Leopard's Firewall Criticized
Heise Security was highly critical of the firewall and declared that it failed every test. The tests centered around Apple's default configuration and whether the firewall configured correctly due to user input.
[Leopard's firewall] is not activated by default and, even when activated, it does not behave as expected. Network connections to non-authorised services can still be established and even under the most restrictive setting, "Block all incoming connections," it allows access to system services from the internet.
The company does acknowledge that the system services that it communicated with in its tests did not seem immediately exploitable (though one, ntpd was out of date). However, the company does advise that the issues be addressed by Apple and users beware of the shortcomings.
Apple has been touting Leopard's security as one of the many features of Leopard.
Top Rated Comments
(View all)
From the article (German heise magazine):
The Mac OS X Leopard firewall failed every test. It is not activated by default and, even when activated, it does not behave as expected. Network connections to non-authorised services can still be established and even under the most restrictive setting, "Block all incoming connections," it allows access to system services from the internet. Although the problems and peculiarities described here are not security vulnerabilities in the sense that they can be exploited to break into a Mac, Apple would be well advised to sort them out pronto.
You wouldn't even believe Microsoft to be so stupid to expose open services (and even NetBIOS!!) to the internet when the firewall is setup to block ALL traffic. No kidding, Leopard does. Though, there is no proof of concept exploit, yet, that's a totally unneccessary design flaw, even a freshman CS student wouldn't be allowed to turn in.
From the article (German heise magazine):
It's no surprise. I loved the old firewall, this firewall is awful. It doesn't work right. Little Snitch is better than it.
You wouldn't even believe Microsoft to be so stupid to expose open services (and even NetBIOS!!) to the internet when the firewall is setup to block ALL traffic. No kidding, Leopard does. Though, there is no proof of concept exploit, yet, that's a totally unneccessary design flaw, even a freshman CS student wouldn't be allowed to turn in.
From the article (German heise magazine):
Thank God for hardware firewalls.
Thank God for hardware firewalls.
I wonder what degree of hardware firewall you would need to compensate.
Would a standard router with NAT work?
Or, would you actually need a router with a specific firewall to compensate?
I wonder what degree of hardware firewall you would need to compensate.
Would a standard router with NAT work?
Or, would you actually need a router with a specific firewall to compensate?
I have an AEBS. It has a hardware firewall and it sucks. Apple can't even do hardware firewalls right. :rolleyes:
I have an AEBS. It has a hardware firewall and it sucks. Apple can't even do hardware firewalls right. :rolleyes:
I have a Linksys Router with a Hardware Firewall in it. I wonder if that is adequate, or if the Leopard issue would create an open door.
It's a BEFSX41 Labeled as a Broadband Firewall Router.
I've previously configured it, and it seems to have passed the online scanners. So, hopefully it will close the door that Apple is opening.
I have a Linksys Router with a Hardware Firewall in it. I wonder if that is adequate, or if the Leopard issue would create an open door.
It's a BEFSX41 Labeled as a Broadband Firewall Router.
I've previously configured it, and it seems to have passed the online scanners. So, hopefully it will close the door that Apple is opening.
That should be more than adequate.
Edit: I miss the dead SPI enabled router.
Anybody turn on the advanced settings, use stealth, then look at the logs awhile latter. :(
Edit: I miss the dead SPI enabled router.
From reading the article, I couldn't tell.
SPI, I seem to recall something about that when I was researching my router / firewall purchase. Seems it was a feature of the Linksys Router if I remember correctly. But, then I could just be mixing things up at the moment.
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
