Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
BSD Operating Systems Businesses Apple

Mac Security Feast 14

Justoc writes: "Wow, over the past few days there has been so much programming, porting, etc. in the Macintosh security world. Today MacintoshSecurity.com opened their site to the public allowing people to submit and discuss mac security news. Chevell of securemac wrote a nice piece on firewall security for OS X using freeware and shareware software. And Merilus ported over their Gateway Guardian and FireCard so it is supported by Mac OS X!"

"Firewall software for the Mac OS:IPNetSentry 1.1.6 is out, along with the open firmware password configuration program (ya its like bios, but for your mac). Freaks Mac Archives put up a few titles on a groovy new layed out site including a Def Con 9 T-Shirt for those cold nights. And Apple's been updating their OS X security advisory page with patches, papers and more. Eat up and enjoy."

This discussion has been archived. No new comments can be posted.

Mac Security Feast

Comments Filter:
  • A lot of Linux security info is relevent to Mac OS X. Anything BSD-related will map to OS X...
  • by frankie ( 91710 ) on Wednesday August 29, 2001 @09:54AM (#2229879) Journal
    ...to firewall software for classic MacOS? There are no open ports, unless you stupidly file-share your drive with guest write priveleges. A $99 NAT switching router would provide better performance and stability than using Extensions.

    There is nothing comparable to command.exe, no ability to execute arbitrary operations via a text string. You can't even use a flat file binary (need a resource fork). The entire general principle behind most Windows or *nix vulnerabilities simply does not apply to classic MacOS.
    • by Anonymous Coward
      A buffer overrun is a buffer overrun. Just because its not as easy as just copying command.exe into the scripts directory doesn't mean you aren't executing arbitrary code on the server.

      Don't be lulled into a false sense of security. If you have open ports, you have potential security problems (well, you have potential problems even without open ports, but they're usually not worth worrying about).
      • Right, but under classic Mac OS there are no open ports as long as you don't have IP-based filesharing enabled and you're not running some actual server software. Also, unlike UNIX or WinNT (or Mac OS X for that matter) there is no shell that you can get into to do any damage once you've found a buffer overflow in a server app. That's not to say that damage is impossible -- beyond DOS attacks, there have been a few vulnerabilities in some web-server apps, but they've always exploited weaknesses in the actual app and used the app's services in some way to manipulate files, never underlying OS vulnerabilities.
      • I have a fairly well justified sense of security, thank you very much. You know how OpenBSD [openbsd.org] talks about "4 years without a remote hole"? Well, MacOS has gone 17 years without a remote hole. The only known attacks are the same as they were in 1984:

        1. social engineering -- convincing the user to run your code -- just like any single user OS
        2. file sharing for dummies -- o777 permission or weak password -- just like any shareable OS
        3. local root access -- if you can sit down at the mouse, you're in -- duh

        If there were an exploitable buffer in MacOS 1 through 9, crackers have had plenty of time to find it.

    • What about AppleScript?

Your own mileage may vary.

Working...