RE: [netatalk-admins] shared Logins on UNIX/Mac?

Subject: RE: [netatalk-admins] shared Logins on UNIX/Mac?
From: Marc Matteo (MMatteo@sacbee.com)
Date: Wed Aug 12 1998 - 19:55:02 EDT

I believe one of those was a faulty third party WebStar plugin (now
fixed) and the other was a setup error (unfortunately, there's no patch
for stupidity :)).

I think the jury is still out of the security of the MacOS. On one hand
it's not as widespread as a server OS so it's not as "known" as say UNIX
so it's secure in that way. On the other hand, as that kid showed, just
because no-one has looked doesn't mean there aren't security holes.

I would think, however, that Macs would be (relatively) harder to
actually crack but far easier to crash.

Marc

> ----------
> From: Danny Carroll
> Reply To: dm.carroll@qut.edu.au
> Sent: Wednesday, August 12, 1998 4:09 PM
> To: 'Tony Stuckey'
> Cc: 'netatalk-admins@umich.edu'
> Subject: RE: [netatalk-admins] shared Logins on UNIX/Mac?
>
> I don't think so....
>
> Tell that to the student in my area that last year won two major
> prizes in respective "Hack my Mac" competitions.
>
> They thought the web server was secure.
> he broke it and won ~A$20,000.
> They thought they fixed it
> he Borke it againg and won a G3 powerbook.
>
> This was a comp set up specifically to see how secure Mac's were when
> it came to web serving
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Danny Carroll - CSO Academy of the Arts, QUT
> Phone (07) 3864-5903
> Fax (07) 3864-5569
> E-mail dm.carroll@qut.edu.au
>
>
> On Wednesday, August 12, 1998 3:11 AM, Tony Stuckey
> [SMTP:stuckey@jaka.ece.uiuc.edu] wrote:
> > > That's a laugh. MacOS more secure than UNIX. Pretty much every
> UNIX is
> > > minimally C2-classified (US Dept. of Defense rates OS security),
> as is
> > > NT and Netware. MacOS has never been tested and won't be until OS
> X
> > > Server at the soonest, because all MacOSes I've ever seen wouldn't
> > > even merit a rating...
> >
> > If you don't have physical access to the machine, MacOS is quite
> > secure. You can run a MacOS web server or file server on the
> general
> > internet without worry. Most unix systems run too many services to
> say
> > the same thing.
> > Under both unix and MacOS, it is usually the service, rather
> than
> > the kernel, which is broken into via the net.
> > Also, the lack of a shell-style program on the Macintosh implies
> > that it would be harder to take advantage of a break-in.
> > --
> > Anthony J. Stuckey
> stuckey@jaka.ece.uiuc.edu
> > "When I was young, the sky was full of stars.
> > I watched them burn out one by one." -Warren Zevon
> >
>

This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:04 EST