Focus on Apple
Plethora of Important Product and Security Updates from Apple Sep 15 2008 09:49PM
Todd Woodward (todd_woodward symantec com) (2 replies)
Re: Plethora of Important Product and Security Updates from Apple Sep 16 2008 11:40PM
Indy (ind cca smith gmail com)
RE: Plethora of Important Product and Security Updates from Apple Sep 16 2008 02:27PM
Don Rhodes (drhodes mail colgate edu) (1 replies)
Re: Plethora of Important Product and Security Updates from Apple Sep 16 2008 05:05PM
Peter Hein (peter hein wright edu) (3 replies)
Re: Plethora of Important Product and Security Updates from Apple Sep 16 2008 07:09PM
Jesse Gough (jesse_gough symantec com)
Nmap can *try* to actively fingerprint services that are accepting
connections. The difference here is bonjour will happily advertise anything
and everything, as well as application layer information such as version
information, machine name, shared iTunes music, and so on. Nmap is rather
noisy, whereas with bonjour, the attacker can sit quietly and you won't know
that you're being fingerprinted.

Most importantly, it's an unwanted service that has had a history of remote
vulnerabilities. It also has a history of bypassing firewall rules you put
in place to restrict access to it, to ensure that it remains exposed to the
network regardless.

Here's just one of the worse instances:
http://lists.immunitysec.com/pipermail/dailydave/2007-May/004360.html

"So essentially a reliable remote root on everyone at Starbucks or on all
those OS X fiends at security conventions. The Immunity exploit will do so
on either PPC or Intel, your pick, and since the service restarts, you get
to pick twice."

If a user likes the functionality provided by bonjour, and only uses their
laptop behind a home LAN, then by all means, they can install/enable it. But
I agree with Don, sneaking it in and enabling it by default is a terrible
idea, and most users have no idea that their "firewalled" MacBooks are
spewing all kinds of data, and opening them up to attack, wherever they plug
it in.

-JG

On 9/16/08 10:05 AM, "Peter Hein" <peter.hein (at) wright (dot) edu [email concealed]> wrote:

> Bonjour has been around for quite a while. Originally called Rendezvous, it
> came out with OS X 10.2 - circa 2002.
>
> And nmap (http://nmap.org) can scan any computer on a network to determine
> which services and ports respond. It can scan a single computer, or an entire
> network.
>
>
> Peter Hein
> -- .-. -- .- -.-. --. ..- .-. ..-
> Wright State University - CaTS - Network Services
> Network Engineer
> peter.hein (at) wright (dot) edu [email concealed]
> voice: 937.775.4949
>
> On Sep 16, 2008, at 10:27 AM, Don Rhodes wrote:
>
>> Anyone know 'when' they (Apple) decided to install Bonjour?
>>
>> This is such a BAD idea that it is crazy. Apple really needs to get a clue
>> about what you should use Apple Software Update for; i.e. NOT installing new
>> software. First it was Safari, and now a service that allows someone, anyone,
>> to determine the services that a computer has running?!?!?!?!
>>
>> At some point Apple's software will become a HUGE problem, ala Nachi, Sasser,
>> Blaster, etc gets a hold of it. I'm really starting to dislike their business
>> practices with ASU....
>>
>> --
>> Don Rhodes
>> Network & System Administrator - Network, Systems and Operations
>> Colgate University

[ reply ]
Re: Plethora of Important Product and Security Updates from Apple Sep 16 2008 05:21PM
Eric Hall (securityfocus darkart com)
Re: Plethora of Important Product and Security Updates from Apple Sep 16 2008 05:20PM
Scott Cote (rscote nps edu) (1 replies)
RE: Plethora of Important Product and Security Updates from Apple Sep 16 2008 06:32PM
Don Rhodes (drhodes mail colgate edu) (1 replies)
Re: Plethora of Important Product and Security Updates from Apple Sep 16 2008 11:15PM
Stuart Dunkeld (stuartd gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus