Re: Apple pentesting

From: Daniel (deeper@gmail.com)
Date: Tue Apr 05 2005 - 14:40:55 EDT

• Next message: sam f. stover: "Re: Apple pentesting"
• Previous message: Todd Towles: "RE: Apple pentesting"
• In reply to: Todd Towles: "RE: Apple pentesting"
• Next in thread: sam f. stover: "Re: Apple pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Julian,

OS X is a bsd wunderkund and thus can be treated as a UNIX
workstation. Best bet is to see if Rendezvous is running and also what
other services have been enabled (apple file sharing, samba share, ssh
etc)

Todd,

Wild statement there boy :0)

"never release vulnerability statements..."
hmmmm,
Apple Security page:
http://docs.info.apple.com/article.html?artnum=300667

I'm fairly happy that there is enough information in their security
releases to describe the issue and also if it was fixed. If you needed
more indepth details about the issues, im sure you could just read the
exploit code (if any) that was created or read the alternative release
by the person who found the issue in the first place.

Why should a vendor go the full hog and release extra information
regading security issues? If you have a look at other major vendors,
they seem to follow the same, if not less info, pattern regarding
releases.

Daniel

On Apr 5, 2005 6:47 PM, Todd Towles <toddtowles@brookshires.com> wrote:
> Nessus does work against Macs, the problem with testing Macs is they
> never released vulnerability statements..never. If a hole is found,
> Apple releases a patch and no ones says anything. If Microsoft did
> this..everyone would go crazy.
>
> > -----Original Message-----
> > From: Julian Totzek [mailto:julian.totzek@bristol.de]
> > Sent: Tuesday, April 05, 2005 10:51 AM
> > To: pen-test@securityfocus.com
> > Subject: Apple pentesting
> >
> > Hi Guys,
> >
> > I have to do a pentest in a environment where mac's should be
> > located. Never tested MacOS somebody have some tips for me?
> > They normally should only be clients no servers.
> > Do you know of special tools to test them, or is it possible
> > to test them with progs like nesuss?
> >
> > Cheers
> > Julian
> >
> >
> > ------------------------------
> > email scanned
> > filename: mailbody --> clean
> > SCANMODULE: Ikarus vdb: 05.04.2005(66449) version: 0.2.57.0
> > ------------------------------
> >
> >
>

• Next message: sam f. stover: "Re: Apple pentesting"
• Previous message: Todd Towles: "RE: Apple pentesting"
• In reply to: Todd Towles: "RE: Apple pentesting"
• Next in thread: sam f. stover: "Re: Apple pentesting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:19 EDT