NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunitysec Daily Dave> 2007-q1

Re: [Dailydave] PWN to OWN (was Re: How Apple orchestrated web attack on researchers)

From: Bob Mahoney (bobzanshinsecurity.com)
Date: Wed Mar 21 2007 - 09:10:32 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mar 20, 2007, at 6:00 PM, Dragos Ruiu wrote:
> This promises to be much more fun than capturing "flags." :-)
> And a quantitative experiment on the real security of OSX.

I've tried a number of times to get details of actual OSX compromises
in the wild, without success. I'd like to know details of a real
computer being used by a real person, compromised by a real
attacker. I've been told a number of times (even here) that examples
exist. But I've never gotten real info.

I am genuinely interested- while I use a Mac, nothing is
invulnerable. It seems reasonable that such an example must exist.
But I have never seen or been pointed to one.

Given the sort of talent here, I'd be disappointed if no one here
could beat a default install, if motivated to do so. But I'd also be
disappointed if a Navy SEAL couldn't kill me with a paper clip.
Serious expertise yields solid results, and I have appropriate fear
and respect for true ninja skills. But ninjas aren't my threat
model, so this isn't a very relevant test from my perspective.

There are many detailed analyses of compromised Windows and Unix
machines. Thousands and thousands. Example autopsies abound. What
I'd like to see is an equally expert and detailed analysis of a real-
world OSX compromise, where the attacker was not a security researcher.

I keep my eyes open, and ask occasionally, but it's entirely possible
I've missed the example I'm looking for. If someone can point me to
one, I would be grateful and interested.

There is a Secret Service presentation on Mac forensics scheduled for
an upcoming HTCIA meeting in Boston. I'll be interested in hearing
what sorts of numbers they have seen, and if any examples involved
compromise instead of merely evidence gathering.

-Bob

PS: I also would like to see more OSX security presentations at
conferences. But given the general orneriness of security people, is
it really as simple as Apple lawyers scaring everyone off? (This is
a tough crowd. I expect to be knifed in the parking lot. :-)

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]