Feeds

Frustrated fanbois rejoice as Facebook releases MIDAS Mac security tool

Open source framework lets admins homebrew their own tools

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Facebook and Etsy have teamed-up to develop and publish as open source a security tool for Apple's Macs, following similar moves by Google.

The "Project MIDAS" Mac intrusion detection framework was announced by Facebook in a blog post on Friday, and sees the two companies collaborate on a tool to help companies manage large deployments of Macs.

The Python-based MIDAS framework lets Mac admins monitor clients for things such as changes to kernel extensions, LaunchAgents, LaunchDaemons, and Network Configurations.

"This gives you the ability to quickly audit your assets for threats like IceFog, Dockster, Imuler, Morcut, PubSab, etc," they write.

It is extensible, and the initial open source code comes with a few helper utilities, and an example module for client monitoring.

Code for the project is stored on Github.

Facebook imagines that if people want to deploy MIDAS they will create a private fork of the public project, add specific modules and helpers, deploy the customized MIDAS framework, and then analyse the logs afterward for anomalies.

With the tech, Facebook and Etsy have joined Google in building their own custom tools for managing Macs. Google was compelled to build its own suite of Mac management tools – many of which it plans to publish as open source – due to Apple's lack of willingness to provide new features in a timely manner.

Though Apple has recently seen great success in consumer electronics, it has also stepped back from providing tools to the enterprise.

In recent years, for instance, it retired its Apple server line, and slowed the pace at which it updated its main management software and its workhorse Mac Pro.

Though this devotion of resources to the larger and faster-growing markets of iPads, iPhones, and other iWotsits is sensible from a business point of view, it seems to be causing grief among Valley tech companies due to their employees' love of Mac products. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.