Re: [Full-disclosure] Question about Mac OS X 10.4 Security

If you look at the [very, very] specific paragraph I was referring to,
from Paul's email, then I hope you will agree with me that what I was
trying to convey was the need to avoid generalizing categorization of
users ... having said that, the implications are that a much higher
awareness, and - in turn - possibility of addressing and/preventing
issues related to vulnerabilities exists in the Mac community, vs. the
Windows one, for example.


P.S. Sorry for top-posting, but going back to the end would have made
this a mess ...

On 2/28/06, Steven Rakick <stevenrakick@xxxxxxxxx> wrote:
Ok, first of all, the fact that you even mention
Blackhat, SANS or Cisco Networkers makes me question
if I should even respond...I will anyway.

Yes, it's true a lot of folks, particularly in the
security realm use Macs, myself included. The reason I
use it has nothing to do with an imaginary belief in
security supremacy, but rather that the tools I use on
a daily basis run natively along side software like MS
office. Previously, like many others, I would have
been forced to run a kludgy dual boot or VMware based
solution to solve this. OSX was the perfect solution.

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On
Behalf Of Stef
Sent: Tuesday, February 28, 2006 11:14 AM
To: Untitled
Subject: Re: [Full-disclosure] Question about Mac OS X
10.4 Security

On 2/28/06, Paul Schmehl <pauls@xxxxxxxxxxxx> wrote:

Still, the ignorance of Mac users, who believe their
platform is
somehow magically "secure" will contribute to the

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member

I am sorry, Paul, but I have to take you up on this,
especially with your tendency of generalizing
everything. I have used *nix in the past, for all my
network and security tools, until MacOSX presented
itself as an opportunity for migration, when I had a
need for a new laptop (over two years ago). At that
time the 2.6 kernel and available modules weren't up
to the tasks of the latest hardware capabilities of
x86 laptops, so - on an advice from a friend of mine -
I have tried an iBook. I have been able to compile and
port all my tools just fine, especially with the help
of the underlying "like-BSD" infrastructure (long live
fink and Darwin-ports). All I can tell you is that -
ever since - I never looked back at other choices
(w/the exception of Windows, which was never
considered among choices, anyway, due to limitations
in cygwin, not talking about the many other obvious
reasons for the OS, itself ;)), and have recently got
myself the latest still-PPC Powerbook, which just
confirmed the rightness of the original migration. As
a repository of security and network tools, I have
thrown at this baby everything I can possible think
of, and still haven't found a way to break it ...

... so the Mac users are not [only] the bunch of
idiots/ignorants whom you tend to describe - I would
just invite you to attend a blackhat or shmoocon, or
even SANS or Cisco networkers, and let me know how
many Mac users you can count there ... and then ask
yourself why ... but then, again, I may be wrong ;>

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -