Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

3 technical & 1 privacy questions :)

this is really the summation of a lot of things about Bonjour that have been hitherto pent up, so here we go

1. having done a strait build of mDNSResponder from xcode and then going into mDNSPosix and using the makefile I have created mDNSNetMonitor, however when I try to run it I get: mDNSNetMonitor: mDNSNetMonitor failed -65537
thoughts?

2. Why can't I uncheck the Bonjour tab in Directory Access? and is it what is causing me to advertise _workstation._tcp? (the subquestion being that even though I have all ports turned off and firewall set to drop packets, people can still easily OS fingerprint me as being Mac OS X unless I turn off mDNSResponder all the way...doesn't this sort of defeat the point of those new security mechanisms in 10.4? Doesn't this mean that it will be darn easy to find machines to exploit when) This is just generally along the lines that I think I should be able to have my machine "run network silent" if I want, and Bonjour is actively making that hard...

3. What if I don't want my machine to advertise that I'm running SSH via Bonjour? Can I disable it? Not only that, but when I have mDNSResponder unloaded and ssh enabled, I can see from verbose startup that it is trying to advertise ssh and failing...thus making it take about 20+ seconds more to get to the login screen.

(privacy) 4. I realize Bonjour is all about ease of use...but couldn't a better default name be found than "Firstname Lastname's Computer"? This may not seem like a big deal, but here at CMU they have the wireless bridged in the backend and consequently I can see about 400 _workstation people at any given time, and a good 60-70% of them are still using the default name...privacy problems become security problems when I can see a professor's computer, I can see he's running afp and ftp(plaintext passwords) and by the nature of wireless I can simply sit and wait for someone to connect to his machine and log in...I know that this would still be the case if I took traditional attack steps to determine the information, but the point is that you're making targeted attacks much easier by setting it so that people are shouting their real names which are associated with their machines... I don't expect you to eliminate or prevent people from using their real names in their computer names, I'm just saying that making it the default seems like a bad idea, and I'm wondering if Apple has every looked at this decision from a privacy perspective rather than just a security perspective?

thanks

Jonas
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Bonjour-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/bonjour-dev/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.