Slashdot Mirror
Mac OS X Security Criticisms Countered
Paradox writes "In response to the recent PC Magazine story criticizing Mac OS X security, technologist/author Richard Forno has written a rebuttal criticizing the author and raising some good points about the fundamental differences between Windows and Mac OS X. Considering Lance Ulanoff's tone during his article, a rebuttal from the Mac OS X community was inevitable." Forno's conclusion: "Trustworthy computing must be more than a catchy marketing phrase. Ironically, despite a few hiccups along the way, it's becoming clear that Mac OS, not Windows, epitomizes Microsoft's new mantra of 'secure by design, default, and deployment'."
Muckraking, the PC Way
Richard Forno
12 Dec 03
Copyright (c) 2003 by Author. Permission granted to reproduce in entirety with credit given.
Richard Forno is a security technologist, author, and the former Chief Security Officer at Network Solutions.
Since Apple released Mac OS X, even the PC industry trade publications have raved about its quality, design, and features. PC Magazine even gave Mac OS X "Panther" a 5-star rating in October 2003. Perhaps it was because Macs could now seamlessly fit into the Windows- dominated marketplace and satisfy Mac users refusing to relinquish their trusty systems and corporate IT staffs wanting to cut down on tech support calls. Whatever the reason, Mac OS X has proven itself as a worthy operating system for both consumers and business alike.
Of course, as with all operating systems, Mac OS X has had its share of technical problems and even a few major security vulnerabilities. Nearly all were quickly resolved by Apple via a downloaded patch or OS update. But in general, Mac OS X is solid, secure, and perhaps the most trustworthy mainstream computing environment available today. As a result, Mac users are generally immune to the incessant security problems plaguing their Windows counterparts, and that somehow bothers PC Magazine columnist Lance Ulanoff.
In a December 11 column [1] that epitomizes the concept of yellow journalism, he's "happy" that Mac OS X is vulnerable to a new and quite significant security vulnerability. The article was based on a security advisory by researcher Bill Carrel regarding a DHCP vulnerability in Mac OS X. Carrel reported the vulnerability to Apple in mid-October and, through responsible disclosure practices, waited for a prolonged period before releasing the exploit information publicly since Apple was slow in responding to Carrel's report (a common problem with all big software vendors.) Accordingly, Lance took this as a green light to launch into a snide tirade about how "Mac OS is just as vulnerable as Microsoft Windows" while penning paragraph after paragraph saying "I told you so" and calling anyone who disagrees with him a "Mac zealot."
In other words, you're either with him or with the "zealots." Where have we seen this narrow-minded extremist view before?
More to the point, his article is replete with factual errors. Had he done his homework instead of rushing to smear the Mac security community and fuel his Windows-based envy, he'd have known that not only did Apple tell Carrel on November 19 that a technical fix for the problem would be released in its December Mac OS X update, but that Apple released easy-to-read guidance (complete with screenshots) for users to mitigate this problem on November 26. Somehow he missed that.
Since he's obviously neither a technologist (despite writing for a technology magazine) nor a security expert, let's examine a few differences between Mac and Windows to see why Macintosh systems are, despite his crowing, whining, and wishing, inherently more secure than Windows systems.
The real security wisdom of Mac OS lies in its internal architecture and how the operating system works and interacts with applications. Its also something Microsoft unfortunately cant accomplish without a complete re-write of the Windows software -- starting with ripping out the bug-riddled Internet Explorer that serves as the Windows version of "Finder." (That alone would seriously improve Windows security, methinks.)
At the very least, from the all-important network perspective, unlike Windows, Mac OS X ships with nearly all internet services turned off by default. Place an out-of-the-box Mac OS X installation on a network, and an attacker doesnt have much to target in trying to compromise your system. A default installation of Windows, on the other hand, shows up like a big red bulls-eye on a network with numerous network services enabled and running. And, unlike Win
not much comparison when you start comparing your security to windows security.
Tho Forno is mostly correct in his assertions, I would take him MUCH more seriously if his argument wasn't riddled with immature name-calling.
"Ask not what your country can do for you." --John F. Kennedy
the bottom line is which are you going to trust anyway? the only computer that i would fully trust to protect my stuff would be a gentoo linux box custom made for a specific purpose. Self patching and very few applications installed for a person to take advantage of. the bottom line is though XP and Mac OSX may be "secure" they're not secure enough for anything important. (in my humble opinion.) I also work at a place where security is EVERYTHING so i guess i see it different... This pointless blathering about security shoudl convince no one of anything, especially when zealots are concerned.... I say use whatever works best for what you are doing. if you want REAL security, you shouldnt use either of those OS's
'In other words, you're either with him [Lance Ulanoff] or with the "zealots."'
If I have to choose sides, I'll go with the Zealots on this one. Apple's security and responses to breaches (so far) have been light years ahead of what I've dealt with from MS.
Tim
Drill baby drill - on Mars
The PC Magazine story was just about that - a story.
It wasn't a report. It wasn't an account. It wasn't an investigation. It wasn't supported by facts. It wasn't supported by logic. It was an opinion piece that, from my view, wasn't well thought or well written.
It's unfortunate that people need to write rebuttals to this sort of journalism, but some naive readers out there will simply take it at face value because it's in print, so it must be true.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
That is a great article, but for some reason it feels like he didn't really do that much research. For instance, his reference to DLL Hell is outdated - Windows XP doesn't suffer from that issue.
Saying that, I have to make the statement that I am an OS X user, and I love it. The simple fact that is asks for my username and password when I try to install applications is a wonder in itself.
You could have found a fairly accurate rebuttle right here at . as well.
Minus the trolls and such.
.....
.....
Contrary to his article, the small market segment held by Apple doesn't automatically make the Mac OS less vulnerable to attack or exploitation. Any competent security professional will tell you that "security through obscurity" - what Lance is referring to toward the end of his article - doesn't work. In other words, if, as he suggests, Mac OS was the dominant operating system, its users would still enjoy an inherently more secure and trustworthy computing environment even if the number of attacks against it increased. That's because unlike Windows, Mac OS was designed from the ground up with security in mind. Is it totally secure? Nothing will ever be totally secure. But when compared to Windows, Mac OS is proving to be a significantly more reliable and (exponentially) more secure computing environment for today's users, including this security professional.
... missed both UNIX and BSD.
Now what except the GUI is so specific to OS X that one may write an article related to security without at least touching the root(s).
CC.
TaijiQuan (Huang, 5 loosenings)
A blog entry (not mine) on the subject.
Enjoy.
is that Mac os 9 was completly safe to the outside world. AFIK there were no remote holes - now it did crash every ten to fifteen minutes on me, but I've never seen remote vulnerablitly. Wasn't the army using a few G4 towers with Webstar as html servers? I wouldn't go back to 9 from 10.3 - but it was amazingly secure.
Are there any viruses/trojans for OS X?
I know there was the ssh deal a while back, but does anyone know of any remote r00ting of an OS X box anywhere?
"or wrong, never fully read it or the rebuttal"
so why comment on the relationship between the two if you are obviously misinformed and you admit it?
The tone of the article has a lot to do with the assumption.
I mean, if I said, "I wish he'd just shut his mouth if he's not going to read the article," you can safely assume more malice there than if I said "He really should read the article before commenting," right?
If you work in a place where "security is EVERYTHING", then you should know that trust is *not* the bottom line.
Don't trust vendors.
Don't trust open source.
Trust no one.
Audit.
Things should be made as simple as possible, but not any simpler. -- Albert Einstein
It's not too much of an assumption. The author of the orinigal piece said he was glad that there was finally a big vulnerability for Mac OS, and that he was tired of Mac users looking smug when SAMS edition Conquer the Internet in 12 Hours outlook viruses pass them over. The whole piece just had a tone of "I'm really sick of people bragging about Mac OS."
I think Apple has shown the way Microsoft should follow if they wish to bring security and stability to the Windows platform. Apple migrated over to the underpinnings of BSD without compromising the distinctness that only Apple brings to the table. If Microsoft truly cared about "trustworthy computing," they'd shift their gears and concentrate on gluing the Windows GUI and other applications to whatever BSD platform they chose to annoint. After their acquisition last year (the VirtualPC crew), Microsoft has the talents necessary to bring decent emulation of older Windows flavors to their new products. But apparently they [Microsoft] are too stubborn for their own good. It sounds like Longhorn will now be delayed until 2006 or 2007, and every year they slip, the more people and institutions will slip away to Linux and OS X for the very ideal of "trustworthy computing" they profess. Windows is broken as an OS, but as a GUI "bundled" on top of BSD, it would prove to be the magic Microsoft's shareholders are now searching for. And since Microsoft has been infusing SCO with cash, Microsoft would be "safe" from any litigation from SCO in regard to BSD or Linux...
"Right now, somewhere in this world, Scott Baio is plowing a woman he doesn't love," - Peter Griffin, *Family Guy*
You are right, of course. But expecting Forno to avoid name-calling would mean expecting him to avoid feeding the Troll. This one was so cute, and looked so hungry... Maybe just a LITTLE food would be okay...
Crap. Slashdot picked it up. So much for keeping the Troll population down this Christmas season!
This at least had some bullets that backed up the statements.
The PC Mag article read as a 'neener neener neener I hate you' article vs. something with content.
As a rock-in-roll Physicist once said, No matter where you go, there you are.
From the original article:
How cocky are you feeling now, Mac elite?
While the original article's criticism may not have come from "zealous hate", it certainly didn't come from impartial journalism. This and other statements like it definitely tinted it from simple reporting to an apparent attack, complete with the subliminal childish prat-calls.
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
Snippets from the article: ..."system's FreeBSD foundation"... ..."the Unix-based Mac OS X system"... ..."not the same as the Unix 'root' account password"...
:)
and
and
You must be referring to the *original* article... the first makes no reference to BSD or UNIX. Based on that, I wholeheartedly agree with your assessment - I do not think that the original author had a real understanding of OS X, BSB, UINX, or for that matter, even Windows.
We would never actually read a serious article of this nature because any person that takes the time to do a security review of Windows would find so many holes they would never finish their article. And they'd probably have to write it twice. And it would be posted on the internet before they could publish it.*
*I may have exaggerated slightly on the last few points
Hey, reading this is slow going. Anyone got a link to the PowerPoint slideshow version for dummies?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
One of the great breakthroughs in safety design came when ships started to be built with compartments, which would prevent a single hull puncture to sink the whole ship. (Sadly the Titanic's compartments were all aligned in one dimension, so when the puncture was very long, it compromised all compartments).
One of my greatest concerns with MS attitude towards design of their "ships", especially Windows and Office is, that they are integrated way too much. So any security "puncture" spills over way too easily into the rest of the ship. As a very annoying side effect, one ends up re-booting for way too many MS patches. Why should I have to reboot, if I patch my browser or e-mail client?
Of course, MSIE, Outlook and MS Office vulnerabilities have been a lot less worrying for me, since fully switching to Mozilla and OpenOffice over a year ago!
Firstly, my new office machine is a Dell with XP Pro. My home machines are iBook with 10.3, and a ThinkPad with Mandrake 9.x (uptime near 60 days now). All 3 are stable machines that do what I want, when I want. The Thinkpad was the #1 machine until I had enough scratch to buy the iBook (apple.com does nice refurb sales from time to time). When sobig and the other malicious worms of 2003 came out, my office was all win98 machines, and a NT 4.0 server. Due to reading /. and using Norton Antivirus, the only machine affected by the onslaught were the machines I was not "allowed" to touch (#1 computer guy {I am the secondary guy}, and the owner of the company {"I did that already"}. In short, you can run any of these machines safely, with most all of the latest software. It just helps if you are not an idiot.
PEBKAC
The original "commentary" was not just chock full of factual errors, improper syllogisms, et. al. It was dripping with such a malice-filled glee at the notion that OS X might be as insecure as Windows that one has to wonder as to real root of the author's problems. He mentions how angered he is by the laughing of OS X users every time he has to deal with another Windows virus/trojan/bug. Are "commentaries" like his the sad, pathetic result of not working on an OS that "just works"?
I know this is wrong, but in one respect I was happy to learn earlier this month about the discovery of a significant security hole in the Jaguar and Panther...
I was tired of the "We use Macs because they don't get attacked by viruses and hackers" refrain from Mac nuts.
I generally counter with what is apparently a secret carefully hidden from Mac zealots:...
But the mindlessly superior retort is always the same....
Given this recent development, my question is, "Will you be stuffing that superior attitude in your crow or eating it separately, sir?"
Those quotes alone comprise half the first few paragraphs. See, that wasn't too hard, was it?
I realize this is an oft-repeated truism, and obscurity alone doesn't make a system truly secure...but it certainly helps. To make an analogy, I know of many friends who have been robbed, even when their valuables were well-locked. However, those who put their valuables in places theives never think to look are generally the ones who keep them - good security is never perfect, and is generally at best a deterrent, at worst a challenge. Hell, security through obscurity is the whole basis for steganography, though most would recommend encryption as part of a "why not?" sort of preprocessing step.
As such, I think it's a given that Windows is at least less secure because of its market share. Whether Mac is more secure because of its obecurity is debatable - I'm sure there are a number of generic unix exploits that macs would suffer from, and the general unix community is very high profile.
-Looking for a job as a materials chemist or multivariat
I Use, Run and Endorse OS X Server. For home and office use. I was co-incidentally running a Lab similar to that root exploit and guess what OSX is a ::real unix:: it has an exploit. I couldn't replicate because I use Kerberos. But this is the first and only time that I have had my development box (OBJ C / Java), Workgroup Server AND desktop on the same HW. with no loss of data in about three years. :-> ). The only way to really be sure is to try the mac. Yes Apple has some ::Issues:: it was only a matter of time before people clues into the OS a year plan. But the money goes into REAL r&d that makes my sysAdmin at home and work so much easier. From time to time I get a hack attempt. But my mac is set up as an Win2K ActiveDirectory PDC and my logs keep me laughing. I hardly even boot my PC as it would be a real security risk
In three years M$ will come out with supposedly secure computing, with more of an eye toward how to KEEP drm secure than how to prevent massive system intrusions violations. In the past seven years I have had none of this virus hype. It seems like the Mac users and the Linux users are having more in common every year (Except the OS X gets faster on the same HW
So before you bash the OS the real question is do you run it. And if not when was the last time you were really happy with your OS
-- P.S.> I will not go to Server 10.3 as I already implemented all of the documented features by 05/2003
--Shaddup and support your local PBS station Plan for it
To: Richard Forno
From: Lance Ulanoff
Subject: Re: Mac Security
YHL YHBT HAND
With all due respect any "elite" user is pretty abhorrent to be around...
I'm sure we all know a:
Mac Zealot
Microsft Apologist
Pompus Unix Geek
You're confusing Microsoft propaganda ("we fixed DLL Hell!") with reality.
.NET may manage to avoid most of DLL Hell (except for all the caveats like ADO problems), but this is of limited help with the existing DLL hell (eg, shell versions, which is a problem noone can fix but Microsoft, and they lack the money and incentive).
The reality is that new applications written specifically for
Ironically, despite a few hiccups along the way, it's becoming clear that Mac OS, not Windows, epitomizes Microsoft's new mantra of "secure by design, default, and deployment."
That is true, right now, but it is not a fair comparison.
Look, I'm no MS fan, but they have not released an operating system since they started their "trustworthy" initiative. The Windows operating systems being discussed are old (WinXP came out in 2001), and obviously full of holes--so full of holes that MS had to start this whole focus on security.
So comparing anything to an admittedly weak and insecure operating system is just plain silly. Everyone knows Windows is insecure. Saying MacOSX is more secure than Windows means nothing, and in fact makes OSX security look comparable to that of Windows when in fact it is far better (regardless of what that PCMagazine moron wants to believe).
So, how about we give MS a chance and at least wait for them to release an OS under their "secure by design, default, and deployment" banner before we start ripping it. We may be pleasantly surprised (although I doubt it).
My summary of the situation:
- Nothing is totally secure, if it's at all useful.
- Windows is demonstrably NOT secure. IT's been riddled with nasty bugs for years.. and for Joe Average, WHY doesn't matter.
- OS X is without question far more secure than windows, and less buggy. That is not to say it's immune, or that it can't be hurt ever, but several factors both in low-level design, and in user interface design, specifically how easily users can turn on and off certain services, makes it less prone to exploits.
- Yes, it has a smaller market share, and hence, less attention is focused on it, and that certainly IS a factor.. but it doesn't change the fact that mac users don't have to worry about viruses on a dialy basis at the moment. It also isn't the only factor, and hardly means "Oh it's just as insecure as windows"
The #1 insecurities in windows are related to bad design... and a narrow interpretation of how the computer will be used in a network environment. Having all these services listening by default is bad. Having them difficult to shut off is even worse.
Yes, actually the ending sentence that comes right after that
Hmm. Suddenly it's gotten pretty quiet around here.
REALLY got on my nerves. Anyone who declares victory at the end of their own damn article...
and hell, Windows is the only OS I use on a daily basis, other than some Usenet in a Unix shell account.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
I recently switched to MacOSX from BeOS. In my experience chatting to the Mac Community out there, they are not more fanatical than Any other Community. I've know Car Clubs who are more obsessive than the Macintosh Community.
The only fanatics I've ran accross in the MacOSX World are the AntiMac Fanatics. For whatever reason, these individuals *hate* Macs. Not just Dislike Macs, but actively *hate* them, with a passion remeniscant of Religious Fundamentalists.
People who rebute these AntiMac Fanatics are Labeled Mac Zealots. This is only a half truth, they are really just qualifiers of the AntiMac FUD.
Anti-OS sentiments aren't restricted to MacOS, though, There are plenty of AntiMS, AntiLinux, AntiBSD and Anti[insert favourite OS here] Fanatics. Are you one of them?
Secondly, when we wrote the DHCP LDAP option specs way back when, we explicitly documented this problem in the security section:
This was written in 1997, note the last paragraph above. These issues has been discusses and documented in several RFCs, many years ago...
-- Leif
If it happens that often maybe you should stop reading slashdot and concentrate more on doing your job correctly!
But now you can be a Mac Zealot and a Pompus Unix Geek at the same time! Its great!
While I agree that the author is poorly informed and mostly goes on one tangent after the other in this article, there are some problems with Windows that aren't easily fixed. This page, mentioned previously on /., is one example:
http://security.tombom.co.uk/shatter.html
There is a followup to this paper that discusses Microsoft response the it. The author isn't happy with the response.
The root of this issue is the Win32 API, and its origins as a real mode compatible API with no security, and no memory protection between processes. Much of the transition to Win32 seems to have been handled as a massive search and replace operation on the Windows headers, with backwards compatibility being considered more important than security.
Macs CAN get viruses
which viruses would these be? there are still no virii that attack mac os x.
Do not speak unless you can improve on the silence.
Wally -- "You're one of those condescending UNIX computer users!"
UNIX-guy-- "Here's a nickel, kid. Get yourself a better computer."
--Dilbert, c. 1994
Rule #1 -- Politics always trumps technology.
notice how the pro PC article just rails on and on about the security flaw, but doesn't mention that there isn't any malware going around to exploit it like in windoze. and how it was fixed promptly within a week. and even if there was malware, how far could it really go in a *nix environment????
"You never want a serious crisis to go to waste." - Rahm Emanuel
Are you going to explain why Joe Blow's ability to create files in the root directory is a security risk, since he can only remove files that he himself owns? I hope you're not just trying to hide behind "sticky bit" jargon and lofty claims of "weakening a security model that has already had significant difficulties."
Unlimited growth == Cancer.
So what if root is readable by admins. The /System folder is much more secure as is /private which is much more important.
/System /System
/private/ /private
/private, as you know, is where apple keeps etc, tmp, and var.
/System or /Library which seams very reasonable to me.
/usr/bin /usr/bin
/sbin /sbin
/usr/sbin /usr/sbin
ls -ld
drwxr-xr-x 4 root wheel 136 12 Sep 16:41
ls -ld
drwxr-xr-x 5 root wheel 170 14 Dec 13:31
Also, the standard gui installer forces a su password from the user before writing to
O, and if you were woried that someone could swap your commands with another:
ls -ld
drwxr-xr-x 652 root wheel 22168 14 Dec 13:24
ls -ld
drwxr-xr-x 61 root wheel 2074 14 Dec 13:12
ls -ld
drwxr-xr-x 201 root wheel 6834 14 Dec 13:20
Only root belongs to wheel.
So as I hope you can see, it really does not matter what root is, so long as the important directories have the correct settings.
Its brilliant! Windows safer by design will prove that everyone is at least as insecure as they are! Bammo! Acceptably secure operating system.
I smell a Monty Python skit in here somewhere!
Quack, quack.
I was refering to the old 16 bit Windows API, which the Win32 API is based on. My original post was phrased rather poorly - sorry.
Win32's roots in the 16 bit Windows API are the reason why the class of problems described in the paper I mentioned exist - applications used to be able to pass pointers around like cookies (Microsoft's words - not mine), and that includes pointers to timer callbacks. You can still get an application to map your data (potentially, exploit code) into its virtual memory space by sending it a WM_COPYDATA message. This was done, I assume, to make it easier to port applications that relied on the lack of memory protection to the new Win32 API.
Stay alert!
Trust no one!
Keep your laser handy!
Trust The Computer.
The Computer is your friend.
The original point was about / being writable. The problem is that if / is writable (but not sticky), then it'd be possible to do this:
./
cp -r etc myetc; mv etc etc.old ; mv myetc etc
And then you control etc.
However, due to the sticky bit:
dustin2wti:/tmp/test 520% ls -ld . etc
drwxrwxr-t 3 root admin 102 15 Dec 14:10
drwxr-xr-x 2 root wheel 68 15 Dec 14:10 etc/
dustin2wti:/tmp/test 521% mv etc newetc
mv: rename etc to newetc: Operation not permitted
(because of the sticky bit and my lack of ownership over etc)
Remember, renames are *directory* modifications, not file modifications. The sticky bit fills in the difference.
-- The world is watching America, and America is watching TV.
I get the feeling that merely suggesting that Mac OS X feels less pain from viruses, trojans, and other nasties in part because it has a smaller market share would result in this sort of response
So is Mac OS X less of a target because of smaller market share? Yes.
The original authour, like yourself, is confusing 2 things here, and this is why you see so many rebuttals to these sort of comments. A larger market share makes anything a bigger target. Duh. Anyone can figure that out. The problem is, it's a meaningless statement. People get so uppity about it because a bigger target != less secure.
The fact of the matter is, being a bigger target does not mean you're going to be compromised more often, which is what we're worried about when we talk security. If it did, Apache would be spitting out Code Reds and Nimdas every other month. Being a bigger target simply means people are going to TRY to compromise you more often.
Remember kids, we don't evaluate the security of something based on attempts. We evaluate it based on SUCCESSFUL attempts. This is why the "if Linux/Unix/BSD/OSX/Commodore 64 had a bigger market, it would be as insecure as Windows" argument is a fallacy, and why it gets rebutted every time.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Macs CAN get virii. True. However, I was one of the first ten people in the world to identify the mac WDEF virus in 1990-1991. I've followed the virus trail since 1989 to this day on macs and pcs. I even did virus protection for fortune 500 companies once.
.exe to a coworker?
PCs are open holes with regards to virii.
Macs are a dream in this respect. Even the old OS 9 & lesser.
Obscurity DOES play a part. A small part. The win 95/98 verisons of windows that are STILL being used are horrors. The newer versions are much better (Me, 2000, XP) but still, the win computer ships with the doors unlocked and open. And the solutions made to close them are subpar. What if I WANT to email a
I could regail you with tales of the reocurring Scsvr/brasil/ops32 virus at our old office but and all the times our pcs went down but I won't. The time wasted cost us enough.
The original reporter is a bitter man who is upset that the one part of the mac he chooses to address is much better than the same area on the pc and is despirate to "fight back" and say "nyah, nyah, I tooold you" to the mac crowd, painting them as elitist pinkie pointing beret toting espresso drinkers.
We need more rebuttals like the one that started this thread. I know many who claim that "less macs = less mac virii you stooge" without closely examining the situation.
At last check, there were about 60 mac virii. At most 100.
How many win virii are there out there? 50 thousand? 60 thousand?
The more the correct message gets published by competent professionals, the less win/mac virii FUD will be going around.
Cheers,
- Zav - Imagine a Beowulf cluster of insensitive clods...
...once, Apple said it, and advertized it, but I'll say it again:
... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme. [There is a certain level of implicit trust of the local network that is assumed.]
This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3.
This functionality - yes, functionality - has been in Mac OS X and its predecessors for YEARS. Just because all of a sudden someone paints it as a root exploit does not make it so. This is nothing like the standard fare of Windows remote exploits, some of which can be exploited against unpatched machines from any location on earth, at will, remotely, at any time, against any unprotected vulnerable machine. This "exploit" requires that a roque DHCP server be set up on your local network (!), and that a machine be rebooted (or otherwise perform a DHCP request) in this malicious environment. I repeat: just calling something a root exploit does not make it so.
Perhaps it's time to have a larger discussion about how much you can really trust your local network infrastructure services, be they in a home environment or in a corporate setting, because that's what this is really about.
Should Mac OS X have this default behavior?
What are the tradeoffs?
And so on.
I just find the distinct lack of understanding of this issue astounding.
(Note: and no, this isn't an issue of Apple glossing over something by calling something a "feature" when it's really an "exploit", as you could argue for some of MS's exploits. This really is a feature, and one that can be taken advantage of by rogue services on your network...like just about anything can in one way or another. If you're being affected by this so-called "exploit", you've got bigger problems on your hands...)
Did you do a clean install?
I think it uses your jaguar network settings when you do an upgrade or archive and install.
Is how many people, when they write about OS X credit Apple with coming up with the secure design or other features. If anyone should be credited, it should be the people who develop FreeBSD, because that is the real reason why OS X is secure.
SIGFAULT
The only fanatics I've ran accross in the MacOSX World are the AntiMac Fanatics.
There's some kind of fundamental truth there. For example: I was a vegetarian for a decade, and during that time I noticed there was a type of person who looked upon my eating habits as a personal attack. These people would try to drag me into an argument about how I wasn't enough protein, etc. I realized I couldn't win: If I shrug it off, I'm a mindless cultist. If I try to disabuse them of their notions, I'm a fanatic.
Later I started eating meat and bought a Mac, and now I run into the OS version of these people.
One man's -1 Flamebait is another man's +5 Funny.
Thank you... more evidence that slashdot needs a flame resistant spell checker
:)
Ever think that maybe this was just a typo? They happen yanno. Not every mistake is made by a "low brow" trying to sound fancy. Some philosophers are just not good spellers
"All great wisdom is contained in .signature files"
http://www.securityfocus.com/archive/1/347578
http://slacksite.com/images/humour/dilbert-unix.gi f