Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why Enterprise Security Teams Must Grow Their Mac Skills
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/12/2017 | 12:38:39 PM
Who Is the Audience Here?
The thing that has always kept me in the security wheelhouse is the amazing range of opportunities.  One reason there are so many opportunities is the great disparity between actual need and "professional"/"Enterprise" offerings.  Much like those who came up in the GNU/Linux world (my involvement with Red Hat implementations in the 90s is how I got into software), security techs are probably just as frustrated as we Linux geeks were with the commercial side of their industry.  That is, on one hand you have the InfoSec underground, lock pickers and code crackers who work regularly on systems of all breeds (from VMS to GNU/Linux to Windows), and you have the "professionals" who often focus on Windows environments.  But whose fault is that?

This article is a call to the "Industry" more than anything.  While Enterprise environments in many sectors may have heavy Windows leanings from infrastructure to end user devices, I don't think the bulk of "true" security professionals need to be told Mac or any other non-Windows device should be the next mastered.  Dedicated InfoSec pros are hacking every known OS under the sun, including embedded OS, router software, etc.  It's unusual to not know tech like OS X and only know Windows when you are passionate about security.  That said, the certificate mills and standard InfoSec security training grounds are not always as diverse, and to be fair many folks who may make good security engineers are only getting one side of the story when they get educated.  Some of this is due to massive software security companies that sell Windows-oriented Enterprise apps.

I think the main message should be not just to move into Mac and OS X mastery and documentation, but to understand InfoSec covers it all.  Windows, AIX, HP-UX, IRIX, GNU/Linux, Mac OS X, BSD, Solaris and OpenVMS at a minimum.  Add on top of that all the custom OS (many of them built on the Linux kernel anyway), such as Cisco IOS.  Let's encourage the exploration of many toolkits, in multiple languages, on multiple systems.  Empowering InfoSec pros in this way will give them a huge advantage against cyber criminals who already know this truth.  Heck, send them out of school not just with their certs but also with a good lock picking kit in their back pocket.  Teach them more and you will get more in return!

   
AnasE928
50%
50%
AnasE928,
User Rank: Apprentice
6/9/2017 | 3:29:07 PM
mac is coming in the way
mac is becoming the leading platform for developement and designing 
90% of web developers now uses Mac devices 
<a href="https://www.freesteamwalletcode.com/">free steam wallet codes</a>
marting123
50%
50%
marting123,
User Rank: Apprentice
11/15/2016 | 6:09:25 PM
amazing
Thank you, I've been seeking for info about this subject matter for ages and yours is the best I have discovered so far.
marting123
50%
50%
marting123,
User Rank: Apprentice
11/15/2016 | 5:24:24 PM
Amazing
Amazing post, thanks a lot my friend, you've shared me great information which I need, professional! For the enterprise securty teams, sure must grow their skills, thanks! waiting for your update :)
ClaireEllison
50%
50%
ClaireEllison,
User Rank: Apprentice
11/15/2016 | 4:15:37 PM
Re: amazing
Excellent article plus its information and I positively bookmark to this site Hi Sarah, thanks for your great article! You shared me the information which I found for a long time, amazing!
ClaireEllison
50%
50%
ClaireEllison,
User Rank: Apprentice
11/10/2016 | 4:42:33 PM
amazing
Excellent article plus its information and I positively bookmark to this site Hi Sarah, thanks for your great article! You shared me the information which I found for a long time, amazing!
macooxii
50%
50%
macooxii,
User Rank: Apprentice
11/9/2016 | 2:09:17 AM
amazing
Hi Sarah, thanks for your great article! You shared me the information which I found for a long time, amazing! You are expert! I have bookmarked your great post and shared into my social network, great! Waiting for your new article, thanks!
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/3/2016 | 10:50:25 AM
Re: From here we got the tips!
Thank you, I've been seeking for info about this subject matter for ages and yours is the best I have discovered so far.
AndreGironda1
100%
0%
AndreGironda1,
User Rank: Strategist
11/2/2016 | 12:49:03 PM
Mac on the way out, but maybe not iDevice
Haven't you heard the good news? Mac computers are on their way out of the Enterprise. Everyone has shiny, new laptops with 32GB of DRAM or more, but Apple decided to ship the latest MacBook Pro with only 16GB of DRAM. No self-respecting app developer, system administrator, or DFIR professional can stand five minutes on a laptop with only 16GB of DRAM.

Tell me how I'm supposed to acquire memory from a machine with 16G or 32G of DRAM and spin up an equivalently-sized ramdisk on a laptop with only 16G of DRAM? It's NOT PHYSICALLY POSSIBLE. I have to defy physics -- and that's what Apple has done: defied their ability to sell laptops due to the laws of physics.
iDevices will still be around, of course. I do recommend that DFIR and other cyber security professionals up their game when breaking iOS and iOS apps. For example, the Daniel Mayer idbtool should be common knowledge to all experts. Repackaging apps is another huge win. Everyone should get a free version of the LE-version of Cellebrite -- apparently you can, too, now because these tools were leaked online by a reseller!
 
What a magical year for Apple. 2017 is going to be so much pwn


Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel&Atilde;&macr;&Acirc;&iquest;&Acirc;&frac12;s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.