MacResearch

Just a quick note. Some of you may find Intego's report on Mac/iPhone security interesting. From their analysis, it seems like jailbroken iPhones are particularly susceptible. There were a few proof-of-concept trojans, as well as real world exploits on Mac OS X. Many of the exploits seem to be geared toward taking advantage of user behavior and actions.

Common sense computing practices would address most, if not all, of the known exploits reported here. Although there doesn't seem to be an abundance of common sense these days*. I kid...sort of. And keep in mind that Intego is a software security product manufacturer (but that doesn't mean that what they are saying is necessarily invalid).

Intego 2009 Report (PDF)

Both Apple and the NSA provide documentation on securing Mac OS X based computers and servers. I could only find documentation up to 10.5:

Mac OS X Security Guidance (NSA)
Mac OS X Server Security Configuration 10.5 (Apple)

Apple also provides a set of Common Criteria Tools (again up through version 10.5 of the operating system) and a configuration guide. Common Criteria are a set of internationally approved security standards:

Common Criteria Tools (Apple)

An interesting wiki page on MacShadows KB I came across recently, also describes some additional ways to secure your system and understanding common attack vectors. There is even a section of ideas for the "Truly Paranoid" :)

Hardening Mac OS X - MacShadows KB Article

If someone knows of newer documentation or additional resources, please feel free to post some links in the comments.

*Perhaps it should be referred to as uncommon sense?