Re: [Full-disclosure] Question about Mac OS X 10.4 Security
Mac's have always held the distinction of being more secure by, among other things, not being a target. -- Due to the lack of extensive use, virus and mal ware writers have ignored taking the time to write virus for Macs. Simple philosophy - Why climb the wall , when you can walk through the door. Windows is easier and more prolific, until that changes, we are not going to see major attacks on the mac platform. JMHO On 2/28/06 12:04 AM, Ferdinand Klinzer [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey Guys, What you think about the latest Mac OS X 10.4.x Security flaws? I think it will go fast then it goes like Windows Systems more and more Trojan Horse and other security bugs... I only want make a thread about what you think? Cheers Ferdinand -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEBAQoivpgT1glX4cRAow2AJ4xcl8to6Vtzb/mAccqjSG0WuE1jwCeJpeV OKrrslBaBNxiV1GcLHgvcPU= =bNj4 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Stephen Johnson The Lone Coder http://www.ouradoptionblog.com *Join us on our adoption journey* [EMAIL PROTECTED] http://www.thelonecoder.com *Continuing the struggle against bad code* -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
This is a perfect example of the idiocy pushing the OSX security myth: http://slashdot.org/comments.pl?sid=178631threshold=1commentsort=1mode=threadcid=14809189 __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
What you think about the latest Mac OS X 10.4.x Security flaws? I think it will go fast then it goes like Windows Systems more and more Trojan Horse and other security bugs... I think McAfee, Symantec, et.al. are all licking their chops at a new venue to hawk their products. I wouldn't be at all surprised if they're at least indirectly behind some of the research into those vulnerabilities. MAC users are also part of this problem, IMHO .. they're an elitist group that thinks their trendy little toy is immune to everything. Add to that MAC is built on UNIX, something your average art student knows even less about than Windows, and an operating system that's a lot more fun to tamper with once you're in. My $0.0184 (6% Ohio taxes withheld) Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
--On Tuesday, February 28, 2006 00:15:10 -0800 Stephen Johnson [EMAIL PROTECTED] wrote: Mac's have always held the distinction of being more secure by, among other things, not being a target. -- Due to the lack of extensive use, virus and mal ware writers have ignored taking the time to write virus for Macs. Simple philosophy - Why climb the wall , when you can walk through the door. Windows is easier and more prolific, until that changes, we are not going to see major attacks on the mac platform. I think you're living in a fantasy world. The recent vulnerability, which allows the running of arbitrary code simply by clicking on a linked zip file will probably result in at least a handful of new viruses/worms for the Mac platform within the next week or two. Apple has made the same stupid mistake Microsoft has been making for years - mixing code and data and trying to make things easy for the user (read auto-launch this widget so you don't have to save and open.) The end result will be disaster for the Mac, but, thankfully, not on the same scale as Windows because not every user is an admin, and it requires the use of sudo to perform administrative functions. Still, the ignorance of Mac users, who believe their platform is somehow magically secure will contribute to the problem. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
I wouldn't be at all surprised if they're at least indirectly behind some of the research into those vulnerabilities. Although I can not speak for Leap.A you are completly wrong with regard to the InqTana variants. http://digitalmunition.com/InqTanaThroughTheEyes.txt http://www.securityfocus.com/columnists/389 P.S. InputManagers are sexy. -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
I think you're living in a fantasy world. The recent vulnerability, which allows the running of arbitrary code simply by clicking on a linked zip file will probably result in at least a handful of new viruses/worms for the Mac platform within the next week or two. I agree 100% . Zip file / metadata bug added to a malicious InputManager , fucked up dyld file or environment.plist is like instant IE style popup city for Mac users running Safari. It would literally take about 20 minutes to put something together. -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
On 2/28/06, Paul Schmehl [EMAIL PROTECTED] wrote: snip Still, the ignorance of Mac users, who believe their platform is somehow magically secure will contribute to the problem. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ I am sorry, Paul, but I have to take you up on this, especially with your tendency of generalizing everything. I have used *nix in the past, for all my network and security tools, until MacOSX presented itself as an opportunity for migration, when I had a need for a new laptop (over two years ago). At that time the 2.6 kernel and available modules weren't up to the tasks of the latest hardware capabilities of x86 laptops, so - on an advice from a friend of mine - I have tried an iBook. I have been able to compile and port all my tools just fine, especially with the help of the underlying like-BSD infrastructure (long live fink and Darwin-ports). All I can tell you is that - ever since - I never looked back at other choices (w/the exception of Windows, which was never considered among choices, anyway, due to limitations in cygwin, not talking about the many other obvious reasons for the OS, itself ;)), and have recently got myself the latest still-PPC Powerbook, which just confirmed the rightness of the original migration. As a repository of security and network tools, I have thrown at this baby everything I can possible think of, and still haven't found a way to break it ... ... so the Mac users are not [only] the bunch of idiots/ignorants whom you tend to describe - I would just invite you to attend a blackhat or shmoocon, or even SANS or Cisco networkers, and let me know how many Mac users you can count there ... and then ask yourself why ... but then, again, I may be wrong ; Stef ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
Ok, first of all, the fact that you even mention Blackhat, SANS or Cisco Networkers makes me question if I should even respond...I will anyway. Yes, it's true a lot of folks, particularly in the security realm use Macs, myself included. The reason I use it has nothing to do with an imaginary belief in security supremacy, but rather that the tools I use on a daily basis run natively along side software like MS office. Previously, like many others, I would have been forced to run a kludgy dual boot or VMware based solution to solve this. OSX was the perfect solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stef Sent: Tuesday, February 28, 2006 11:14 AM To: Untitled Subject: Re: [Full-disclosure] Question about Mac OS X 10.4 Security On 2/28/06, Paul Schmehl [EMAIL PROTECTED] wrote: snip Still, the ignorance of Mac users, who believe their platform is somehow magically secure will contribute to the problem. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ I am sorry, Paul, but I have to take you up on this, especially with your tendency of generalizing everything. I have used *nix in the past, for all my network and security tools, until MacOSX presented itself as an opportunity for migration, when I had a need for a new laptop (over two years ago). At that time the 2.6 kernel and available modules weren't up to the tasks of the latest hardware capabilities of x86 laptops, so - on an advice from a friend of mine - I have tried an iBook. I have been able to compile and port all my tools just fine, especially with the help of the underlying like-BSD infrastructure (long live fink and Darwin-ports). All I can tell you is that - ever since - I never looked back at other choices (w/the exception of Windows, which was never considered among choices, anyway, due to limitations in cygwin, not talking about the many other obvious reasons for the OS, itself ;)), and have recently got myself the latest still-PPC Powerbook, which just confirmed the rightness of the original migration. As a repository of security and network tools, I have thrown at this baby everything I can possible think of, and still haven't found a way to break it ... ... so the Mac users are not [only] the bunch of idiots/ignorants whom you tend to describe - I would just invite you to attend a blackhat or shmoocon, or even SANS or Cisco networkers, and let me know how many Mac users you can count there ... and then ask yourself why ... but then, again, I may be wrong ; Stef ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
If you look at the [very, very] specific paragraph I was referring to, from Paul's email, then I hope you will agree with me that what I was trying to convey was the need to avoid generalizing categorization of users ... having said that, the implications are that a much higher awareness, and - in turn - possibility of addressing and/preventing issues related to vulnerabilities exists in the Mac community, vs. the Windows one, for example. Stef P.S. Sorry for top-posting, but going back to the end would have made this a mess ... On 2/28/06, Steven Rakick [EMAIL PROTECTED] wrote: Ok, first of all, the fact that you even mention Blackhat, SANS or Cisco Networkers makes me question if I should even respond...I will anyway. Yes, it's true a lot of folks, particularly in the security realm use Macs, myself included. The reason I use it has nothing to do with an imaginary belief in security supremacy, but rather that the tools I use on a daily basis run natively along side software like MS office. Previously, like many others, I would have been forced to run a kludgy dual boot or VMware based solution to solve this. OSX was the perfect solution. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stef Sent: Tuesday, February 28, 2006 11:14 AM To: Untitled Subject: Re: [Full-disclosure] Question about Mac OS X 10.4 Security On 2/28/06, Paul Schmehl [EMAIL PROTECTED] wrote: snip Still, the ignorance of Mac users, who believe their platform is somehow magically secure will contribute to the problem. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ I am sorry, Paul, but I have to take you up on this, especially with your tendency of generalizing everything. I have used *nix in the past, for all my network and security tools, until MacOSX presented itself as an opportunity for migration, when I had a need for a new laptop (over two years ago). At that time the 2.6 kernel and available modules weren't up to the tasks of the latest hardware capabilities of x86 laptops, so - on an advice from a friend of mine - I have tried an iBook. I have been able to compile and port all my tools just fine, especially with the help of the underlying like-BSD infrastructure (long live fink and Darwin-ports). All I can tell you is that - ever since - I never looked back at other choices (w/the exception of Windows, which was never considered among choices, anyway, due to limitations in cygwin, not talking about the many other obvious reasons for the OS, itself ;)), and have recently got myself the latest still-PPC Powerbook, which just confirmed the rightness of the original migration. As a repository of security and network tools, I have thrown at this baby everything I can possible think of, and still haven't found a way to break it ... ... so the Mac users are not [only] the bunch of idiots/ignorants whom you tend to describe - I would just invite you to attend a blackhat or shmoocon, or even SANS or Cisco networkers, and let me know how many Mac users you can count there ... and then ask yourself why ... but then, again, I may be wrong ; Stef ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
On 2/28/06, Stef [EMAIL PROTECTED] wrote: On 2/28/06, Paul Schmehl [EMAIL PROTECTED] wrote: Still, the ignorance of Mac users, who believe their platform is somehow magically secure will contribute to the problem. snip I am sorry, Paul, but I have to take you up on this, especially with your tendency of generalizing everything. I have used *nix in the snip ... so the Mac users are not [only] the bunch of idiots/ignorants whom you tend to describe - I would just invite you to attend a blackhat or shmoocon, or even SANS or Cisco networkers, and let me know how many Mac users you can count there ... and then ask yourself why ... but then, again, I may be wrong ; Stef Stef, You're describing your own experiences, and those of other security professionals. What Paul is describing is the normal user. I agree with him that the normal user thinks that because they have a Mac, they are suddenly immune to everything. As an example, a good friend of mine has been using an iBook and an iMac for several years, and likes to talk about how she doesn't have to deal with all the viruses and problems that her Windows using friends have. When I asked, she had never done a single update on her computers, because she didn't think she needed to. I've since convinced her to check for updates on a weekly basis, which while not perfect, has at least kept her patched. Mike ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Question about Mac OS X 10.4 Security
--On Tuesday, February 28, 2006 11:03:12 -0600 Stef [EMAIL PROTECTED] wrote: If you look at the [very, very] specific paragraph I was referring to, from Paul's email, then I hope you will agree with me that what I was trying to convey was the need to avoid generalizing categorization of users ... having said that, the implications are that a much higher awareness, and - in turn - possibility of addressing and/preventing issues related to vulnerabilities exists in the Mac community, vs. the Windows one, for example. Let's see. I use Windows XP, Mac OS 10.3.9 and FreeBSD 5.4 SECURITY daily. Therefore all three platforms obviously have a much higher awareness of security issues, right? At least that *seems* to be your logic. The fact is, as a community, Mac users have the belief that their system is secure - that they have nothing to worry about. *Of course* there are Mac users that are astute and fully understand the risks. Just as there are Windows users who are the same way. Just because the geeks have taken to the Mac OS doesn't mean its community has raised its level of awareness more than a nanometer or two. In fact, when I sent a campus-wide announcement about the recent shell vulnerability, the *majority* of comments that I got from users *within* IT was, You're spreadying FUD. Mac's are not anywhere near as risky as using Windows. Professors and others emailed me asking, What do I need to do to be safe? If you think the Mac you're using is secure, I encourage you to go try to run the poc that Secureiteam posted. Just be sure to bring a clean pair of drawers with you. I've used Windows since it first came out. I've never had a single virus infection, never had a single machine hacked, never had an incident of any kind. Does that mean Windows is secure? Of course not! The idea that, because you are using a Mac, you have less to worry about, is just as silly as the idea that, because you're using Unix, you have less to worry about. Guess which platform get's hacked the most here? (Hint - it ain't Windows.) In *general*, the hosts that are the most risk are the ones that are the most poorly maintained (if they're maintained at all), and the OS they are running is irrelevant. There's only one OS that I know of, on this campus, that has never been hacked, and it has nothing to do with the OS and everything to do with how it's maintained and how it's protected (and no, I ain't telling you what it is.) Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/