HNS MAIN FEED
Tuesday, 19:48 EST
- OpenDNSSEC 1.0.0 released
- Microsoft releases giant patch collection
- 81% percent of e-mail links to malware
- Unaware of the dangers, most teens share personal info online
- Data harvested from Facebook used in boiler room scams
- A closer look at USB Secure 1.3.0
- Safety tips for online dating
- Researcher hacks security encryption chip found on millions of PCs
- Is authenticated XSS a problem?
- Online shopping safety: Consumers hold retailers responsible
- Seagate ships the Savvio 10K.4 hard drive
- Political hacktivism and the exploitation of tragedies is on the rise
Q&A: Mac OS X security and forensics
Sean Morrissey is currently employed by Paradigm Solutions as a Computer Forensic Analyst at the U.S. Department of State and was previously employed by CSC as a Developer/Instructor at the Defense Cyber Investigations Training Academy. He is the lead author of "Mac OS X iPod and iPhone Forensic Analysis", and author of an upcoming book on iPhone forensic analysis. In this interview he discusses Mac OS X security in general as well as Mac forensics.
In your opinion, generally how mature is Mac OS X when it comes to security?
Mac security at this time is in its infancy. Apple has been operating under the false illusion that the Mac platform is invulnerable to attack, because historically most intrusions have targeted other operating systems.
Why? The prevalence of those operating systems on a vastly larger array of systems worldwide. Corporate and government systems use Microsoft Windows, many financial institutions have used OS2, ISPs use Linux and Windows, and the majority of home computers have Windows. So as a criminal organization, developing hacker, or state sponsored intruder, which OS, will get the most attention? Windows, the number one OS on the market, and the number one system that gets attacked.
Due to Apple’s inability to take security seriously enough, their systems are easy targets for the criminal element. First of all, the Keychain—the Mac OS password management system--is too easy to crack, and with this you have the keys to the kingdom. File Vault, advertised as a secure volume because of its encryption, is not that hard to crack. There are commercial and free tools that can defeat both the Keychain and File Vault.
Mobile Me, I can also foresee bad things from. If able to get your username and password, from either phishing, social engineering, or cracking the Keychain, I can use Mobile Me to remote connect to your Mac, locate and wipe your iPhone, and get the data from information synced.
Apple is getting better about securing its Operating System. It is also getting familiar with producing more updates in a timely fashion. In the past we would see updates only when Apple took a beating on any given vulnerability. Now the updates are coming out sooner, though still a bit slow, so it will be awhile before Apple security can be considered mature.
1 | 2 | 3 | 4 | Next page >>
- A closer look at USB Secure 1.3.0
- Is authenticated XSS a problem?
- A closer look at File Encryption XP 1.5
- Corporations should follow the goverment's lead on attribution of cyberattacks
- IDS legacy is institutionalized failure
