Apple Bungles Security Fix

Apple has finally caught up with its rivals by issued a Mac-based fix for a major flaw in the Internet's workings. However, experts say it may not have fixed the problem.

The patch is for a recently discovered issue with the Domain Name System (DNS). In short, DNS translates website addresses into the numbers which identify the computer where a website is physically stored. When you visit a popular website, Internet providers usually keep a copy of the relevant DNS data to make the site quicker to load for the next visitor.

The problem is that hackers found a way to exploit the way the DNS process works and replace this 'cached' info to reroute visitors to a bogus copy of the page. It's particularly dangerous because it's possible to add malicious code to an otherwise exact copy of a page in a way that leaves users totally unaware.

The exact details are still a secret, but it's been confirmed the main problem is that the DNS process isn't random enough, meaning hackers could breach security simply by setting computers to run through numbers in sequence. Dan Kaminsky, who discovered the flaw, gave a particularly clear explanation of the potential effects: "A bad guy has a 1-in-65,000 chance of stealing your Internet connection, and he can try a couple thousand times a second."

The flaw isn't tied to any particular operating system, and major software producers and security analysts joined together to work secretly on a solution earlier this year before announcing the problem. While other firms issued updates quickly, Apple took more than three weeks to release a solution for Mac-based servers, prompting intense criticism from security experts. (Source: theregister.co.uk)

Now that the 'patch' is out, security firm nCircle has tested the solution and says it isn't an effective answer. It's a very technical issue, but the important point is that with Mac-based servers, a particular number used in the DNS process is still being allocated in sequential rather than random order. This makes it considerably easier for hackers to figure out the necessary details rather than taking a guess.

It's worth remembering this is more of an issue with Internet servers than individual computers. The industry is putting pressure on Apple to fix the problem properly, so in the meantime there's little reason for individual Internet users to panic. (Source: computerworld.com)