Slashdot Mirror
FBI Agent Talks Crime, Macs
hype7 writes "There's an article at SecurityFocus describing a visit an FBI agent to Washington University. His visit was ostensibly about computer security and the general public's complete lack of any idea on computer security whatsoever: 'I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.' His talk ranged from some of the pranks he's seen played on unsuspecting users, to Eastern European extortion of big banks." WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' Another good quote: 'If you're a bad guy and you want to frustrate law enforcement, use a Mac.'"
More good quotes:
"If you're a glutton for punishment type of guy and you want to frustrate yourself, use a Windows based PC."
"If you're a script kiddie and you want to get caught, use a Windows based PC."
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Hmm. Not *precisely* the kind of publicity the Mac folks were probably looking for, but with their marketshare almost any publicity is good publicity. I just think it's cool that all the FBI Infosec guys are on OS X. Makes me feel good about my migration to the platform as well (as soon as Apple posts the much-awaited G5 price adjustment).
I don't quite understand how people are good at mining data off of *nix but not off of a Mac though -- that part didn't make too much sense. I find it hard to believe that the people they were referring to were on OS9, and if they were on OSX then the boxes basically *are* *nix machines...
dmiessler.com -- grep understanding knowledge
I am not really surprised that the FBI security guys use OS X boxes. Years ago I remember another government agency with a three letter acronym that used NeXT boxes it seemed almost exclusively from the situation rooms right down to the secretaries (at least in Langley).
Visit Jonesblog and say hello.
...what about BeOS? BSD?
Gee, I wonder how all these horrible viruses, worms, etc. can spread so fast.
. . . most ordinary computer users have no idea about what security means. They don't practice secure computing because they don't understand what that means.
Oh. *smacks head*
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
Steve Jobs is smarter than Bill Gates. Not only is he giving discounted hardware and software to educational institutions k12 on up, he's found another entrance vector through which to enhance the brainwashing - send in an Agent with a "Macs are more secure, too" line.
Shoulda taken the blue pill.
I guess that explains why they use Macs in Hackers.
Buckethead
SCO flavored UNIX. If the law enforcement people are in any way technologically literate, they'll just assume you're "some idiot" and leave you alone.
Mod "Overrated" instead of replying "I disagree with you," you coward.
I would not trust an "out of the box" install of any OS.
I can see the headline on drudge now, "Terrorists Prefer Apple"
It's always been my experience that the guys are hot on Windows, pretty good on *nix, but very very few know anything about Macs -- my guess because of their law enforcement background, where they used and were trained on PCs.
A predominant amount of their work seems to be recreating or capturing MS Outlook mailboxes (looking for the smoking guns). They aren't as cluey on Eudora (presumably because most corporate enterprises don't use it).
Small market share means that the majority of people focus on the system(s) that form the majority of OS/apps used -- a trait which appears to extend to law enforcement and makers of forensic programs. But the really good professionals are always interested in asking "so just how does this work on a mac" and discussing the similarities/differences...
Oh my, we are ignorant, aren't we?
1) Watch TV (lord knows what . . .)
2) drink some booze and hang with the buddies
3) read about Internet Security so he doesn't go around speading some damn garbage around to everyone else.
Numbers one and two likely describe your average user, number three is generally the type of person reading slashdot. I guess we need to get security "cool" now for people to take notice.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
They're only secure because, with such a minimal share, nobody cares about breaking into one.
Bullshit. Market share has nothing to do with it. There's at least as many Apache-based servers out there as IIS, but there are like 2 Apache worms.
And frankly, there are enough Mac-haters around that surely some would like to take Apple down a peg via a virus or some sort of exploit in OS X. How come it's never happened? How come in three years there hasn't been a single OS X virus discovered?
Apple have had several fixes just in the last few months fixing remote root access vulnerabilities.
Yeah, and the difference is, they were found and fixed without being maliciously exploited. Most of them were very unlikely to be exploited anyway, or were found in services that were off by default. The last one I heard about would allow a brand new machine to get owned if a rogue DHCP server happened to be sitting on the LAN. Yeah, that's likely to happen.
Contrast this with Windows, where shit is wide open by default, and the first anyone hears about a hole is usually when it has already brought the internet to a crawl. Not that patches for exploits do any good when people don't apply them-- I just took a look in my firewall logs, and I'm still getting Nimda and Code Red infection attempts.
But how many of the holes were nt for services that come disabled by default? How many Mail.app exploits? How many required physical access to the computer to exploit?
One of the nice things about the Mac is that most of the services are shipped off by default - like SSHD. So even if a hole is discovered in a service, not EVERYONE is going to be vulnerable by default without taking specific action.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In theory you are right, the vunerabilitys in Outlook could apply to any Unix mail client. In practice they don't though. All unix mailers that I know of (pine, mutt, kmail, and so on) do not by default run programs they get from email. You might be able to configure kmail to do so, but it isn't the default. I'm sure that some mailers considered it, but once outlook got exploited a few times they re-considered. (I have no idea why Microsoft still hasn't).
If that isn't enough for you, most unix systems allow the sysadmin to prevent the user from running arbitary programs. If the sysadmin didn't install it you can't run it, (just mount /home and /tmp with -noexec) after which time you just make sure that the installed mail clients don't allow scripts. Okay, it is slightly more complex than that, but a good sysadmin can deal with it. AFAIK, Windows doesn't have this ability so an admin can't lock things down this way.
Well... before you plug it in...
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
... to that PC World bonehead who wrote an article about OS X being "just as insecure as Windows" because somebody discovered a remote exploit (where "remote" meant "on the same lan as your machine").
I don't recall his name, but I remember the sensationalist tone of his article, the minimal facts, and the gloating that Windows was no longer alone in being vulnerable. It's probably asking a bit much for him to read the article without his "I Love Windows Blindly" hat on, but maybe he (and others whose love of bashing the Mac seems to exceed anyone else's love of anything, including the so-called "Mac zealots") might be begin to accept reality.
is that they are technologically impaired halfwits. If they would accually take the time to hire *real* computer experts, maybe they would have a little bit more success in stopping something.
In the past, I could send them detailed logs, including TCP dumps, of people controlling DDOS networks, threatening people, bragging about committing DDOS. And nothing would happen. More recently, a friend of mine had serious threats to her and her child from a stalker - who authorities proceeded to track to Atlanta. But they seemed to miss the fact that he was repeatedly coming from a dialup IP address in Toronto.
Law enforcement on the internet needs to be put into the hands of a capable multinational group with laws that are defined to cross boarders. Until then, DDOS kiddies will still be running around quite loudly proclaiming their existance.
.
Time to strike up the drumbeat:
1. Windows defaults to let users run as root. Neither Mac OS X nor Linux do that.
2. (already noted) Macs ship with most ports shut down.
3. BSD has been combed over for years, and many eyes have searched for vulnerabilities. A lot have already been solved. Nobody can look at Windows code.
4. Macs have fewer application vulnerabilities (because unlike Windows, most applications can't make root system calls and run programs as root (for example, MS Outlook).
Sorry to be repetitive.
I'm a senior admin with a big company, specializing in Windows based systems. My day to day PC is a 15" Powerbook. I can use the Microsoft RDP client to log into any of the Win servers, SSH to log into the Unix stuff and can pretty much do my job with no hiccups or workarounds. The only exception is that Entourage has weak MS Exchange support, so I'm typically using webmail. With Fink installed I have basic tools like nmap and ethereal at my disposal. My only real gripe is that Apple and Broadcam don't open up access to the network hardware.. Being able to put my NICs into promiscuous mode would be a big help. There's a workaround - I could get an Orinoco or Aironet PCMCIA card.. but I'd prefer to use the integrated hardware.
As far as Linux distros go, Yellow Dog Linux runs very nicely on most older Macs.. but as of yet there is no support for the Radeon 9600 in my book. Text is fine for most stuff but I'd love to run KDE or Gnome in Yellow Dog.
Anyway, I think Apple's got a real opportunity. The Virginia Tech cluster shows their potential and this article is good PR, despite the "frustrate law enforcement" comment. Seeing a room full of Powerbooks at NASA was pretty cool, too.
I love how people always seem to think that there are fewer vulnerabilities simply because the mac has a much smaller market share. Sure, it makes sense unless you're actually paying attention. Yes, Apple has had to issue some security updates recently. No, Mac OS X is not perfect. But it beats the hell out of operating systems that ship with holes so big you can drive a truck through with room to spare.
The first thing you have to do when you install the OS is create a user account and a new password. Macs ship with most services disabled by default, and they've got a point-and-click firewall that can be enabled in a matter of seconds. Macs are not secure because no one uses them. They are secure because they do not make the same common mistakes that Microsoft seems to do constantly. They're secure because you don't hear about huge break-ins, loss of data, or life-threatening situations caused by failed security systems. And they're secure because the folks that depend most upon security seem to turn their head more and more these days towards that odd fruit on the other side of the fence. The fact that Apple has issued patches recently is not a red flag. Everyone has to patch their OS. It would be a red flag if they hadn't patched it in a timely manner, like some others that we always seem to hear about.
Of course, they're expensive as all hell, and their isn't enough software for them, but that's another story. ;-)
I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.
Seriously, to me this sounds like sensationalism. Like, a good sound byte to attract attention. If you tell people that things are worse than they could ever imagine, you're not going to do much except scare people. And most of the time it's not that bad.
I'd like to think that (like most slashdotters) I'm not unaware of what goes on in the "computer underground". I'm not in it, but it's not like I'm ignorant of the fact that it exists. The tools on packetstorm are enough to scare any non-tech person into submission, if they knew what they could do, yet I don't lose sleep over it.
I'd like to think that, while there are lots of "dumb" users out there, there are a lot of us tech guys, the guys behind the switches and administering the servers, who are looking out for them, much like shepards.
There are a couple of simple rules to follow:
1.) If it's on the internet, it can be hacked.
2.) If it's backed up, it can be restored.
3.) If it's patched, it's less likely to be exploited.
4.) Ease of use and security are inversely proportional.
I don't resent people like my mom who wouldn't know spyware from cookware. I do what I can for her, computer wise. And she cooks for me when I come home. I consider it an even trade.
~Will
sig?
Two things. The assertion that Platform X is 'just as insecure as Windows' is technopolitik Vunderbabble of the worst sort; the fact is that the claim that they are 'as insecure' as Windows is unfounded, and undemonstrable unless and until there are as many targets for would-be virus/trojan/hack/script kiddie toolbox writers that are platform X as there are Windows boxen for them to excercise their nefarious talents upon. It's an outgrowth of the kind of sloppy thinking that suggests that all programmers produce equivalent code; they don't, as any programmer can tell you. So get over it.
Second, it's obvious that you are as near as one can come to being completely ignorant about anything but your precious "pro-MS fanboy bloatware"... I don't have a *single* *nix box (Linux, BSD, or Slowlaris) that will 1) decode (uudecode) a binary file as executable without my direct intervention to cause it to occur, or 2) execute said code in any way - even scripts for a scripting language that's embedded (for expandability and extensibility of the client) won't execute by clicking on them when they appear as an attachment in an email.
This is not to suggest that there are not undiscovered security vulnerabilities in *nix that may be revealed if and when it spreads across the face of the earth supplanting Windows boxen righteously; however, I will assert that I believe that those security failures will not approach the generalized impact of the Windows virii/trojans - and you know what? I have *exactly* as much data to support that view as the generalized "let's be nice to the poor little Winders crowd" Technopolitik 'your platform is just as bad' FUD. </FLAME>
Thinking outside my Head
But you forget that when a file comes in as executable, every other OS recognises it as such, and in fact most mailers on other operating systems do NOT automatically execute code. In fact some CANNOT.
I have heard it said by MS lackeys that removing the ability for Outlook to execute a file when it's received is crippling the app. In an age when viruses worms and trojans are all too common, this is the equivalent of people all around the country receiving letterbombs in their mail weekly, and not putting in place some simple provision that would allow them to check if the letter was something they wanted, or a dangerous bomb, just because you want the convenience of opening a parcel willy nilly.
MOST EXECUTABLES SENT IN EMAIL ARE VIRUSES. thats just fact. This week 40% of email traffic was a virus! hundreds of millions of copies of MyDoom spread around. The simple fix is DON'T EXECUTE MAILED FILES!.
Another MS problem is the backwards compatibility crap that MS leave in mailers. Did you know Fonts are STILL exempt from security zones in mailers and browsers on Windows. Did you know Windows supports executable fonts as a legacy from Win 3.0? Several keylogger trojans have snuck into people's Windows machines by this method alone. The only conclusion is MS don't know what they're doing, by allowing a type of executable (executable fonts) exclusion from security.
Tsk MS, before you start talking security, switch your collective brain on.
Sorry, what consolation prize do we have for our departing guest?
m l
Honestly, the security by obscurity thing has been disproven so many times, in so many ways for Mac OS X that I find it impossible that you're unaware. Granted, Mac OS X has security issues patches, but don't make me get into the horrid falacy: "macs are just as insecure as any other OS." They are, by design, far more secure. The exploits possible on a PC are not possible on a Mac due to Outlook, IE, messenger services, etc.
Seriously. Thanks for a good laugh. In case you're missing out on the needed information, here it is. This article sums it up very well.
http://www.theregister.co.uk/content/4/34554.ht
"Politicians find new names for institutions which under old names have become odious to the people."
I'm sitting here in front of my PC with a G4 Mac keyboard and 6 button MX700 wireless logitech mouse. ;-)
PSA -- Mac keyboards are very handy on a PC. They will detect in XP as a Mac USB Keyboard, and will run without having to install any additional drivers.
The only unfortunate thing, Mac designed them for little girl's fingers, so there are no gaps between the function keys. But the feedback is amazingly light, lighter than any PC keyboard I tried during my visits to CompUSA and MicroCenter. Not bad, at all, for $60. There is also no funky side-crunch. You know, like on the MS ergonomic keyboards from a couple of years ago. You can hit any part of the key and it still presses silently and smoothly.
My next plan is to put a couple of blue LEDs under the acrylic on the bottom. Since it's clear, it should illuminate very well.
I find it somewhat amusing that he harps on and on and on about the slightest little problem with any other platform -- particularly the mac -- but has almost completely ignored the latest couple of mail worms pestering his platform-of-choice.
Criminals have figured out a way around (shipping restrictions to Eastern Europe), however. They hire folks to act as middlemen for them. Basically, these people get paid to sit at home, sign for packages from Dell, Amazon, and other companies, and then turn around and reship the packages to Russia, Belorussia, and Ukraine.
I bet you, too, thought those spammers were lying.
Quem a paca cara compra, paca cara pagará.
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Nice try Mr. FBI man! This is just a thinly veiled plot!
1) Tell public to use FBI to foil law enforcement.
2) ???
3) Profi^WProsecute!
Someone hand me my tinfoil hat, I'm off to search for nsa_key in Darwin.
~Dalcius
Rome wasn't burnt in a day.
It's bad enough Mac users have been accused of rampant piracy due to Apple's slow adoption of DRM technology and their earlier "Rip, Mix, Burn" advertising strategy a few ago. Once again, we'll end up blamed for supporting the "criminal element" because the OS is secure almost right out of the box.
What is so inherently wrong about something that just "works"? We're not a bunch of luddites here, so why is the Mac always tagged as being evil?
Maybe it's the whole "Apple is satanic" thing. You know... founded on April 1st... sold their first computer kits for $666.66... the reasoning for choosing an apple with a bite of it for a logo.
Get real, it's just a computer.
8==8 Bones 8==8
Back when I was a youngster and I did things that were in a legal "gray area", I almost always used a Mac. FWB's Hard Disk Toolkit included transparent HD encryption.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
"...I was trying to plan simultaneous suicide explosions in separate third world countries using the advanced CAJ (Computer-Aided Jihad) program that comes standard with Windows XP, when all of a sudden the computer was like, beep-beep-beep-beep-beep, and I was like, what in Allah is this? And I lost all the plans. It was going to be a really good terrorist strike too! Now I use a Mac. Apple: bringing you the user-friendly tools you need to exterminate all Jews and Crusaders!"
...but just because it's open source does not just mean that it's "secure". Actually... because some software is hacked and patched and exposed to a massive amounts of people... it gets more focus and makes it better software. Perhaps a mac *is* more sercure becuase open source software is made and used by more "hakers"... but that remains to be seen. And no I don't care what you think. Thanks, have a great day. The more you hack me the more I find out.
||| I still can't believe Parkay's not butter.
from post: "WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' "
from article: "many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box."
The post quote implies that all FBI computer security agents, or at least the majority, use Macs. The second quote, from the actual article, implies that only some unspecified number of FBI computer secuirty agents use Macs. Please don't butcher wuotes to mislead.
Vote for Pedro
If you're a bad guy and you want to frustrate law enforcement, use a Mac.
I am an expert witness who works against these (FBI) guys in criminal cases. They have a whole division of the D.C. computer forensics office dedicated to Macs. A stock question they ask in trial is "OK, general computer forensics dude, what percentage of your time is spent working with Macs?" For most general security experts, this is 10-20%. Then they pull somebody out who does nothing but analyze Macs.
who are those slashdot people? they swept over like Mongol-Tartars.
apple has been doing unix since 1996, NeXT has been doing it since 1988.
Apple has also been doing unix since 1987 (if I have my years correct) with it's first release of A/UX, a product they supported for almost 10 years afterwards, and through three versions. If that's counted along with their work on NeXTSTEP->OSX, then that's 17 straight years of UNIX experience within the company.
Powerbooks start at $1599. iBooks start at $1099. Go to the Apple Store before you run your mouth off again.
Also don't forget Apache runs on multiple platforms and when made from source, might have countless build variationst. That alone makes many exploits much, much harder to pull off since even if you do manage to overflow a buffer, you can't count on the memory layout being the same.
It's not too unlike how genetic variation limits the spread of real viruses.
The G4 when it first recieved it's Super Computer status. Apple ran a few ads the the effect.
T Money
World Domination with a plastic spoon since 1984
Hmm. Not *precisely* the kind of publicity the Mac folks were probably looking for, but with their marketshare almost any publicity is good publicity.
Years ago, British Leyland ran a full page ad in the Times, apologizing for the efficiency of the Land Rover, and how it was supposedly enabling poachers in Africa to stay one step ahead of the law. Rovers still rule, and Macs will continue as well.
Just remember, the best way to live outside the law is to stay within it.
First, I read this article when it came out and was noted on macintouch. It is obvious that the author has respect for the FBI agent. And if you read articles posted on securityfocus, this is not always the case when it comes to people in the government.
Macs are shipped with a relatively high level of security in that things (servers/daemons) are turned off by default.
The most significant security hole in OS X (IMHO) for a non-server perspective was the DHCP hijacking. This was a local subnet potential exploit that one should take very seriously, but not one to affect most people.
It is very likely that the FBI agent computers that run MacOS X are used for things like e-mail, web browsing, generating documents (Word and Acrobat), PowerPoint presentations, and other normal business applications. There is also the probability that they are used to run more specialized Window and Unix based applications.
Duh, the agent said that MacOS X was used because they can run these types of programs. One computer, many applications. Side-note: I use OS X because I have to use MS Office, Acrobat, Illustrator, X11, Motif, OpenGL, write programs in C/C++ using X11, OpenGL, and X11, perl, Tkl, as well as others. I want one computer to use, not two or three.
Going back to security, the last significant Mac based problem was the Autostart worm that went around some years ago. This flaw was due to QuickTime automatically starting an application when a CD was inserted in one's computer. This is no longer a problem, AFAIK.
I work in a heterogeneous computer environment. Windows (95 to XP), UNIX (IRIX, Solaris, HP-UX), Mac (OS 9 to X), and VMS (sob). Except for VMS, the Mac OS based systems are the easiest to maintain with regard to network security.
Finally, the FBI needs to get more experience with HFS+ file systems. If they the requisit experience and knowledge, then says to me that the FBI agents using OS X are using their systems to do more mundane things like generating documents, reading e-mail, etc... Then again, this might be a lesson that others should consider.
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Sure, right. That's what he wants you to think!
I always knew there was a connection between Wendy's and the FBI.
Quick! - what's the FBI's number -- I found them in my very own company! -- I always knew the graphics department were up to no good -- dressing above their income in those european clothes - and insisting on only using Macs - and I've seen them, caught them! making websites!
I'd tell the server guys but they use Linux so you can't trust them not to 0wn your box...
In-fact they could be watching what I'm typing right now... AHHH... one's walking over this way...
[good - I hid under my desk and he seems to have gone away... I think I'll make a break for it]
If this message gets through the web of proxies set to trap and stop my messages... send help..
Mac OS X has otool(1), specifically otool -L, and it's been in Mac OS X since the beginning. See the man page for more details. This is no more security by obscurity than a Windows developer not knowing about ldd.
otool is a bit more flexible than ldd, since ldd requires that you actually execute the code in question and watches what gets loaded. otool looks at the binary directly and determines what libraries are needed without executing anything. This makes it usable on shared libraries that depend on other shared libraries, without having to create a separate test executable for use with ldd.
--Paul
Well, to actually implement a semi-global keylogger in OS X is trivial. You simply put an appropriate .bundle in ~/Library/InputManagers . No root required. Every subsequent program opened will (attempt) to link and run this code. Since .bundles can be versioned, you can even make a platform-specific version.
:)
But then, it's not hard on Windows either.
The trick is in somehow getting the user to install it (usually by running a helper program). In this, OS X mail clients are extremely uncooperative. Pretty much every mail client (including Mail.app), is very clear about what you are getting (and doesn't hide extensions, that's a big one!). Further, when you try and take an attachment it gives you a clear warning of what you are about to do, and makes the default action to save.
So, you don't need root to do it, but fooling your users (especially without some kind of macro in the mail) is much harder on the mac side, because the users get more prompting on the proper response to untrusted email attachments.
It's amazing how far a dialog box will go, eh?
Slashdot. It's Not For Common Sense
just got cooler eh? But, they definitely didn't feature macs in the Matrix, did they? :D
|/________
|\A|ALYS|
I have not only my home dir (and tmp and spool dirs) encrypted, but also my swap space. No use encrypting a file if they can lift the decrypted version from swap.
You might want to check out this nice UNIX family tree..
You can easily see who's related to who. I might note that Solaris is much further from what we modernly call BSD than some of the others you named. I won't speak of IRIX, but AIX is a weird kind of BSD variant, as is HPUX. OSX is very very close to FreeBSD.
Slashdot. It's Not For Common Sense
Don't forget the Workgroup Servers running AIX.
The rest of the *NIX development world would be much nicer if they adopted a similar scheme.
Standard shared object libraries in OS X are just that, and are subject to all the pitfalls normally found... ohh.. except one. Since Apple uses a two-level namespace scheme, you see name collisions less. Oh, and they do prebinding very aggressively.
It's pretty much a superior setup to the average linux world. But then, we paid for something besides just iCandy, right?
Show me a reason why OS X should have ldd when the superior otool exists. C'mon! To make you feel more comfortable? To make you feel more loved?
Dude, if you're a developer doing cross platform development, then turn around and complain how annoyed you were at not finding ldd, discontinue cross-platform development. If you can't even be bothered to check the unix rosetta stone for something that simple, then you're not the kind of battle-hardened, talented person that is required to do real cross-platform development.
Perhaps you were just porting? Still no sympathy. Learn your target platform. It's not even like it's hard anymore! You have libtool, autoconf and automake these days. Cross platform development is actually feasible these days, albeit difficult!
Even with services running, it's harder to break into a mac. Apple's security update scheme is extremely aggressive. This is especially true when dealing with holes in trusted services like SSH and Apache.Slashdot. It's Not For Common Sense
My question; If the Computer Security team at the FBI uses alot of Macs, wouldn't you think they know them well enough to hack them??
Ernie Dambach
"It is no small thing to celebrate a simple life -Tolkien
"Huh. QNX. SCO. BSD. Uhh... OW!"
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
He must have been the other Dave Thomas!
Okay! That's my post, so good day, eh?
Mainstream OSes have presumably been analyzed to death by foresnics companies.
Except that new viruses/worms/security holes keep coming out every day/week/month that others seem to find. Guess they need to get some more analysts...
News at 11: MS security problems kills analysts, others vulnerable!
You're just jealous because the voices only talk to me.
Ernie Dambach
"It is no small thing to celebrate a simple life -Tolkien
(already noted) Macs ship with most ports shut down.
No, they ship with ALL ports shut down. You have to explicitly turn a service on to open the port.
Hell, even root is turned off and needs to be manually enabled.
... If the sysadmin didn't install it you can't run it, (just mount /home and /tmp with -noexec)...
/lib/ld-linux.so.2 ./[program]
Just a little nitpick:
-noexec isn't really a security measure. Try this on a Linux box:
Drop an executable file into a -noexec mounted partition. Try executing it. Note that it doesn't work: Permission denied.
Now, try running the program like this:
Voila! Your -noexec did absolutely nothing to prevent executables on the partition from being executed anyway.
I imagine similar ways exist for most Unixes--just find the linker library. In any case, the good thing is that non-root processes are sandboxed sufficiently as not to destroy anything beyond that user's files.
There is no evidence the MacOS is fundamentally significantly more secure than Windows.
There is evidence Windows is fundamentally significantly more insecure than most Oses. Which other OS gives their office suite/mail/browser what is tantamount to su status?
Just because you have a stock portfolio full of MS stock does not make Windows as (or more) secure than other OSes.
Last time I posted a negative article (admittedly somewhat provocative/aggressive) on the Mac, I was not only marked troll, but someone went through my past articles, and modded one or two of those down. Gotta love the Mac community. Wonder what'll happen this time.
You'll get a bonus for your efforts from Redmond?
Informative at +3 indeed. bleah.
In the late 80's and until the mid 90's many computers above a certain level (many desktops of the day fell under the rule) and lots of common everyday software were classified as munitions and could not be exported to certain countries. It wasn't just Apples. After a few years the laws became unenforcable because of global markets. They may still be on the books.
"FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows"
And i was thinking bad guys always used 3D interfaces with lots of moving things in the background typing commands like "send worm" "hack 127.0.0.1" etc.
42 + 1 = 42
Well no wonder I am considered a security threat just for using Macs!Once at ASU, I was using their mac terminals to get some new VIS images of Mars. I overheard the security guys saying: "oh come on, these kiddies were weaned on windows; none of them know UNIX!" Being a long time mac user, I (stupidly) said "I know UNIX!" And was labeled a security threat. (Fortunately, they were out of the "I am a security threat" Tshirts that day)
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
If I was a law enforcement offical and I wanted to give a bad guy a false sense of security. I would recommend a partially closed source OS that appears to be very secure. However, it could possibly have an NSA/FBI backdoor. Then at a big security convention I would say that said partially closed OS would frustrate law enforcement!
Let's pretend you want to have a secure computer system on which you wish to do your work.
Let's pretend you have two options:
1) You can get a machine that is secure "out of the box" and thusly immediately get to work on it with minimal, if any, additional effort.
2) You can get a machine that isn't secure out of the box, and you have to spend a lot of time and effort making it secure, taking your energy away from your work.
Which option would a smart person choose?
Department of Homeland Security: Removing the rights real patriots fought and died for since 2001