Forums | MacLife
You are not logged in.
#1 2007-10-31 4:17 pm
- Random User
- One of those Internet guys
- From: Houston, TX
- Registered: 2002-06-17
- Posts: 1151
Holes in Leopard's firewall
http://www.news.com/8301-10784_3-9807471-7.html
Although Apple is selling its new Mac OS X Leopard operating system on its improved security, researchers at Heise Security have already found fault with its firewall. Unlike with Windows Vista, the Apple firewall is not enabled by default and must be enabled by the end user. Even if you had the firewall enabled in a previous version of the Mac OS X, after an upgrade to Leopard the firewall will again be set to "Allow all incoming connections." It will be disabled.
According to Jürgen Schmidt, editor in chief at Heise Security, if you enable the Apple firewall and set it to "Block all incoming connections," access from the Internet to certain internal system services will still be allowed. As an example, he said that his team was able to query the NetBIOS Naming Service over a Lan network even with full blocking enabled. The team was also unable to specifically enable UDP filtering within Leopard, which should block access to NetBIOS.
Schmidt also faulted Apple for not including the latest versions of open-source applications within Leopard. In August, Charles Miller of Independent Security Evaluators noted the same at the annual Black Hat conference in Las Vegas. The expectation over the summer had been that Leopard would include the most recent version of several open-source applications and protocols.
Within Leopard, Schmidt noted that Apple ships ntpd 4.2.2, while the latest version is 4.2.4, although he admits that it is unclear whether there are any exploitable vulnerabilities here.
That's not the case with Samba, a primary networking protocol. Over the summer Apple did update its Samba package, but not to the most recent version. Leopard ships with version 3.0.025b (same as Tiger). The more recent releases of Samaba, 3.0.25c and 3.0.26a, do include several known bug fixes so it is unclear why Apple did not update Samba within Leopard.
Apple has a longstanding policy about not commenting in public on issues regarding the security of its products.
They are really reaching in order to find problems now aren't they.
"Blu-ray is just a bag of hurt." - Steve Jobs
Offline
#2 2007-10-31 9:31 pm
- jb
- Member
- From: Melbourne, Australia.
- Registered: 2004-01-04
- Posts: 2179
Re: Holes in Leopard's firewall
Can't you filter UDP packets (or at least, block them) using ipfw, which should be in leopard?
They say that the most secure computer is the one not connected to the internet.
That's why security experts recommend Telstra BigPond.
Offline
#3 2007-10-31 10:56 pm
- NAG
- A witch!
- Royal Wombat
- From: /usr/local/apps/nag
- Registered: 2000-09-22
- Posts: 30229
Re: Holes in Leopard's firewall
It is. I think the big problem with the firewall in leopard is that it seems to be approaching the problem from a different (than normal) route and doesn't use exact enough wording.
Offline
