Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Security Feast

Posted by timothy on from the plugging-away dept.

Justoc writes: "Wow, over the past few days there has been so much programming, porting, etc. in the Macintosh security world. Today MacintoshSecurity.com opened their site to the public allowing people to submit and discuss mac security news. Chevell of securemac wrote a nice piece on firewall security for OS X using freeware and shareware software. And Merilus ported over their Gateway Guardian and FireCard so it is supported by Mac OS X!"

"Firewall software for the Mac OS:IPNetSentry 1.1.6 is out, along with the open firmware password configuration program (ya its like bios, but for your mac). Freaks Mac Archives put up a few titles on a groovy new layed out site including a Def Con 9 T-Shirt for those cold nights. And Apple's been updating their OS X security advisory page with patches, papers and more. Eat up and enjoy."

2 of 14 comments (clear)

  1. Is there any point... by frankie · · Score: 3, Informative

    ...to firewall software for classic MacOS? There are no open ports, unless you stupidly file-share your drive with guest write priveleges. A $99 NAT switching router would provide better performance and stability than using Extensions.

    There is nothing comparable to command.exe, no ability to execute arbitrary operations via a text string. You can't even use a flat file binary (need a resource fork). The entire general principle behind most Windows or *nix vulnerabilities simply does not apply to classic MacOS.

    1. Re:Is there any point... by frankie · · Score: 3, Informative

      I have a fairly well justified sense of security, thank you very much. You know how OpenBSD talks about "4 years without a remote hole"? Well, MacOS has gone 17 years without a remote hole. The only known attacks are the same as they were in 1984:

      1. social engineering -- convincing the user to run your code -- just like any single user OS
      2. file sharing for dummies -- o777 permission or weak password -- just like any shareable OS
      3. local root access -- if you can sit down at the mouse, you're in -- duh

      If there were an exploitable buffer in MacOS 1 through 9, crackers have had plenty of time to find it.