More on MAC Security


So it appears Gartner has something to say about MAC security too.  Here is an interesting article building on the MAC security issue.  It’s just a matter of time before a major attack happens that hits the MAC platform.  Another interesting tidbit is that the article points out that “Mac’s generally have to be patched one at a time”.  Don’t get me wrong using both Macs and PCs can be good if the overall strategy supports security, but the key here is not to have a false sense of security.

 

 http://news.yahoo.com/s/infoworld/20071228/tc_infoworld/94177;_ylt=AmF8ijFNlThIuDkLJJ6MHJEE1vAI

One response to “More on MAC Security”

  1. eh Avatar
    eh

    (When you say MAC security, it calls to mind MAC Address Security, where MAC is Media Access Control – what you really mean is OS X security).

    OS X checks for patches automatically, and in Leopard the updates are downloaded automatically and the user is notified when the patches are ready to be installed. By default, the system checks the Apple server weekly, though you can change the update timeframe and optionally change the update server to use a system on your local LAN to save bandwidth. Check out this Apple KB Article for information on Software Update and how to customize (hint: it’s really easy, just go to System Preferences->Software Update)
    http://support.apple.com/kb/HT1338

    A mass attack probably will hit the OS X platform soon. There are some mitigating factors that make this a little difficult, but certainly OS X is far from invulnerable. One mitigating factor is that users do not run by root as default and have to supply their password in order to change the system (so one type of mass attack I forsee involves a simple phishing trick). The other kind of mass attack I forsee is a more straightforward buffer overflow or similar exploit in a protocol handler (afp, smb, nfs, rtsp) implemented either by the OS itself or by one of the applications commonly found on Macs. Most Macs have the default firewall enabled (which prevents inbound attacks but does not catch outbound “phone home” traffic), so a direct attack against open ports seems less likely.

    For those interested in examining all the OS-level security mechanisms implemented by Apple, or in further hardening their Mac, check out the 200+ page Leopard Security Configuration document published by Apple (free):
    http://www.google.com/search?hl=en&q=leopard+security+config+site%3Aapple.com&btnG=Search

    For those interested in writing OS X 0-days, I recommend checking out Nathan McFeters and Rob Carter’s work (among others) on protocol handlers. The Black Hat DC slide deck is a reasonable starting point for reading on this topic:

    Click to access bh-dc-mcfeters-rios-carter-WP.pdf

    /eh

    Reply

Leave a comment

InfoSecAlways.com

Information Security Always by Jason Bevis