Penetration Testing mailing list archives
RE: Apple pentesting
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 6 Apr 2005 08:21:58 -0500
Hey, Thanks guys, It was my mistake...I was talking in front of my mind for a bit. Yesterday was a rough day, sorry for the confusion. Cory, sorry for taking my displeasure of the day out on ya..my bad. I understand that Apple has a very good security image and does inform their users. As far as pen-testing, Nessus is a good start, but false positives are possible and they should be double checked with another tool or manually. You will get both Mac OS X and UNIX type vulns. The other links provided by the other members give some holes to check. I was surprised to not find any attack info on packetstormsecurity as well. http://www.osvdb.org/ - Found several vulns for Mac OS X http://secunia.com/product/96/ - Mac OS X Vulnerabilities - Secunia Also, look at the other apps that are installed. If you do get local access to the box, then installed apps and maybe unpatched local access will help you gain higher access.
-----Original Message----- From: Javier Blanque [mailto:javier () blanque com ar] Sent: Tuesday, April 05, 2005 4:40 PM To: Todd Towles; Julian Totzek Cc: <pen-test () securityfocus com> Subject: Re: Apple pentesting In general Corporations like Apple, Microsoft, Sun, Cisco, etc. do not help attackers to their products, even for good reason (pen testing), they do not give more than is needed to know about a bug. But Apple has been doing its homework about patching and describing these vulns. You should check at: http://www.macsecurity.org/ http://www.securemac.com/ and google for "mac security" Best regards, Javier Blanque El 05/04/2005, a las 14:47, Todd Towles escribió:Nessus does work against Macs, the problem with testingMacs is theynever released vulnerability statements..never. If a hole is found, Apple releases a patch and no ones says anything. If Microsoft did this..everyone would go crazy.
Current thread:
- Re: Apple pentesting, (continued)
- Re: Apple pentesting Mike (Apr 06)
- RE: Apple pentesting Todd Towles (Apr 05)
- Re: Apple pentesting Daniel (Apr 05)
- Re: Apple pentesting sam f. stover (Apr 05)
- Re: Apple pentesting Thomas Stromberg (Apr 05)
- Re: Apple pentesting Thomas Hardly (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 05)
- Re: Apple pentesting Daniel (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 06)
- Re: Apple pentesting Javier Blanque (Apr 08)