Dailydave mailing list archives
Re: This guy cracks me up (OS X Hacks)
From: Bob Mahoney <bob () zanshinsecurity com>
Date: Tue, 5 Sep 2006 16:00:22 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul- As I said, I am sure compromised OS X systems are out there. There just weren't any detected at MIT during my years there, and I have heard of none since. We did a very good job watching our network, and aggressively hunted bots. I don't think it was a matter of not trying hard enough- we didn't see one in my time there. The bot landscape has evolved rapidly, of course, but I am highly confident we had no Mac botnet participants prior to when I left in early 2004. (We can chat offline about the approaches MIT took back then, but I'm really quite confident about this) I'd be interested in knowing more about the compromises "Joe" has seen. OS versions, overall patch discipline, services running, and the like. It would be interesting to see if there are any significant demographic or behavioral differences in the two university environments. I'm also very interested in *when* he started seeing Mac bots.
"And I don't know anyone personally who does." Now you do :)
Ok, I'll assume that I actually already know Joe... :-)
Also, there was an OS X machine compromised at Shmoocon earlier in the year (http://www.securityfocus.com/news/11375),
I'll look around some more, but the last I heard this was a hardly a well-documented event, and supposedly forensics revealed no evidence of intrusion. (Pointers to more recent facts appreciated)
and be certain to check out Jay Beale's research on just how wonderful the OS X built-in firewall is.
He makes good points, certainly. I've tweaked the existing configs on my systems, and added some of the clever security tools out there for the Mac. I'll be interested to see what changes in system defaults Leopard brings.
I'm Paul, and I'm a Mac user. (Ashamed of the cluelessness of the apple community)
Well, I'm a Mac user as well. But I don't think the community is clueless. I think most Mac users understand that bad things are possible. They clearly *feel* safer (and mention that out loud rather a lot) even if they don't make all the best choices. I think it's significant that much of what can be done to improve things on the Mac is simple user education, and some GUI tweaks by Apple. We don't need to tear the house down and start over. - -Bob (actually wearing a pauldotcom T-shirt) - -- Bob Mahoney Zanshin Security, LLC http://zanshinsecurity.com PGP: 69F9 FC06 0D53 84D5 6981 B12E 7AF1 C5E2 39C5 EC09 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFE/ddaevHF4jnF7AkRAkoFAKDgJ/Yep33wZ7iwlCTSMq/TdsnACQCg5Qwb Zoyw2vFTl3kRbEddkhwK1/E= =pt1+ -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- This guy cracks me up. Dave Aitel (Sep 02)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Daniel (Sep 03)
- Re: This guy cracks me up. MindsX (Sep 03)
- Re: This guy cracks me up. dan (Sep 03)
- Re: This guy cracks me up. Dave Aitel (Sep 04)
- Re: This guy cracks me up. Bob Mahoney (Sep 04)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Message not available
- Re: This guy cracks me up (OS X Hacks) Bob Mahoney (Sep 05)
- Re: This guy cracks me up. Rhys Kidd (Sep 03)
- Re: This guy cracks me up. Jamie Riden (Sep 04)
- <Possible follow-ups>
- Re: This guy cracks me up. johnny cache (Sep 04)
- Re: This guy cracks me up. Bill Weiss (Sep 05)
- This guy cracks me up. johnny cache (Sep 05)
- Re: This guy cracks me up. Daniel (Sep 06)
- Re: This guy cracks me up. Randy Mueller (Sep 05)