Re: Apple pentesting

• Previous message: Todd Towles: "RE: Apple pentesting"
• In reply to: Todd Towles: "RE: Apple pentesting"
• Next in thread: sam f. stover: "Re: Apple pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 5 Apr 2005 19:40:55 +0100
To: Todd Towles <toddtowles@brookshires.com>

Julian,

OS X is a bsd wunderkund and thus can be treated as a UNIX
workstation. Best bet is to see if Rendezvous is running and also what
other services have been enabled (apple file sharing, samba share, ssh
etc)

Todd,

Wild statement there boy :0)

"never release vulnerability statements..."
hmmmm,
Apple Security page:
http://docs.info.apple.com/article.html?artnum=300667

I'm fairly happy that there is enough information in their security
releases to describe the issue and also if it was fixed. If you needed
more indepth details about the issues, im sure you could just read the
exploit code (if any) that was created or read the alternative release
by the person who found the issue in the first place.

Why should a vendor go the full hog and release extra information
regading security issues? If you have a look at other major vendors,
they seem to follow the same, if not less info, pattern regarding
releases.

Daniel

On Apr 5, 2005 6:47 PM, Todd Towles <toddtowles@brookshires.com> wrote:
> Nessus does work against Macs, the problem with testing Macs is they
> never released vulnerability statements..never. If a hole is found,
> Apple releases a patch and no ones says anything. If Microsoft did
> this..everyone would go crazy.
>
> > -----Original Message-----
> > From: Julian Totzek [mailto:julian.totzek@bristol.de]
> > Sent: Tuesday, April 05, 2005 10:51 AM
> > To: pen-test@securityfocus.com
> > Subject: Apple pentesting
> >
> > Hi Guys,
> >
> > I have to do a pentest in a environment where mac's should be
> > located. Never tested MacOS somebody have some tips for me?
> > They normally should only be clients no servers.
> > Do you know of special tools to test them, or is it possible
> > to test them with progs like nesuss?
> >
> > Cheers
> > Julian
> >
> >
> > ------------------------------
> > email scanned
> > filename: mailbody --> clean
> > SCANMODULE: Ikarus vdb: 05.04.2005(66449) version: 0.2.57.0
> > ------------------------------
> >
> >
>

• Previous message: Todd Towles: "RE: Apple pentesting"
• In reply to: Todd Towles: "RE: Apple pentesting"
• Next in thread: sam f. stover: "Re: Apple pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: More on caching and logging ... or do you think it also includes corporate security ... Refusing to boot up is a felony. ... I was going to run down some process involving hard drives ... Apple did to implement this new product or will they allow it to be ... (comp.sys.mac.system) Re: The Myth of the secure Mac ... > 1) You fail to apply necessary recommended security patches after ... > I agree that the Wintel world could take a few pointers from Apple as ... > price, not quality or engineering excellence. ... (comp.sys.mac.advocacy) US-CERT Technical Cyber Security Alert TA06-275A -- Multiple Vulnerabilities in Appl ... Multiple Vulnerabilities in Apple and Adobe Products ... These vulnerabilities affect both Intel-based and PowerPC-based Apple ... Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update ... (Cert) US-CERT Technical Cyber Security Alert TA06-275A -- Multiple Vulnerabilities in Appl ... Multiple Vulnerabilities in Apple and Adobe Products ... These vulnerabilities affect both Intel-based and PowerPC-based Apple ... Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update ... (comp.security.announce) Re: Creating a Restore Disk Image ... program (for the sake of national security). ... entered into our computers. ... Apple would be out of business overnight. ... I presently own six Macs, ... (comp.sys.mac.system)