[26146] in bugtraq
Re: MacOS X SoftwareUpdate Vulnerability
daemon@ATHENA.MIT.EDU (gabriel rosenkoetter)
Fri Jul 12 11:41:59 2002
Date: Fri, 12 Jul 2002 09:14:49 -0400
From: gabriel rosenkoetter <gr@eclipsed.net>
To: bugtraq@securityfocus.com
Message-ID: <20020712131449.GC6952@uriel.eclipsed.net>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="adJ1OR3c6QgCpb/j"
Content-Disposition: inline
In-Reply-To: <1026397888.1594.40.camel@ws47619>
--adJ1OR3c6QgCpb/j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jul 11, 2002 at 09:31:27AM -0500, Corey J. Steele wrote:
> What about modifying the search order of `lookupd` and telling it to use
> /etc/hosts and then using an entry in /etc/hosts to statically identify
> swquery.apple.com? Might be a viable work-around?
Then I arp flood your router and spoof the IP address.
Updates must at least be checksummed and really ought to be
cryptographically signed. Period.
--=20
gabriel rosenkoetter
gr@eclipsed.net
--adJ1OR3c6QgCpb/j
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)
iD8DBQE9LtZJ9ehacAz5CRoRAp4JAKCa8INeH8YhWsyRdfagQv0Lr/tWjQCgkBDC
+H2pGf9BVZv/xDId1nehFmE=
=Uekc
-----END PGP SIGNATURE-----
--adJ1OR3c6QgCpb/j--
