Penetration Testing: RE: Apple pentesting

["Todd Towles" <toddtowles () brookshires com>]

And I ask you where is the expoit information? What is the
vulnerability? Do exploits exist? Can you test if you are vulnerability?
These is a site that list patches..not the same thing.  Interesting that
you think they are the same. Apple doesn't follow Full-Disclourse, that
was my point. 

I didn't mean they don't patch...

> -----Original Message-----
> From: Altheide, Cory B. (IARC) [mailto:AltheideC () nv doe gov] 
> Sent: Tuesday, April 05, 2005 1:55 PM
> To: Todd Towles; Julian Totzek; pen-test () securityfocus com
> Subject: RE: Apple pentesting
>
> > -----Original Message-----
> > From: Todd Towles [mailto:toddtowles () brookshires com]
> > Sent: Tuesday, April 05, 2005 10:48 AM
> > To: Julian Totzek; pen-test () securityfocus com
> > Subject: RE: Apple pentesting
> >
> >
> > Nessus does work against Macs, the problem with testing 
> Macs is they 
> > never released vulnerability statements..never. If a hole is found, 
> > Apple releases a patch and no ones says anything. If Microsoft did 
> > this..everyone would go crazy.
> I'm gonna go out on a limb and say you don't know what you're 
> talking about.
>
> Protip:  Google for 'apple security' and this is the first hit.
>
> http://docs.info.apple.com/article.html?artnum=61798
>
>
> Cory Altheide
> Senior Network Forensics Specialist
> NNSA Information Assurance Response Center (IARC) 
> altheidec () nv doe gov "I have taken all knowledge to be my 
> province." -- Francis Bacon