Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Question about Mac OS X 10.4 Security
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 28 Feb 2006 12:48:35 -0600

--On Tuesday, February 28, 2006 11:03:12 -0600 Stef <stefmit () gmail com> wrote:

If you look at the [very, very] specific paragraph I was referring to,
from Paul's email, then I hope you will agree with me that what I was
trying to convey was the need to avoid generalizing categorization of
users ... having said that, the implications are that a much higher
awareness, and - in turn - possibility of addressing and/preventing
issues related to vulnerabilities exists in the Mac community, vs. the
Windows one, for example.

Let's see. I use Windows XP, Mac OS 10.3.9 and FreeBSD 5.4 SECURITY daily. Therefore all three platforms obviously have a much higher awareness of security issues, right?

At least that *seems* to be your logic.

The fact is, as a community, Mac users have the belief that their system is "secure" - that they have nothing to worry about. *Of course* there are Mac users that are astute and fully understand the risks. Just as there are Windows users who are the same way.

Just because the geeks have taken to the Mac OS doesn't mean its community has raised its level of awareness more than a nanometer or two. In fact, when I sent a campus-wide announcement about the recent shell vulnerability, the *majority* of comments that I got from users *within* IT was, "You're spreadying FUD. Mac's are not anywhere near as risky as using Windows." Professors and others emailed me asking, "What do I need to do to be safe?"

If you think the Mac you're using is secure, I encourage you to go try to run the poc that Secureiteam posted. Just be sure to bring a clean pair of drawers with you.

I've used Windows since it first came out. I've never had a single virus infection, never had a single machine hacked, never had an incident of any kind. Does that mean Windows is "secure"? Of course not! The idea that, because you are using a Mac, you have less to worry about, is just as silly as the idea that, because you're using Unix, you have less to worry about.

Guess which platform get's hacked the most here?  (Hint - it ain't Windows.)

In *general*, the hosts that are the most risk are the ones that are the most poorly maintained (if they're maintained at all), and the OS they are running is irrelevant. There's only one OS that I know of, on this campus, that has never been hacked, and it has nothing to do with the OS and everything to do with how it's maintained and how it's protected (and no, I ain't telling you what it is.)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]