Contributing Authors

Kevin Finisterre is the former Head of Research and Co-founder of SNOSoft, Inc.aka Secure Network Operations. Kevin’s primary focus has been on the dissemination of information relating to the identification and exploitation of software vulnerabilities on various platforms. Apple, IBM, SAP, Oracle, Symantec, and HP are among many vendors that have had problems that were identified by Kevin. Kevin is currently very active in the Apple research and exploitation scene. He enjoys testing the limits and is constantly dedicated to thinking outside the box. His current brainchild is the project he calls DigitalMunition.com.

Larry H. has been doing security research on the Macintosh platform for over 2 years (since mid 2006), with strong focus on kernel land security and implementation of proactive defense mechanisms for both Linux and the XNU kernel. Even though computers aren’t his main occupation, he enjoys developing new and improving existent exploitation and IDS evasion techniques, as well as researching on secure OS design, security policy frameworks (MAC, RBAC, MLS, etc) and applied data mining. Even though this all sounds pretty serious, he enjoys humor for the banter as well as reading through the King James Bible quite frequently.

I would like to thank Kevin and Lance M. Havok for the technical and friendly discussions, comments and advice, as well as sharing their respective experiences working on Mac OS X security research. I’ve tried to use a clear, simple, and not pedantically over-complicated style when writing for this book, simply because knowledge is not meant to be kept exclusive for a bunch of lucky smarty-pants, and anyone should be able to understand the concepts exposed here with minimal knowledge of OS internals and low level programming. Also, I want to state that any relation of names, nicknames, events and situations might be purely coincidental and used for clarity and completeness, there’s no intention to neither offend nor compromise the reputation of the software vendors, public figures, professionals, etc, involved or mentioned throughout the text.

We all do mistakes, but we should keep up with the responsibility of fronting their consequences when necessary and this is an area where the security industry is clearly lacking, besides the continuous competition and hunger for fame and recognition from most of its professionals, who quickly forget life isn’t all about poking a keyboard. In these regards, I would like to thank Dave Aitel, for being there through the years without shifting his ideas and philosophy towards the trends, keeping a positive attitude and disregarding the vast amount of people who envy his achievements. He made this hobby much more appealing.

Last but not least, I want to thank Elsevier Publishing for giving me the opportunity (and Kevin himself) to contribute to this book and put effort intro creating the first, as far as I know, exclusive printed reference for Mac OS X security. Hopefully it fulfills the expectations of readers and insomniacs alike. Even though I had difficulty to meet the deadline and still provide enough meaningful content, covering what I deem some of the most important aspects of Mac OS X security research. I want to thank Apple for developing such a stable operating system and always making it appealing to the eye (while security is already improving as well).

“He deservedly loses his own property who covets that of another.” Phaedrus

David Harley has been researching and writing about malicious software and other security issues since the end of the 1980s. From 2001 to 2006 he worked in the UK’s National Health Service as a National Infrastructure Security Manager, where he specialized in the management of malicious software and all forms of email abuse, as well as running the Threat Assessment Centre, and has worked since as an independent author and consultant for Small Blue-Green World. He joined ESET’s Research team in January 2008.

He was co-author of “Viruses Revealed” (McGraw-Hill) and lead author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” (Syngress), as well as a contributor to “Botnets: the Killer Web App” (Syngress). He has contributed chapters to many other books on security and education for publishers such as Wiley, Pearson and Vieweg, as well as a multitude of specialist articles and conference papers. In his copious free time he is Chief Operations Officer for AVIEN (the Anti-Virus Information Exchange Network) and administers the Mac Virus web site.

Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester’s Open Source Toolkit (ISBN: 1–5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important. He lives in Maryland with his wife, Jennifer, and daughter, Ashley.

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity (http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Gareth Porteous is Helpdesk and Digital Design Technician at Norwich School of Art and Design.