Comment Re:As an ex-hacker I tend to only trust Mac OS ser (Score 1) 343
Sir,
While I agree that Mac has not experienced the volume of attacks and exploits that other Operating Systems have, I have a few minor issues with your arguments. Not all of them, as I certainly give credit where credit is due. Just a few:
1)No command shell: I profess ignorance on this point, other than I've been told that OSX runs on some sort of Unix kernel. Maybe that isn't entirely accurate, but I've seen a shell on an OSX box.
2) Well if 1 above is true, then yes you have a root user on MAc now. Sorry if I don't understand how the Mac OSX system works, anyone else have any clues?
3) Yes but are C "strings" the number one way people break into systems? It's not how Lamo has been compromising these systems...and anyway, this point has nothing to do with the kind of vulnerabilities Lamo has been exploiting (if you'd even call them vulns...more like someone exploiting stupid user tricks .
4)Yes, this is mostly true. However if a Mac cgi script allows a user to do something he shouldn't, then I don't see how it matters whether or not it is executable on Apache or Mac or whatever. What I'm trying to say is that a shopping cart cgi doesn't properly check for proper input then a user can (usually) exploit said cgi script. Cross-site scripting is a good example of this.
5)Neither does Unix. It has to have the execute bit set, usually - not that that's hard to do, given the proper access. Still I guess it's easier to do things like set a trojan "ls" command (assuming root user is dumb enough to have a "." in his path), so ok. What if I write a shell script in a bash shell in OSX? Can't I just execute that? I doubt I need a special secondary file (like an inode?) for that...sorry if I don't understand Macspeak.
6)understood, assuming it's true.
7)No, fewer macs were hacked because the code wasn't open-source. OR not totally. Am I incorrect? That cash prize has been up for like 6 years now, and even when Macs had more than 3 percent of the market there weren't any takers. I guess that makes Mac more secure...?
I guess most of your points are valid, just not poignantly so.
-Brotherben
While I agree that Mac has not experienced the volume of attacks and exploits that other Operating Systems have, I have a few minor issues with your arguments. Not all of them, as I certainly give credit where credit is due. Just a few:
1)No command shell: I profess ignorance on this point, other than I've been told that OSX runs on some sort of Unix kernel. Maybe that isn't entirely accurate, but I've seen a shell on an OSX box.
2) Well if 1 above is true, then yes you have a root user on MAc now. Sorry if I don't understand how the Mac OSX system works, anyone else have any clues?
3) Yes but are C "strings" the number one way people break into systems? It's not how Lamo has been compromising these systems...and anyway, this point has nothing to do with the kind of vulnerabilities Lamo has been exploiting (if you'd even call them vulns...more like someone exploiting stupid user tricks
4)Yes, this is mostly true. However if a Mac cgi script allows a user to do something he shouldn't, then I don't see how it matters whether or not it is executable on Apache or Mac or whatever. What I'm trying to say is that a shopping cart cgi doesn't properly check for proper input then a user can (usually) exploit said cgi script. Cross-site scripting is a good example of this.
5)Neither does Unix. It has to have the execute bit set, usually - not that that's hard to do, given the proper access. Still I guess it's easier to do things like set a trojan "ls" command (assuming root user is dumb enough to have a "." in his path), so ok. What if I write a shell script in a bash shell in OSX? Can't I just execute that? I doubt I need a special secondary file (like an inode?) for that...sorry if I don't understand Macspeak.
6)understood, assuming it's true.
7)No, fewer macs were hacked because the code wasn't open-source. OR not totally. Am I incorrect? That cash prize has been up for like 6 years now, and even when Macs had more than 3 percent of the market there weren't any takers. I guess that makes Mac more secure...?
I guess most of your points are valid, just not poignantly so.
-Brotherben
