× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2004

RE: Moving to Mac

>How many files on your system are "777"? :)

I don't know about files, but I'm sure my users think my programs are
666.

> -------- Original Message --------
> Subject: RE: Moving to Mac
> From: "Chuck Lewis" <clewis@xxxxxxxxxx>
> Date: Wed, September 01, 2004 1:57 pm
> To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
> 
> Well I am MORE than aware of all the problems with PC's but didn't want you
> to think that the Mac was immune from that. I sort of thought it was to a
> degree until this post this morning on the Dshield list (with some VERY
> heavy hitters in the security field):
> 
> RE: [Dshield] Spyware and Unlikely Targets    
> 
> Does your MAC verify using CERTs that it is
> communicating with Apple and do an MD5 sum to verify
> that the patch isn't 'r00ted'?
> 
> Forgive me as I don't know the MAC platform that well.
> Just got done reading "Stealing the Network: How To
> Own a Continent" - pretty detailed attack on a MAC -
> Chapter 4 authored by Jay Beale. References
> SecurityFocus advisory 6004. http://www.securityfocus.com/advisories/6004 
> Mac OS X Systemic Insecure File Permissions 
> 
> It is fixed in a subsequent patch, but how many are
> "secure" in their OS choice that they patch regularly?
> This one is particularly nasty and 
> 
> I was speaking with a large client that received a
> RIAA subpoena. They traced the IP to a large "printer"
> that had been rooted and had a popular file sharing
> utility installed. "Nobody" looks at printers, but the
> larger ones come with hard drives - BIG hard drives
> (Not pumping Syngress but the first book in the series discusses how to 0wn
> a HP printer.
> 
> People that don't want to be found are not going to
> target "popular" systems. They leverage the noise
> created by those attacks - like a magician with a
> diversion - to keep you focused where they want you
> focused.
> 
> > Mark
> 
> PS: The vulnerability mentioned above shows Apple's
> learning curve with *nix. 
> 
> >From SecurityFocus
> Many applications are installed onto Mac OS X systems
> with insecure file permissions.  This is due to two
> distinct classes of problems:
> 
>      1) a security issue regarding DMG files managed
> by Mac OS X 
>      2) insecure file permissions packaged by
> different vendors
> 
> The result is that many of the files and directories
> that compose various applications are globally
> writable.  This allows attackers with filesystem
> access to an OS X machine can replace binaries and
> obtain additional privileges from unsuspecting users,
> who may run the replaced version of the binary.
> 
> How many files on your system are "777"? :)
> 
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.