Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Submission + - Apple automatically patches Macs to fix severe NTP security flaw (arstechnica.com) 1

Submitted by mpicpp
mpicpp writes: It's the first time OS X's auto-patcher has been used.

Most OS X security updates are issued alongside other fixes via the Software Update mechanism, and these require some kind of user interaction to install—you've either got to approve them manually or tell your Mac to install them automatically. Apple does have the ability to quietly and automatically patch systems if it needs to, however, and it has exercised that ability for the first time to patch a critical flaw in the Network Time Protocol (NTP) used to keep the system clock in sync.

This security hole became public knowledge late last week. When exploited, the NTP flaw can cause buffer overflows that allow remote attackers to execute code on your system. If you allow your system to "install system data files and security updates" automatically (checked by default), you've probably already gotten the update and seen the notification above. If not, Mountain Lion, Mavericks, and Yosemite users should use Software Update to download and install the update as soon as possible. The flaw may exist in Lion, Snow Leopard, and older OS X versions, but they're old enough that Apple isn't providing security updates for them anymore.

While this was the first time this particular auto-update function has been used, Apple also automatically updates a small database of malware definitions on all Macs that keeps users from installing known-bad software. That feature, dubbed "XProtect," was introduced in Snow Leopard in response to the Mac Defender malware and has since expanded to include several dozen items

Comment Re:Another paleo-wanker... (Score 0) 441

by hawkinspeter (#48654555) Attached to: How Venture Capitalist Peter Thiel Plans To Live 120 Years
I don't know why you're so bothered about it. If you don't like, you don't have to follow it (I don't). Look at it this way, the "paleo" people are testing if the paleo diet works and after several years we should get some free statistics on whether it makes any difference to health.

But yes, you're right about eating a balanced diet. That's the easiest, healthiest diet we know of for now (or maybe eat Japanese food; they seem to live a long time).

Comment Re:is it just... (Score 3, Insightful) 41

by hawkinspeter (#48654105) Attached to: Pirate Bay Domain Back Online
Not quite. Maybe some people think that we should feel bad for going there, but not me (I think human culture is based on sharing whether allowed or not).

off-topic rant, but why are submissions about the NTP flaw disappearing? I heard about the latest CERT advisory for NTP and saw that there was a slashdot submission about it, but it later disappeared. I submitted a story earlier today (bored at work), and it's now disappeared from the "submissions" list. Here's the link if you're curious: http://slashdot.org/submission...

Submission + - Serious flaws in NTP (the application, not the protocol) need to be patched 3

Submitted by hawkinspeter
hawkinspeter writes: A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things.

Submission + - Buffer overflows found in NTP reference implementation (ntp.org)

Submitted by Anonymous Coward
An anonymous reader writes: Google researchers Neel Mehta and Stephen Roettger have discovered 3 buffer overflow vulnerabilities in the server part of the NTP reference implementation, enabling attackers to use carefully crafted packets to execute arbitrary code with privileges of the ntpd process. Users should update their installations to version 4.2.8.

Comment Re:I believe in Darwin (Score 1) 175

by hawkinspeter (#48615625) Attached to: Researchers Accidentally Discover How To Turn Off Skin Aging Gene
It's quite likely that it would have some consequences (our bodies are very complicated systems), but it wouldn't have been subject to selective pressure if it only has a major affect after child-bearing age. There's no advantage (in terms of gene replication) in a 60 year old having perfect skin if they're not going to be having any more offspring.

Comment Re:Mixed Feelings (Score 1) 190

If Sony were at all concerned about the safety of their employees' private data then they would have taken steps to protect it BEFORE they were hacked. Sony have an abysmal history of computer security and this latest travesty is them trying to close the stable door after the horse has bolted in an attempt to stop their chickens coming home to roost.

Slashdot Top Deals

Money is the root of all evil, and man needs roots.

Close