Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Comment Also affects Linux - patch now! (Score 5, Informative) 115

by hawkinspeter (#48660423) Attached to: Apple Pushes First Automated OS X Security Update
This is a major bug in NTPd, so if you're using it on Linux, you'll want to patch it too (or switch to openNTP which isn't affected). The big problem is that it can be exploited with a single (specially crafted) UDP packet, so it's easy for malicious actors to probe lots of machines with very little overhead.

Comment Also affects Linux - patch now! (Score 1) 1

by hawkinspeter (#48660345) Attached to: Apple automatically patches Macs to fix severe NTP security flaw
This is a major bug in NTPd, so if you're using it on Linux, you'll want to patch it too (or switch to openNTP which isn't affected). The big problem is that it can be exploited with a single (specially crafted) UDP packet, so it's easy for malicious actors to probe lots of machines with very little overhead.

Submission + - Apple automatically patches Macs to fix severe NTP security flaw (arstechnica.com) 1

Submitted by mpicpp
mpicpp writes: It's the first time OS X's auto-patcher has been used.

Most OS X security updates are issued alongside other fixes via the Software Update mechanism, and these require some kind of user interaction to install—you've either got to approve them manually or tell your Mac to install them automatically. Apple does have the ability to quietly and automatically patch systems if it needs to, however, and it has exercised that ability for the first time to patch a critical flaw in the Network Time Protocol (NTP) used to keep the system clock in sync.

This security hole became public knowledge late last week. When exploited, the NTP flaw can cause buffer overflows that allow remote attackers to execute code on your system. If you allow your system to "install system data files and security updates" automatically (checked by default), you've probably already gotten the update and seen the notification above. If not, Mountain Lion, Mavericks, and Yosemite users should use Software Update to download and install the update as soon as possible. The flaw may exist in Lion, Snow Leopard, and older OS X versions, but they're old enough that Apple isn't providing security updates for them anymore.

While this was the first time this particular auto-update function has been used, Apple also automatically updates a small database of malware definitions on all Macs that keeps users from installing known-bad software. That feature, dubbed "XProtect," was introduced in Snow Leopard in response to the Mac Defender malware and has since expanded to include several dozen items

Comment Re:Another paleo-wanker... (Score 0) 441

by hawkinspeter (#48654555) Attached to: How Venture Capitalist Peter Thiel Plans To Live 120 Years
I don't know why you're so bothered about it. If you don't like, you don't have to follow it (I don't). Look at it this way, the "paleo" people are testing if the paleo diet works and after several years we should get some free statistics on whether it makes any difference to health.

But yes, you're right about eating a balanced diet. That's the easiest, healthiest diet we know of for now (or maybe eat Japanese food; they seem to live a long time).

Comment Re:is it just... (Score 3, Insightful) 41

by hawkinspeter (#48654105) Attached to: Pirate Bay Domain Back Online
Not quite. Maybe some people think that we should feel bad for going there, but not me (I think human culture is based on sharing whether allowed or not).

off-topic rant, but why are submissions about the NTP flaw disappearing? I heard about the latest CERT advisory for NTP and saw that there was a slashdot submission about it, but it later disappeared. I submitted a story earlier today (bored at work), and it's now disappeared from the "submissions" list. Here's the link if you're curious: http://slashdot.org/submission...

Submission + - Serious flaws in NTP (the application, not the protocol) need to be patched 3

Submitted by hawkinspeter
hawkinspeter writes: A new set of vulnerabilities with the most common NTP daemon have been discovered by Google security researchers. There exist public exploits that target these flaws, so it's recommended to patch to version 4.2.8 (or switch to openntp which doesn't have the same issues) immediately. This is especially problematic for those systems that run ntpd with root privileges as a single carefully crafted packet can allow access at the privilege level of the process. This was reported by ZDNet a few days ago and I have yet to see the Ubuntu patches for this, but it looks like Red Hat are on top of things.

Slashdot Top Deals

"It's the best thing since professional golfers on 'ludes." -- Rick Obidiah

Close