Re:Macintosh Web Server Issues

• To: David Ray <daver@idiom.com>
• Subject: Re:Macintosh Web Server Issues
• From: Blast <blast@worldbit.com>
• Date: Tue, 14 May 1996 20:25:51 -0700 (PDT)
• cc: www-security@ns2.rutgers.edu, Karl Mitze <kgmlists@3rdmill.com>
• In-Reply-To: <v02140b05adbdd3e973b9@[206.14.80.95]>

On Mon, 13 May 1996, David Ray wrote:

> Macintosh is inherently more secure than Unix or DOS based systems because
> there is no Unix shell or DOS prompt to execute commands from. The only
> vulnerabilities that I can think of are:
>
> (1) By far the most common Mactintosh security hole is NCSA Telnet's
> built-in FTP server. A lot of people configure it to allow connections with
> no passwords required. Your whole hard drive is at risk. Just make sure you
> turn off the FTP server if you use this software.
>
> (2) If your Web server is using MacPerl, and if your CGI's have been poorly
> written, it might be possible (though unlikely) to invoke Perl commands
> from URL's or POST data. Conceivably, you could use MacPerl to break into a
> Unix machine elsewhere on your network. This is very far-fetched, but
> technically possible.
>
> Other than that, Macs are vurtually bulletproof.


I think that it is worth mentioning that the IP stack on the mac
MacTCP or OpenTransport will not stand up to a very successful website.
People always get caught up in thinking about security in terms of
confidentiality and the non-disclusure of some information but there
is also the threat of a 'denial of service' attack.

Speaking strictly from a technical stand point,
no one will argue that NT, DOS, MacOS all grew up in a Enterprise
environment.  The Internet IS NOT AN Enterprise-like environment.
To be qualified as Internet-proof one must make sure that there
objects are scalable and robust.

I have setup WebStar on some Intranets and with a closed-audience,
it has done fine.  Keep in mind, that I can also take the whole damn
server out of commision with a few perl scripts and a SYN-bomb.
This has to deal with the listen() function of the Mac TCP/IP stack.
Oh well,
good luck,

--blast

   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   \    Tim Keanini    |         "The limits of my language,            /
   /    aka blast      |         are the limits of my world."           \
   \                   |         --Ludwig Wittgenstein                  /
   \                   +================================================/
   /    PUB KEY: http://www-swiss.ai.mit.edu/~bal/pks-commands.htm     \
   \  <blast@worldbit.com>                                              /
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Re:Macintosh Web Server Issues
• From: daver@idiom.com (David Ray)

• Previous: Re: Redundant web pages
• Next: Re: Macintosh Web Server Issues
• Index(es):
  • Index
  • Thread