7 Comments

1. OS X Leopard has code-signing features. Trust Apple to have a security feature but not use it, assuming this is a Leopard exploit and not just Tiger and earlier. Of course, one’s susceptibility is much reduced if one uses OpenDNS – the man in the middle attack usually relies on cache poisoning. Speaking of which, APPLE? PATCH BIND ON OS X! (Assuming anyone uses OS X as a DNS server… 🙂 )

2. As the article says, DNS cache poisoning is only the latest way to set up the man-in-the-middle attack. I know of at least a couple others, and I just watch this stuff out of curiosity — you can bet that anyone actually doing something with it knows a lot more.

3. Yeah, I also note Open Office is in the list – so try to apply updates only from the website I guess, and hope it too hasn’t been forged.

4. What is really bad about this is that I’d been trying to encourage a friend who’s system keeps getting infected to pay attention to update messages and not worry if they are going to “mess up his computer”, now I have to worry about this and am not sure if I feel confident in telling him that the benefits outweigh the risks. (Forget about getting him to update manually – like most computer users he prefers to take the path of least resistance, a bad course to take if you use Windows.)

5. If he’s running Windows, he’s probably safe — as mentioned above, Microsoft is almost certain to be using code-signing already.

6. Not for plug-ins and other updates. I wasn’t thinking of Windows Update.

7. Ah. Yes, other programs are still vulnerable, until their authors provide secure (signed) updates.

Comments are closed.