Re: Penetration Testing on Mac OS X

[lists73 () skilltube com]

Hi Michael

Mac OS X has the same vulnerabilities as other operating systems, but
that should not come as a big surprise. Unlike those on Windows,
vulnerabilities on Mac are still not widely exploited and exploit
codes less often published. That might change with time, especially since the
amount of vulnerabilities seems to increase.

Based on own experiences, I would recommend to prepare some simple
demos to demonstrate weaknesses in Mac OS X. For example, the firewall
is not turned on and that can easily be used to install a backdoor,
e.g. a VNC server. Grab a copy of an older version of Mac OS, then
google for some iTunes/QuickTime exploits. The metasploit framework
also contains a few exploits. If they complain about the old version
of the test system, tell them to break into a current version of Win
XP... We published a "Hacking Mac OS X - case study" movie on milw0rm. It
might help you too.

You can also argue with the countermeasures available by comparing
them with Win XP, Vista or Linux. Apple has quite some room for
improvement there.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------