On Dec 19, 2006, at 11:16 AM, Philippe Devallois wrote:

>
> On 19 déc. 06, at 16:33, mfossi (at) securityfocus (dot) com [email concealed] wrote:
>
>> Coming to a Mac near you in January...
>>
>> http://blog.washingtonpost.com/securityfix/2006/12/
>> january_2007_month_of_apple_bu.html
>>
>
> Thanks, but before that, you may look at this report:
>
> http://lists.apple.com/archives/macos-x-server/2006/Dec/msg00422.html
>

To which the most appropriate reply I've seen so far is:

On Dec 19, 2006, at 12:29 PM, Dave Schroeder wrote (on the Apple OS X
Server mailing list):

> Compromises via vulnerable PHP-based web applications where things
> end up in /tmp or /var/tmp are ridiculously common, and just as
> applicable to Mac OS X as any other platform, and I'd bet nearly
> anything that's what this represents, not some scary "new" OS X
> compromise. That directory is probably owned by www, and probably
> just means this person is running insecure/vulnerable web
> applications on the machine.
>
> Can the original poster confirm, please? What is the ownership on
> this ".darwin" directory?
>

[ reply ]