Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Don't use Software Update to...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Don't use Software Update to...
Authored by: asxless on Jul 09, '02 10:44:03AM

There is a very simple solution until the patches are released. Don't use Software Update to actually 'update' your system.

FWIW I just use "Software Update" to notify me of available updates and then go get them for Apple's site. Yes, I have to wait a few days for the downloads to be available but except in rare circumstances the update is not necessary to install immediately. I find this delay to be beneficial, in that I don't get stung by the early release install bugs and I have a copy of all the important updates in case I need to do a 'ground zero' OS X install ;)

asxless in iLand



[ Reply to This | # ]
Do not use Software Update to...
Authored by: Paul Burney on Jul 09, '02 11:15:35AM
FWIW I just use "Software Update" to notify me of available updates and then go get them for Apple's site. Yes, I have to wait a few days for the downloads to be available but except in rare circumstances the update is not necessary to install immediately.

Unfortunately, that isn't much more secure (if at all) than using Software Update. This problem hinges on DNS poisoning. If I go to all the trouble to get your machine to think my IP address is apple.com, it wouldn't be much more work to copy the apple.com website and place my tainted binaries in the download section.



[ Reply to This | # ]
DNS Poisoning is not a show stopper
Authored by: asxless on Jul 10, '02 01:38:55AM

DNS Poisoning is a problem but it does not have to be a show stopper since you can avoiding DNS poisoning hacks and verify that the pages and downloads are coming from the correct machine, by bypassing DNS and using the valid IP#s.

For example, the link to the OS X 10.1.5 update is on....
http://www.info.apple.com/support/downloads.html
where:
www.info.apple.com internet address = 17.112.147.32
www.info.apple.com internet address = 17.112.147.33
www.info.apple.com internet address = 17.112.147.34

the download is kicked off from...
download.info.apple.com internet address = 17.112.147.90
download.info.apple.com internet address = 17.112.147.91

and the actual download is from...
a1568.g.akamai.net internet address = 65.65.70.235
a1568.g.akamai.net internet address = 65.65.70.234

What I do is the substitute the real IP#s in the URLs to avoid using DNS servers and verify that the pages/downloads are coming from the correct machine.

asxless in iLand



[ Reply to This | # ]