[carnagex2000]

All right, here is a link for the PDF of the speech that Jay Beale gave at DefCon 11 in Vegas (hacker convention for those that didn't know) It was on Locking Down OSX.
Also you can contact Jay Beale (JJB Security) at his website:

http://www.bastille-linux.org/jay/

Speech:
http://opensores.thebunker.net/pub/m...s-03-beale.pdf

[utidjian]

Originally posted by carnagex2000:
All right, here is a link for the PDF of the speech that Jay Beale gave at DefCon 11 in Vegas (hacker convention for those that didn't know) It was on Locking Down OSX.
Also you can contact Jay Beale (JJB Security) at his website:

http://www.bastille-linux.org/jay/

Speech:
http://opensores.thebunker.net/pub/m...s-03-beale.pdf

Very interesting! Thanks for posting those links.

Jay misses a very important, IMO, step... to change permissions on the netinfo utility files, namely:

Code:
-r-xr-xr-x  1 root  wheel  40088 Apr 28 12:49 /usr/bin/nicl
-r-xr-xr-x  1 root  wheel  23996 Apr 28 12:49 /usr/bin/nidump
-r-xr-xr-x  1 root  wheel  19928 Apr 28 12:49 /usr/bin/nifind
-r-xr-xr-x  1 root  wheel  15268 Apr 28 12:49 /usr/bin/nigrep
-r-xr-xr-x  1 root  wheel  81480 Apr 28 12:49 /usr/bin/niload
-r-xr-xr-x  1 root  wheel  15284 Apr 28 12:49 /usr/bin/nireport
-r-xr-xr-x  1 root  wheel  29088 Apr 28 12:49 /usr/bin/niutil

should all be set to mode 0550 or 0500.
This is because a simple:

nidump passwd .

can be done by anyone that gets shell access to the machine either directly or remotely. Then they have a list of all the password hashes... they can copy that list to another host and run John the Ripper (or whatever) at their convenience.