Robert Lemos, SecurityFocus 2005-11-29
When the SANS Institute, a computer-security training organization, released its Top-20 vulnerabilities last week, the rankings continued an annual ritual aimed at highlighting the worst flaws for network administrators. This year, the list had something different, however: The group flagged the collective vulnerabilities in Apple Computer's Mac OS X operating system as a major threat.
Colapse all |
Post comment
Mac OS X security under scrutiny
2005-11-29
Anonymous (1 replies)
Anonymous (1 replies)
Re: Mac OS X security under scrutiny
2005-11-30
Anonymous (1 replies)
Anonymous (1 replies)
Mac OS X security under scrutiny
2005-11-29
Anonymous (1 replies)
Anonymous (1 replies)
The usual 'the sky is falling' routine in the form of '..since Mac has such a small market share, it is not productive to write viri...'
The reason the Mac is sooo much safer than MS is that YOU have to literally FORCE a virus or trojan get onto your system. YOU. No sneaky stuff like MS allows. A...
[ more ] [ reply ]
The reason the Mac is sooo much safer than MS is that YOU have to literally FORCE a virus or trojan get onto your system. YOU. No sneaky stuff like MS allows. A...
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-29
Anonymous (1 replies)
Anonymous (1 replies)
agreed. I've participated in the SANS Top 20 before, but this year, they are embarassing! It looks like a lack of work, and just lumping things into groups. There wasn't enough research done if you ask me. Oh yeah Cisco is vulnerable, and oh yeah Juniper, and how about Linux, and oh yeah, where...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny
2005-11-29
Luc, Bangkok (1 replies)
Luc, Bangkok (1 replies)
Guys, agree with you all, but you have to understand that for SANS, and Symantec behind it, the sky is indeed falling!
They're all under threat (security-threat!) for loosing their job if M$ does not stay where they are.
No more M$ = no more virus = no more security-threats = no more Symantec = n...
[ more ] [ reply ]
They're all under threat (security-threat!) for loosing their job if M$ does not stay where they are.
No more M$ = no more virus = no more security-threats = no more Symantec = n...
[ more ] [ reply ]
Let's not be...
2005-12-02
Sean
Sean
Only a great fool would believe that if M$ falls there will be no more security work to do. Where there is a will there is a way. The criminal mind (that's all they are anymore) focus' on the large target/biggest payoff. Who EVER that might be. If everyone starts running Sun tomorrow you'd bette...
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-29
Anonymous (1 replies)
Anonymous (1 replies)
Most definitely, this warning is suspect because it is given by someone who has a financial incentive to do so. There's a clear conflict of interest here. And this comes from the same company who was either incompetent or unethical enough not to catch the famous Sony CD spyware. ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Kelly Martin (2 replies)
Kelly Martin (2 replies)
Hello Anonymous, I'm editor for SecurityFocus.
While we are indeed owned by Symantec Corp we operate independently and have full editorial control over *all* our content. Your comments prompted me to respond with several points, because without accurate information you cannot possibly have an in...
[ more ] [ reply ]
While we are indeed owned by Symantec Corp we operate independently and have full editorial control over *all* our content. Your comments prompted me to respond with several points, because without accurate information you cannot possibly have an in...
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny
2007-09-07
Anonymous
Anonymous
What hit us in nov 2006 was one 'payload', and it did not care if it was xp, Linux or a new intel mac. The only pc that did not go down on that network was a 2003 mac osx (panther). That was the only one which had a different 'architecture'. Whether that is the reason or not, i will leave it to smar...
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-29
anthis
anthis
"A lot of the people who do vulnerability research started with Unix, and a lot of hackers have moved to Apple Mac OS X because it is cool and they can do anything they could do on Unix,"
This has to be by far the most stupid thing I've heard someone say. I'm sure, almost positive that the reaso...
[ more ] [ reply ]
This has to be by far the most stupid thing I've heard someone say. I'm sure, almost positive that the reaso...
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-29
Anonymous (1 replies)
Anonymous (1 replies)
You do understand how pathetic this is, right? What an attempt it is create FUD against Mac OS X? Silly....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Anonymous
Anonymous
You clearly have no concept of how many osx vulnerabilities are pending with Apple, are being withheld by security companies and vulnerability researchers, or out there within closed groups of blackhats.
Also you clearly have no understanding of how triival some of the bugs in OSX based software...
[ more ] [ reply ]
Also you clearly have no understanding of how triival some of the bugs in OSX based software...
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-29
Anonymous
Anonymous
This is one of the most absurd decisions by the SANS Institute that I have ever heard. After all, given the litany of exploits that occur that involve Windows (various versions) every *week* - has it ever occurred to these whores to name MS as a significant threat to computer users? I wonder how m...
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-29
Anonymous (3 replies)
Anonymous (3 replies)
Wow! I guess this means I will tell my clients to switch back to Windows systems because they are so much safer now than their Macs. What a load of bulls**t. I have yet to come across ANY expolitable security flaw for mac OS while I spend hundreds of hours a month patching Windows systems and fixing...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Anonymous (1 replies)
Anonymous (1 replies)
Mac OS X <=10.3.3 AppleFileServer overflow Remote Root Exploit
http://www.frsirt.com/exploits/08132004.priv8afp.pl.php
feel silly yet?...
[ more ] [ reply ]
http://www.frsirt.com/exploits/08132004.priv8afp.pl.php
feel silly yet?...
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny
2005-11-30
Anonymous
Anonymous
nope, hack my system, maybe then ill feel silly. You can point fingers and talk about flaws forever, but until it could actually affect an apple, shut the f*%$ up. HACK MY COMPUTER. While your at it prove that god exists, its about the same argument. Good theories, none proven.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Anonymous (1 replies)
Anonymous (1 replies)
How about the Safari issue that allowed a remote shell via links to external applications (help, for example)...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Matthew Murphy (1 replies)
Matthew Murphy (1 replies)
The exploit posted in response to your comment is one of *SCORES* of remote exploits (most of them roots), not to mention the fact that OS X local security is non-existant.
The reason SANS labelled OS X as a security threat is because of people like you who say "I don't have to patch my OS, becau...
[ more ] [ reply ]
The reason SANS labelled OS X as a security threat is because of people like you who say "I don't have to patch my OS, becau...
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny
2005-12-01
Anonymous (1 replies)
Anonymous (1 replies)
FUD, you seriously speak of what you don't know. The OS is more secure out of the box than windows and linux! It requires patching like any OS, but it does not need to be singled out, if you are going to call out an OS, call em all out. SANS has gone downhill quick with the rest of the security i...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Re: Mac OS X security under scrutiny
2005-12-02
Sean (1 replies)
Sean (1 replies)
I truly hope you mean once someone has root they have the box. I hope you aren't that ignorant....
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-29
Anonymous (1 replies)
Anonymous (1 replies)
Yes, the collecive vulnerabilities of Mac OS X are just such a severe risk compared to the daily barrage of new Windows vulnerabilities. The best part is their "solution"--turn on your built in firewalls and install security updates.
Shouldn't we have done this already?...
[ more ] [ reply ]
Shouldn't we have done this already?...
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Anonymous
Anonymous
"Shouldn't we have done this already?.."
Indeed, and I think this is the whole point of the warning (Conspiracy thoeries aside :-) )
As security professionals we need to be aware that just because an OS that has proven reliable and secure does not mean that it will always be so. Consequently b...
[ more ] [ reply ]
Indeed, and I think this is the whole point of the warning (Conspiracy thoeries aside :-) )
As security professionals we need to be aware that just because an OS that has proven reliable and secure does not mean that it will always be so. Consequently b...
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-29
Anonymous (1 replies)
Anonymous (1 replies)
Sounds like an IT job security scam. What an load of rubbish. One gets so tired of hearing this kind crap....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Anonymous (3 replies)
Anonymous (3 replies)
What a bunch of winers. No operating system is 100% secure and non will be made I agree that the security model on MacOS X is far secure compared to Windows even Poul Turrot on winsupersite agrees on that. This is not what this is about and people who understands security will tell you that. Securit...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny
2005-11-30
Matthew Murphy
Matthew Murphy
"What a bunch of winers. No operating system is 100% secure and non will be made I agree that the security model on MacOS X is far secure compared to Windows even Poul Turrot on winsupersite agrees on that. This is not what this is about and people who understands security will tell you that."
OS...
[ more ] [ reply ]
OS...
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny
2005-11-30
Anonymous
Anonymous
Last I checked Mac The Ripper was a program for copying protected DVDs.
It is true that OS X system passwords can be cracked with standard UNIX cracking utilities but that requires access to the machine to the point that you can spend quite a bit of processor time running a cracking routine agai...
[ more ] [ reply ]
It is true that OS X system passwords can be cracked with standard UNIX cracking utilities but that requires access to the machine to the point that you can spend quite a bit of processor time running a cracking routine agai...
[ more ] [ reply ]
Mac OS X Fanatics
2005-11-30
Anonymous
Anonymous
When discussing why there are no destructive virii in the wild spreading among the Mac community, reporters and researchers consistently fail to mention that the Mac community is made of a different breed of user, in that most are passionate about their platform of choice. That explains why most hav...
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-30
James Bailey
James Bailey
I'd like to see the analysis before I reject this as FUD or trolling for $s. But given that this is the same type of warning I've been hearing about for years, it doesn't hold much weight.
So far there have been only a couple of remote exploits and they were quite a long time ago. The last one th...
[ more ] [ reply ]
So far there have been only a couple of remote exploits and they were quite a long time ago. The last one th...
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-30
Anonymous (1 replies)
Why do they always have to include:
(Symantec is the owner of SecurityFocus.)
Whom are they advertising this to? I think whoever knows securityfocus/bugtraq knows symantec as well.
--Anonym...
[ more ] [ reply ]
Anonymous (1 replies)
Why do they always have to include:
(Symantec is the owner of SecurityFocus.)
Whom are they advertising this to? I think whoever knows securityfocus/bugtraq knows symantec as well.
--Anonym...
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-30
Jeffsters (1 replies)
Jeffsters (1 replies)
I don't care! I really don't care! I am so tired of this "security through obscurity" crap! Any hacker worth a $#@! would kill to get the publicity in being the first OS X in the wild virus! You spend nights creating a Win virus for what? You want fame write the first Mac virus! Go down in hi...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Matthew Murphy (3 replies)
Matthew Murphy (3 replies)
What you miss is that Mac viruses exist. The "Simpsons" worm was one. Nobody got "fame" because spreading a virus is an illegal act in the majority of the west. Most people write Windows viruses these days for the profit of owning thousands of PCs. Something they could easily do with OS X if its...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny Simpsons Worm
2005-12-01
Pual
Pual
Tadaaa.... maybe. Googled for Simpsons worm and founde:
Year: 2001
macOS 9.0 or higher. Hmm.. that's the Classic OS, Not OS X
Guess what was being used to get it working? Correct MICROSOFT Outlook Express 5.02 or better. And MICROSOFT Visual Basic was needed to get it working.
So, again, it's...
[ more ] [ reply ]
Year: 2001
macOS 9.0 or higher. Hmm.. that's the Classic OS, Not OS X
Guess what was being used to get it working? Correct MICROSOFT Outlook Express 5.02 or better. And MICROSOFT Visual Basic was needed to get it working.
So, again, it's...
[ more ] [ reply ]
Re: Re: Mac OS X security under scrutiny
2005-12-01
Anonymous
Anonymous
The Simpsons "worm" was a piece of applescript that required active user intervention to spread, and only worked on lookout anyway. Sure, that could easily be duplicated.
Show me a worm for OSX that doesn't rely on social engineering and I'll start getting worried.
Yes, I'm aware that there h...
[ more ] [ reply ]
Show me a worm for OSX that doesn't rely on social engineering and I'll start getting worried.
Yes, I'm aware that there h...
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-30
Anonymous (1 replies)
Anonymous (1 replies)
This whole thread makes me laugh, I wonder how many of the posters here even looked at the detail on the Sans top 20 or just ASSuMEd that they were pointing directly at MAC OS X and being either a Mac or MS fan started waving their arms in the chicken little manner that I?ve seen here. Why is it th...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Mac OS X security under scrutiny
2005-11-30
Anonymous
Anonymous
First off, I'm sure if the organization would point out Linux as opposed to OS X, there would be thousands of Linux Hippies flooding this place. The fact they are pointing out OS X doesn't make it any better and users of other OS's won't read it either. They'll just conclude that "OS X IS TEH SUX0...
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-30
Anonymous
Anonymous
If symantec is so concerned about the security of osx, I suggest they do a better job releasing updated virus defs for SAV10 OSX (just a week behind on the sober.x defs, guess it's a good thing we weren't effected). And as for SANS, shame on you, your willingness to list OSX in the top 20 siting an...
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X security under scrutiny
2005-11-30
Anonymous
Anonymous
What can you say about people who publish these lies. Obviously every other thing they print has to be seen as pure fiction written by pathologic liars or writers too stupid to be trusted to discern the difference between ZERO breaches ever in Mac OS-X verses TRILLIONS of breaches in Windows and the...
[ more ] [ reply ]
[ more ] [ reply ]
Author has embarrasing lack reading compreshension
2005-12-01
Anonymous (2 replies)
Anonymous (2 replies)
According to SANS
Multiple questions have been submitted asking whether the entire MacOS is a security risk. Of course not, any more than the entire Internet Explorer is a security risk. MacOS includes software that has critical vulnerabilities and Apple has a patch policy, described below, that ...
[ more ] [ reply ]
Multiple questions have been submitted asking whether the entire MacOS is a security risk. Of course not, any more than the entire Internet Explorer is a security risk. MacOS includes software that has critical vulnerabilities and Apple has a patch policy, described below, that ...
[ more ] [ reply ]
Re: Author has embarrasing lack reading compreshension
2005-12-03
Ariadoss
Ariadoss
This was my first time on this site, because a bug was reported here for one of the projects I develop for. I also was very displeased with this article. The title definitely got my attention though, becuase I've considered by Macs security from many different stand points and still find myself mo...
[ more ] [ reply ]
[ more ] [ reply ]
So is the sky falling or not?
2005-12-01
Anonymous (1 replies)
Anonymous (1 replies)
I check software update every day. I always work behing a physical firewall. What are the reasonable (or paranoid) steps to make beyond this?
If the sky is falling, do I need an umbrella or an underground bunker?...
[ more ] [ reply ]
If the sky is falling, do I need an umbrella or an underground bunker?...
[ more ] [ reply ]
Re: So is the sky falling or not?
2005-12-02
Anonymous
Anonymous
For excellent guides which cover many techniques for securing Macintoshes running Mac OS X from attack - beyond simply enabling daily checks of Software Update and turning on the integral firewall - please see Stephen de Vries' white papers for Mac OS X 10.4 "Tiger" and 10.3 "Panther" at Corsaire's ...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]