A second look at the Mac OS X Leopard firewall

[Derek Chesterfield]

On 31 Oct 2007, at 14:45, Matt Johnston wrote:
>
> On 31 Oct 2007, at 13:42, Derek Chesterfield wrote:
>> On 31 Oct 2007, at 13:23, Matt Johnston wrote:
>>> On 31 Oct 2007, at 12:32, LuKreme wrote:
>>>> A lot of blather, some of which is symply hysteria and FUD  
>>>> disguised as 'revelation'.
>>>> "Oh Noes!  The time server is running!  Panic attack!"
>>>> Idiots.
>>>> Doesn't Heise-security have a history? Or is that someone else?
>>> The fact they have unreproduceable "evidence" there was a Kerberos  
>>> server running tells me there's faults in their testing methodology.
>>
>> Kerberos is now used by Leopard to authenticate Bonjour  
>> connections. I guess the daemon gets started when needed, and will  
>> hang around afterwards.
>
> Case in point: Why is Derek Chesterfield telling us this and not  
> Heise Security?

That was *exactly* my point - thanks for making that clear. Although  
to be fair I got this info from isfym.com, who seem to be doing a far  
better job than Heise right now.

I think Heise have jumped the gun a bit. Their lack of perspective  
[w.r.t. what we had before w/Tiger] and sweeping conclusions are not  
far from scare-mongering, or dare I say attention seeking?

There *are* genuine questions to be asked of some of Apple's  
decisions, and some may indeed turn out to be chinks in the armour. I  
am looking forward to proper analysis of Leopard's security  
technologies, because, quite frankly, Apple isn't forthcoming.