[PLUG] MAX OSX Panther compromised twice...

[Darkhorse]

An iBook has been compromised twice now.  My suspicion is that it's a
BSD tcp/ip stack problem.  Rumor has it that ipfw can be bypassed
through an exploit involving the tcp/ip stack.  Whoever did the
compromise, there were no services running on the machine yet they
managed to mount NFS shares remotely and cause strange udp activity
to occur.  This is a very new iBook and it has already gone back
to CompUSA once for a $250 hard drive pull.  Does the iBook have
a compromisable bios?  Can the owner of this iBook clean it up 
or does it have to go back for another $250 hard drive pull?

Googling, it appears there's a weakness in the help system that can
be exploited when you web browse on the Internet.  There's also an
ssh problem, apparently you can be telnetting without even realizing
it.

BSD is supposedly the system to build a firewall with.  What's wrong
with the kernel and what's the fix?  There's one upgrade kernel from
apple, but I don't know that it fixes any tcp/ip stack problem.
There's supposedly a security patch for the help system, I'm
surprised CompUSA didn't take care of this.

Short of being able to figure out what the weakness is, I've suggested
to my friend that he fix my alpha and use it as a router running Linux 
to protect his iBook.  He went from a pc laptop to an iBook thinking
better security.  Any help appreciated.

     --  Michael C. Robinson