OS X Exploits and Defense: Own it...Just Like Windows or Linux! [Paperback]

Paul Baccas (Author), Kevin Finisterre (Author), Larry H. (Author), David Harley (Author), Gary Porteus (Author), Chris Hurley (Author), Johnny Long (Author)

Book Description

ISBN-10: 159749254X | ISBN-13: 978-1597492546 | Publication Date: April 25, 2008 | Edition: 1

Contrary to popular belief, there has never been any shortage of Macintosh-related security issues. OS9 had issues that warranted attention. However, due to both ignorance and a lack of research, many of these issues never saw the light of day. No solid techniques were published for executing arbitrary code on OS9, and there are no notable legacy Macintosh exploits. Due to the combined lack of obvious vulnerabilities and accompanying exploits, Macintosh appeared to be a solid platform. Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post-compromise concealment or disturbed denial of service, knowing why the system is vulnerable and understanding how to defend it is critical to computer security.

* Macintosh OS X Boot Process and Forensic Software All the power, all the tools, and all the geekery of Linux is present in Mac OS X. Shell scripts, X11 apps, processes, kernel extensions...it's a UNIX platform....Now, you can master the boot process, and Macintosh forensic software.

* Look Back Before the Flood and Forward Through the 21st Century Threatscape Back in the day, a misunderstanding of Macintosh security was more or less industry-wide. Neither the administrators nor the attackers knew much about the platform. Learn from Kevin Finisterre how and why that has all changed!

* Malicious Macs: Malware and the Mac As OS X moves further from desktops, laptops, and servers into the world of consumer technology (iPhones, iPods, and so on), what are the implications for the further spread of malware and other security breaches? Find out from David Harley.

* Malware Detection and the Mac Understand why the continuing insistence of vociferous Mac zealots that it "can't happen here" is likely to aid OS X exploitationg

* Mac OS X for Pen Testers With its BSD roots, super-slick graphical interface, and near-bulletproof reliability, Apple's Mac OS X provides a great platform for pen testing.

* WarDriving and Wireless Penetration Testing with OS X Configure and utilize the KisMAC WLAN discovery tool to WarDrive. Next, use the information obtained during a WarDrive, to successfully penetrate a customer's wireless network.

* Leopard and Tiger Evasion Follow Larry Hernandez through exploitation techniques, tricks, and features of both OS X Tiger and Leopard, using real-world scenarios for explaining and demonstrating the concepts behind them.

* Encryption Technologies and OS X Apple has come a long way from the bleak days of OS9. THere is now a wide array of encryption choices within Mac OS X. Let Gareth Poreus show you what they are.

* Cuts through the hype with a serious discussion of the security
vulnerabilities of the Mac OS X operating system
* Reveals techniques by which OS X can be "owned"
* Details procedures to defeat these techniques
* Offers a sober look at emerging threats and trends

Editorial Reviews

About the Author

Paul Baccas is a researcher at Sophos plc, the UK security company. After reading Engineering Science at Exeter College, Oxford, he worked in various technical roles at Sophos, and is now mainly engaged in spam research. He is a frequent contributor to Virus Bulletin.

Kevin Finisterre is the former Head of Research and Co-founder of SNOSoft, Inc. aka Secure Network Operations. Kevin's primary focus has been on the dissemination of information relating to the identification and exploitation of software vulnerabilities on various platforms. Apple, IBM, SAP, Oracle, Symantec, and HP are among many vendors that have had problems that were identified by Kevin. Kevin is currently very active in the Apple research and exploitation scene. He enjoys testing the limits and is constantly dedicated to thinking outside the box. His current brainchild is the project he calls DigitalMunition.com.

Larry H. has been doing security research on the Macintosh platform for over 2 years (since mid 2006), with strong focus on kernel land security and implementation of proactive defense mechanisms for both Linux and the XNU kernel. Even though computers aren't his main occupation, he enjoys developing new and improving existent exploitation and IDS evasion techniques, as well as researching on secure OS design, security policy frameworks (MAC, RBAC, MLS, etc) and applied data mining. Even though this all sounds pretty serious, he enjoys humor for the banter as well as reading through the King James Bible quite frequently.

David Harley has been researching and writing about malicious software and other security issues since the end of the 1980s. From 2001 to 2006 he worked in the UK's National Health Service as a National Infrastructure Security Manager, where he specialized in the management of malicious software and all forms of email abuse, as well as running the Threat Assessment Centre, and has worked since as an independent author and consultant for Small Blue-Green World. He joined ESET's Research team in January 2008. He was co-author of Viruses Revealed (McGraw-Hill) and lead author and technical editor of The AVIEN Malware Defense Guide for the Enterprise (Syngress), as well as a contributor to Botnets: the Killer Web App (Syngress). He has contributed chapters to many other books on security and education for publishers such as Wiley, Pearson and Vieweg, as well as a multitude of specialist articles and conference papers. In his copious free time he is Chief Operations Officer for AVIEN (the Anti-Virus Information Exchange Network) and administers the MAC Virus web site.

Gary Porteous is a Professional Security Researcher based in the UK and a keen advocate of open source projects. A hacker in the old sense of the word, as someone who creatively dissects and reconstructs technology, Gary feels both at home tinkering with small finite problem solving as considering the pattern of modern technology and it's larger implications. Having been involved with Macintosh security since 1998, more recently he has worked as a systems engineer and consultant, and is currently employed as a Macintosh computer expert in the UK educational sector. Alongside all this he enjoys escaping to the countryside whenever possible and helping to run the organization AppleseedUK (www.appleseeduk.org).

Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Product Details

• Paperback: 352 pages
• Publisher: Syngress; 1 edition (April 25, 2008)
• Language: English
• ISBN-10: 159749254X
• ISBN-13: 978-1597492546
• Product Dimensions: 9.1 x 7.5 x 1 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 1.7 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #2,451,158 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

2.0 out of 5 stars Disorganized and lacking depth, June 21, 2008

By 

James F. Cerra (Pittsburgh, PA, USA) - See all my reviews
(REAL NAME)   

This review is from: OS X Exploits and Defense: Own it...Just Like Windows or Linux! (Paperback)

OS X Exploits and Defense suffers from a number of problems. The organization is totally random. Each author's chapters are unrelated to the others, and there's no real progression. The description of the book seems to be more advanced, targeted at people who write exploits and do system level hardening, but the actual content is mostly beginner-oriented. The writing is poor and in need of some good editing and proofreading.

Here's a description of the first 5 chapters.
Chapter 1:
Macintosh OS X Boot Process and Forensic Software.
2 pages of introduction. 2 pages of describing the boot process, which mainly consists of "There is this thing called EFI and xnu, and here are some keys that you can press during boot to do stuff". It mentions that you can boot off a CD to reset the password, but doesn't mention setting a firmware password. 10 pages describing third party forensic software, which didn't really seem to have any relation to booting, so why are they in the same chapter?

Chapter 2: Past and current threats
A few pages on how some people think OS 9 was invincible, but it really isn't. A few pages on how buffer overflows are exploitable on OS 9, and demonstrating an overflow (but not an exploit) in Eudora for OS 9. First, who cares about OS 9? Second, of course buffer overflows are exploitable on OS 9. Why would anyone devote any time to this?

The chapter moves on to OS X, which is a lot more interesting. It describes some old vulnerabilities. Then there are sections on Unicode exploits, exploiting PowerPC binaries on Intel, and exploiting Wine-based Windows applications. All are interesting and relatively novel, although they are light on explanation and heavy on uncommented gdb output. There is some discussion of tricks that malware can use to hide itself, and some discussion of exploit techniques. Aside from the OS 9 content, this whole chapter was good.

Chapter 3: Malicious Macs: Malware and the Mac
It describes different types of malware, and specific instances of malware that have been targeted at old versions of Mac OS, as well as Mac OS X. It devotes a lot of time to arguing that malware can affect Mac OS X, and has. Which is true, but to any security-minded reader that should already be obvious, so I don't know what the point is. We all know idiot Mac users who think they're invincible, but they don't read books like this.

Chapter 4: Malware detection and the Mac
There's some discussion of whether or not anti-malware software is needed on the Mac, a brief discussion of malware detection techniques, and an overview of some available anti-malware software. All of this is fine, but it's at a low technical level suitable for an end user trying to decide what anti-virus program to buy. It doesn't fit with the book's marketed demographic.

Chapter 5: Mac OS X for Pen Testers
This chapter covers:
Running Terminal, running perl, installing and using CPAN, X11, compiling open source programs, an overview of open source security programs. There's a 6 page section on how to build Wireshark. The intended audience for this is again at a very rudimentary skill level.

This book's main problem is that it lacks focus, which might have something to do with the fact that it has 5 authors. It's all over the place in terms of the topics, and the intended audience. I think there are some people who might like any given chapter, but few who would want to read the whole thing. And there is very little content in the book that is novel, that you couldn't find just by Googling. I have higher hopes for "The Mac Hacker's Handbook" by Charles Miller and Dino Dai Zovi, which hasn't been released yet, so we'll see.

5 of 5 people found the following review helpful:

1.0 out of 5 stars not recommended, August 8, 2008

By 

D. Stamerjohann "headmin.com" (germany) - See all my reviews
(REAL NAME)   

This review is from: OS X Exploits and Defense: Own it...Just Like Windows or Linux! (Paperback)

I ordered this one too fast, few days later first reviews were available and like them I can't recommend this book. too fragmented information without structure, looses the focus of other books covering same topics, its more a bunch of stories and scenarios around apple macs in history

2 of 2 people found the following review helpful:

2.0 out of 5 stars not ready for publishing, April 28, 2009

By 

Allan McCoy - See all my reviews

This review is from: OS X Exploits and Defense: Own it...Just Like Windows or Linux! (Paperback)

Some good info, but not well edited and more than a little dated in places.