|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] This guy cracks me up (OS X Hacks)
From: Bob Mahoney (bob
zanshinsecurity.com)
Date: Tue Sep 05 2006 - 15:00:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul-
As I said, I am sure compromised OS X systems are out there. There
just weren't any detected at MIT during my years there, and I have
heard of none since. We did a very good job watching our network,
and aggressively hunted bots. I don't think it was a matter of not
trying hard enough- we didn't see one in my time there.
The bot landscape has evolved rapidly, of course, but I am highly
confident we had no Mac botnet participants prior to when I left in
early 2004. (We can chat offline about the approaches MIT took back
then, but I'm really quite confident about this)
I'd be interested in knowing more about the compromises "Joe" has
seen. OS versions, overall patch discipline, services running, and
the like. It would be interesting to see if there are any
significant demographic or behavioral differences in the two
university environments. I'm also very interested in *when* he
started seeing Mac bots.
> "And I don't know anyone personally who does."
>
> Now you do :)
Ok, I'll assume that I actually already know Joe... :-)
> Also, there was an OS X machine compromised at Shmoocon earlier in
> the year (http://www.securityfocus.com/news/11375),
I'll look around some more, but the last I heard this was a hardly a
well-documented event, and supposedly forensics revealed no evidence
of intrusion. (Pointers to more recent facts appreciated)
> and be certain to check out Jay Beale's research on just how
> wonderful the OS X built-in firewall is.
He makes good points, certainly. I've tweaked the existing configs
on my systems, and added some of the clever security tools out there
for the Mac. I'll be interested to see what changes in system
defaults Leopard brings.
> I'm Paul, and I'm a Mac user. (Ashamed of the cluelessness of the
> apple community)
Well, I'm a Mac user as well. But I don't think the community is
clueless. I think most Mac users understand that bad things are
possible. They clearly *feel* safer (and mention that out loud
rather a lot) even if they don't make all the best choices.
I think it's significant that much of what can be done to improve
things on the Mac is simple user education, and some GUI tweaks by
Apple. We don't need to tear the house down and start over.
- -Bob (actually wearing a pauldotcom T-shirt)
- --
Bob Mahoney
Zanshin Security, LLC
http://zanshinsecurity.com
PGP: 69F9 FC06 0D53 84D5 6981 B12E 7AF1 C5E2 39C5 EC09
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFE/ddaevHF4jnF7AkRAkoFAKDgJ/Yep33wZ7iwlCTSMq/TdsnACQCg5Qwb
Zoyw2vFTl3kRbEddkhwK1/E=
=pt1+
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]