Julian,
OS X is a bsd wunderkund and thus can be treated as a UNIX
workstation. Best bet is to see if Rendezvous is running and also what
other services have been enabled (apple file sharing, samba share, ssh
etc)
Todd,
Wild statement there boy :0)
"never release vulnerability statements..."
hmmmm,
Apple Security page:
http://docs.info.apple.com/article.html?artnum=300667
I'm fairly happy that there is enough information in their security
releases to describe the issue and also if it was fixed. If you needed
more indepth details about the issues, im sure you could just read the
exploit code (if any) that was created or read the alternative release
by the person who found the issue in the first place.
Why should a vendor go the full hog and release extra information
regading security issues? If you have a look at other major vendors,
they seem to follow the same, if not less info, pattern regarding
releases.
Daniel
On Apr 5, 2005 6:47 PM, Todd Towles <toddtowles@brookshires.com> wrote:
Nessus does work against Macs, the problem with testing Macs is they
never released vulnerability statements..never. If a hole is found,
Apple releases a patch and no ones says anything. If Microsoft did
this..everyone would go crazy.
-----Original Message-----
From: Julian Totzek [mailto:julian.totzek@bristol.de]
Sent: Tuesday, April 05, 2005 10:51 AM
To: pen-test@securityfocus.com
Subject: Apple pentesting
Hi Guys,
I have to do a pentest in a environment where mac's should be
located. Never tested MacOS somebody have some tips for me?
They normally should only be clients no servers.
Do you know of special tools to test them, or is it possible
to test them with progs like nesuss?
Cheers
Julian
------------------------------
email scanned
filename: mailbody --> clean
SCANMODULE: Ikarus vdb: 05.04.2005(66449) version: 0.2.57.0
------------------------------
