OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] Question about Mac OS X 10.4 Security

From: Steven Rakick (stevenrakickyahoo.com)
Date: Tue Feb 28 2006 - 10:53:02 CST


Ok, first of all, the fact that you even mention
Blackhat, SANS or Cisco Networkers makes me question
if I should even respond...I will anyway.

Yes, it's true a lot of folks, particularly in the
security realm use Macs, myself included. The reason I
use it has nothing to do with an imaginary belief in
security supremacy, but rather that the tools I use on
a daily basis run natively along side software like MS
office. Previously, like many others, I would have
been forced to run a kludgy dual boot or VMware based
solution to solve this. OSX was the perfect solution.

-----Original Message-----
From: full-disclosure-bounceslists.grok.org.uk
[mailto:full-disclosure-bounceslists.grok.org.uk] On
Behalf Of Stef
Sent: Tuesday, February 28, 2006 11:14 AM
To: Untitled
Subject: Re: [Full-disclosure] Question about Mac OS X
10.4 Security

On 2/28/06, Paul Schmehl <paulsutdallas.edu> wrote:
<snip>
>
> Still, the ignorance of Mac users, who believe their
platform is
> somehow magically "secure" will contribute to the
problem.
>
> Paul Schmehl (paulsutdallas.edu)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/

I am sorry, Paul, but I have to take you up on this,
especially with your tendency of generalizing
everything. I have used *nix in the past, for all my
network and security tools, until MacOSX presented
itself as an opportunity for migration, when I had a
need for a new laptop (over two years ago). At that
time the 2.6 kernel and available modules weren't up
to the tasks of the latest hardware capabilities of
x86 laptops, so - on an advice from a friend of mine -
I have tried an iBook. I have been able to compile and
port all my tools just fine, especially with the help
of the underlying "like-BSD" infrastructure (long live
fink and Darwin-ports). All I can tell you is that -
ever since - I never looked back at other choices
(w/the exception of Windows, which was never
considered among choices, anyway, due to limitations
in cygwin, not talking about the many other obvious
reasons for the OS, itself ;)), and have recently got
myself the latest still-PPC Powerbook, which just
confirmed the rightness of the original migration. As
a repository of security and network tools, I have
thrown at this baby everything I can possible think
of, and still haven't found a way to break it ...

... so the Mac users are not [only] the bunch of
idiots/ignorants whom you tend to describe - I would
just invite you to attend a blackhat or shmoocon, or
even SANS or Cisco networkers, and let me know how
many Mac users you can count there ... and then ask
yourself why ... but then, again, I may be wrong ;>

Stef
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/