is in the number of successful worms and viruses for OS X, which depending on how you define them, hover right around zero. Yes, some of this is likely because of market share, but there's plenty of bragging rights associated with creating the first large-scale OS X compromise, so I wouldn't expect to see none. And of course, even if the relatively low number of security issues is because of market share, it doesn't make it any less pleasant for those of us who use OS X, especially since I'm not expecting it's share to go over 15-20%.

Anyway, if I accept your statement that OS X isn't perfect, will you stop bitching about smug mac users every time there is a discussion marginally related to Apple?

Thanks,
gutter

Re:News at 11... (1, Insightful)

theelectron (973857) | more than 6 years ago | (#20104571)

Apple's programmers are not infallible gods.
I think the flamebait mods you received seem to indicate that your post is conceived by some as blasphemy. For anyone who wonders why there is such animosity towards 'Apple fanboys', there might be an explanation right here.

Re:News at 11... (1)

empaler (130732) | more than 6 years ago | (#20105239)

Apple's programmers are not infallible gods.
I think the flamebait mods you received seem to indicate that your post is conceived by some as blasphemy. For anyone who wonders why there is such animosity towards 'Apple fanboys', there might be an explanation right here.
His statement being true does not alter the fact that his comment is flamebait.

English? (1, Insightful)

iknownuttin (1099999) | more than 6 years ago | (#20103329)

Researchers find hole, act like 1337 733ns about it.

Can't you write it in English? You supposedly wrote something "Insightful" but I can't tell. And when I Google "1336 733ns", I get electronics suppliers. Apparently, that's a part number for something.

Along with tatoos, and piercings, I hope that trendy style of spelling words goes into the annals of stupid fads.

New PC "language" (1)

CustomDesigned (250089) | more than 6 years ago | (#20103683)

Soon you'll be able to take advanced courses on "1337 5p34" to supplement those on "ebonics".

Standard Operating Procedure? (1)

ignipotentis (461249) | more than 6 years ago | (#20102773)

I'm not opposed to temporarily disabling functionality to fix something potentially disastorous. However, I do hope Apple doesn't make it a practice of just turning things off once exploits are found. Turn it off, patch it, then re-enable it is fine by me.

Re:Standard Operating Procedure? (4, Interesting)

Rosyna (80334) | more than 6 years ago | (#20103057)

I'm not opposed to temporarily disabling functionality to fix something potentially disastorous.
There are three options when implementing UPnP:

1. Implement it to Microsoft's spec.
2. Implement it correctly (by choosing a direction in places the spec contradicts itself or real implementations).
3. Implement it securely.

Choose only one.

I do not think it is possible to implement UPnP securely and have it based on the spec. Also, the specific code they removed existed only for legacy NAT traversals and may not even be needed any more.

Re:Standard Operating Procedure? (3, Informative)

frdmfghtr (603968) | more than 6 years ago | (#20104037)

I'm not opposed to temporarily disabling functionality to fix something potentially disastorous.

There are three options when implementing UPnP:

1. Implement it to Microsoft's spec.
2. Implement it correctly (by choosing a direction in places the spec contradicts itself or real implementations).
3. Implement it securely.

Choose only one.

I do not think it is possible to implement UPnP securely and have it based on the spec. Also, the specific code they removed existed only for legacy NAT traversals and may not even be needed any more.
Is this the same UPnP capability that the FBI recommeded disabling [pcworld.com] in any Windows environment due to security issues quite some time ago?

Re:Standard Operating Procedure? (1)

sokoban (142301) | more than 6 years ago | (#20105471)

Yes, it is. mDNSresponder has had numerous security problems in the past, but Apple has more or less just been playing "whack-a-mole" with the vulnerabilities. Hopefully, this will lead to some real fixes in the underlying code. When I heard about the whole infosec sellout thing, first thing I did was to disable mDNSresponder in the terminal. It's pretty trivial to do, and if you have something that NEEDS UPnP to function, you can always manually install the previous version or whatever.

Re:Standard Operating Procedure? (1, Insightful)

Anonymous Coward | more than 6 years ago | (#20104995)

I call bullshit. You are saying it's not possible to implement UPnP without being vulnerable to a buffer overflow that may lead to remote code execution? Because that's one of the (at least) two issues at hand. Nice try on passing the responsibility for this bug to the spec writers (mentioning Microsoft seems to help too), but unless the spec literally says "copy the received network data over your stack frame so it may be executed locally" at least this bug is 100% Apple's fault.

Re:Standard Operating Procedure? (1)

Achromatic1978 (916097) | more than 6 years ago | (#20105489)

A phrase I almost never use: "mod parent insightful" ... apparently, in the eyes of some Apple devotees, stack overflows are a "spec issue".

Um, so ? (4, Insightful)

Space cowboy (13680) | more than 6 years ago | (#20102785)

Apple find a vulnerability (before the worm is announced, according to TFA), and remove that vulnerability in their next security update.

I'm guessing there's a regular scheduled security update process in Apple. If you can't fix it in time for the next patch-release, isn't is *better* to temporarily disable it ? I really doubt it's a permanent removal of the feature - they're just being responsible.

Simon.

Re:Um, so ? (0)

Anonymous Coward | more than 6 years ago | (#20103171)

If you can't fix it in time for the next patch-release, isn't is *better* to temporarily disable it ? I really doubt it's a permanent removal of the feature - they're just being responsible.

Other than fanboism, how do you know it's temporary? It's just as likely that "fixing" it breaks two more things, so they disabled it altogether.

ITS A LIE (3, Funny)

Conor Turton (639827) | more than 6 years ago | (#20102799)

I'm sorry but the article must be a lie. The Apple fanboys assure me that there's no risk of vulnerabilities. Therefore, the article is wrong - it does not exist.

Re:ITS A LIE (3, Funny)

weak* (1137369) | more than 6 years ago | (#20102849)

Mod parent up -- way to think different (tm).

Re:ITS A LIE (0, Troll)

fitten (521191) | more than 6 years ago | (#20103607)

And queue the Mac Zealot Military Unit (MiZiMU) to issue death threats to said (fictional-)worm writer.

Re:ITS A LIE (0)

Anonymous Coward | more than 6 years ago | (#20104799)

So, Steve's reality distortion field is affecting you too, eh?

OT but... (2, Informative)

Anonymous Coward | more than 6 years ago | (#20102811)

I often wonder why the British (and now some Americans) say "Apple go on to identify..." Apple is ONE company. Shouldn't that be the singular "Apple goes on to identify"? If it were both Apple and Microsoft than indeed it would be "Apple and Microsoft go on to identify".

Yes, Apple is made up of many people; but my car is made up of many parts. You don't say "my car need gas" do you?

This perplexes me, can someone explain it? Sorry if it's completely OT (except that this (to me) error is in the blurb).

-mcgrew

(amusingly, the capcha is "contrary". Again sorry for being OT)

Re:OT but... (2, Informative)

Space cowboy (13680) | more than 6 years ago | (#20102903)

Companies are generally considered to be plural entities in "real" English [grin]. I suppose we put a higher value on a collection of humans compared to a collection of metal parts...

If you prefer, consider mentally replacing "Apple" with "the people who work at Apple"...

Simon

Re:OT but... (1)

bommai (889284) | more than 6 years ago | (#20104779)

Actually, if a "Corporation" is a person, with all the rights and responsibilities. If you ever watch the documentary "The Corporation" it will be explained to your in all the gory detail. A corporation can be sued and can sue other people. So, in the letter of the law, a corporation is a person and therefore singular.

Re:OT but... (1)

cHiphead (17854) | more than 6 years ago | (#20104901)

In the US corporations are give status as a legal 'entity' not 'entities', ergo there does exist a tolerable bit of logic to use singular in this case.

Cheers.

   

Re:OT but... (0)

Anonymous Coward | more than 6 years ago | (#20103075)

... the same reason our American brothers insist on incorrectly saying "a savings" when they're getting a discount on something maybe?

Re:OT but... (0)

Anonymous Coward | more than 6 years ago | (#20103363)

I always considered companies as a single entity (composed of numerous types of capital), I mean, that is how they are viewed in terms of the law.

Apple GOES on to identify.

I do not know how the plural form of a single entity started, but it most likely originates from pseudo intellectual English majors knowing little, if anything, about business law.

Re:OT but... (1)

organum (210431) | more than 6 years ago | (#20103385)

It's just one of those curiosities of regional English. It's clearly grammatically incorrect, but usage dicates incorrect grammar is some parts of the world. (In the U.S. it's common to say "real good" in place of "really good," for example.) Nonetheless, it is jarring and distracts from the content of what one is trying to say. What I find odd is the implication that a team cannot be though of as a unit, only as a collective of individuals. But the law views a corporation as a single entity.

Re:OT but... (1)

mr_matticus (928346) | more than 6 years ago | (#20105441)

No, it isn't grammatically incorrect. Plural markers are not always expressed at the articulatory or orthographical levels, and companies are treated as plural entities by the conventions used in the UK and many other Commonwealth English countries. It's got nothing to do with being incorrect, since there is no "correct" grammar and no universal English. You can't apply your local grammar to other locations any more than you can apply your local accent to other speakers. Treating a company like an individual is also a US thing and has evolved independent of other common law legal systems.

It's just as jarring to the English when you say "IBM is."

Re:OT but... (0)

Anonymous Coward | more than 6 years ago | (#20103753)

Yes, and if you were talking about Apple, you would say "they." As in, "they release cool products." You wouldn't say "it releases cool products."

"It" goes. "They" go.

Apple are a "they" and "go on" is thus the correct thing to say.

Re:OT but... (1)

Denis Lemire (27713) | more than 6 years ago | (#20104517)

Just a heads up. As a Canadian I've also been perplexed by the exact same thing. I've seen this most often at this site and actually attempted to look up the distinction at some point to see if I was the only one who thought it was odd.

Didn't manage to actually narrow down if it was an American thing... Glad to have that cleared up... :)

*yawn* (1)

Estanislao Martnez (203477) | more than 6 years ago | (#20105069)

Collective nouns in English trigger agreement either in singular in plural, and the rate at which they trigger the latter is greater in the UK than in the USA, though it still happens in the USA. The choice of agreement actually corresponds to a very subtle semantic distinction: the collective noun can be interpreted as a reference to a single entity (the group), or as a reference to the aggregate of its members. This semantic distinction hardly ever matters, but there are examples where it does: you can say The committee were pleased, because the members of the committee were pleased, but you can't say The committee were formed, because what was formed was the committee itself, not its members.

Same thing happens with constructions like a group of people or a dozen of books, to different degrees.

Apple ... Worm (5, Funny)

zariok (470553) | more than 6 years ago | (#20102815)

So an "apple" is threatened by a "worm"... you don't say.

Re:Apple ... Worm (0)

Anonymous Coward | more than 6 years ago | (#20103031)

Uh-oh. I've got half a worm in my Mac.

Re:Apple ... Worm (1)

IgLou (732042) | more than 6 years ago | (#20103623)

I really thought this story was going to be about bioengineering and not computing. I think one aspect of my reality blurred somewhere.

Re:Apple ... Worm (0)

Anonymous Coward | more than 6 years ago | (#20104111)

Yeah, would you Adam-and-Eve it ?

Hmmm... (2, Interesting)

catdevnull (531283) | more than 6 years ago | (#20102831)

Isn't mDNSResponder and Open Source package ported for OS X?

  http://developer.apple.com/opensource/internet/bon jour.html [apple.com]

Is Apple the developer of mDNSResponder or are they just using it?

Re:Hmmm... (0)

Anonymous Coward | more than 6 years ago | (#20103019)

You fool, bonjour, formorly known as rendezvous was created by Apple as an implementation of the Zeroconf spec. It's their project, and they opened it to the OS world in the hopes that it would catch on. So far it hasn't spread like wildfire, but we can all hope that one day people will start more heavily investing in the idea that devices can be smart enough to announce themselves to a network.

Re:Hmmm... (4, Informative)

shawnce (146129) | more than 6 years ago | (#20103021)

An Apple employee (Stuart Cheshire [stuartcheshire.org] ) is one of the authors of the RFC(s) related to mDNS [multicastdns.org] , etc.

mDNSResponder originated from Apple.

Re:Hmmm... (1)

shawnce (146129) | more than 6 years ago | (#20103539)

I should note that UPnP was in many ways a parallel effort by Microsoft and others.

Re:Hmmm... (1)

TheRaven64 (641858) | more than 6 years ago | (#20103595)

The ZeroConf standards began life when Apple started switching from AppleTalk to IP for networking. There were a few things that IP couldn't do that AppleTalk could, so they started working on a way of implementing them on top of IP. These were submitted to the IETF, and approved. They implemented them in mDNSResponder and branded them 'Rendezvous.' One trademark lawsuit later, they re-branded them as 'Bonjour.' They also released the mDNSResponder code under a permissive license, to encourage the adoption of ZeroConf.

how 'bout deez apples? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20102833)

Get her to add you as a friend.....you get to see milfy bewbs!!!!

http://profile.myspace.com/index.cfm?fuseaction=us er.viewprofile&friendID=108370887 [myspace.com]

It worked for me, Donny Most!@!!!~`~!

Re:how 'bout deez apples? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20103091)

Get her to add you as a friend

Why don't *you* become her friend and enjoy the "milfy bewbs" (whatever those are...) and leave the rest of us in peace!

Worms in my apple? (0)

Anonymous Coward | more than 6 years ago | (#20102851)

Years of reading Slashot has pre programmed me to think Macs can only be infected with viruses. And I'm not talking about GRID computing.

Sensationalism by Zonk (5, Insightful)

Night Goat (18437) | more than 6 years ago | (#20102857)

Hey Zonk, how about using more reputable sources than one guy's blog for your links? I know they were picked by the submitter, but linking only to a blog and then putting a question mark after the headline is sketchy. I can't put much faith in the article if I can't be sure that it's not just a blogger talking out of his ass.

Corroboration ... (1)

Marbleless (640965) | more than 6 years ago | (#20103255)

... on a slashdot article?

You must be new here ;)

Shouldn't this be optional? (1)

G4from128k (686170) | more than 6 years ago | (#20102901)

Although I can understand the "secure-by-default" ethos, it would seem to me that some people could leave the vulnerable service active because they only use their computer in firewalled physical LAN environment. Does this update come with a new preference panel entry to reenable this mDNS service?

TV add (1, Funny)

ax_1225 (955097) | more than 6 years ago | (#20102933)

Does this mean that the MAC guy from the TV add will get fired?

Re:TV add (1)

joeytmann (664434) | more than 6 years ago | (#20103965)

No, he will just show up with a band-aid on his forehead.

Re:TV add (3, Funny)

Farmer Tim (530755) | more than 6 years ago | (#20104731)

"Hi, I'm a Mac"

"And I'm a PC. Hey Mac, I heard you don't get viruses. Congratulations."

*PC Shakes Mac's hand*

"That's right, PC. But I do have worms."

*PC starts wiping hand furiously*

Re:TV add (0)

Anonymous Coward | more than 6 years ago | (#20104679)

Only if the Mac guy has a MAC address, or uses Mandatory Access Controls as part of his security policy. Do you refer to the other gentleman in the commercial as the WIN guy ?

At least they disabled it! (3, Interesting)

Opportunist (166417) | more than 6 years ago | (#20102945)

I mean, it was a given that, given increasing market share, Apple becomes interesting for malware. No system is 100% secure.

But at least they decided that it's better to disable the feature and minimize the damage to the net as a whole (and yes, even if you don't have an Apple, a worm damages you by clogging your tubes with packets trying to spread itself). MS decided that it's better to keep the insecure service up and running 'til it can be addressed.

Question for 100: Still getting sober/blaster packets? I do.

Re:At least they disabled it! (2, Insightful)

GWLlosa (800011) | more than 6 years ago | (#20103341)

The reason Apple disables features where Microsoft doesn't has more to do with their target audience than any kind of company 'ethos'. If MS advises people that vulnerabilities exist with and , and proceeds to disable them, actual businesses that rely on features and will be very upset and potentially out a pile of money. Instead, MS advises of the vulnerability, so that these businesses can instead rely on their IT guy hardening the system against the vulnerability (seal the appropriate port on the firewall, disable the services on the machines that don't need it, isolating the machines that do use it from outside attack, etc.) whereas the odds of anybody's business being affected by the loss of are minimal, and they need to assume that their device is not administered by a technical person in any way. I mean, imagine the fallout if there was a bug that allowed malformed MS word documents being loaded by Office 2007 to result in security issues, and Microsoft responded by disabling the load feature.

Re:At least they disabled it! (1)

Opportunist (166417) | more than 6 years ago | (#20103669)

Would be news to me that MS cares whether a company using its product suffers productivity loss.

My guess is that it was simply more convenient to do NOTHING. And this security hole (and disabling it) is far from a product-crippling effect that you describe. More accurately, it would be a bug in Office's Thesaurus and disabling it. Yes, it would inconvenience some people, but it's far from crippling the product into uselessness.

Re:At least they disabled it! (2, Informative)

Chang (2714) | more than 6 years ago | (#20103913)

Microsoft has done this with their products before.

Outlook was plagued by viruses and Microsoft responded by releasing a patch that simply refused to allow the user to open certain types of attachments. There was no override in the original version of the patch.

http://www.slipstick.com/outlook/esecup.htm [slipstick.com]

When Exchange 5.5 was targeted by reverse-NDR spam attacks Microsoft shipped a patch that allowed the user to simply turn off non-delivery reports. Unfortunately the patch didn't work as described on many systems. A more correct fix would have allowed the administrator to simply suppress delivering the complete text of the failed message which makes the system much less likely to be used for reverse-NDR spam.

http://support.microsoft.com/default.aspx?scid=kb; en-us;837794 [microsoft.com]

When the Windows messenger service was targeted by messenger spam. Microsoft elected to simply turn it off. Kudos to Microsoft - this was the correct choice on this one.

http://www.theregister.com/2003/10/29/microsoft_sh oots_the_windows_messenger/ [theregister.com]

Re:At least they disabled it! (1)

GWLlosa (800011) | more than 6 years ago | (#20104107)

Each of the links you supplied seems to indicate that the user was able to 're-enable' said features in a relatively straightforward way (although the initial outlook patch was missing this, it was added). Is this the case for the Apple feature in question? I have no idea.

Microsoft has done pretty much that... (1)

argent (18001) | more than 6 years ago | (#20104945)

"I mean, imagine the fallout if there was a bug that allowed malformed MS word documents being loaded by Office 2007 to result in security issues, and Microsoft responded by disabling the load feature."

Apple didn't disable Bonjour, they disabled one of the components of Bonjour. That's not like disabling loading, it's like refusing to load certain files.

There was a bug that allowed autoexec macros in MS Word documents being loaded by Office 97 to result in security issues, so Microsoft responded by making it impossible for a user to simply deactivate autoexec and forcing them to make the choice of completely disabling macros (to the point where it was impossible to even inspect the macros to see if they were safe), or leaving them all open.

This resulted in an increase in the incidence of infections.

Somehow Microsoft manages to avoid the kind of bad press that this kind of user abuse deserves.

Next... Open Safe Files? (1)

argent (18001) | more than 6 years ago | (#20104843)

Now will Apple disable "Open Safe Files after Downloading" in Safari, or at the very least stop treating SOFTWARE INSTALLERS, ZIP ARCHIVES, and DISK IMAGES as "Safe" files? OK, this isn't a Mack Truck sized hole like ActiveX (you can only drive *small* trucks through it) but it's still vastly dumb.

Apple did the right thing (5, Insightful)

mcrbids (148650) | more than 6 years ago | (#20102969)

Yes, I understand that there are certainly dissenting opinions here. But (IMHO) the thing that most Slash-bots complain about is that Microsoft will

A) Pick a feature that's dumb. (like embed a scripting language into an image format, or give a spreadsheet scripting language access to the filesystem)

B) Choose to preserve the dumb feature in spite of known security problems.

C) Treat the resulting backlash as a "PR issue" rather than a technical one.

D) Sometimes, if the backlash gets bad enough, they'll hack in security restrictions in response to specific known implementations that take advantage of the vulnerability rather than fix the vulnerability. EG: fixes that look for a XXX worm trace, rather than fix the thing that XXX worm exploits. (See anti-virus [wikipedia.org] )

Apple is doing the right thing, here, folks! It may or may not be that the feature mentioned is analogous to (A) above. Either way, Apple is chosing security over features, even though features are important.

Re:Apple did the right thing (1)

hedrick (701605) | more than 6 years ago | (#20103041)

Can anyone say what the feature is that's being disabled? So far I've only seen acronyms.

Re:Apple did the right thing (1)

sessamoid (165542) | more than 6 years ago | (#20103423)

This guy [slashdot.org] seems to think it's not all that important.

Re:Apple did the right thing (2, Interesting)

Ash-Fox (726320) | more than 6 years ago | (#20103249)

Apple is doing the right thing, here, folks!
Yes, because disabling support for the standard Internet Gateway Device support which software uses to seamlessly setup port forwarding on NAT systems etc. and having the user do it manually is good.

Many, many programs use IGD, from Instant Messengers to games.

Sorry, I cannot agree that it is the right thing.

Re:Apple did the right thing (1)

UnknowingFool (672806) | more than 6 years ago | (#20103615)

I'm tech savvy to understand everything being discussed but what is the potential impact of Apple's actions? From what I understand they are disabling (temporarily) their support for UPnP. This may affect routers and gateways. Are they disabling a function that is important or something that is barely used or somewhere in between? I've disabled UPnP on my router and Windows PC so would this even affect me?

Re:Apple did the right thing (0, Flamebait)

pla (258480) | more than 6 years ago | (#20103633)

Apple is doing the right thing, here, folks!

The worm in question exploits a buffer overflow.

It almost certainly took them more effort to disable the feature than it would have to fix the broken code.

Additionally, regardless of the ease of fixing vs disabling, they should have given users the choice of disabling it or not. If I actually used uPNP (which I don't), I'd feel pretty pissed off that Apple had taken it upon themselves to break a perfectly functional feature on a machine on my nice safe LAN (Not that I keep my LAN-side machines defenseless, but I don't worry about peeling wallpaper when the barberians have already breached the outer walls).

And worse still, Mac users for the most part prefer to remain willfully ignorant of even the most basic of details on how their machines work (and don't call that a troll, ASK one! They brag about how little they know compared to what it takes to keep a Windows machine happy). So they won't have the first idea of what to do when iChat suddenly breaks for no apparent reason.

Have you been paying attention? (1)

argent (18001) | more than 6 years ago | (#20105331)

"It almost certainly took them more effort to disable the feature than it would have to fix the broken code."

Leaving out a module? It's questionable whether they should be trying to hack some kind of limited uPnP compatibility into Zeroconf in the first place, especially if (as alleged) they're using it for "legacy NAT traversal"... this just screams "bad idea" to me.

They brag about how little they know compared to what it takes to keep a Windows machine happy

They brag about how little they NEED TO KNOW compared to what Windows users NEED TO KNOW.

The problem is that most Windows users are no better informed. They brag about how people who really do keep track of that stuff are "dumber" than the "dumb" users they want to be. They don't think they should have as much training as you need for a driver's license... even though they're operating a machine thousands of times more complex. This willful ignorance is not limited to Mac users by any means, and the gap between what Windows users DO know and what they NEED to know is vastly greater.

So they won't have the first idea of what to do when iChat suddenly breaks for no apparent reason.

You didn't read the advisory, did you?

The obvious solution (0, Offtopic)

rmdir -r * (716956) | more than 6 years ago | (#20103003)

Switch to Avahi!

3...2...1.... (0, Troll)

skinfitz (564041) | more than 6 years ago | (#20103039)

...EXCUSE CITY!

"additional validation" or "disabled support" (4, Interesting)

czmax (939486) | more than 6 years ago | (#20103071)

If you follow the link to the apple security update page there are actually two vulnerabilities associated with UPnP IGD. For one of them apple indicates that "this update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat". For mDNSResponder apple indicates "this update addresses the issue by removing UPnP IGD support.

Clearly something is unclear since iChat is obviously still using UPnP IGD, likely as a client?

But why is the mDNSResponder using UPnP IGP anyway? mDNS is for service discovery etc and is basically a competitor to UPnP (I thought). Perhaps there is a way for mDNSResponder to leverage UPnP IGP to broadcast service messages (e.g. bonjour) across a local NAT? If so I've never seen nor heard of this working -- so perhaps what they're disabling is vulnerable code that wasn't doing anything anyway?

Re:"additional validation" or "disabled support" (1)

jackjeff (955699) | more than 6 years ago | (#20104079)

Acutally I was also wondering what this feature was used for? Anyone knows?

My guess is that since Apple decided to unilaterally disable the feature (without giving any option to activate it for the mighty or protected folks) it is because it was probably never used.

Is the Adobe Bloat Suite on windows vulnerable? (0)

Anonymous Coward | more than 6 years ago | (#20103193)

Installing the latest dreamweaver puts that mDNSResponder and bonjour service on my PC (along with hundreds and hundreds of megs of other useless shit).

I wonder if the PC version is also vulnerable?

Re:Is the Adobe Bloat Suite on windows vulnerable? (1)

Rui del-Negro (531098) | more than 6 years ago | (#20103917)

It's not just Dreamweaver; Photoshop CS3 does the same. Not only that, but it installs the service with the name "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##", so it's not exactly easy to spot.

Here is a page with instructions about how to remove it (read the full thread; the first post has an error):

http://www.x64bit.net/site/board/index.php?showtop ic=4214 [x64bit.net]

Who wants to bet... (3, Interesting)

subl33t (739983) | more than 6 years ago | (#20103553)

... that the iPhone will be the vector that finally gets Macs infected with a virus/worm that will replicate in the wild?

I bet there's a secret cabal at Microsoft that is working on this very thing.

Does anyone use mDNS? (0, Flamebait)

flyingfsck (986395) | more than 6 years ago | (#20103677)

This stupid mDNS thing is always enabled on every system I install and I always have to disable it. Does anyone actually use this Microsoft crap?

Re:Does anyone use mDNS? (1)

dave420 (699308) | more than 6 years ago | (#20103929)

It's Apple's software, not Microsoft's. Try again.

Re:Does anyone use mDNS? (1)

prockcore (543967) | more than 6 years ago | (#20104119)

It's actually Apple crap.

Worm author quoted as saying... (0, Troll)

jjacksonRIAB (1050352) | more than 6 years ago | (#20103777)

... His exploit "just works". Apple fanbois everywhere implode in a self-collapsing vortex of cognitive dissonance.

Re:Worm author quoted as saying... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20104099)

Whoever modded this troll doesn't know what a troll is. It's a joke people. Relax.

Re:Worm author quoted as saying... (1)

PenGun (794213) | more than 6 years ago | (#20104847)

Watch I'll show you how it works. The apple fanboi moderator club is pretty big and like all monomaniacs are poised to protect their little gem from any tarnish.

Re:Worm author quoted as saying... (0)

Anonymous Coward | more than 6 years ago | (#20105089)

Even if your post gets modded down...it is very true.

What's worse... (1)

glaserud (66891) | more than 6 years ago | (#20103939)

A worm in your Apple, or half a worm?

Lets all Welcome Apple (1)

warrior_s (881715) | more than 6 years ago | (#20104631)

to a world where the more famous you become(as in increased user base) the more will be your enemies. Microsoft is fighting this battle for a long long time.
Apple will realize this in very soon.

Re:Lets all Welcome Apple (1)

CtrlShiftEsc (1129785) | more than 6 years ago | (#20105515)

I would agree somewhat. However, Apple puts it products up on a pedestal and says to the world, "we're better, we're smarter, we cost a lot more and we look good doing it". So that is why even when the smallest problem occurs, it becomes a big thing. In this instance, it matters not where the technology came from originally or what it is supposed to do or even how many people use it. It only matters that it's broken and worse, Apple's response in its regular security update is to disable it. That is why "lunch is served" (to quote the first reply to this story).

Now that Apple has disabled uPnP compatibility.... (2, Interesting)

argent (18001) | more than 6 years ago | (#20104747)

Now that Apple has disabled uPnP compatibility will the original anonymous extortionist reveal the hole that he claims he didn't want to reveal lest Apple come up with some excuse for not disabling whatever his hole was, or will we hear more FUD from him?

Big Loss! (3, Informative)

reed (19777) | more than 6 years ago | (#20105153)

UPnP kind of sucks anyway. Maybe this will get people to move to MDNS-SD, which is simple, straightforward, has several implementations (both open source and not).

Can it be turned back on? (1)

Kashra (1109287) | more than 6 years ago | (#20105405)

Is there any way (aside from not patching) that someone can avoid having the functionality turned off? Its one thing to disable it and leave an option to turn it back on, if you understand the security risk involved. Its another to simply turn it off, unilaterally.

Granted, most Apple users won't understand the security risk involved and shouldn't turn it back on until the mothership fixes the problem. But then again, most Apple users are too busy sticking fingers in their ears and yelling "la-la-la" to notice a worm even exists.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...