Focus on Apple
How Leopard Addresses Security Oct 28 2007 10:47PM
Todd Woodward (todd_woodward symantec com) (1 replies)
Re: How Leopard Addresses Security Oct 29 2007 07:00PM
Mark Senior (senatorfrog gmail com) (3 replies)
Matasano has written a good early examination of the new security
features, at http://www.matasano.com/log/981/a-roundup-of-leopard-security-features/

Unfortunately, there's rather too much of what I had expected, given
past performance from Apple - technically sound tools, with
insufficient implementations built on top of them, and too much of it
is closed and undocumented (or practically undocumented), so the user
community is unable to fill the gap effectively.

In fact, with regards to the sandboxing part, there's altogether too
much of that - for example, Safari isn't sandboxed, nor is there any
apparent way for users or developers to write sandboxes for their own
applications.

Regards
Mark

On 10/28/07, Todd Woodward wrote:
> It's still extremely early post public release of Leopard and the tires are still in need of some swift kicks. At least those of us who were under NDA with regards to Leopard can now speak more freely.
>
> I found the following Tidbits article which begins a discussion about the security improvements and features in Leopard:
>
> http://db.tidbits.com/article/9251
>
> Specifically it discusses Time Machine, Library Randomization (a.k.a. Memory Randomization), improved IPFW, application sandboxing, Keychain enhancements, SMB packet signing, guest accounts, and more.
>
> In an article posted yesterday, they discuss an issue reported by Open Door Networks with the "Back to My Mac" feature: http://db.tidbits.com/article/9269
>
>
>
> Security Response Researcher
> Focus-Apple Moderator
>
> ________________________________________
> Todd D. Woodward
> Technical Support Engineer
> NetBackup Support
> Symantec Corporation
> www.symantec.com
> Springfield, Oregon
> ________________________________________
> Office:541-335-7441
> ________________________________________
>

[ reply ]
RE: How Leopard Addresses Security Nov 05 2007 07:15PM
Todd Woodward (todd_woodward symantec com) (1 replies)
RE: How Leopard Addresses Security Nov 13 2007 06:37PM
Todd Woodward (todd_woodward symantec com)
RE: How Leopard Addresses Security Oct 30 2007 09:02PM
Todd Woodward (todd_woodward symantec com) (1 replies)
RE: How Leopard Addresses Security Oct 31 2007 01:10AM
Todd Woodward (todd_woodward symantec com) (1 replies)
Re: How Leopard Addresses Security Oct 31 2007 03:56PM
Mark Senior (senatorfrog gmail com) (1 replies)
RE: How Leopard Addresses Security Oct 31 2007 04:24PM
David Harley (david a harley gmail com)
Re: How Leopard Addresses Security Oct 30 2007 11:27AM
Roy Atkinson (roy atkinson jax org) (1 replies)
Re: How Leopard Addresses Security Oct 30 2007 05:57PM
Mark Senior (senatorfrog gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus