toggle

AAPL Stock: 113.99 ( + 1.98 )

Printed from http://www.macnn.com

Black Hat experts: Mac resistance good, could be better

updated 10:50 pm EDT, Thu August 4, 2011

OS X Server weak on authentication, say experts

Security experts who have gathered in Las Vegas this week for the Black Hat conference admit that Macs can often be more resistant to the initial stages of wide-scale, sophisticated enterprise-level hacking attacks -- such as those seen with Operation Shady RAT -- than Windows machines. But the same experts point out that once a network has been compromised, Apple's server version of OS X offers little to stop further intrusion, according to a report from IT World.

The problem with Mac security primarily lies with Mac OS X Server, according to the analysts. Server protocols such as mDNS, Apple Remote Desktop and the Mac implementation of Kerberos use weak authentication models, even for the administrative password, say experts. Although security has been improved in the recently-released Lion version of OS X Server, more could be done, they point out. For example, once a network is compromised and a remote user has access to a fully-shared home folder on a Mac, the administrative password can be learned with a simple (though time-consuming) brute-force attack.

The biggest issue with network security is that it is most often compromised -- often unintentionally -- from within the target corporation or institution, says iSec founder Alex Stamos. Stamos and his team specifically looked at the Advanced Persistent Threat (APT) type attacks such as the intrusion that compromised Google and other tech companies, and how Macs running OS X Server would fare in similar circumstances. While Macs are very resistant to remote hacking attacks, they say, the compromise of a network often begins with an attacker tricking one employee -- either through social media or psychological techniques -- into downloading malicious software or visiting a website compromised with attack code, and willingly installing it.

As the recent MacDefender scamware attck proved, it is both easy to trick people into installing bad software, but difficult -- on a Mac -- for it to go very far. But on a mixed-platform network, for example, malicious code is much easier to hide, and can utilize network resources to attack even Mac-based servers by guessing or working out administrative passwords, leaving the entire system wide open for the second stage of a APT attack, letting attackers move around the network and copy valuable documents.

Many companies are and remain completely ignorant that their systems and data have been accessed remotely until sensitive data comes to light, and even then most institutions are extremely reluctant to admit or discuss how the attack was accomplished.

While admitting he has yet to see a Mac compromised during his investigations, Rob Lee of Mandiant says that Mac servers are no shield to the possibility of data theft on mixed-platform networks, though they are not usually targeted since Mac penetration in enterprise networks is still very low. In fact, according to the report, Lee usually recommends to executives who have been victimes of hacking attacks that they replace the compromised machine with a Mac in order to lower the chance of re-infection.

As Macs become more popular in the IT community, both Apple and system administrators will have to prepare more for APT type attacks, the experts agree. This includes both technological maneuvers as well as better training of employees to guard against being unwitting agents for attackers. [via ITWorld]






by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. facebook_Michael

    Via Facebook

    Joined: Aug 2011

    +6

    Nothing to see here...

    Every type of attack mentioned in this article involves social engineering rather than a shortcoming of the operating system. Without a password obtained via a human being, no attack can occur. If this were not true, where are the headlines about how a Mac has been hacked?

  1. chas_m

    Joined:

    +3

    You're right, but

    this article isn't about a Mac user at home (though the MacDefender thing showed that social engineering ALSO works on at least SOME Mac users). This article is about large-scale corporate enterprises and large-scale, corporate-targeted attacks. I think the conclusions overall are spot-on: Server still needs some beefing up, but more importantly users need to be better educated about social engineering ploys.

  1. Wingsy

    Joined: Dec 1969

    +3

    Guessing Game

    "But on a mixed-platform network, for example, malicious code is much easier to hide, and can utilize network resources to attack even Mac-based servers by guessing or working out administrative passwords, leaving the entire system wide open for the second stage of a APT attack, letting attackers move around the network and copy valuable documents."

    So let's see if I've got this right. Once an outside attacker has access to your LAN, they can take over control of a machine if they GUESS the admin password???? Does anyone else think this revelation is anything other than just plain stupid?

  1. Mr. Strat

    Joined: Dec 1969

    +1

    10 Years After

    No, not the band...

    OS X has been out there for over 10 years now, and it still hasn't been hacked without physical access, special rights, or PEBCAK. Windows (any version) can't make it 10 minutes.

  1. testudo

    Joined: Dec 1969

    +1

    Re: Nothing to see here...

    Every type of attack mentioned in this article involves social engineering rather than a shortcoming of the operating system.

    No, it isn't. Most attacks involve social engineering. What they are saying is what happens after a successful attack.

    And, when you think of it, it is far harder to attack a business computer than a home computer. The business computer will be behind one or more firewalls, routers, etc. It is extremely difficult to get in through the doors from the outside. But if you can bypass that by getting a foothold on the inside, then you bypass much of the company's security measures.

    Without a password obtained via a human being, no attack can occur. If this were not true, where are the headlines about how a Mac has been hacked?

    Who says they need to have a password? One of the MacDefender variants required no password to install and run. Which in turn can lead to attacking from the inside (which is far easier on any system than attacking on the outside).

  1. testudo

    Joined: Dec 1969

    +1

    Re: Guessing Game

    So let's see if I've got this right. Once an outside attacker has access to your LAN, they can take over control of a machine if they GUESS the admin password???? Does anyone else think this revelation is anything other than just plain stupid?

    No. It depends on the available controls on the OS. For example, Windows can be set up to disable accounts after a series of unsuccessful attempts at guessing the password. The article implies that using brute-force is one means to getting the password, which implies OS X doesn't have this simple type of security.

    It's like the PIN for your ATM. Since it's usually just a 4 digit number, anyone getting your card can hack it. Except that ATMs will eat your card (or lock it out) after a set of attempts (say three) at the PIN.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

DoxieGo Portable Scanner

Sometimes, people need to scan things, but having a computer at hand to do so isn't exactly feasible. Maybe it's the home of a relat ...

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

toggle

Most Commented