OS X Security

There’s some interesting discussion going on at Slashdot about OS X security (http://apple.slashdot.org/apple/04/09/02/0057211.shtml?tid=179&tid=172&tid=3). I haven’t done any out of the box scans with Nessus, but there are several Mac users that come and go in the coffee shop that I frequent. I often log into the coffee shop’s router (which is using the default password… asking to be hacked) and get the IPs of everyone else on the LAN. It’s amazing how difficult it is to get much info about the OS X laptops and how easy it is to get it from the Windows users using programs like nmap and the like. Here’s two examples. The first is a computer running OS X, the second is Windows. Both are from random computers in the coffee shop. Notice the open port on Windows and nothing on OS X, and the fact that it couldn’t guess the Mac’s OS, but had no problem with Windows: OS X: Host appears to be up … good. Initiating SYN Stealth Scan against The SYN Stealth Scan took 77 seconds to scan 1601 ports. Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port All 1601 scanned ports on are: closed Too many fingerprints match this host for me to give an accurate OS guess Windows: Host appears to be up … good. Initiating SYN Stealth Scan against Interesting ports on: The SYN Stealth Scan took 61 seconds to scan 1601 ports. For OSScan assuming that port 135 is open and port 1 is closed and neither are firewalled (The 1595 ports scanned but not shown below are in state: closed) Port State Service 135/tcp open loc-srv 139/tcp open netbios-ssn 445/tcp open microsoft-ds 641/tcp open unknown 1025/tcp open NFS-or-IIS 5000/tcp open UPnP Remote operating system guess: Windows Millennium Edition (Me), Win 2000, or WinXP TCP Sequence Prediction: Class=random positive increments Difficulty=1650 (Medium) IPID Sequence Generation: Incremental