OS X Exploits and Defense | 
 enlarge | Creator: David Harley
Publisher: Syngress
Category: Book
List Price: $59.95
Buy New: $34.00
You Save: $25.95 (43%)
New (23) Used (7) from $29.14
Avg. Customer Rating:  2 reviews
Sales Rank: 986614
Media: Paperback
Number Of Items: 1
Pages: 400
Shipping Weight (lbs): 1
Dimensions (in): 9.1 x 7.5 x 1
ISBN: 159749254X
Dewey Decimal Number: 005
EAN: 9781597492546
ASIN: 159749254X
Publication Date: April 25, 2008
Availability: Usually ships in 1-2 business days
Condition: BRAND NEW BOOK, CLEAN AND UN-USED. SHIPPED SECURELY IN A BOX.
|
| Also Available In:
|
| Similar Items:
|
| Editorial Reviews:
Product Description
Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post compromise concealment or distributed denial of service, knowing how the system is vulnerable and how to defend it is critical to computer security. This book brings all this information together, providing a solid basis to help you succeed in protecting your organization from risk.
* Cuts through the hype with a serious discussion of the security
vulnerabilities of the Mac OS X operating system
* Reveals techniques by which OS X can be "owned"
* Details procedures to defeat these techniques
* Offers a sober look at emerging threats and trends
|
| Customer Reviews:
 not recommended August 8, 2008
I ordered this one too fast, few days later first reviews were available and like them I can't recommend this book. too fragmented information without structure, looses the focus of other books covering same topics, its more a bunch of stories and scenarios around apple macs in history
 Disorganized and lacking depth June 22, 2008
1 out of 1 found this review helpful
OS X Exploits and Defense suffers from a number of problems. The organization is totally random. Each author's chapters are unrelated to the others, and there's no real progression. The description of the book seems to be more advanced, targeted at people who write exploits and do system level hardening, but the actual content is mostly beginner-oriented. The writing is poor and in need of some good editing and proofreading.
Here's a description of the first 5 chapters.
Chapter 1:
Macintosh OS X Boot Process and Forensic Software.
2 pages of introduction. 2 pages of describing the boot process, which mainly consists of "There is this thing called EFI and xnu, and here are some keys that you can press during boot to do stuff". It mentions that you can boot off a CD to reset the password, but doesn't mention setting a firmware password. 10 pages describing third party forensic software, which didn't really seem to have any relation to booting, so why are they in the same chapter?
Chapter 2: Past and current threats
A few pages on how some people think OS 9 was invincible, but it really isn't. A few pages on how buffer overflows are exploitable on OS 9, and demonstrating an overflow (but not an exploit) in Eudora for OS 9. First, who cares about OS 9? Second, of course buffer overflows are exploitable on OS 9. Why would anyone devote any time to this?
The chapter moves on to OS X, which is a lot more interesting. It describes some old vulnerabilities. Then there are sections on Unicode exploits, exploiting PowerPC binaries on Intel, and exploiting Wine-based Windows applications. All are interesting and relatively novel, although they are light on explanation and heavy on uncommented gdb output. There is some discussion of tricks that malware can use to hide itself, and some discussion of exploit techniques. Aside from the OS 9 content, this whole chapter was good.
Chapter 3: Malicious Macs: Malware and the Mac
It describes different types of malware, and specific instances of malware that have been targeted at old versions of Mac OS, as well as Mac OS X. It devotes a lot of time to arguing that malware can affect Mac OS X, and has. Which is true, but to any security-minded reader that should already be obvious, so I don't know what the point is. We all know idiot Mac users who think they're invincible, but they don't read books like this.
Chapter 4: Malware detection and the Mac
There's some discussion of whether or not anti-malware software is needed on the Mac, a brief discussion of malware detection techniques, and an overview of some available anti-malware software. All of this is fine, but it's at a low technical level suitable for an end user trying to decide what anti-virus program to buy. It doesn't fit with the book's marketed demographic.
Chapter 5: Mac OS X for Pen Testers
This chapter covers:
Running Terminal, running perl, installing and using CPAN, X11, compiling open source programs, an overview of open source security programs. There's a 6 page section on how to build Wireshark. The intended audience for this is again at a very rudimentary skill level.
This book's main problem is that it lacks focus, which might have something to do with the fact that it has 5 authors. It's all over the place in terms of the topics, and the intended audience. I think there are some people who might like any given chapter, but few who would want to read the whole thing. And there is very little content in the book that is novel, that you couldn't find just by Googling. I have higher hopes for "The Mac Hacker's Handbook" by Charles Miller and Dino Dai Zovi, which hasn't been released yet, so we'll see.
|
|
|
