They say: "Beware of MACs in the Enterprise"

[gunug]

Researchers from iSec Partners said that MAC Servers and MACs in Networks behave badly:

QUOTE

To demonstrate the threat, they developed a proof-of-concept that runs on a Mac connected to a local area network. It waits to be contacted by a machine running OS X server and then quickly copies all its authentication credentials. Next, it contacts other Macs on the network and pretends to be the administrator machine, and when they respond it is able to steal valuable data.

“If we go into an enterprise with a Mac and run this tool we will have dozens or hundreds of passwords in minutes,” Stamos said. He also faulted the OS X server for its lack of “channel binding” that ties an authentication handshake between two machines to the rest of the transaction that follows.

http://www.theregister.co.uk/2011/08/08/mac_security_risk/

[Xairbusdriver]

Yep, it's a well known fact that all Macs are wide-open to hacker and virus' That's why we're reading so much lately about all the agencies being hacked and secret data being stolen. Let me guess, the firm that developed this "proof-of-concept also sells security services, especially for Windows machines?

BTW, MAC stands for Media Access Control address, a device's unique identifier. It has nothing specifically to do with a Macintosh computer, often called a Mac. Even Dell computers have a MAC address, as well as any printer, modem, hard drive...

Maybe it's just me, but I don't look to the Register form critical security information concerning a Mac.

[Paddy]

Ah yes, and this is because Windows servers are so much more secure??

http://www.theregister.co.uk/2011/08/09/mi...ay_august_2011/

Riiiight....

[Xairbusdriver]

Just to be clear, there are ways to access data in almost any OS/database system/etc. There are secure ways to set things up and there are stupid ways of doing it. And with direct, personal, secure access to something on the LAN it becomes much easier to Hack. I'm sure this companies "proof-of-concept" is possible, whether it would work in any situation where they have a Mac Server, is something else, again. But this is much different than saying someone can do this from outside the LAN. Obviously, there are those who live just for the possibility of finding a 'hole' in any system and claiming to be the first to document it. Most of us know we should not be running as Administrator, even in our own homes. But many of us do because of the irritation of having to enter a password so often. So, even people who are paid to set up secure systems can make mistakes, leave a door open that they thought had been closed by someone else, etc. I don't think any knowledgeable Mac authority has ever claimed that a Mac (server or not) is perfectly secure out of the box. Unfortunately, Marketing and Engineering seldom talk the same language (assuming they even know each group exists!).