Macs in Enterprise; "Steer clear" says Black Hat

Discussion in 'Apple, Inc and Tech Industry' started by TheSideshow, Aug 8, 2011.

  1. TheSideshow macrumors 6502

    Apr 21, 2011

    Black Hat Apple may have built its most secure Mac operating system yet, but a prominent security consultancy is advising enterprise clients to steer clear of adopting large numbers of the machines.

    At a talk last week at the Black Hat security conference in Las Vegas, researchers from iSec Partners said large fleets of Macs are in many ways more vulnerable than recent versions of Windows to so-called APTs. Short for advanced persistent threats, APTs are usually the work of state-sponsored hackers who go to great lengths to infiltrate government and corporate networks with malware that steals classified information and proprietary data.

    iSec's recommendation is premised on the assumption that a small percentage of employees in any large business or government organizations will be tricked into installing malicious software, no matter what platform they use. The problem with Macs stems from the OS X server that administrators use to push updates to large numbers of machines. The server's authentication routine is “inherently insecure,” making it trivial for a single infected OS X computer to compromise others, said iSec CTO Alex Stamos.

    “With a large enterprise, you have to assume that people are going to get tricked into installing malware,” he told The Reg. “You can't assume that you'll never have malware somewhere in a network. You have to focus on parts where a bad guy goes from owning Bob the HR employee to become Sally the domain admin.”
  2. *LTD* macrumors G4


    Feb 5, 2009
    More details:

    As per The Register’s report, iSec bases this on the assumption that a small percentage of users in any business, organisation or government department could be duped into installing malware — regardless of the operating system they use.

    Macs running Apple’s flagship operating system, however, are more vulnerable due to Mac OS X Server that port updates to its machines. Authentication used by the server is “inherently insecure”, making the infection rate far more likely.

    While Mac OS X Server uses Kerberos authentication, it uses a backup authentication method — which is easy to override. While Macs alone are good at defending themselves, “once you install OS X Server you’re toast”.

    Remember Google and China?

    Two years ago, while Windows machines were taken over by an exploitation unpatched at the time, in a massive hacking attack with an alleged China to be behind it, Macs may not have been a better defence.

    The proof of concept run was able to collect and copy all the authentication credentials, which then contacts other Macs on the network pretending to be the stolen administrator account, to further collect valuable corporate or governmental data.

    Now, granted this could be used against governments and major technology organisations, defence contractors and specialists working in their field.

    But universities encompass all of the above — with academics working with government on policy, defence issues and sensitive matters of state.
  3. Moribund macrumors newbie

    Jul 16, 2011

  4. Bernard SG macrumors 65816

    Bernard SG

    Jul 3, 2010
    Good grief...
    It's not like Apple ever presented OS X Server as a solution for huge and/or peculiarly sensitive organizations that would be subjected to the kind of risk that is described.
  5. maflynn Moderator


    Staff Member

    May 3, 2009
    The organization does not have to be "huge" or sensitive to have a risk. Clearly OSX's security is insufficient in this area and just saying its not needed for the type of customers OSX caters too is a bit foolish.
  6. Lennyvalentin macrumors 65816


    Apr 25, 2011
    So what if they did or not?

    Surely there's not a problem telling people there's security issues with OSX? Having information is never a bad thing you know.

Share This Page