Apple published Security Update 2007-004 for both Mac OS X v10.4.9 and Mac OS X v10.3.9. It’s available for download from Apple’s Web site as well as through the Software Update system preference. Among other things, this update fixes AirPort, fetchmail, ftpd, Kerberos and SMB.
Few corporations are likely to ban iPods in the workplace, but whether Apple and other manufacturers of MP3 players shoulder some responsibility to add security to their devices - and how effective that security would be – is a growing debate.
Apple has published a firmware update for its Airport Extreme Base Station that fixes two security flaws in the Wi-Fi router. The patch fixes a bug found in certain versions of the Base Station that prevented the router from acting as a firewall by blocking IPv6 traffic by default. "This may expose network services on hosts connected through an AirPort Extreme Base Station with 802.11n to remote attacks," Apple said in a Monday advisory.
Despite what Apple wants you to think, your Mac isn't invincible. While Macs may be less vulnerable to viruses and spyware than PC's, they're just as likely to get stolen or suffer from a hardware failure like a hard drive crash. When that happens, will it be a catastrophe, or just an inconvenience? It depends on whether or not - and how well - you back up your Mac.
Independent UK developer Ben Bird has upgraded his video surveillance system for Mac users, SecuritySpy. The system offers powerful video surveillance features for Mac users aiming to protect their home or business – motion detection, real-time compression and network video streaming.
Apple's Mac OS X remains almost completely free of any sort of malware threat despite several years of availability, a significant market share, and even an entire month dedicated to pointing out its flaws.
And security experts are not exactly sure why. In an article for the McAfee Avert Labs blog, security researcher Marius van Oers pointed out that Mac malware is "pretty much non-existent at the moment".
Knowing how to investigate a security breach, potential crime, or policy violation on a Mac computer or server is crucial for understanding the incident and building a chain of evidence that clearly identifies the culprit. In this article, Ryan Faas describes data forensic methods as they apply to Mac OS X and shows you how to ensure that evidence on a compromised Mac is not contaminated during an investigation.
In this howto, the author will show you some things he has done to secure OS X beyond it’s default settings. There are very basic, and some advanced things in here.
This blog post will show you how to make a firewall-related workflow more intuitive.
Apple has issued a collection of 8 security updates for both the OS X and Windows versions of its QuickTime multimedia software. French Security Incident Response Team (FrSIRT) issued its most severe security rating of "critical" for all flaws.
All 8 flaws affects current versions of Quicktime for Windows Vista, XP and 2000. Seven of the vulnerabilities also affect OS X versions 10.3.9 and later.
Some times sensitive data needs to be sent via email and as it travels to it’s destination it can be intercepted by hackers, ISPs, the office IT geek or even a strict government. In this tutorial, we’ll discuss how to use Apple’s Mail application to send secure emails that are signed and encrypted. How does it work? Both parties get a free personal certificate from a trusted source and then we let Mail do the rest.
Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of the controversial MacBook Wi-Fi takeover and promised to release e-mail exchanges, crash/panic logs and exploit code to clear his tarnished name.
Encryption can be used to keep the contents of the email safe from prying eyes. It can also be used to certify that the message a person receives was actually issued by the individual listed in the messages from field. Email encryption is a complicated process that is simply convoluted for the average computer user. Mac users are no exception, so here’s a rundown on the ins and outs of encrypted email.
Apple has issued a security update containing five patches for vulnerabilities disclosed during January's Month of Apple Bugs (MoAB) project. Of the five flaws fixed in the update, only one is rated as a 'high' risk by the US Computer Emergency Response Team.
Anton Linecker writes: "This article assumes that you already know how to create your content—an audio or video podcast—so I won’t go into how you need to compress your video. Instead I’ll concentrate on what makes this password-protected podcast different."
Apple has posted AirPort Extreme Update 2007-001, intended for some Intel-based Macs running Mac OS X v10.4.8. The update corrects an issues that could cause system crashes on a wireless network caused by malicious intent, according to Apple.
Ah, isn’t it good to be back from the holidays, showing off the latest gadgets you received as gifts from your family? That new iPod, for example, will be great for storing files, especially because your company won’t allow you to take home your laptop for some silly security reason. No one will ever guess all the stuff you need is around your neck, stored in a little silver Mini.
Two security researchers have kicked off 2007 with a "Month of Apple Bugs," promising to feature a new vulnerability related to Mac software each day in January. It follows two similar monthlong campaigns last year that focused on browser flaws and kernel flaws. However, some experts and users have questioned the purpose of these projects, wondering how much security value they have. To find out what people on the street make of it, we asked our Mac Views panel, made up of ordinary readers, this question: "Do these kind of bug-publicizing campaigns do any good for the general Net public?" Professional Search Engine Marketing templates
A previously undocumented flaw in Apple's QuickTime media player could be exploited remotely by attackers to install malicious software on computers running either the Windows or Mac OS X operating systems, according to the inaugural posting by the Month of Apple Bugs project, a month-long effort that promises to feature a newly described security hole in Apple's software each day for all of January.
Among the best security practices that everyone should adopt, choosing strong passwords is at the top of the list. If you're reading this, then you have access to the Internet. You likely have accounts on various web sites. You might even be doing some on-line banking. All of these systems, systems not under your control, store your password somewhere. Should someone get their hands on that password file, it's not at all difficult to crack some of the passwords in that file.
Joggers using the iPod Sport kit to keep fit are putting their personal privacy at risk, warn scientists. The academics showed how easy it was to track those using the combination of music player and running shoe sensor. In the worst scenario suggested by the scientists, stalkers could use the tracking data to "engineer" encounters with victims.
A security update issued Tuesday for the Mac version of Microsoft Office was posted in error, the software maker said. The company encouraged consumers to uninstall the patch, which is still being tested.
If you enhance your workout with the new Nike + iPod Sport Kit, you may be making yourself a surveillance target. A report from four University of Washington researchers to be released Thursday reveals that security flaws in the new RFID-powered device from Nike and Apple make it easy for tech-savvy stalkers, thieves and corporations to track your movements. With just a few hundred dollars and a little know-how, someone could even plot your running routes on a Google map without your knowledge.
The "Month of Kernel Bugs" strikes again. At the beginning of the month, a security researcher known only as LMH started the project to highlight unpatched flaws that are so severe that attackers could use them to completely subvert the security of vulnerable computers. On Monday, the project's curator released instructions for targeting a serious flaw in the way Mac OS X systems processes certain types of files.
Ryan Faas explains how to secure your mail server, prevent spam and viruses from reaching users' mailboxes, and configure your mail server to support email accounts across multiple domain names.
The Trusted Computing Platform Alliance (TCPA) was a collaborative initiative involving major industry players. Unfortunately, there are several aspects of trusted computing that are often misunderstood—in particular, its relationship to the controversial idea of Digital Rights Management (DRM). We will not discuss the pros and cons of trusted computing here: far too many expositions haven been written both for and against the concept. The purpose of this document is to discuss a specific piece of hardware found in certain Apple computer models: the Trusted Platform Module (TPM). getting paid for articles
The hacker known as "DVD Jon," a.k.a. Jon Lech Johansen, has thcracked the digital rights management technologyat Apple uses to protect songs purchased through its iTunes digital music store. The Norway native is reportedly considering licensing the code through his firm, DoubleTwist Ventures.
With the advent of Intel-based Macintosh computers, Apple was faced with a new requirement: to make it non-trivial to run Mac OS X on non-Apple hardware. The "solution" to this "problem" is multifaceted. One important aspect of the solution involves the use of encrypted executables for a few key applications like the Finder and the Dock. Apple calls such executables apple-protected binaries. In this document, we will see how apple-protected binaries work in Mac OS X.
Security and quality assurance experts reacted negatively to Apple's efforts to blame manufacturing problems that resulted in iPod MP3 players shipping with a virus that affects Microsoft's Windows operating system. Security professionals, including Microsoft's own product release virus scanning chief, called Apple's efforts to deflect blame onto Microsoft misleading and said the batch of factory-infected iPods reveals a troubling lack of thoroughness in the company's manufacturing process.
Capitalising on the growing market share of the new Intel-powered Macs, if not the expected inevitability of a Mac OS X virus turning up ‘in the wild’ (not just as a proof-of-concept exercise), Symantec is ramping up its presence in the Apple world. New versions of its current Personal Firewall 3.0 and Internet Security 3.0 suite - both of which are currently PowerPC utilities forced to run under Rosetta on current-gen Intel Macs - are being rewritten as Universal binaries and will hit the streets alongside MacOS X 10.5 Leopard early next year.
Liz Gannes writes: "DRM-buster DVD Jon has reverse-engineered Apple’s Fairplay and is starting to license it to companies who want their media to play on Apple’s devices. Instead of breaking the DRM (something he’s already done), Jon has replicated it, and wants to license the technology to companies that want their content (music, movies, whatever) to play on Apple devices. This may not be good news for iTunes the store, but it could make the iPod even more popular."
Apple issued a bundle of updates to fix at least 15 different security holes in its Mac OS X software applications. Mac OS X v10.4.8 and Security Update 2006-006 corrects flaws in OS X Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, and Mac OS X Server v10.4 through Mac OS X Server v10.4.7.
There's a persistent perception that because Apple is moving to the Intel platform and now allows Macs to boot to Microsoft's Windows, the potential for more security mischief rooted in Windows could raise a ruckus on the Mac. However, when you install Windows on a Mac via Boot Camp, all the viruses and Trojans you'd rather not encounter on Windows attack only Windows.
Apple released a Security and AirPort update for Mac OS X that fixes vulnerabilities found in the company’s wireless drivers. Apple said the issues found were the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update.
Simson Garfinkel writes: "This column won't convince any chief security officer to throw away his organization's Windows-based computers and move to the Mac. But by analyzing some of the significant security features that Apple has added to its operating system in recent years, I'll aim to show you why I've decided to use Mac OS on my laptop and give you a list of features that you should be demanding from your vendor, whoever that may be."
With the latest large sets of security patches and an alleged wireless driver vulnerability, Mac OS X no longer seems invincible. An expert delves into the real threats in the Apple world and outlines simple steps you can take to protect yourself.
Adam Knight writes: "There exists a pretty significant interface problem with the Apple Installer program such that any package requesting admin access via the AdminAuthorization key, when run in an admin user account, is given full root-level access without providing the user with a password prompt during the install. This is even explained in Apple's Installer documentation as proper behavior. The distinction between the AdminAuthorization and RootAuthorization keys is, simply, whether or not the admin user is prompted for a password; the end powers are exactly the same and it is up to the creator of the package as to if he will be kind enough to ask for a password." online roulette simulator
The newest version of QuickTime, 7.1.3, patches 7 bugs in how the application checks a variety of file formats, including QuickTime, FLC, and H.264 movies; and FlashPix and SGI images. In each case, a malformed file can trigger a heap, buffer, or integer overflow, or in one case, an exception, that then might let the attacker introduce his own code to the PC or Mac, essentially hijacking the computer.
It's only been a day since Apple updated iTunes to version 7, but the folks over at the Hymn project already have a new version of the program that can be used to remove the DRM from songs purchased from it. It's an updated version of the recent release that worked with iTunes 6.
LaCie now offers a full range of secure desktop and mobile hard drives with biometric access control designed to protect confidential data from unauthorized use. The new LaCie SAFE Hard Drive comes in capacities of 160GB, 320GB or 500GB with a universal Hi-Speed USB 2.0 interface for use on Mac. Enhanced security features include an internal drive lock and an external port for attaching an optional chain lock.
Jon Ellch - aka Johnny Cache - was one of the presenters of the now infamous "faux disclosure" at Black Hat and DEFCON last month. Ellch and co-presenter Dave Maynor have gone silent since then, fueling speculation that the entire presentation may have been a hoax. Ellch finally broke the silence in an email to the Daily Dave security mailing list over the weekend, and one thing is clear: he is chafing under the cone of silence which has been placed over the two of them.
Periodik Labs announced the immediate availability of Elektron 1.2, the latest version of its award-winning software for securing small business Wi-Fi networks. The software brings easy to use, enterprise-level Wi-Fi security to businesses without a full time IT staff.
GlowWorm FW Lite is a neat looking application that can help you protect your privacy by enabling you to control your computer at the network level. It works through a simple system of rules and gives you a possibility of easily defining acceptable behaviour for a particular application, host/ip address, port number, and any combination thereof.
Tom Yager writes: "It took an attack on a Windows production server, not devotion to Apple, to put that provocative title on this entry. The attack I encountered occasioned a re-examination of a common question: Is Windows more vulnerable to malware than OS X? I've encountered no clearer or more definitive proof point than this attack. To set the stage, I'll describe the malware's methods."
SecureWorks did a demo at the recent Black Hat conference, showing how it could hack into a MacBook. Now, the company posted a disclaimer on its site to make it clear that MacBook was modified.
If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine. That's exactly what hackers Jon "Johnny Cache" Ellch and David Maynor plan to show today in their Black Hat presentation on hacking the low-level computer code that powers many internal and external wireless cards on the market today.
Security Update 2006-004 can be downloaded and installed using Software Update, or from Apple Downloads. It is recommended for all users and improves the security of a myriad of components, check this page for all the details.
Absolute Software Corporation, the leading provider of patented Computer Theft announced the release of its Apple Macintosh version of Computrace LoJack for Laptops, a laptop security tracking solution that locates and recovers lost or stolen computers.
There's a plethora of Mac OS X security software available but some have proven to be quite exceptional and essential for anyone interested in computer security. Here is a list of tools you all should have in your Applications folder.
A blogger writes: "I always thought it would be nice to have a “key†to a computer, or a hard drive, and unless you encrypt your drive anyone can mount it on a different computer and pull data off of it. While my method will probably won’t work so great against the government, it should against parents / siblings / school staff."
Todd Woodward writes: "Researchers and engineers who are working in the security field must have strong constitutions - especially when it comes to weathering negative backlash and tired conspiracy theories whenever security and Mac OS X are mentioned in the same breath. With that in mind, in an effort to improve the quality of the dialogue, I would like to discuss some important issues regarding Mac OS X and security."
This update fixes vulnerabilities in Microsoft Office 2004 for Mac that an attacker can use to overwrite the contents of your computer's memory with malicious code. This update also fixes issues in Microsoft Entourage 2004 for Mac and includes all of the improvements released in all previous Office 2004 updates.
JC writes: "There’s been a fair amount of chatter about OS X 10.4.7 adding “phone home†capabilities to Dashboard. When we talk about “phoning home,†we’re usually talking about a secret process that transmits information back to a central location, possibly putting personal information at risk. fetchadvisory, though, does nothing of the sort."
According to informants inside the Cupertino-based computer giant, the next version of Apple's operating system will let you track belongings through clever GPS and integrated mapping.
So far, there are no known reports of anyone using the launchd proof-of-concept information to develop an exploit for Mac OS X. "This proof of concept was fixed in Tuesday's Mac OS X 10.4.7 update," said an Apple spokesperson. Update people, update!
Stephen Miller writes: "It's an iPod world, and that makes Apple's popular music player a target for thieves. Police departments around the country have reported a surge in thefts of iPods and other portable music players, and the New York Police Department says iPod robberies have helped push up crime statistics in the subway. To foil iPod snatchers, Targus recently introduced the Mobile Security Lock for iPod."
Elemental Security announced that its Elemental Security Platform (ESP) has been certified by the Center for Internet Security (CIS) for the CIS Mac OS X Benchmark v1.02. Elemental’s policy and risk management product is the industry’s first product to complete the CIS’ rigorous certification process for the Mac OS X Benchmark.
Continue reading "Elemental awarded with Mac Platform Certification" »
A Virtual Private Network (VPN) is a secure way to connect to web sites and email while using wireless networks. Unfortunately, not everyone has access to a VPN, so what do you do? In this article you'll learn how to secure your online activities without a VPN.
The only aspect we actually care about is the disk drive, at this point nothing else matters. Open Firmware [OF] (the “bios†used by Apple’s OS X) is sneaky enough not to show the different boot options; actually if you don’t know about OF you most likely won’t even notice it’s there and that’s why Apple loves it so much as it provides a smooth boot sequence without many pointless information, flashing screens and colors unlike PC BIOS’es which are known to be a bit more “loudâ€.
This paper discusses the security implications of Mach being integrated with the Mac OS X kernel. A few examples are used to illustrate how Mach support can be used to bypass some of the BSD security features, such as securelevel. Furthermore, examples are given that show how Mach functions can be used to supplement the limited ptrace functionality included in Mac OS X.
I came across a number of situations where I needed to access my business e-mail from an insecure environment. I am talking about conferences, exhibitions, as well as airports and open WLAN hotspots. Majority of free e-mail providers, such as Google GMail and Yahoo! have options to login by using a https connection over secure sockets layer (SSL) or transport layer security (TLS). However, in my case, a couple of business mailboxes can be accessed via a webmail that doesn't offer any kind of encryption. The solution is pretty simple - create your own SSH Tunnel.
Continue reading "HOW TO: Securely access your webmail using SSH tunnels" »
VisualRoute is a tool aimed at networking professionals that need reliable diagnostics software. It comes in six versions that give you the power of connectivity analysis from a single computer, a remote desktop or a remote server.
Continue reading "Review: VisualRoute - traceroute on steroids" »
Researchers have claimed that "chip-level threats" pose a potential vulnerability for Intel-powered Mac systems. A chip-level attack targets a feature or vulnerability in a chip instead of attacking software as is the case with nearly all of today's security threats. Examples of chip-level attacks are rare. The last known serious outbreak dates back to 1998, when the CIH/Chernobyl virus embeded itself into the flash-BIOS of infected systems.
Apple released its third major patch this year for the OS X operating system on Thursday, fixing 31 software vulnerabilities in a range of products that could be used by remote attackers to compromise Mac OS systems. But independent security researcher Tom Ferris told InfoWorld the latest patch doesn't cover other critical holes he reported to Apple, and that he may soon publish the details of those flaws, too.
When it comes to your workstation, one of the things you certainly want to be aware of is what’s happening with your outgoing network connections. If you’re curious to find out if a program is sending information about your machine to a remote server or just want to see exactly what’s happening in the background during your usual surfing activities, Little Snitch will promptly tell you all about it.
Continue reading "Review: Little Snitch 1.2.2 - acts as a great informant" »
Apple Computer's Korean online store has been defaced by an intruder. The attack, apparently carried out by someone working under the name "Dinam," who claimed in his online posting to be Turkish, was brought to the attention of Silicon.com last Thursday. The defacement was removed from Apple's Web site shortly after Silicon.com alerted the company, which has subsequently declined to comment on the matter.
Much has been written about future, potential problems with OS X security, but so far no widespread documented issues have occurred. On the heels of Monday's report from The SANS Institute that Mac OS X vulnerabilities are on the rise, The Mac Observer took a look at some of the recent rhetoric surrounding the operating system's security.
How does ssh work with kerberos in a directory environment (like Active Directory)? Can it be restricted to specific network groups, perhaps via use of Mike Bombich's saclutil script? Read this article and find out.
It’s an unwritten law that you can’t write about personal privacy without quoting Sun Microsystems CEO Scott McNealy’s infamous 1999 statement: “You have zero privacy anyway. Get over it.†But the fact is, McNealy was wrong. Although protections in this country are not exactly plentiful, this isn’t 1984 or The Trial—at least, not yet. Here’s how to avoid some of the most annoying invasions of your online privacy.
Nobody likes to think about it, but it is a fact of life that theives like notebooks. Follow these 7 tips for traveling safely with your notebook and protecting the intellectual property contained within.
(S)FTP has a valuable place in the hearts of web builders and developers, and is still one of the most practical methods of getting files from one place to another in a secure manner. In this article, Giles Turnbull surveys six FTP clients for the Mac platform and shows you the major characteristics of each.
Security researcher Tom Ferris has published details about seven security vulnerabilities in Apple's OS X operating system, including proof of concept code.
The most severe flaw affects the Safari browser, which could be targeted by attackers to execute code on a system or cause the browser to crash.
Apple Security Update (APPLE-SA-2006-04-18) includes the following information: J2SE 5.0 Release 4 is now available for Mac OS X v10.4.5 and provides fixes for a couple of security issues that can cause the untrusted Java applications to obtain elevated privileges. J2SE 5.0 Release 4 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site.
Mozilla released a new version of its Firefox browser that adds native support for Mac OS X running on Intel processors, and contains a number of important security fixes for all Firefox users. This should speed up Web browsing on these new systems, which had previously relied on Apple's Rosetta translation technology to run Firefox.
I don't know what people are thinking when they say that running Windows via Boot Camp can expose your Mac OS X to Windows malware. Obviously some took these insinuations seriously and Gartner reacted. In an advisory published on Gartner's website, research VP Michael Silver said administrators should ignore any suggestions that Apple's move to Intel processors will expose the system to security vulnerabilities.
Silver said in the advisory: "All users should ignore any hype about the possibility of exposing the Mac OS to more viruses or worms. The Mac software will be located on another partition within a different file system; thus, running Windows on a Mac will not expose the Mac software to more malware."
Apple has criticised a French law that could break the locks tying songs from the iTunes store to iPod players. In a statement Apple said that if the law were passed it would result in "state-sponsored piracy".
The law to open up all online music stores is due to go to France's upper house of parliament for final approval.
In Mac OS X, the root account is disabled by default. The first user account created is added to the admin group and that user can use the sudo command to execute other commands as root. The conventional wisdom is that sudo is the most secure way to run root commands, but a closer look reveals a picture that is not so clear.
While you're working in your Mac OS X environment, often you need to make an operation that requires a password (access e-mail, a password protected website, etc.) or you need administrator access to perform a certain task. As you use more services and access more systems, over time this entails the input of a multitude of passwords during your daily work.
Continue reading "Mastering your passwords with Keychain Access" »
Apple has published a new version of a security update that the company had issued last Monday. The computer maker refers to the patch as Security Update 2006-002 v1.1. The company said in a knowledge base article that after installing the initial update, "Safari might have a blank icon that won't launch Safari."
Phil Zimmermann thinks Zfone is better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world.
The latest patch again addresses an issue in which Safari could automatically open a malicious file crafted to look like a safe file type. The update introduces additional checks to files that are downloaded to verify their identity.
What how do you keep your business to yourself when you're using the Wi-Fi at your corner coffee shop? It has to be unprotected for you to use it, unless you have to ask for the password at the counter, along with the key to the bathroom. Even in that case, you're sharing a network with people you don't know. Having your software firewall turned on is the obvious first step. Get more tips in this article.
Creating a Chief Security Officer position may be viewed by some as an admission of weakness. Still, it would be a good way for Apple to inoculate itself against the perception - warranted or not - that Mac security may be eroding, and get ahead of the curve for any troubles that may be inevitable. That may not be the case, but in matters related to product marketing, it's the public perception, not the reality that really matters.
Tom Sanders writes: "The University of Wisconsin has ended its OS X hacking contest with no successful hacking attempts. Dave Schroeder, the competition's organiser and a systems administrator at the university, launched the challenge in response to a similar competition last month in which a blogger created user accounts for contestants on a Mac Mini and challenged them to hack into the system by defacing a website."
Apple released security update 2006-001 that patches twenty security holes in Mac OS X and bundled applications. This update can be downloaded and installed via Software Update preferences, or from Apple Downloads and is naturally recommended for all users.
Robert Lemos interviews Kevin Finisterre, founder of security startup Digital Munition, who created the three recent versions of the InqTana worm to raise awareness of security in Apple's OS X. Finisterre discusses his reasons for creating the worms, the problems with Mac OS X security, and why he does not fear prosecution.
Rob Enderle, principal at the Enderle Group, reacted to the recent news of a pair of worms aimed at Mac OS X and a zero-day vulnerability of Apple Computer's operating system with accusations that the security industry hypes the danger in order to sell more security software.
All the Mac viruses and security holes in the news are overblown. They're news only because of their novelty, not the threat they pose. Leander Kahney writes: "The Leap-A malware was a poorly-programmed Trojan horse that relied on "social engineering," or trickery to perform its nasty function. There's a simple way to protect against this kind of threat - common sense - and in testament to this, a lot of people didn't fall for it."
Rob Griffiths writes: "To get to the bottom of how serious a threat a piece of malware truly is, sometimes you have to take drastic steps—like deliberately infecting your own Mac to gauge the scope of potential damage. That’s what I did with the Leap-A malware that emerged Thursday, and I’ve learned that the program—while tricky—is not nearly as malicious as it could have been."
Codepoet writes: "Mac OS X is a secure operating system in that it's multi-user and has limits on what some user accounts can do. If an account is setup as a basic user, that user can only hurt himself, not the whole system or other users. However, in the interest of being "friendly" to new users, Apple leaves of a lot of the secure bits off for the first user created and this means that Trojans like this week's can cause some pretty nasty problems on your system."
A Trojan horse aimed at Apple's Mac OS X operating system has appeared, purporting to be screenshots of the company's forthcoming Mac OS X 10.5 "Leopard" operating system. Although the Trojan, dubbed "OSX/LeapA" by antivirus firms, can spread itself via the iChat instant messaging program and damage applications on a Mac OS X computer, unlike many Windows Trojans, it spreads by fooling users into launching it manually, rather than by leveraging security flaws in the operating system.
Rober Lemos writes: "At the recent ShmooCon hacking conference, one security researcher found out the hard way that such venues can be hostile, when an unknown hacker took control of the researcher's computer, disabling the firewall and starting up a file server. While such compromises have become common in the Windows world, this time the computer was a Apple PowerBook running the latest version of Mac OS X."
Rebecca Freed writes: "Are Macs impervious to malicious software? No. Have Macs been the subject of catastrophic attacks? No again. Should Mac users be vigilant anyway? Of course. The complacency about Mac security has some basis in fact: OS X comes with many of the ports that could allow snooping closed; you have to change a System Preference to activate file sharing, personal Web hosting, or even printer sharing. If you don't use these features, you're protected by default. If you want to give other users access to some areas of your system, you should turn on the firewall that's built into OS X."
NetShred is a stand-alone app that protects your privacy on the Internet by shredding the browsing histories and caches of your browsers and email clients.
Bare Bones Software, the company behind BBEdit and TextWrangler, announced the release of their new software - Yojimbo information organizer. The product empowers Mac users to manage, effortlessly and securely, the onslaught of information encountered every day at work and at home, even across multiple computers.
Continue reading "Bare Bones releases a new Mac information organizer" »
This article covers the conceptual and practical aspects of how Mac OS X workstations and servers use Apple’s Open Directory architecture to store and make use of user account information. It also includes information about computers and other resources within a network.
Technology commentator Bill Thompson responds to the feedback he received over his column suggesting that Mac users are too smug about computer security: "I wrote it because I'm a Mac user, among other things, and I worry that we do not take security seriously enough as a community."
Bill Thompson writes: "Mac users demonstrate an indefensible smugness when it comes to the dangers of having their systems compromised by malicious software and opened up to exploitation by others."
This document is designed to help developers determine exactly how much work needs to be done and provides useful tips for general as well as specific code modification scenarios. It describes the prerequisites for building code as a universal binary and shows how to do so using Xcode 2.2. It also discusses the differences between the Intel and PowerPC architectures that can affect code behavior and provides guidelines for ensuring that universal binary code builds correctly.
Imation has released a very cool looking micro hard drive. Available in 2GB and 4GB capacities, this portable drive features a flexible USB 2.0 connector that locks back into the drive, forming a handy attachment clip for briefcases, backpacks or belt loops.
Here's a conundrum: last time you switched on your Mac OS X computer, did you have to enter a password before it loaded up your user account and desktop? No? Funny, because the computer asked for one. You didn't see that part, nor did you see your computer provide a password for itself--but that is, in effect, what happened. Your computer comes with a neat collection of security features built-in, but if you have it set up to automatically log you in every time you boot it up, you're bypassing one of the most basic of them.
This article offers a look at additional ways to tighten security on workstations, from disabling peer-to-peer sharing to limiting SSH access and securing local NetInfo data.
This all-new edition of Deep Freeze Mac allows for a completely non-restrictive working environment where there is no need to be concerned about system misconfiguration, corruption, or malicious damage to a Mac OS X system; a simple restart eradicates all changes down to the last byte and ensures that the standard system configuration is available at all times.
Continue reading "Deep Freeze Mac 2.0 secures your work environment" »
Experts at Sophos suggest Apple might be the best route to security for the masses - that is, until consumers all buy one. UK security company's senior technology consultant Graham Cluley rolled out the damning virus statistics for 2005, showing that with a 48 per cent rise in new viruses, buying a Windows box has never been more risky.
Apple probably didn't intend it, but the iPod will likely prove to be an important stepping stone into solving a problem that has faced computer scientists for more than 30 years.
In case you lose your iPod (or any other external drive for that matter) or it gets stolen your data is in danger. I'm one of those people that constantly carries data on their iPod between two locations and I want to keep it safe. What follows is a brief tutorial aimed at those that want their data protected without investing in commercial software. In case you didn't know, you can increase your privacy pretty easily with features embedded directly into Mac OS X.
Continue reading "Secure backup and storage using a disk image and an iPod" »
Mac GNU Privacy Guard is the Mac OS X port of the popular security utility. I have been using GnuPG for more than 5 years now and it is the best available open source solution for various encryption purposes. This article guides the reader through Mac GNU Privacy Guard installation, as well as its basic functions.
One of the best open source and free pen testing applications available on the Internet today is the Metasploit Project. Metasploit is a very good tool to use to check and see if any services on your network are vulnerable for any one of the numerous publicly available exploits available in the Metasploit Framework. Read more about the usage of the Metasploit Framework at the Macintosh Security blog.
Centralized authentication greatly simplifies network administration. This post teaches how to log in to a Mac or Linux computer using centrally managed user accounts from a Windows Active Directory domain controller. With this configuration, the same Windows user accounts can be used to log in to any of the three operating systems, Mac OS, Linux, or Windows, with the same user network folder auto-mounted.
Since Apple is considered to be quite security conscious I was not surprised to find out that they have filed a patent that describes a method for securely running Mac OS X on specific hardware. The patent covers a "system and method for creating tamper-resistant code". In its application, Apple describes a means of securing code using either a specific hardware address or read-only memory (ROM) serial number.
The Mozilla Organization today released Camino 1.0b1, the anticipated new version of this popular browser for the Mac. The developers advise users to update to this version since it contains several important security fixes as well as various other fixes.
