Apple's ad hoc DNS service also requires no encryption, so malware listening to chatter on the network can identify machines and ID codes to replicate

VPN credentials remain within memory after the connection has been broken, which makes them vulnerable

Mac servers accept a range of authentication protocols but don't prevent malware from downgrading to the least secure of these and trying to get illegal access via the weakest link.

There is also no central, required cryptography or memory forensics to help identify malware already running on the server, Stamos said. The desktop version of Mac OS X is more secure than ever, so there is no excuse for such weakness in the server; the only solution, he said, is to leave the server alone.

"Run your Macs as little islands on a hostile network," Stamos told attendees at his Black Hat presentation. "Once you turn on the administrator stuff, once you install OS X Server, you are toast."