Re: Moving to Mac

On Wed, 1 Sep 2004 12:57:11 -0500, Chuck Lewis <clewis@xxxxxxxxxx> wrote:
> Well I am MORE than aware of all the problems with PC's but didn't want you
> to think that the Mac was immune from that. I sort of thought it was to a
> degree until this post this morning on the Dshield list (with some VERY
> heavy hitters in the security field):
> 
> RE: [Dshield] Spyware and Unlikely Targets
> 
> Does your MAC verify using CERTs that it is
> communicating with Apple and do an MD5 sum to verify
> that the patch isn't 'r00ted'?
> 
> Forgive me as I don't know the MAC platform that well.
> Just got done reading "Stealing the Network: How To
> Own a Continent" - pretty detailed attack on a MAC -
> Chapter 4 authored by Jay Beale. References
> SecurityFocus advisory 6004. http://www.securityfocus.com/advisories/6004
> Mac OS X Systemic Insecure File Permissions
> 
> It is fixed in a subsequent patch, but how many are
> "secure" in their OS choice that they patch regularly?
> This one is particularly nasty and
> 
> I was speaking with a large client that received a
> RIAA subpoena. They traced the IP to a large "printer"
> that had been rooted and had a popular file sharing
> utility installed. "Nobody" looks at printers, but the
> larger ones come with hard drives - BIG hard drives
> (Not pumping Syngress but the first book in the series discusses how to 0wn
> a HP printer.
> 
> People that don't want to be found are not going to
> target "popular" systems. They leverage the noise
> created by those attacks - like a magician with a
> diversion - to keep you focused where they want you
> focused.
> 
> > Mark
> 
> PS: The vulnerability mentioned above shows Apple's
> learning curve with *nix.
>

Actually I think it shows some of the inherent pitfalls of C.