Dailydave mailing list archives
Re: This guy cracks me up.
From: Bob Mahoney <bob () zanshinsecurity com>
Date: Mon, 4 Sep 2006 12:59:04 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For whatever it might be worth, a slightly dated perspective from a possibly interesting network: I worked at MIT for a little over 10 years, leaving three years ago to start my own consulting firm. In that time I worked in the network operations group, and later founded their Network Security team, which I headed up until I left. The exact numbers are hard to pin down, given the environment, but we had ~50k machines on the network (about ~35k "active" at any given time). Population guess, c. 2003: Windows (all sorts) 60% MacOS (both sorts) 20% UNIX (all sorts) 20% I would guess that the MacOS number is about the same today, but that pre-X machines are now a tiny fraction. No firewall during this time, and just a small number of actively naughty ports blocked by the routers. A very wide range of sysadmin skills in play, and a strong attitude of freedom in both systems and network use. The team was a cross-organization group led by central IS, but with members from the big independent labs like LCS, Media Lab, AI Lab. We were pretty active, tried hard to do all the right things, ate our Wheaties, etc. We had pretty good network intelligence, and probably didn't miss a whole lot in the way of suspicious activity, so end- user security clue was not a big factor in compromise detection. We saw thousands (low 10s?) of Windows systems compromised in my time there, but I do not have personal knowledge of any MacOS X compromises at the Institute in my time there, or since. And I don't know anyone personally who does. MIT gets lots of "let's attack the smart kids" and "Check out my m@d skillz" attention, and has no shortage of gifted locals... Lots of people poke at this network. "Target-rich environment", and all that. University networks can be pretty much guaranteed to see whatever attacks are taking place against Apple machines. (Maybe Apple should seed some sensor machines into these networks, so we can see how long the canary lasts?) I'm sure there are compromised MacOS X systems out there, and I'm sure there will be others in the future. But in a very wild, very active, and very open network, over a significant period of time, I never had to deal with a compromised Mac. Apple's security isn't perfect, and won't ever be. But whether they have done something better, or just something different, their real- world track record to date is not that bad. Even if previous good luck is merely an artifact of being a minority platform, Apple clearly recognizes the value of the positive security perception, and it would be reasonable to assume that they'll try hard to make whatever clever engineering choices might maintain and strengthen that perception. Experience to date has left a good impression. That impression can move consumer dollars around, and Apple will protect the impression to attract the dollars. They'll probably do some things right along the way. - -Bob - -- Bob Mahoney Zanshin Security, LLC http://zanshinsecurity.com PGP: 69F9 FC06 0D53 84D5 6981 B12E 7AF1 C5E2 39C5 EC09 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE/FtdevHF4jnF7AkRAlJGAKD8XT5Baehlqgm5FqkpqY4tD/KG2wCfdXYl 62Fk2adLpBXX+zZ3r7RITZA= =621G -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- This guy cracks me up. Dave Aitel (Sep 02)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Daniel (Sep 03)
- Re: This guy cracks me up. MindsX (Sep 03)
- Re: This guy cracks me up. dan (Sep 03)
- Re: This guy cracks me up. Dave Aitel (Sep 04)
- Re: This guy cracks me up. Bob Mahoney (Sep 04)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Jamie Riden (Sep 04)
- <Possible follow-ups>
- Re: This guy cracks me up. johnny cache (Sep 04)
- Re: This guy cracks me up. Bill Weiss (Sep 05)
- This guy cracks me up. johnny cache (Sep 05)
- Re: This guy cracks me up. Daniel (Sep 06)
- Re: This guy cracks me up. Randy Mueller (Sep 05)