Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Dailydave] This guy cracks me up (OS X Hacks)
From: Bob Mahoney (bobzanshinsecurity.com)
Date: Tue Sep 05 2006 - 15:00:22 CDT
-----BEGIN PGP SIGNED MESSAGE-----
As I said, I am sure compromised OS X systems are out there. There
just weren't any detected at MIT during my years there, and I have
heard of none since. We did a very good job watching our network,
and aggressively hunted bots. I don't think it was a matter of not
trying hard enough- we didn't see one in my time there.
The bot landscape has evolved rapidly, of course, but I am highly
confident we had no Mac botnet participants prior to when I left in
early 2004. (We can chat offline about the approaches MIT took back
then, but I'm really quite confident about this)
I'd be interested in knowing more about the compromises "Joe" has
seen. OS versions, overall patch discipline, services running, and
the like. It would be interesting to see if there are any
significant demographic or behavioral differences in the two
university environments. I'm also very interested in *when* he
started seeing Mac bots.
> "And I don't know anyone personally who does."
> Now you do :)
Ok, I'll assume that I actually already know Joe... :-)
> Also, there was an OS X machine compromised at Shmoocon earlier in
> the year (http://www.securityfocus.com/news/11375),
I'll look around some more, but the last I heard this was a hardly a
well-documented event, and supposedly forensics revealed no evidence
of intrusion. (Pointers to more recent facts appreciated)
> and be certain to check out Jay Beale's research on just how
> wonderful the OS X built-in firewall is.
He makes good points, certainly. I've tweaked the existing configs
on my systems, and added some of the clever security tools out there
for the Mac. I'll be interested to see what changes in system
defaults Leopard brings.
> I'm Paul, and I'm a Mac user. (Ashamed of the cluelessness of the
> apple community)
Well, I'm a Mac user as well. But I don't think the community is
clueless. I think most Mac users understand that bad things are
possible. They clearly *feel* safer (and mention that out loud
rather a lot) even if they don't make all the best choices.
I think it's significant that much of what can be done to improve
things on the Mac is simple user education, and some GUI tweaks by
Apple. We don't need to tear the house down and start over.
- -Bob (actually wearing a pauldotcom T-shirt)
Zanshin Security, LLC
PGP: 69F9 FC06 0D53 84D5 6981 B12E 7AF1 C5E2 39C5 EC09
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
-----END PGP SIGNATURE-----
Dailydave mailing list