On Feb 9, 2006, at 3:19 PM, Pablo Roufogalis L. wrote:
http://www.securityfocus.com/news/11375
At the recent ShmooCon hacking conference, one security researcher
found out the hard way that such venues can be hostile, when an
unknown hacker took control of the researcher's computer, disabling
the firewall and starting up a file server.
" This is almost certainly the year of the OS X exploit. The OS X
platform may be based on a Unix platform, but Apple seems to be
making mistakes that Unix made, and corrected, long ago. " Jay
Beale, senior security consultant, Intelguardians
This makes little sense. The Unix problems that were corrected long
ago were also corrected in OS X, since the UNIX part is pretty much
stock.
The rest of the OS on top of the Unix is largely confined to the
console, and notice most of those security issues are local privilege
raising and suchlike exploits...if the bad guy has access to your
computer all bets are off.
Remote exploits are far rarer, and have largely been in third party
code (such as SSH) included in OS X.
While such compromises have become common in the Windows world,
this time the computer was a Apple PowerBook running the latest
version of Mac OS X. The victim, a security researcher who asked to
remain anonymous, had locked down the system prior to the
conference and believes that a previously unknown exploit caused
the compromise. However, in the following weeks, forensics
performed on the system did not reveal any clues as to how the
PowerBook had been compromised.
In the absence of any actual evidence, this has to remain in the
'undecided' pile.
On the one hand, if anyone was going to hack an OS X box, it would
have been someone at a conference like this.
On the other hand, the author is excoriating Apple (in the article,
not this summary) for Apple allowing this 'previously unknown
exploit' to exist..hell if no one knew about it how are they going to
fix it?
On the gripping hand, this is an awfully mild 'exploit' for a venue
like this. If they hack you someplace like this or DefCon, you tend
to know it. At DefCon your username/password goes up on the big board
in the main hall.
Moreover, if it was as *unsubtle* a hack as alleged, there *should*
have been traces, particularly if as alleged, this was a system owned
by a security professional who had 'hardened' his system prior to
attending. Heck, MD5 checksums of system files, stored on a CD back
at home would have let him determine, likely, what files had changed,
and if these were uberhackers with MD5 checksum defeating hacks,
cloning the drive beforehand and doing a bitwise comparison of the
drives post would have been a good way of checking.
Paranoid, heck yes, but if you were going to a convention where you
knew people were actively trying to compromise your system, I'd take
extra precautions. If he got caught with an easy password, and the
bad guy simply logged onto his system as him and poked around, then
this is no 'expert' and this is no 'hack'.
And finally, as always, consider the biases of the writers:
""This is almost certainly the year of the OS X exploit," said Jay
Beale, a senior security consultant for Intelguardians and an expert
in hardening Linux and Mac OS X systems."
Well he'd certainly drum up more business if this were widely
believed, wouldn't he?
He also says this, in the comments:
"The other component of increased risk from moving OS X to Intel x86
is that so many people have spare x86 machines that they can do
security research with. Between the stronger utility of an x86 Apple
and the well-documented ability of people to get OS X running on non-
Apple hardware, there are going to be a lot more exploit writers who
have access to the platform."
There is NO "Well-documented ability of people to get OS X running on
Non-Apple Hardware" and getting a PPC machine to use with OS X is
trivially cheap. This is not the barrier to 'security research' on OS X.
A lot of folks got an early version of the development OS running on
non-Apple hardware, but I can't find anything about shipping versions
of OS X 10.4.4 running on non Apple hardware.
Stuff like this makes me less inclined to believe him.
--
Bruce Johnson
This is the sig who says 'Ni!'
--
G-List is sponsored by <http://lowendmac.com/> and...
Small Dog Electronics http://www.smalldog.com | Refurbished Drives |
-- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! |
Support Low End Mac <http://lowendmac.com/lists/support.html>
G-List list info: <http://lowendmac.com/lists/g-list.shtml>
--> AOL users, remove "mailto:"
Send list messages to: <mailto:g-list@mail.maclaunch.com>
To unsubscribe, email: <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/>
iPod Accessories for Less
at 1-800-iPOD.COM
Fast Delivery, Low Price, Good Deal
www.1800ipod.com