Penetration Testing mailing list archives
Re: Penetration Testing on Mac OS X
From: lists73 () skilltube com
Date: Sat, 28 Jul 2007 16:26:44 +0200
Hi Michael Mac OS X has the same vulnerabilities as other operating systems, but that should not come as a big surprise. Unlike those on Windows, vulnerabilities on Mac are still not widely exploited and exploit codes less often published. That might change with time, especially since the amount of vulnerabilities seems to increase. Based on own experiences, I would recommend to prepare some simple demos to demonstrate weaknesses in Mac OS X. For example, the firewall is not turned on and that can easily be used to install a backdoor, e.g. a VNC server. Grab a copy of an older version of Mac OS, then google for some iTunes/QuickTime exploits. The metasploit framework also contains a few exploits. If they complain about the old version of the test system, tell them to break into a current version of Win XP... We published a "Hacking Mac OS X - case study" movie on milw0rm. It might help you too. You can also argue with the countermeasures available by comparing them with Win XP, Vista or Linux. Apple has quite some room for improvement there. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Penetration Testing on Mac OS X michael-hermann (Jul 20)
- Re: Penetration Testing on Mac OS X Carl Jongsma (Jul 20)
- RE: Penetration Testing on Mac OS X Inspiration (Jul 21)
- RE: Penetration Testing on Mac OS X SD List (Jul 23)
- <Possible follow-ups>
- Re: Penetration Testing on Mac OS X lists73 (Jul 28)