Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Security Feast

Posted by timothy on from the plugging-away dept.

Justoc writes: "Wow, over the past few days there has been so much programming, porting, etc. in the Macintosh security world. Today MacintoshSecurity.com opened their site to the public allowing people to submit and discuss mac security news. Chevell of securemac wrote a nice piece on firewall security for OS X using freeware and shareware software. And Merilus ported over their Gateway Guardian and FireCard so it is supported by Mac OS X!"

"Firewall software for the Mac OS:IPNetSentry 1.1.6 is out, along with the open firmware password configuration program (ya its like bios, but for your mac). Freaks Mac Archives put up a few titles on a groovy new layed out site including a Def Con 9 T-Shirt for those cold nights. And Apple's been updating their OS X security advisory page with patches, papers and more. Eat up and enjoy."

14 comments

  1. Linux-to-Mac OS X by Ocelot+Wreak · · Score: 1

    A lot of Linux security info is relevent to Mac OS X. Anything BSD-related will map to OS X...

    --
    "I figure you're here 'cause you need some whacko who's willing to stick his finger in the fan. So who are we helping?
  2. Is there any point... by frankie · · Score: 3, Informative

    ...to firewall software for classic MacOS? There are no open ports, unless you stupidly file-share your drive with guest write priveleges. A $99 NAT switching router would provide better performance and stability than using Extensions.

    There is nothing comparable to command.exe, no ability to execute arbitrary operations via a text string. You can't even use a flat file binary (need a resource fork). The entire general principle behind most Windows or *nix vulnerabilities simply does not apply to classic MacOS.

    1. Re:Is there any point... by Anonymous Coward · · Score: 1, Insightful

      A buffer overrun is a buffer overrun. Just because its not as easy as just copying command.exe into the scripts directory doesn't mean you aren't executing arbitrary code on the server.

      Don't be lulled into a false sense of security. If you have open ports, you have potential security problems (well, you have potential problems even without open ports, but they're usually not worth worrying about).

    2. Re:Is there any point... by Anonymous Coward · · Score: 0
      executing arbitrary code on the server.

      In classic MacOS, there are no (none zilch nada zero) open ports. There is no server.

    3. Re:Is there any point... by flimflam · · Score: 2

      Right, but under classic Mac OS there are no open ports as long as you don't have IP-based filesharing enabled and you're not running some actual server software. Also, unlike UNIX or WinNT (or Mac OS X for that matter) there is no shell that you can get into to do any damage once you've found a buffer overflow in a server app. That's not to say that damage is impossible -- beyond DOS attacks, there have been a few vulnerabilities in some web-server apps, but they've always exploited weaknesses in the actual app and used the app's services in some way to manipulate files, never underlying OS vulnerabilities.

      --
      -- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
    4. Re:Is there any point... by frankie · · Score: 3, Informative

      I have a fairly well justified sense of security, thank you very much. You know how OpenBSD talks about "4 years without a remote hole"? Well, MacOS has gone 17 years without a remote hole. The only known attacks are the same as they were in 1984:

      1. social engineering -- convincing the user to run your code -- just like any single user OS
      2. file sharing for dummies -- o777 permission or weak password -- just like any shareable OS
      3. local root access -- if you can sit down at the mouse, you're in -- duh

      If there were an exploitable buffer in MacOS 1 through 9, crackers have had plenty of time to find it.

    5. Re:Is there any point... by Anonymous Coward · · Score: 0

      Keep the macs secure !

    6. Re:Is there any point... by benedict · · Score: 2

      What about AppleScript?

      --
      Ben "You have your mind on computers, it seems."
  3. firewall for classic by Anonymous Coward · · Score: 0

    IPNetSentry is nice easy to use shareware. I use it because it is cost effective and i run my macs as servers. So i would like to have it firewalled some of the services are for internal networking only.

  4. There really isn't any point at all: *BSD is dying by Anonymous Coward · · Score: -1, Troll

    *BSD is dying

    Yet another crippling bombshell hit the beleaguered *BSD community when last month IDC confirmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

    You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all.

    Let's keep to the facts and look at the numbers.

    OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

    Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to another charnel house.

    All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

    *BSD is dying

  5. Re:There really isn't any point at all: *BSD is dy by Ded+Bob · · Score: 0, Flamebait

    *BSD is dying

    Ah, my favorite troll. It took you awhile to post. Were you grounded from using the computer? ;)

  6. Whats a Mac by Anonymous Coward · · Score: -1, Troll

    Who fucking cares about those fruity boxes running MACCLE OS XP or whatever, running at 300 MHz.

    Only retards and clueless teenage girls buy MACCLEs.

    LETS CODE FOR THE HOT CHOCOLATE API

  7. Re:There really isn't any point at all: *BSD is dy by Ded+Bob · · Score: 2

    Flamebait for responding to a troll?!? Moderators really need to read the guidelines better. Or at least ease up a little.

  8. Behind every troll, there is a name. by Anonymous Coward · · Score: 0

    Ali, Haydur (HAYDUR3-DOM)
    13 Com. Zone,
    Lahore, Lahore
    PK

    Domain Name: HAYDUR.COM

    Administrative Contact:
    Ali, Haydur (HA8055) contact@haydur.com
    13 Com. Zone,
    Lahore 54660
    PK
    92-42-5875645
    Technical Contact:
    Ali, Haydur (HA8056) contact@haydur.com
    Organization
    13 Com. Zone, Liberty Market,
    Lahore 54660
    PK
    92-42-5875645