Slashdot Mirror
FBI Agent Talks Crime, Macs
hype7 writes "There's an article at SecurityFocus describing a visit an FBI agent to Washington University. His visit was ostensibly about computer security and the general public's complete lack of any idea on computer security whatsoever: 'I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.' His talk ranged from some of the pranks he's seen played on unsuspecting users, to Eastern European extortion of big banks." WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' Another good quote: 'If you're a bad guy and you want to frustrate law enforcement, use a Mac.'"
More good quotes:
"If you're a glutton for punishment type of guy and you want to frustrate yourself, use a Windows based PC."
"If you're a script kiddie and you want to get caught, use a Windows based PC."
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Hmm. Not *precisely* the kind of publicity the Mac folks were probably looking for, but with their marketshare almost any publicity is good publicity. I just think it's cool that all the FBI Infosec guys are on OS X. Makes me feel good about my migration to the platform as well (as soon as Apple posts the much-awaited G5 price adjustment).
I don't quite understand how people are good at mining data off of *nix but not off of a Mac though -- that part didn't make too much sense. I find it hard to believe that the people they were referring to were on OS9, and if they were on OSX then the boxes basically *are* *nix machines...
dmiessler.com -- grep understanding knowledge
Darl McBride is forming a case against you at this very moment!
That said, this is an interesting article even if it does read like it's from the FBI PR department. Interesting to see the bit about them having trouble working with Macs for forensic data recovery.
There was Cowboy Neal at the wheel of a bus to never-ever land.
I am not really surprised that the FBI security guys use OS X boxes. Years ago I remember another government agency with a three letter acronym that used NeXT boxes it seemed almost exclusively from the situation rooms right down to the secretaries (at least in Langley).
Visit Jonesblog and say hello.
Anyone else curious to see how Paul Thurott bitches about this in his anti-Mac, anti-logic blog?
...what about BeOS? BSD?
Gee, I wonder how all these horrible viruses, worms, etc. can spread so fast.
. . . most ordinary computer users have no idea about what security means. They don't practice secure computing because they don't understand what that means.
Oh. *smacks head*
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
The problem is, that's part of the reason there aren't any Linux worms circulating either. If, as we all hope, Tux finds his way onto the desktop in mass numbers MyDoom will quickly become LinDoom.
Oh, yeah, I got my first copy of MyDoom today. I was so proud. I'm a bad parent though and I threw it promptly in the nearest dumpster.
There was Cowboy Neal at the wheel of a bus to never-ever land.
The only remote root I've heard about is the DHCP thing, which is hardly a serious vulnerability. Are there others I'm not aware of?
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Perhaps; but how does that change the man's point?
Regardless of *why* they are hard to hack, the simple fact is that they *are* hard to hack. I mean, I understand what you're saying, but it really makes no difference to this article whatsoever.
Comment of the year
Steve Jobs is smarter than Bill Gates. Not only is he giving discounted hardware and software to educational institutions k12 on up, he's found another entrance vector through which to enhance the brainwashing - send in an Agent with a "Macs are more secure, too" line.
Shoulda taken the blue pill.
I guess that explains why they use Macs in Hackers.
Buckethead
Security by obscurity is not an excuse. If this were true, then the Apache Web Server would 4 times the number of viruses compared to IIS.
SCO flavored UNIX. If the law enforcement people are in any way technologically literate, they'll just assume you're "some idiot" and leave you alone.
Mod "Overrated" instead of replying "I disagree with you," you coward.
I would not trust an "out of the box" install of any OS.
You are so stupid.
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
acctualy the OSX system uses 2 buttons for most anything just like windows does (usualy a menu for the 2nd click) and I use a 4 button mouse (1 button on each side) for expose.. (to get good task switching with expose you need a mouse button for it, unless you somehow always have a hand on the keyboard and the mouse all the time unless you use apple's pretty mac mouse
They're not secure out of the box. As you mentioned, you need to apply several security updates to patch remote holes. Apple's new to the unix game, and though they're doing well, they still have 30 years of unix security know-how to catch up with!
I can see the headline on drudge now, "Terrorists Prefer Apple"
It's always been my experience that the guys are hot on Windows, pretty good on *nix, but very very few know anything about Macs -- my guess because of their law enforcement background, where they used and were trained on PCs.
A predominant amount of their work seems to be recreating or capturing MS Outlook mailboxes (looking for the smoking guns). They aren't as cluey on Eudora (presumably because most corporate enterprises don't use it).
Small market share means that the majority of people focus on the system(s) that form the majority of OS/apps used -- a trait which appears to extend to law enforcement and makers of forensic programs. But the really good professionals are always interested in asking "so just how does this work on a mac" and discussing the similarities/differences...
You don't know what you're talking about.
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
Oh my, we are ignorant, aren't we?
1) Watch TV (lord knows what . . .)
2) drink some booze and hang with the buddies
3) read about Internet Security so he doesn't go around speading some damn garbage around to everyone else.
Numbers one and two likely describe your average user, number three is generally the type of person reading slashdot. I guess we need to get security "cool" now for people to take notice.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
"If you're a humorous guy and you want to uber frustrate law enforcement, use a Linux."
its a troll, and you're stupid for feeding it.
They're only secure because, with such a minimal share, nobody cares about breaking into one.
Bullshit. Market share has nothing to do with it. There's at least as many Apache-based servers out there as IIS, but there are like 2 Apache worms.
And frankly, there are enough Mac-haters around that surely some would like to take Apple down a peg via a virus or some sort of exploit in OS X. How come it's never happened? How come in three years there hasn't been a single OS X virus discovered?
Apple have had several fixes just in the last few months fixing remote root access vulnerabilities.
Yeah, and the difference is, they were found and fixed without being maliciously exploited. Most of them were very unlikely to be exploited anyway, or were found in services that were off by default. The last one I heard about would allow a brand new machine to get owned if a rogue DHCP server happened to be sitting on the LAN. Yeah, that's likely to happen.
Contrast this with Windows, where shit is wide open by default, and the first anyone hears about a hole is usually when it has already brought the internet to a crawl. Not that patches for exploits do any good when people don't apply them-- I just took a look in my firewall logs, and I'm still getting Nimda and Code Red infection attempts.
I, for one, welcome our new Mac OS/X Overlords!
dadada
We are The Atheists. Lower your egos and surrender your beliefs. Resistance is futile.
ROTFLMAO omg omg im so 733t macs are so suxor and real haxor could bork a mac typing with their nose. My pc running linux is so rule/secure it makes me want to crap my pants. "and they are secure out of the box" If that was funny enough to make you almost fall out of your chair from laughing you need to quit reading slashdot
the executeable bit wouldn't be set.
It would not run.
As for the mac program, the resource forks were not transmitted in the email, it wasn't encoded.
drat, its lost.
I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
But how many of the holes were nt for services that come disabled by default? How many Mail.app exploits? How many required physical access to the computer to exploit?
One of the nice things about the Mac is that most of the services are shipped off by default - like SSHD. So even if a hole is discovered in a service, not EVERYONE is going to be vulnerable by default without taking specific action.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In theory you are right, the vunerabilitys in Outlook could apply to any Unix mail client. In practice they don't though. All unix mailers that I know of (pine, mutt, kmail, and so on) do not by default run programs they get from email. You might be able to configure kmail to do so, but it isn't the default. I'm sure that some mailers considered it, but once outlook got exploited a few times they re-considered. (I have no idea why Microsoft still hasn't).
If that isn't enough for you, most unix systems allow the sysadmin to prevent the user from running arbitary programs. If the sysadmin didn't install it you can't run it, (just mount /home and /tmp with -noexec) after which time you just make sure that the installed mail clients don't allow scripts. Okay, it is slightly more complex than that, but a good sysadmin can deal with it. AFAIK, Windows doesn't have this ability so an admin can't lock things down this way.
Well... before you plug it in...
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
>> fixing remote root access vulnerabilities.
>
> Yeah, and the difference is, they were found and fixed
> without being maliciously exploited.
Speaking of exploitation, I found it hilarious that the %01 URL exploit in IE, discovered in November and still not patched NINE WEEKS LATER doesn't actually have a 'fix' from microsoft, but they do offer some handy advice. Straight from their help page at support.microsoft.com Microsoft can't be bothered fixing a broken (and now exploited at least 3 times by scammers out for credit cards, bank info and the like) part of IE, but they will offer you advice to cripple your browsing experience. Type URLs in manually!
How many Linux desktop users out there do you think installed the SSH root vulnerability updates that came out last year? That's turned on by default on many distributions.
I've gotten 4 or 5 copies already. It's UPX compressed and half of the text is "encrypted" with ROT13. And there's one line in there that could be a reference to Andy Tanenbaum, author of Minix, but that's just speculation at this point.
Comment removed based on user account deletion
...the US government can't find bin laden, he's using a mac!
Natural-Selection Be
Well, it took 'em three days to perform the exhaustive search in the Slashdot story history to insure that the story wasn't a dupe. "Slashdot! Bringing you the finest in original and timely news since..." well, I'm not going there.
That makes no sense. While Apache may run more webSITES it does not run as many webservers. Don't let netcraft confuse you.
... to that PC World bonehead who wrote an article about OS X being "just as insecure as Windows" because somebody discovered a remote exploit (where "remote" meant "on the same lan as your machine").
I don't recall his name, but I remember the sensationalist tone of his article, the minimal facts, and the gloating that Windows was no longer alone in being vulnerable. It's probably asking a bit much for him to read the article without his "I Love Windows Blindly" hat on, but maybe he (and others whose love of bashing the Mac seems to exceed anyone else's love of anything, including the so-called "Mac zealots") might be begin to accept reality.
is that they are technologically impaired halfwits. If they would accually take the time to hire *real* computer experts, maybe they would have a little bit more success in stopping something.
In the past, I could send them detailed logs, including TCP dumps, of people controlling DDOS networks, threatening people, bragging about committing DDOS. And nothing would happen. More recently, a friend of mine had serious threats to her and her child from a stalker - who authorities proceeded to track to Atlanta. But they seemed to miss the fact that he was repeatedly coming from a dialup IP address in Toronto.
Law enforcement on the internet needs to be put into the hands of a capable multinational group with laws that are defined to cross boarders. Until then, DDOS kiddies will still be running around quite loudly proclaiming their existance.
.
reply again. I dare you.
so far you've lost 2 points due to off-topic moderation.
FEED ME
you know you want to.
> more to the point?
I'd say further off-topic.
Um...I have a Wireless Intellimouse Explorer connected to my G4 as we type...did you have a point?
Time to strike up the drumbeat:
1. Windows defaults to let users run as root. Neither Mac OS X nor Linux do that.
2. (already noted) Macs ship with most ports shut down.
3. BSD has been combed over for years, and many eyes have searched for vulnerabilities. A lot have already been solved. Nobody can look at Windows code.
4. Macs have fewer application vulnerabilities (because unlike Windows, most applications can't make root system calls and run programs as root (for example, MS Outlook).
Sorry to be repetitive.
I'm a senior admin with a big company, specializing in Windows based systems. My day to day PC is a 15" Powerbook. I can use the Microsoft RDP client to log into any of the Win servers, SSH to log into the Unix stuff and can pretty much do my job with no hiccups or workarounds. The only exception is that Entourage has weak MS Exchange support, so I'm typically using webmail. With Fink installed I have basic tools like nmap and ethereal at my disposal. My only real gripe is that Apple and Broadcam don't open up access to the network hardware.. Being able to put my NICs into promiscuous mode would be a big help. There's a workaround - I could get an Orinoco or Aironet PCMCIA card.. but I'd prefer to use the integrated hardware.
As far as Linux distros go, Yellow Dog Linux runs very nicely on most older Macs.. but as of yet there is no support for the Radeon 9600 in my book. Text is fine for most stuff but I'd love to run KDE or Gnome in Yellow Dog.
Anyway, I think Apple's got a real opportunity. The Virginia Tech cluster shows their potential and this article is good PR, despite the "frustrate law enforcement" comment. Seeing a room full of Powerbooks at NASA was pretty cool, too.
I love how people always seem to think that there are fewer vulnerabilities simply because the mac has a much smaller market share. Sure, it makes sense unless you're actually paying attention. Yes, Apple has had to issue some security updates recently. No, Mac OS X is not perfect. But it beats the hell out of operating systems that ship with holes so big you can drive a truck through with room to spare.
The first thing you have to do when you install the OS is create a user account and a new password. Macs ship with most services disabled by default, and they've got a point-and-click firewall that can be enabled in a matter of seconds. Macs are not secure because no one uses them. They are secure because they do not make the same common mistakes that Microsoft seems to do constantly. They're secure because you don't hear about huge break-ins, loss of data, or life-threatening situations caused by failed security systems. And they're secure because the folks that depend most upon security seem to turn their head more and more these days towards that odd fruit on the other side of the fence. The fact that Apple has issued patches recently is not a red flag. Everyone has to patch their OS. It would be a red flag if they hadn't patched it in a timely manner, like some others that we always seem to hear about.
Of course, they're expensive as all hell, and their isn't enough software for them, but that's another story. ;-)
I really really wish people would stop using Apache and IIS as an exmaple. Their for servers! That's a TOTALLY different situation than home users since they are run by people who know that they are doing.
Pfft. They don't know what they're doing if they can't lock down a server sufficiently, and obviously IIS admins CAN'T. You want me to copy & paste today's firewall log so you can see the Nimda and Code Red attempts?
I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.
Seriously, to me this sounds like sensationalism. Like, a good sound byte to attract attention. If you tell people that things are worse than they could ever imagine, you're not going to do much except scare people. And most of the time it's not that bad.
I'd like to think that (like most slashdotters) I'm not unaware of what goes on in the "computer underground". I'm not in it, but it's not like I'm ignorant of the fact that it exists. The tools on packetstorm are enough to scare any non-tech person into submission, if they knew what they could do, yet I don't lose sleep over it.
I'd like to think that, while there are lots of "dumb" users out there, there are a lot of us tech guys, the guys behind the switches and administering the servers, who are looking out for them, much like shepards.
There are a couple of simple rules to follow:
1.) If it's on the internet, it can be hacked.
2.) If it's backed up, it can be restored.
3.) If it's patched, it's less likely to be exploited.
4.) Ease of use and security are inversely proportional.
I don't resent people like my mom who wouldn't know spyware from cookware. I do what I can for her, computer wise. And she cooks for me when I come home. I consider it an even trade.
~Will
sig?
Hey, that's 'Funny,' not 'Troll.' Stupid crack smoking mods.
I haven't booted into 9 in almost two years, but was recently at a friend's house messing around with 9.1... yes, it's a crime. If not a crime, then at least a sin.
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
Two things. The assertion that Platform X is 'just as insecure as Windows' is technopolitik Vunderbabble of the worst sort; the fact is that the claim that they are 'as insecure' as Windows is unfounded, and undemonstrable unless and until there are as many targets for would-be virus/trojan/hack/script kiddie toolbox writers that are platform X as there are Windows boxen for them to excercise their nefarious talents upon. It's an outgrowth of the kind of sloppy thinking that suggests that all programmers produce equivalent code; they don't, as any programmer can tell you. So get over it.
Second, it's obvious that you are as near as one can come to being completely ignorant about anything but your precious "pro-MS fanboy bloatware"... I don't have a *single* *nix box (Linux, BSD, or Slowlaris) that will 1) decode (uudecode) a binary file as executable without my direct intervention to cause it to occur, or 2) execute said code in any way - even scripts for a scripting language that's embedded (for expandability and extensibility of the client) won't execute by clicking on them when they appear as an attachment in an email.
This is not to suggest that there are not undiscovered security vulnerabilities in *nix that may be revealed if and when it spreads across the face of the earth supplanting Windows boxen righteously; however, I will assert that I believe that those security failures will not approach the generalized impact of the Windows virii/trojans - and you know what? I have *exactly* as much data to support that view as the generalized "let's be nice to the poor little Winders crowd" Technopolitik 'your platform is just as bad' FUD. </FLAME>
Thinking outside my Head
But you forget that when a file comes in as executable, every other OS recognises it as such, and in fact most mailers on other operating systems do NOT automatically execute code. In fact some CANNOT.
I have heard it said by MS lackeys that removing the ability for Outlook to execute a file when it's received is crippling the app. In an age when viruses worms and trojans are all too common, this is the equivalent of people all around the country receiving letterbombs in their mail weekly, and not putting in place some simple provision that would allow them to check if the letter was something they wanted, or a dangerous bomb, just because you want the convenience of opening a parcel willy nilly.
MOST EXECUTABLES SENT IN EMAIL ARE VIRUSES. thats just fact. This week 40% of email traffic was a virus! hundreds of millions of copies of MyDoom spread around. The simple fix is DON'T EXECUTE MAILED FILES!.
Another MS problem is the backwards compatibility crap that MS leave in mailers. Did you know Fonts are STILL exempt from security zones in mailers and browsers on Windows. Did you know Windows supports executable fonts as a legacy from Win 3.0? Several keylogger trojans have snuck into people's Windows machines by this method alone. The only conclusion is MS don't know what they're doing, by allowing a type of executable (executable fonts) exclusion from security.
Tsk MS, before you start talking security, switch your collective brain on.
Sorry, what consolation prize do we have for our departing guest?
m l
Honestly, the security by obscurity thing has been disproven so many times, in so many ways for Mac OS X that I find it impossible that you're unaware. Granted, Mac OS X has security issues patches, but don't make me get into the horrid falacy: "macs are just as insecure as any other OS." They are, by design, far more secure. The exploits possible on a PC are not possible on a Mac due to Outlook, IE, messenger services, etc.
Seriously. Thanks for a good laugh. In case you're missing out on the needed information, here it is. This article sums it up very well.
http://www.theregister.co.uk/content/4/34554.ht
"Politicians find new names for institutions which under old names have become odious to the people."
I'm sitting here in front of my PC with a G4 Mac keyboard and 6 button MX700 wireless logitech mouse. ;-)
PSA -- Mac keyboards are very handy on a PC. They will detect in XP as a Mac USB Keyboard, and will run without having to install any additional drivers.
The only unfortunate thing, Mac designed them for little girl's fingers, so there are no gaps between the function keys. But the feedback is amazingly light, lighter than any PC keyboard I tried during my visits to CompUSA and MicroCenter. Not bad, at all, for $60. There is also no funky side-crunch. You know, like on the MS ergonomic keyboards from a couple of years ago. You can hit any part of the key and it still presses silently and smoothly.
My next plan is to put a couple of blue LEDs under the acrylic on the bottom. Since it's clear, it should illuminate very well.
I find it somewhat amusing that he harps on and on and on about the slightest little problem with any other platform -- particularly the mac -- but has almost completely ignored the latest couple of mail worms pestering his platform-of-choice.
and an image of OBL with the caption: "Think Different"
How is a REMOTE ROOT EXPLOIT "hardly a serious vulnerability"....? What is a serious vulnerability???? Spontaneous combustion?
It makes perfect sense, even if you distort the numbers.
Let's say apache only runs some 20% of the web, and IIS the majority of the rest.
Apache has had 2 worms. total. EVER.
IIS has had hundreds.
It's still skewed against MS and their pseudo security.
Criminals have figured out a way around (shipping restrictions to Eastern Europe), however. They hire folks to act as middlemen for them. Basically, these people get paid to sit at home, sign for packages from Dell, Amazon, and other companies, and then turn around and reship the packages to Russia, Belorussia, and Ukraine.
I bet you, too, thought those spammers were lying.
Quem a paca cara compra, paca cara pagará.
the register was running this story yesterday here:
http://theregister.co.uk/content/55/35175.html
Those who trade in their freedom for security, deserve neither.
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Nice try Mr. FBI man! This is just a thinly veiled plot!
1) Tell public to use FBI to foil law enforcement.
2) ???
3) Profi^WProsecute!
Someone hand me my tinfoil hat, I'm off to search for nsa_key in Darwin.
~Dalcius
Rome wasn't burnt in a day.
'If you're a bad guy and you want to frustrate law enforcement, use a Mac.'
That's the most enlightened idea out of federal law enforcement since they audited Al Capone. No, wait...
Hit a little too close to home, didn't it?
I think Apple should cut their prices by 40% - 50% across the board. I'd be first in line to buy a PowerBook and/or a G5 if they did. But $2,800 - $3,800 to run OSX? Psh... I don't think so. (Though I'd consider an iBook too if the hardware was priced accordingly. Like $400 - $500.)
It's bad enough Mac users have been accused of rampant piracy due to Apple's slow adoption of DRM technology and their earlier "Rip, Mix, Burn" advertising strategy a few ago. Once again, we'll end up blamed for supporting the "criminal element" because the OS is secure almost right out of the box.
What is so inherently wrong about something that just "works"? We're not a bunch of luddites here, so why is the Mac always tagged as being evil?
Maybe it's the whole "Apple is satanic" thing. You know... founded on April 1st... sold their first computer kits for $666.66... the reasoning for choosing an apple with a bite of it for a logo.
Get real, it's just a computer.
8==8 Bones 8==8
when the Mac was classified as a "munition(sp)" and was subject to export controls? Or just more urban legend?
What?
Lindows starts out users as root, and it's Linux. Try not including a whole genre in an OS talk.
-]Phreak Out[-
man. the trolls had a feast tonight.
OS X lets you run a screen saver as your desktop image, but it soaks up the CPU, so instead I run a translucent green-on-black terminal window displaying 'tail -F
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
Back when I was a youngster and I did things that were in a legal "gray area", I almost always used a Mac. FWB's Hard Disk Toolkit included transparent HD encryption.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
"...I was trying to plan simultaneous suicide explosions in separate third world countries using the advanced CAJ (Computer-Aided Jihad) program that comes standard with Windows XP, when all of a sudden the computer was like, beep-beep-beep-beep-beep, and I was like, what in Allah is this? And I lost all the plans. It was going to be a really good terrorist strike too! Now I use a Mac. Apple: bringing you the user-friendly tools you need to exterminate all Jews and Crusaders!"
"If you're a bad guy and you want to frustrate law enforcement, use a Mac." nah.. if you really want to frustrate them, use encryption and data shreading. Most of the stuff being talking about I am guessing is just data recovery of stuff once it has been deleted. Not really related, but I have been an MS user since the dawn of time, and for the past 3 years a Linux user (happy with both, as they do what they are supposed to do), but those new G5's with OSX may just have me making the "switch" :]
Because if someone is injecting malicious DHCP servers into your network, you probably have bigg problems on your hand
T Money
World Domination with a plastic spoon since 1984
...but just because it's open source does not just mean that it's "secure". Actually... because some software is hacked and patched and exposed to a massive amounts of people... it gets more focus and makes it better software. Perhaps a mac *is* more sercure becuase open source software is made and used by more "hakers"... but that remains to be seen. And no I don't care what you think. Thanks, have a great day. The more you hack me the more I find out.
||| I still can't believe Parkay's not butter.
they're still using those same boxes.
Mods, i dont think this is offtopic. Its a known fact that people of different sexual orientation prefers macs and ipods. Deal with it.
OMG I USE TEH M4C I M S000 31337!!1!
Now back to Final Cut Pro...
Well, yeah, I guess they wouldn't put a link to Firebird or Opera up there now would they?
Jaysyn
There is a war going on for your mind.
It's a somewhat hard to trigger exploit. You need to be running a DHCP server on the same physical wire, and the Mac needs to be running with some settings changed. With 802.11 networks running rampant, I guess it's more likely to happen than it would have done once, but even so...
Probably not. Currently I think it'd probably be easier for someone to crack into MS's site and put up a link to firebird or opera on that page than it would be to get MS to just fix the bug!
It would do their customers and their credibility better if they just put a patch up saying "download this and it'll fix the bug. whoops"
It's what all flavors of linux do, it's what apple would do, it's what sun would do and it's what SGI would do.
Hell, I bet Be did it too. Why's it so hard for MS to release ONE single patch that fixes ONE single exploitable vulnerability?
unless it goes 'Ker-CHUNK!' every time you press a key.
The Kruger Dunning explains most post on
Outlook hasn't allowed executable extensions for the last three iterations and the previous two had patches applied that made it a simple matter to disable them. You can disable those filters but in Outlook 2003 it's actually very hard to find the option to turn the filters off, quite a reversal from MS's historic design but they ARE learning.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
from post: "WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' "
from article: "many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box."
The post quote implies that all FBI computer security agents, or at least the majority, use Macs. The second quote, from the actual article, implies that only some unspecified number of FBI computer secuirty agents use Macs. Please don't butcher wuotes to mislead.
Vote for Pedro
'queer eye for the fbi guy'
If you're a bad guy and you want to frustrate law enforcement, use a Mac.
I am an expert witness who works against these (FBI) guys in criminal cases. They have a whole division of the D.C. computer forensics office dedicated to Macs. A stock question they ask in trial is "OK, general computer forensics dude, what percentage of your time is spent working with Macs?" For most general security experts, this is 10-20%. Then they pull somebody out who does nothing but analyze Macs.
who are those slashdot people? they swept over like Mongol-Tartars.
Say you use OSX so that everyone starts looking for holes in that, when in reality you're running AmigaOS.
-]Phreak Out[-
Also don't forget Apache runs on multiple platforms and when made from source, might have countless build variationst. That alone makes many exploits much, much harder to pull off since even if you do manage to overflow a buffer, you can't count on the memory layout being the same.
It's not too unlike how genetic variation limits the spread of real viruses.
It's not just that.... Many Apple users are in your face about Mac is more secure then Windows. You think with 50 times more users someone on the Windows side would of found a way to write a worm and shut up the mac users.
Except that lindows is the black-sheep of linux:
Its baaaaad
.noitacidem deen uoy siht daer nac uoy fI
Here's a point for both of you. Those Intellimouse Explorers suck 3-day-old bloody pig feces. They're cheaply made. Buy a real mouse, like a Genius.
Probably not as impregnable as we can hope to see in this life...
Yet somehow they all equal BSD...
The ______ Agenda
And furthur, Lindows 1.0 *did* have the user as root. NO later versions did. They are now shipping 4.0.
Note to parent of parent:
Read some before you post, asshat.
*This announcment paid for by your friends at the Microsoft Corporation.
Hmm. Not *precisely* the kind of publicity the Mac folks were probably looking for, but with their marketshare almost any publicity is good publicity.
Years ago, British Leyland ran a full page ad in the Times, apologizing for the efficiency of the Land Rover, and how it was supposedly enabling poachers in Africa to stay one step ahead of the law. Rovers still rule, and Macs will continue as well.
Just remember, the best way to live outside the law is to stay within it.
Dudes, they WANT hax0rz to use Apple; the FBI is all over it, and it!
"If you're a bad guy and you want to frustrate law enforcement, use a Mac"
Great, now all you need to do is carry a mac and an almanac and you won't need a sign on your back saying "Yes, I am a terrorist (either that or a geek)"
Woah! Check out CNN!
First, I read this article when it came out and was noted on macintouch. It is obvious that the author has respect for the FBI agent. And if you read articles posted on securityfocus, this is not always the case when it comes to people in the government.
Macs are shipped with a relatively high level of security in that things (servers/daemons) are turned off by default.
The most significant security hole in OS X (IMHO) for a non-server perspective was the DHCP hijacking. This was a local subnet potential exploit that one should take very seriously, but not one to affect most people.
It is very likely that the FBI agent computers that run MacOS X are used for things like e-mail, web browsing, generating documents (Word and Acrobat), PowerPoint presentations, and other normal business applications. There is also the probability that they are used to run more specialized Window and Unix based applications.
Duh, the agent said that MacOS X was used because they can run these types of programs. One computer, many applications. Side-note: I use OS X because I have to use MS Office, Acrobat, Illustrator, X11, Motif, OpenGL, write programs in C/C++ using X11, OpenGL, and X11, perl, Tkl, as well as others. I want one computer to use, not two or three.
Going back to security, the last significant Mac based problem was the Autostart worm that went around some years ago. This flaw was due to QuickTime automatically starting an application when a CD was inserted in one's computer. This is no longer a problem, AFAIK.
I work in a heterogeneous computer environment. Windows (95 to XP), UNIX (IRIX, Solaris, HP-UX), Mac (OS 9 to X), and VMS (sob). Except for VMS, the Mac OS based systems are the easiest to maintain with regard to network security.
Finally, the FBI needs to get more experience with HFS+ file systems. If they the requisit experience and knowledge, then says to me that the FBI agents using OS X are using their systems to do more mundane things like generating documents, reading e-mail, etc... Then again, this might be a lesson that others should consider.
I can't find anything on all the big news sites about this. Is this a scoop for slashdot? Damn, i really liked his books :-(
Of course... their isn't enough software for them, but that's another story. ;-)
I'll say. I'm still trying to get this copy of BackOrifice2000 working.
The ______ Agenda
He never said that "All FBI security guys..." and only a complete tool would see it that way
funny....
but far to close to the truth. I have it on good authority that some of the stuff taken from Al Queda camps in Afghanistan were powerbooks and iBooks. The vast majority of any computer equipment was Apple.
There go those FBI guys again, trying to convince everyone else to buy Macs because they spent so much on their computers and want everyone else to join them so they don't feel so foolish...*grin*
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
I have a copy of Minix I run on my Mac Classic. Cool!
I drank what? -- Socrates
selling to schools is why apple has jack and msft, unfortunately, seems to dominate. msft focused on businesses and did well with it and what people use at work is likely to be what they use at home, and unlike children who may, if you're lucky, if all goes well, decide, when they have money, to buy apple cuz they liked it at school, adults who work have money, need to interact with documents and such from work, and are probably going to compose most of the market of pc buyers.
So is it supposed to be reassuring that the eff bee bleeping eye has a hard time recovering data from a Mac? Wouldn't this imply that you'd have the same difficulty yourself if the thing crashed? Somehow, the thought that I have to take my computer to Doug and Bob to recover my files isn't very appealing.
They're only secure because, with such a minimal share, nobody cares about breaking into one.
Aha! So you admit that they are more secure.
the pigs use macs!!
I remember reading about how the NSA used Objective-C (What is now the basis of Cocoa) to rapidly develop security tools -- that it was one of the more powerful and flexible RAD tools available.
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
Was that suppose to be funny or were you just demonstrating your ability to write sentences that can mean anything. I'm sure non-mac users won't be happy to find out you're calling them all gay.
So I'm pretty well versed in Macs. How would one go about getting forensic work when a Mac is used by a bad-guy and the good guys want to see what's on it? Does that stuff go to the RCMP, as the article stated, or do they hire contractors, or what?
Feel free to respond to email.
--
$tar -xvf
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Sure, right. That's what he wants you to think!
I always knew there was a connection between Wendy's and the FBI.
well come on all the dumb criminals use windows the reason macs frustrate them is because there arent as many gigantic holes you could drive a truck through compared to windows. plus it isnt as widely used and known by the fbi possibly?
but why is this such a big deal? i mean how many slashdotters have the fbi cracking their computers?
and heres the flamebait... most of you guys are all DRM, RFID, cracking my computer, and patriot act paranoid. if its questionable whether its legal or not or you dont want people to know what the hell your up to maybe you shouldnt be doing it? or maybe you should think about why you want it secretive. but i will admit that some of that DRM stuff and RFID, and people stealing my financial information stuff does sorta bother me but i think i can live with people knowing how many sticks of gum i've bought.
this, actually, is true.
Sounds like you have a nice mouse and keyboard and a plan to add some more goodies (LEDs), and probably some other stuff as well to continue the trend.
But when you're done with all that, you'll still be using Windows, won't you? :-)
so?!
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
Quick! - what's the FBI's number -- I found them in my very own company! -- I always knew the graphics department were up to no good -- dressing above their income in those european clothes - and insisting on only using Macs - and I've seen them, caught them! making websites!
I'd tell the server guys but they use Linux so you can't trust them not to 0wn your box...
In-fact they could be watching what I'm typing right now... AHHH... one's walking over this way...
[good - I hid under my desk and he seems to have gone away... I think I'll make a break for it]
If this message gets through the web of proxies set to trap and stop my messages... send help..
windows can lock down apps, and the admin can specify which applications are ok and which are not. Check out Group Policy before you decide on what windows can and cannot do
Many Windows applications assume that the user is Administrator and won't function properly if the user is not. This includes applications written by Microsoft and those written by 3rd party vendors. You wouldn't have many apps to run if you flat out rejected this model. There's an article somewhere on MSDN (which I naturally can't find now) where the author makes this exact point, and even admits that Microsoft is doing poorly in this area.
The typical UNIX application makes the exact opposite assumption -- the user is not root. There are obvious exceptions, but you'll often find that even those apps try to run in the context of a less powerful user where possible. Most UNIX admins would refuse to install an app which was written using the "Microsoft Application Security" mindset.
It is largely the approach taken by developers which makes one OS far less secure than another. Windows NT (and derivatives) has a lot of the system calls required to allow code to run as a less privileged user. The DEC guys knew what they were doing when they designed the security. Far too few people take advantage of this though, which means in reality everyone must run as Administrator, or Power User. So the benefits of the OS security are negated.
Add on top of that the many layers of poorly implemented abstraction, and design decisions which don't give even a bit of though to security (Visual Basic embedded in Documents with autorun features?) and you have holes all over the place. Then knowing that you have lots of holes, you decide to ship the product with most things turned on by default. Is it really any wonder the average number of security patches last year was just over 1 a week?
So, Macs may not have perfect security, but at least Mac, Linux and UNIX security issues aren't due to a fundamentaly flawed approach...
'If you're a bad guy and you want to frustrate law enforcement, use a Mac.' or was it an act of social engineering? ;-)
;-)
When we finally get AI working, I'm gonna combine it with my IDS and outsource the paranoia
What the hell would J. Sixpack rather do: .)
1) Watch TV (lord knows what . .
2) drink some booze and hang with the buddies
3) [learn] about Internet Security so he doesn't go around speading some damn garbage around to everyone else.
Get a bunch of gay (by "gay" I mean MCSEs) computer guys who go around fixing security problems on other guys computers. Problem solved. Your average metrosexual can do all 3 at the same time.
Probably need to s/booze/girly drinks/g though...
Mac OS X has otool(1), specifically otool -L, and it's been in Mac OS X since the beginning. See the man page for more details. This is no more security by obscurity than a Windows developer not knowing about ldd.
otool is a bit more flexible than ldd, since ldd requires that you actually execute the code in question and watches what gets loaded. otool looks at the binary directly and determines what libraries are needed without executing anything. This makes it usable on shared libraries that depend on other shared libraries, without having to create a separate test executable for use with ldd.
--Paul
i know where he is...
Well, to actually implement a semi-global keylogger in OS X is trivial. You simply put an appropriate .bundle in ~/Library/InputManagers . No root required. Every subsequent program opened will (attempt) to link and run this code. Since .bundles can be versioned, you can even make a platform-specific version.
:)
But then, it's not hard on Windows either.
The trick is in somehow getting the user to install it (usually by running a helper program). In this, OS X mail clients are extremely uncooperative. Pretty much every mail client (including Mail.app), is very clear about what you are getting (and doesn't hide extensions, that's a big one!). Further, when you try and take an attachment it gives you a clear warning of what you are about to do, and makes the default action to save.
So, you don't need root to do it, but fooling your users (especially without some kind of macro in the mail) is much harder on the mac side, because the users get more prompting on the proper response to untrusted email attachments.
It's amazing how far a dialog box will go, eh?
Slashdot. It's Not For Common Sense
It's not that they can't do it so much as it costs some postage...
Q.
Insert Signature Here
There is no evidence the MacOS is fundamentally significantly more secure than Windows. I understand that people will now post some anacdotal evidence about it coming from a BSD base, and so on and so forth, but it has been developed seperately long enough that, without an audit, it doesn't matter much anymore. It also branched in the days of NeXT, at which time, security was not much of an issue yet. The early versions of Unix and BSD were horrendously insecure (remember all the ping-of-death type attacks in the Windows 95 era that came from the BSD-derived TCP/IP stack?). The only way to demonstrate security is to have a significant number of competent people try to break it and fail (which is what an audit consists of). That hasn't happened to MacOS-X, and until it does, we know nothing about its security (except for default settings, which while very important for normal end-users, if you're a security-conscious power user, you will reconfigure under Windows and GNU/Linux anyways).
:)
It is, however, more obscure, so less people look for and find security holes. Of the people who exploit holes, fewer target Macs, since it's a smaller market. Criminals generally go after the lowest-hanging fruit/easiest target, and if you run a Mac, you're not it.
Security through obscurity has been completely debunked from an acadamic perspective, but from a practical/risk-management perspective, it still often makes good sense. You don't want obscurity on encryption, but on software, it is not a bad way to go. If you run BeOS, or OS/2, VMS, or Plan9, the odds of anyone knowing how to attack you are miniscule. Better yet, if you use a variety of OSes, the odds of compromises being found in all of them simultaniously go down astronomically. If your goal is to not lose data (as opposed to maintaining privacy), a very heterogenous computing environment is the way to go. Protecting privacy? Set up multiple firewalls, each running a different OS. Use custom software to communicate through the firewalls.
If you want to avoid data forensics, combination of obscure OS and encryption is the way to go. Mainstream OSes have presumably been analyzed to death by foresnics companies. They can pull your data out of the Linux swap partition or Windows swap file, if it sat around in memory decrypted, and wasn't wiped yet. BeOS swap file? You'd have to spend hundreds of thousands of dollars reverse-engineering something new.
Last time I posted a negative article (admittedly somewhat provocative/aggressive) on the Mac, I was not only marked troll, but someone went through my past articles, and modded one or two of those down. Gotta love the Mac community. Wonder what'll happen this time
just got cooler eh? But, they definitely didn't feature macs in the Matrix, did they? :D
|/________
|\A|ALYS|
Oh, crap.
[Insert pseudo-intellectual anti-Amerikan/pro-socialist sig here]
IRIX is much more based on System V than BSD.
Solaris is System V, SunOS was BSD.
HP-UX hasn't been really BSD since 8 as I recall. 9 was System V.3. 10 moved to System V.4. And 11 just added more features.
No one really knows what AIX is. Other than a pain to work with.
SCO is dying (System V).
While not on the list, Linux used to be very BSD but has become much more System V over time.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
Speaking of FBI agents, lax computer security etc, check out Cliff Stoll's The Cuckoo's Egg which was recommended on /. recently.
I have not only my home dir (and tmp and spool dirs) encrypted, but also my swap space. No use encrypting a file if they can lift the decrypted version from swap.
All unix mailers that I know of (pine, mutt, kmail, and so on) do not by default run programs they get from email.
This is true, but there can be other problems. Pine for instance has had securety problems in the past - mainly having to do with crafting emails with certain characters that pine can't handle. Although obviously if you're not running as root, the ammount of damage that would take place would be minimal.
Ask an MCSE to troubleshoot a Mac problem and he'll just bitch and complain that things are all in the wrong places, yadda yadda yadda.
It's not a technical issue--hell, the Canadians can do it because they had the friggin' TRAINING to do it.
When a PC bigot gets in front of a Mac they just bitch. They don't explore...It's like Americans travelling to Europe and all they want to eat is McDonalds. It's a cultural bias and arrogance. Ask a Mac-head to recover data on a PC or Sun box. You'll probably get the same blank stare. There's fewer people like me who work on them professionally. Win-heads are a dime a dozen. Hence the knowledge gap. When I reach my limit on troubleshooting a PC, I call a PC expert. When the FBI reaches their limit, they call the Canadians.
Look, it's not hard to recover data--unless you've forgotten your own File Vault password. Then you're proper f*ck3d.
Your website sux Claude.
You might want to check out this nice UNIX family tree..
You can easily see who's related to who. I might note that Solaris is much further from what we modernly call BSD than some of the others you named. I won't speak of IRIX, but AIX is a weird kind of BSD variant, as is HPUX. OSX is very very close to FreeBSD.
Slashdot. It's Not For Common Sense
You know those signs you see on telephone poles that read "Make money! Work at home!"? A lot of that "work" is actually laundering products for the Russian mob.
I've been wondering how to break into a career with the mafia.
The rest of the *NIX development world would be much nicer if they adopted a similar scheme.
Standard shared object libraries in OS X are just that, and are subject to all the pitfalls normally found... ohh.. except one. Since Apple uses a two-level namespace scheme, you see name collisions less. Oh, and they do prebinding very aggressively.
It's pretty much a superior setup to the average linux world. But then, we paid for something besides just iCandy, right?
Show me a reason why OS X should have ldd when the superior otool exists. C'mon! To make you feel more comfortable? To make you feel more loved?
Dude, if you're a developer doing cross platform development, then turn around and complain how annoyed you were at not finding ldd, discontinue cross-platform development. If you can't even be bothered to check the unix rosetta stone for something that simple, then you're not the kind of battle-hardened, talented person that is required to do real cross-platform development.
Perhaps you were just porting? Still no sympathy. Learn your target platform. It's not even like it's hard anymore! You have libtool, autoconf and automake these days. Cross platform development is actually feasible these days, albeit difficult!
Even with services running, it's harder to break into a mac. Apple's security update scheme is extremely aggressive. This is especially true when dealing with holes in trusted services like SSH and Apache.Slashdot. It's Not For Common Sense
My question; If the Computer Security team at the FBI uses alot of Macs, wouldn't you think they know them well enough to hack them??
Ernie Dambach
"It is no small thing to celebrate a simple life -Tolkien
"if you submit something, why the fuck can't you make sure the sentences are complete?"
c'mon, this is slashdot.
"Huh. QNX. SCO. BSD. Uhh... OW!"
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
That link was nothing short of amazing. Excellent post for the historical geek in all of us.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
He must have been the other Dave Thomas!
Okay! That's my post, so good day, eh?
Yeah, it turns out that their last attack was prevented because the iBook they were using to control the missiles had a bad logic board and pooped out on them. They were going to use the PowerBook, but they were using it to cook their goat on.
*This isn't flamebait. I'm an Apple shareholder.
Ernie Dambach
"It is no small thing to celebrate a simple life -Tolkien
(already noted) Macs ship with most ports shut down.
No, they ship with ALL ports shut down. You have to explicitly turn a service on to open the port.
Hell, even root is turned off and needs to be manually enabled.
I always thought that Linux felt most like v7. /usr/src directory.
That's why I could never figure out why there was so much excitement about it,
other than access to source. And back then, the early '80s, I had a fully stocked
Don't tell that to Darl...
Hey! My work machine has three 17" LCD panels, it practically begged me to put that Matrix screen saver on there!
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
seems easy to me:
/bin/laden
bash-2.05b$ which laden
Windows 2000/XP does have this ability. Lots of settings (security and trivial) can be set through Group Policy, either on the local machine or applied to OUs from the domain level. Run gpedit.msc on your local machine to see what I mean.
User Configuration > Administrative Templates > System
Check out the "Don't run..." and "Run only..." items.
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
"It's amazing how far a dialog box will go, eh? :)"
"This program has generated an error, and will shut down. If this error continues, please contact the vendor?"
Apparently not far enough.
Saying that Windows is equal to Macintosh is like finding a potato that looks like Jesus and believing youve witnessed the second coming. -Guy Kawasaki
Hard work often pays off in time, but laziness always pays off right now.
... If the sysadmin didn't install it you can't run it, (just mount /home and /tmp with -noexec)...
/lib/ld-linux.so.2 ./[program]
Just a little nitpick:
-noexec isn't really a security measure. Try this on a Linux box:
Drop an executable file into a -noexec mounted partition. Try executing it. Note that it doesn't work: Permission denied.
Now, try running the program like this:
Voila! Your -noexec did absolutely nothing to prevent executables on the partition from being executed anyway.
I imagine similar ways exist for most Unixes--just find the linker library. In any case, the good thing is that non-root processes are sandboxed sufficiently as not to destroy anything beyond that user's files.
ipf services are there too.
That just shows how ridiculously naive you are about OS X.
Secure computing: A chastity belt for your computer.
And IMHO, tran-parent/luscent mac parts make for attractive and subtle modding with blue leds, good luck with that. :-D
"Sic Semper Tyrannosaurus Rex."
Yes everyone, my message was BANG ON CORRECT.
why else would the truth be modded as flamebait.
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
I forget where I read this quote, however I believe that AIX was written by one space alien, who was having Unix described to him by another space alien, but their universal translaters were broken so they had to gesture a lot.
Yes, I'm posting anonymously... I work for a company with a three letter, eight lined, blue colored logo.
What is that, a lesson on how not to design a chart?
Integrate Keynote and LaTeX
No, it is not different. Apache runs on 60% of web servers, the rest are IIS, yet Apache has not been effectively exploited but IIS has with the infamous Code Red virus. How many home desktop users do you think are running IIS?
A lesson on what not to chart. It's a pretty ambitious thing to try and represent with one 2 dimensional graph.
It is much more convoluted then other charts of its type.
Slashdot. It's Not For Common Sense
I have no idea what you're talking about. Care to clarify?
Slashdot. It's Not For Common Sense
Another point .... Why would I want anything from someone dumb enough to use a freaking mac anyway?? its like breaking into a sperm bank ... who the hell wants that stuff anyway???
Its like comparing routers to hardware firewalls... on a router, it is designed to "route", it could care less what it is, untill you tell it what to restrict... firewalls on the other hand, block just about everything, and you have to open up what you want... In short, Windows=router .. everything is opened up, and it is very easy to set up and use, *nix is like the firewall ...
I am no genious, everyone else is just freaking STUPID!!
Kevin : Hey, D4rl, l00k @ those guyz using gr33k symbolz with their Macz. L33t, uh ? : Kewl, brother, I woz trying to find an idea for obfuscating those stolen code lines before showing them to the press...
Darl
In Soviet Russia, our new overlords are belong to all your base.
have you guys even considered the possibility that the FBI guy may not be telling the truth; i mean, seriously, why would he give a tip to the "bad guys" that would only make his job harder and more difficult... have you even considered the possibility that maybe he's just saying it 'cos MAC isn't so hard for the FBI and they'd rather the bad guys use MACs than something else...
"FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.'
I think this quote is more a testament to the incompetence of the FBI security guys than a testament to the security of the Mac. Yes, the Mac indeed comes with security problems out of the box, just like Windows and Linux and almost everything else.
But your hotmail account gave you away.
Go away Windows troll!
How about a little common sense here? If you are a "bad guy" (and frankly, I'm not sure I trust the FBI's moral values enough not to assign this description to *them*), and you do not wish to get caught, you had better know enough about security not to rely on your OS's default install to protect you.
Most anything *can* be made secure, a fact that most people tend not to believe simply because it so seldom *is* made secure.
NOTICE: This notice will appear at the bottom of all my slashdot posts.
God I hope Ascroft doesn't see this...the Patriot Act v2.0.4 will put them [Apple] out of business unless they put in a couple thousand security "Windows" that they [the guys keeping us "safe"] can peek through.
Trust...but check. Joseph Stalin
When the people fear their government, there is tyranny; when the government fears the people, there is liberty.
odump -Dl file
.liblist section
reads the
odump -Dx for varities of x reads other interesting parts of the binary header.
Actually... because some software is hacked and patched and exposed to a massive amounts of people... it gets more focus and makes it better software.
Oh, wow! Then that must mean that Windows is the most secure OS in the world! I gotta switch back today!
NOT!
The more you hack me the more I find out.
Obviously NOT!
"FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows"
And i was thinking bad guys always used 3D interfaces with lots of moving things in the background typing commands like "send worm" "hack 127.0.0.1" etc.
42 + 1 = 42
Well no wonder I am considered a security threat just for using Macs!Once at ASU, I was using their mac terminals to get some new VIS images of Mars. I overheard the security guys saying: "oh come on, these kiddies were weaned on windows; none of them know UNIX!" Being a long time mac user, I (stupidly) said "I know UNIX!" And was labeled a security threat. (Fortunately, they were out of the "I am a security threat" Tshirts that day)
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
If FBI security guys are using Macs because they're secure out of the box then none of them have any chances to be hired to work in MIS in any company that cares about its security. I don't say that there anything wrong with OSX per se (which is a subject of another discussion). But I do believe that real surity guys are supposed to make their system secure no matter if it's secure out of the box or not.
I knew that there is no smart people in FBI, but I didn't expect to see it published in so explicit way. And those guys are supposed to protect America from terrorists?!? Ha-ha-ha! The only protection Americans have is even bigger ignorance of terrorists.
Less is more !
Lets just agree that you are not a genius.
Many here think hackers are cool and that FBI deals mostly with script kiddies, i.e. some immature but computer literate goofballs. Point is they deal with hard core criminals and not every computer expert is used to that sort of environment. Do you think those gangsters who sell a million credit card numbers care about a human life or two?
When I read slashdot, I read comments from people bragging in detail how they set up their security, what they do in their business and what their business does wrong. Others complain about big brother when the FBI wire taps mobsters or stores criminal records. While all these folks may be brilliant computers d00dz and maybe very idealistic about what they do, they are useless in law enforcement.
In addition always think about the following:
Any law enforcement agency wants criminals to think that law enforcement is utterly incompetent. They don't know how to use computers and if you use Windows NT 4.0 SP 4 norwegian edition, NetBSD or Mac OSX, they have no chance in hell of ever catching you. He ????? Do you really think an FBI guy is going to tell you how to commit computer crimes they can't solve ?????
The fuck? You make up a quote, and reply to it. That wasn't in the original post.
Sure, that's typically what Mom & Pop computer user do...
There are two types of people in the world: Those who crave closure
Amit Singh of the IBM Almaden Research Center has written in in-depth technical introduction to Mac OS X, entitled What is Mac OS X? Intended for an audience of Linux and UNIX users, the paper is available here (and covered in this previous slashdot article.
It does a fabulous job of explaining the major differences between Mac OS X and Linux and other UNIX variants.
Every time anyone has ever come to me and said "why can't do X, Y. or Z on OS X?" or "how come I don't have tool X?" or "why does Y behave in this fashion?", there is always a solution or an answer. You make it seem as if OS X is a mystery, and no one knows how it works. There is plenty of information out there, and obscurity isn't the primary place OS X gets its security: it's through good design and basically all services being shut off out of the box, and the fact that security and OS updates are easy for anyone to install without having to keep track of every single security issue out there, and without breaking things every time you patch your machine. It's a lot easier for the average person, or even some people forced into the de facto sysadmin role, to run a reasonably secure OS X machine as opposed to other OSes.
O'Reilly also publishes an execllent book, entitled Mac OS X for UNIX Geeks, that does an excellent job of explaining Mac OS X to people already familiar with Linux or other UNIX variants.
The information is out there, on Apple's own documentation, the Internet, books, and other places. OS X is different from a lot of other OSes, and a lot of the schemes, like Frameworks, Directory Services, and SystemStarter for example, are arguably better. But there is a way to use almost every tool, or do anything you wish, sometimes in exactly the same fashion, that you have previously done on Linux/UNIX.
Looky here! Our favorite guy Darl of SCO presenting the Unix History in Caldera. Scroll Down to see a nice blurry photo.
Man, I can't go a day without some SCO thing in my face.
Please email all complaints to root@127.0.0.1 and the issue will be dealt with in due time.
"even apple pimps the fact that if you are a unix savy cli guru, you won't need all the gui tools. and if you are, than you can run all the servers off of plain ole' panther" well, almost.. If you are looking to deploy Panther CLIENT as an AppleShare server, you will be disappointed at the fact that there is a 10-user max setting burned-in. Of course, you can use Samba and get around that if you had to but, if you are stuck serving that sooo 20th century MacOS 9, y'er screwed. Just FYI.
Someone, please shake me from this wide-awake nightmare.
According to that chart, there's no code from Apple's 1980's UNIX (A/UX) in Darwin/Mac OS X at all.
Why do I find that *very* hard to believe?
Lord Pixel - The cat who walks through walls
A little bigger on the inside than out
It's amazing how far a dialog box will go, eh?
If anything OS X generally has less clear, less consistent dialogs than the historical pre-X OS. This has always been one of the strengths of the Mac, though, from the point of view of any user you'd care to ask. Apple apparently has a much better-than-average set of English majors writing the dialogs. You can understand them. The UI standards are such that you mostly get clear options in the dialogs, too. The writers aren't working around to using "okay" for something much more complex.
So, at the OS level at least, you aren't getting the cryptic double-negative "Okay - Cancel" options that make you more vulnerable as a user.
And that's not just vulnerability to trojan horses or Word macros or whatever -- it's vulnerability to lost data because of the UI. (Easy example offhand: Save As from Excel into a .csv file. Try working with that csv. I deal with more users who screw up data that way...)
"Fundamentalism" isn't about divine morality. It's about human authority.
It's certainly very possible. They had a lot of sources in OS X, why use an outdated and probably slightly inferior one when they could work on a more modern codebase?
But even if it were true, there'd be almost no way to verify it.
Slashdot. It's Not For Common Sense
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
If I was a law enforcement offical and I wanted to give a bad guy a false sense of security. I would recommend a partially closed source OS that appears to be very secure. However, it could possibly have an NSA/FBI backdoor. Then at a big security convention I would say that said partially closed OS would frustrate law enforcement!
Yeah, and what prevents a user to rename his program to a legitimate one? Heh..
<I>FBI security guys are using Macs because...</I>
:)
Just like the CTU folks in 24... and I thought it was fiction
I generally assume people are equally smart on both sides of the field. Deciding, "Mac users are smarter" is a very bad idea. Most OS X mail clients just make it harder to run an executable from their mail. It's common sense once you realize the implications.
I think Apple has gone to great pains to make their OS easier on the novices. This is a Good Thing, both in the marketing and in the moral sense.
Slashdot. It's Not For Common Sense
yes this is true, and i know there are a few places that still have OS9 labs, mostly schools. i guess most people by now have os x, and i'd use nfs or smb even with an all mac environ. apple talk is too damn chatty on the network, besides being slow. but you are right.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
That's vaguely true, I guess. Take linux and OS X. Both are posix compliant. Both implement standard languages.
I tell you, as someone with experience in the field of cross-platform development, that that's about all you can count on. Don't believe me? The GNU community seems to, since the express purpose of libtool, autoconf and automake is to deal with things like missing syscalls, different shared library conventions (or the lack of shared libraries at all!), and different installation locations.
Why is it that everyone now says Linux is the baseline? As *NIXs go, Linux is actually kind of off in left field. All due respect to linux, of course. It's succeeded fantastically... but that doesn't mean that suddenly the baseline for cross-platform development. It's just a good target.
Slashdot. It's Not For Common Sense
This also means that they all must be gay!
Because they need to ensure backwards compatibility. Are you naive enough to think that Microsoft doesn't know that this is not a wise idea?
While I was around doing this stuff before Linus even went to college I fail to accept your argument.
... ok?
I long ago lost interest in working 'on' the system and just want to get my job done. ( perhaps a sign of old age )
Regardless of which I use, be it Linux or BSD ( the choice is made mostly on hardware, and if its a workstation or server ) I don't screw around with it. They 'just work'. Unlike my Windows workstation which 'just doesn't work' like it should.
I use normal everyday applications that many would consider productive. Email, database administration, document creation, user account administration, some coding when needed, web searches for info research.... None of which I would call 'playing around'.. ( oh, and all as part of a job so there is a salary involved.. )
At home its the same story, except I don't get paid.
I cant even remember the last time I had to work 'on' a *nix box of any flavor.. after install it just runs... In the past things were a bit more 'hands on' I agree ( but so was the windows or dos world a that time ), but not now.. so try not to stereo type
---- Booth was a patriot ----
Mac forums have Mac fanatic moderators. You can expect anything negative about the Mac to be modded flamebait. In some cases, they'll even go after your old messages to try to reduce your karma. Deal with it. Keep on postin' da truth and fighting da' good fight.
Dude. Talk facts. Apache is more secure than IIS. That doesn't make Mac more secure than Windows. Mac haters? Compared to Microsoft haters? Dude. There's no comparison. Orders of magnitude more Microsoft haters. Most people don't care about the Mac. Then there's a lot of zealots (such as the folks moderating everything Pro-Mac +5 and everything anti-Mac -1). There's a few users. There's a very small number of haters. And then there's the vast majority of don't-cares.
Don't the Feds use Encase from Guidance? Where's the problem? Handles HFS+ as well as many other filesystems. Save for breaking encryption, it should not be that difficult to do forensics and data mining on an OS X drive if tey have competant analysts using Encase.
The only unfortunate thing, Mac designed them for little girl's fingers, so there are no gaps between the function keys. But the feedback is amazingly light, lighter than any PC keyboard I tried during my visits to CompUSA and MicroCenter. Not bad, at all, for $60.
Dude, you are on crack. I use a mac at work everyday and PC's at home. There is no way the mac g4 or g5 keyboards (yeah, I have had both at work) are any better than a $ 15-20 PC keyboard.
although the mac keyboards do LOOK cooler, especially the white g5 ones.
Open Firmware passwords on a Mac are only as secure as the RAM inside it.
You did know that you can obliterate an open firmware password by changing the amount of physical RAM in the box and then doing a good ol' fashioned PRAM zap right? This takes all of 30 seconds to circumvent on a G4, and x2 on a laptop due to having to remove the keyboard to get at the SODIMM slots.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
I have found out I would work as as a generic investigator for a few years - not in my field - then with some luck within 3-5yrs after joining I could be back in my field.
:-)
You seem confused about FBI organization. The position you describe sounds like the normal speacial agent, ie. a sworn gun-toting out-in-the-real-world member of law enforcement who is required to go into harms way. Cross training and exposure to the more routine criminal element is necessary. Someone who only understands tech would be a poor agent. Crime happens somewhat randomly. When the bank down the street gets robbed are you going to say "I can't help, I just do computers"?
The FBI also has normal "civilian" employees who do lab and tech work. When the bank gets robbed they are not expected to do anything other than dial 911. Perhaps this is what you want.
Also it is worth to mention I have never seen such a bunch of unproffessional, undertrained poeple with full of themselves
Sounds more like the typical slashdot poster.
Does anyone have links to those images? I've seen the one with the dude w/ the girl, but can't find it again.
> Next you'll be asking who's penis is bigger.
Mine.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
I don't care what Mom & Pop computer user do; the comment was what am admin can do.
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
Republicans: party of big gov't Democrats: party of really big gov't I quit.
Try Libertarian.
/. Heroics - 99.999%
Man, is that ever a tough puppy to crack. The security is so tight that the services don't even exist. You'd have to write the services, insert them into your target Mac, and then exploit them. Just nuts.
Then again... I can't telnet into a fucking rock, either, can I?
If Jesus wants me it knows where to find me.
For security experts there is no such things as a "secure out of the box". The expert will always check all settings, versions and like that. So, for the expert is more like:
- either the system is designed to be checked quickly for potential security problems;
- or the system is designed to hide potential problems;
For normal user OS X is the good choice as out of the box it's much more secure than Windows. But "more" doesn't mean "absolutely". That's why I expect Security experts to use Linux and BSD boxes, which are designed "out of the box" to be diagnosted quickly and relaibly.P.S. The article and many people here are using "Mac" word when it comes to security. It's incorrect. The Mac hardware has nothing to do with security problems. All of the such problems are coming from OS. Macs can run several operating systems:
- OS X - secure out of the box for regular user, but certainly not for security experts;
- OS 7/8/9 Classic - even less secure than Windows!
- Linux - secure for security experts (after personal double-checking), but it's not safe to use by badly-qualified pseudo-sysadmins;
- BSD - same as Linux above.
One of reasons I'll never consider OS X as "secure enough for security experts" is b/c it's in binaries. I trust only software, which binaries I compiled myself from the source code. Period. That's why I am typing it from Gentoo/PPC running on my G4Less is more !
i have flirted with the libertarian party before. however, like larry elder, if i leave, i am not going get them back to their roots. and, the libertarians have little chance at success. besides, although i am not a fundamentalist of any religion, i find some of the moral positions taken by the democrats unconscionable. i.e. abortion, gay rights, etc. forgive me for being stodgy, but fiscal policy minutiae isn't going to sink our nation, but the moral decay and complete lack of deceny and civility will. (just like rome)
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
Macs are more secure because they have those little Tron guys running around inside of them with the nifty glowing threads. It's Apple's design sense that makes the difference...
Can NE1 help me find out if there's any porn in this 2GB torrent? http://www.edkeyes.org/choco/Choco_J-Pop_Videos.t
AutoStart is still enabled by default in OS 9. It is still a potential threat if you are running OS X. If you would like a benign demonstration, start classic and click here. Classic remains the largest security hole in OS X. If someone were to produce Indeo codecs for OS X, I would have no reason left to keep my System Folder.
Perhaps you have a crappy one? This is the A1048, according to the label on the bottom.
I have three IBM keyboards and a Compaq multi-media edition. Accessing the CTRL and ALT keys on those feels completely different than on the one I am using at the moment.
I just wish I knew how to map the power and multimedia keys to something useful in XP or Linux.
i'm new to unix and mac os x has managed to get my feet wet.
I am a web/database programmer and it is absolutely brillant for what i do.
i used to be always based on a windows platform and I'm glad to be rid of it! (especially now)
everyone should get macs (especially grandma) because i'm sick of cleaning her computer of ms worm after ms worm, only to set up a firewall and have it yet infected again with another ms worm! *cry*
Use OpenBSD if you're a script kiddie and don't want to be caught.
> and data shreading
WTF? shreading? Learn to spell.
I cant imagine them not being able to access the data on a Mac or that it is in any way a mystery.
Actually this story is over 10 years old. I remember it from the late 80's and early nineties. Don't believe that the FBI can't forensically examine a Macintosh. Thats bullshit.
I do want to know if there is a back door to Filevault. Not that I have anything to hide but I do have one machine with Filevault turned on.
If you believe the spiel it will remain invisible to them, of course with the understanding that anything can be broken.
Cinque
"You can tell the pioneers by the arrows in their backs"
You can't be Canadian... You seem to lack any perceivable sense of humour!
My mistake!
I had no idea! All this time, I thought the aluminum foil was working...that would explain the blackouts.
Well, off to a local metal factory to buy some tin foil.