Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mac, BSD prone to decade old attacks

Anonymous Coward writes | more than 6 years ago

Security 7

BSDer (666) writes "An Israeli security researcher published a paper few hours ago, detailing attacks against Mac, OpenBSD and other BSD-style operating systems. The attacks, says Amit Klein from Trusteer enable DNS cache poisoning, IP level traffic analysis, host detection, O/S fingerprinting and in some cases even TCP blind data injection. The irony is that OpenBSD boasted their protection mechanism against those exact attacks when a similar attack against the BIND DNS server was disclosed by the same researcher mid 2007. It seems now that OpenBSD may need to revisit their code and their statements. According to the researcher, another affected party, Apple, refused to commit to any fix timelines. It would be interesting to see their reaction now that this paper is public."


nice (1)

ThisNukes4u (752508) | more than 6 years ago | (#22328096)

This is nice research and a well-written summary, why is slashdot not picking this up...

Re:nice (1)

AHuxley (892839) | more than 6 years ago | (#22330098)

Nobody wants to help the admin in the Usama cave.
He only has to look after dialysis and the Macs.
With every click of Software Update his security through obscurity gets stronger.

Re:nice (1)

phantomcircuit (938963) | more than 6 years ago | (#22330626)

Maybe because OpenBSD is saying that the exploit is not viable in a real environment?

Re:nice (2, Insightful)

ThisNukes4u (752508) | more than 6 years ago | (#22330798)

1. Since when has that ever stopped slashdot from posting a story.
2. ALWAYS take whatever a vendor has to say about the security of their product with a grain of salt(in the case of openbsd, which stakes its reputation almost 100% on its security, maybe two grains).

Re:nice (1)

phantomcircuit (938963) | more than 6 years ago | (#22334328)

Or maybe you could realize that they really have nothing to gain from bullshitting about the security of OpenBSD.

Let's be real these guys aren't getting rich off of OpenBSD, and they certainly know a lot about security.

Re:nice (1)

ThisNukes4u (752508) | more than 6 years ago | (#22336006)

Certainly they're not getting rich, but you have to ask yourself why all the other affected OSes have fixed the problem, or in the case of OS X, planning a fix. Meanwhile, OpenBSD stubbornly refuses to acknowledge the bug, even though they obviously are aware of the theoretical attack given their responses in the past and the fact that they were the first to implement countermeasures for this sort of attack in 1997. This is not a rip on OpenBSD, its a great project that I have used in the past, but I think they're wrong on this one.

Unfortunate (1)

Shardz (1086775) | more than 6 years ago | (#22344404)

Too bad. I wish they [OpenBSD] would focus less on holding their reputation, and more on fixing the problem.

I guess we'll have to break into their main web server and change something, then they'll listen.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account