Slashdot Mirror

← Back to Domains

Domain: tds.net

Stories and comments across the archive that link to tds.net.

Comments · 54

  1. My, aren't we mouthy by melquiades · · Score: 3 · on Slashback: Apple, Lawyers, Backbones
    OK, I'll grant that Apple's page is no encyclopedia of security. But it sounds like you didn't even read through what's there. The security page has several concrete and useful bits of information, including:
    • a list of security patches and directions for patching;
    • general directions for disabling FTP, HTTP, Telnet, SSH, and Appleshare (nice and simple for the non-techies);
    • a security mailing list, with directions for verifying Apple's PGP signature; and
    • links to three other relevant security sites (CERT, FIRST, and FreeBSD security).

    It would be nice if they had links to security software such as Brickhouse, and community security sites such as SecureMac. But they page is not as useless as you make it out to be.
  2. OS X only 'fairly' secure out of the box by Chuck+Bucket · · Score: 1 · on Cracking OSX
    While doing some research on this, and eating Altoids, I found a 'Shareware' app for OS X called Brickhouse. Esentially it's a GUI for 'ipfw' to apply/change firewall rules under OS X. In the description it states:
    • While Mac OS X is fairly secure as installed, it also includes a powerful network traffic filter or firewall that can both prevent break-in attempts and keep your computer from being used in attack on another computer. Unfortunately, the default installation leaves it wide open, and you must manually 'add rules' or filters using a command line tool called ipfw. You need to use Terminal.app to do this.
    So there you go, it won't be enough for Mommy or Daddy to install OS X, they'll need to configure ipfw, and in this case, they'll need a 25$ Shareware product to do it! Man, that bites. Will OS X users want/demand free software as we've come to appreciate under Linux? I for one can't go back. I'm looking for the time when source is taken from a GPL'd Linux app, and then 'carbonized' (with the pinstripe look) and then released as a 25$ shareware app for OS X.

    Oh, and I'm already sick of the 'pinstripe' look of EVERY OS X app. Yeech!

    Chuck Bucket
    ----
  3. Some info.... by imac.usr · · Score: 5 · on Cracking OSX

    1. root access in Mac OS X is disabled by default. You can use sudo if you're an Administrator but that means knowing somebody's account/password, which is tougher, though certainly not impossible, to get if you have services turned off by default (which they are).

    2. There is an article up today on StepWise that describes how to update sudo to fix a potential buffer overflow (basically, you're just replacing the Apple-installed one with the current patched code).

    3. EVERY copy of Mac OS X IMHO should come with a copy of BrickHouse, a kick-ass GUI for configuring the built-in firewalling capability in OS X. It's certainly more attractive to most Mac users than using ipf.

    4. /etc/passwd is only accessed if the machine is booted into single-user mode (or if you futz with lookupd), and IIRC the password is shadowed in the release version of OS X.

    5. Not trying to be combative, just pointing out some issues that slashdot readers might not be aware of if they haven't played much with OS X. Yes, we need to be more concerned over security than we were with OS 9, but to me, the benefits of the system -- like being able to fix/update it yourself instead of waiting for Apple to release patches -- far outweigh the increased need for vigilance.


    --

  4. Some info.... by imac.usr · · Score: 5 · on Cracking OSX

    1. root access in Mac OS X is disabled by default. You can use sudo if you're an Administrator but that means knowing somebody's account/password, which is tougher, though certainly not impossible, to get if you have services turned off by default (which they are).

    2. There is an article up today on StepWise that describes how to update sudo to fix a potential buffer overflow (basically, you're just replacing the Apple-installed one with the current patched code).

    3. EVERY copy of Mac OS X IMHO should come with a copy of BrickHouse, a kick-ass GUI for configuring the built-in firewalling capability in OS X. It's certainly more attractive to most Mac users than using ipf.

    4. /etc/passwd is only accessed if the machine is booted into single-user mode (or if you futz with lookupd), and IIRC the password is shadowed in the release version of OS X.

    5. Not trying to be combative, just pointing out some issues that slashdot readers might not be aware of if they haven't played much with OS X. Yes, we need to be more concerned over security than we were with OS 9, but to me, the benefits of the system -- like being able to fix/update it yourself instead of waiting for Apple to release patches -- far outweigh the increased need for vigilance.


    --