Penetration Testing mailing list archives
Re: Apple pentesting
From: Daniel <deeper () gmail com>
Date: Tue, 5 Apr 2005 19:40:55 +0100
Julian, OS X is a bsd wunderkund and thus can be treated as a UNIX workstation. Best bet is to see if Rendezvous is running and also what other services have been enabled (apple file sharing, samba share, ssh etc) Todd, Wild statement there boy :0) "never release vulnerability statements..." hmmmm, Apple Security page: http://docs.info.apple.com/article.html?artnum=300667 I'm fairly happy that there is enough information in their security releases to describe the issue and also if it was fixed. If you needed more indepth details about the issues, im sure you could just read the exploit code (if any) that was created or read the alternative release by the person who found the issue in the first place. Why should a vendor go the full hog and release extra information regading security issues? If you have a look at other major vendors, they seem to follow the same, if not less info, pattern regarding releases. Daniel On Apr 5, 2005 6:47 PM, Todd Towles <toddtowles () brookshires com> wrote:
Nessus does work against Macs, the problem with testing Macs is they never released vulnerability statements..never. If a hole is found, Apple releases a patch and no ones says anything. If Microsoft did this..everyone would go crazy.-----Original Message----- From: Julian Totzek [mailto:julian.totzek () bristol de] Sent: Tuesday, April 05, 2005 10:51 AM To: pen-test () securityfocus com Subject: Apple pentesting Hi Guys, I have to do a pentest in a environment where mac's should be located. Never tested MacOS somebody have some tips for me? They normally should only be clients no servers. Do you know of special tools to test them, or is it possible to test them with progs like nesuss? Cheers Julian ------------------------------ email scanned filename: mailbody --> clean SCANMODULE: Ikarus vdb: 05.04.2005(66449) version: 0.2.57.0 ------------------------------
Current thread:
- Apple pentesting Julian Totzek (Apr 05)
- Re: Apple pentesting Erik Winkler (Apr 05)
- Re: Apple pentesting Mike (Apr 06)
- <Possible follow-ups>
- RE: Apple pentesting Todd Towles (Apr 05)
- Re: Apple pentesting Daniel (Apr 05)
- Re: Apple pentesting sam f. stover (Apr 05)
- Re: Apple pentesting Thomas Stromberg (Apr 05)
- Re: Apple pentesting Thomas Hardly (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 05)
- Re: Apple pentesting Daniel (Apr 06)
- RE: Apple pentesting Altheide, Cory B. (IARC) (Apr 05)
- RE: Apple pentesting Todd Towles (Apr 06)
- Re: Apple pentesting Javier Blanque (Apr 08)