What about modifying the search order of `lookupd` and telling it to use /etc/hosts and then using an entry in /etc/hosts to statically identify swquery.apple.com? Might be a viable work-around? -C On Mon, 2002-07-08 at 09:42, Julian Suschlik wrote: > Hi, > > Am Sonntag den, 7. Juli 2002, um 06:21, schrieb Russell Harding: > > > ---------------------------------------------------------------------------- > > MacOS X SoftwareUpdate Vulnerability. > > ---------------------------------------------------------------------------- > > > > Date: July 6, 2002 > > Version: MacOS 10.1.X and possibly 10.0.X > > Problem: MacOS X SoftwareUpdate connects to the SoftwareUpdate Server via > > HTTP with no authentication, leaving it vulnerable to attack. > [...] > > Solution/Patch/Workaround: > [...] > > A possible workaround: > > System Preferences -> Software Update -> Update Software: [x] Manually > Donīt touch the "Update Now"-Button! > > Look for updates on http://www.info.apple.com/support/downloads.html > Use trusted networks or http-to-mail gateway to get the files. > > HTH, > > Julian > -- Corey J. Steele, Information Security Analyst The Evangelical Lutheran Good Samaritan Society csteele@good-sam.com | http://www.good-sam.com
