Tetsuo Time

Looking around I came upon these tidbits (left in comments in a related article):

“Well, apparently the exploit was achieved by clicking on a URL which opened a port number on the Mac, which in turn allowed them the telnet to the machine.”

1) This would be defeated by NAT
2) You have to turn on remote login, which is not on by default (which I believe is ssh in any case but that’s just a different port)
3) you need a logon, specifically an admin logon.

Similarly, someone else commented:

1) telnet daemon would have to be enabled - very unusual for OS X
2) he would need a logon, or to execute ‘any’ code an admin logon

Of course the bad part here is that Safari allowed access to SSH\Telnet and should be patched as soon as possible. However, like I said in my previous article about this that things like that typically require authorization in OS X and an Admin account.

Still, good security practices are good to have on any computer.

Telnet and SSH where specifically made so a person can remotely use a computer through a command prompt.

I think I can safely say we aren't going to suddenly have a botnet of Mac computers all of a sudden after this.

Looking around I came upon these tidbits (left in comments in a related article):

“Well, apparently the exploit was achieved by clicking on a URL which opened a port number on the Mac, which in turn allowed them the telnet to the machine.”

1) This would be defeated by NAT
2) You have to turn on remote login, which is not on by default (which I believe is ssh in any case but that’s just a different port)
3) you need a logon, specifically an admin logon.

Similarly, someone else commented:

1) telnet daemon would have to be enabled - very unusual for OS X
2) he would need a logon, or to execute ‘any’ code an admin logon

Of course the bad part here is that Safari allowed access to SSH\Telnet and should be patched as soon as possible. However, like I said in my previous article about this that things like that typically require authorization in OS X and an Admin account.

Still, good security practices are good to have on any computer.

Telnet and SSH where specifically made so a person can remotely use a computer through a command prompt.

I think I can safely say we aren't going to suddenly have a botnet of Mac computers all of a sudden after this.

Most people would probably consider Mac OS X to be a pretty secure OS to start off with but it still could use some help. Such as.. ( more inside... )