Search
Two Trojans For Mac OS X - Via Slashdot:
I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."
(Read Original Article - Via Slashdot.)
ARDAgent exploit - Description and possible work around - MacShadows KB - Via MacShadows KB :
The ARDAgent exploit is a root privilege escalation exploit using AppleScript, taking advantage of lax permissions set upon the ARDAgent application in Mac OS X 10.4 and 10.5. The ARDAgent vulnerability is currently not patched. read more »
How to Save Mac OS X From Malware - Via Slashdot:
eXchange writes "Well-known hacker Dino Dai Zovi has written an article at ZDNet discussing last week's discovery of a critical threat to Mac OS X, and another announcement of a Trojan horse exploiting this discovery. He suggests that Snow Leopard, or Mac OS X 10.6, should integrate more robust means of preventing malware attacks. Some of the suggestions he has include mandatory code-signing for kernel extensions (so only certified kernel extensions can run), sandbox policies for Safari, Mail, and third-party applications (so these applications cannot do anything to the system), and some lower-level changes, such as hardware-enforced Non-eXecutable memory and address space layout randomization."
(Read Original Article - Via Slashdot.)
AppleScript.THT Trojan Horse - Via Your Mac Life - The Internet's #1 Mac Broadcast!:
From SecureMac
SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire.
The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root. read more »
Foundations of Mac OS X Leopard Security - Via Slashdot Book Reviews:
jsuda writes
"At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable."
Click thru for the rest of Jsuda's review, or use our Amazon link to purchase - 'Foundations of Mac OS X Leopard Security'
(Read Original Article - Via Slashdot Book Reviews.)
Update May30,2008 10 PM - It's official my hard drive is hosed, and I need to get a new hard-drive for my iBook. I'll probably order it Monday or Tuesday, so if you want to help out you have some time to order this from my wish list. :-) So it will be a few days before I can make any serious updates to the site. I'll know when my new drive is in place, but I think I recovered most of the critical data.
You may have noticed a lack of updates recently. I have not decided to stop blogging, but my laptop has had a meltdown making it impossible for me to use my normal tools to kep the site up to date.
Unfortunately my hard-drive has had a massive failure and I am currently trying to recover my data, but just to make it more challenging than it should be, Its been a while since my last backup.
My first three rounds of working on this all failed due to the problem being to much for the recovery software to handle, and this included two tools which had never failed me before. The current round is running (but extremely slowly) since 2PM yesterday and is only half way thru the drive. I won't know how successful it has been till its complete.
After I have recovered all the data I can, I have to run some destructive hardware tests to see if the hard-drive itself is bad or if it was just a corrupted directory that brought me down. If it turns out to actually be a hardware failure, this might be a good time to upgrade the capacity of the internal drive since prices have come down. I had seriously thought of upgrading the entire iBook to a current MacBookPro(15 inch), but one of my clients won't allow any type of camera(regular, phone or laptop) onsite, which kills my ability to use it on-site. Oh well, maybe later.
I'll be back as soon as I can.
MI6 seeks Mac-using spook - Via Macworld UK:
MI6 is searching for a Mac user to help the secret service in its work.
The UK spy agency is advertising for a Mac using artworker with QuarkXPress and Adobe CS3 skills to help the organisation create forged documents, currency and other publications.
The successful applicant will get a heavyweight inflation-proof civil service pension and also be fully trained as a spy, according to the MI6 recruitment website.
Full details of the job aren’t available, with MI6 telling potential recruits (who must be UK nationals): “We're sure you'll understand that as an organisation that collects secret intelligence, we can't tell you a great deal about what you'll be doing.”
Take a look at MI6’s online recruitment advert here.
(Read Original Article - Via Macworld UK.)
Senate Votes to Kill Anti-Immunity, More Limited Spying Bill - Via Threat Level:
The Senate rejected Thursday a proposal to expand the government's wiretapping powers without giving retroactive legal immunity to telecoms that helped the government spy on Americans without warrants, preferring instead a bill with less oversight and explicit immunity for companies like AT&T. The Republican opposition, joined by some Democrats, garnered 60 votes to the Democrats 34. read more »
Podcast: What's up Steve Jobs' sleeve for Macworld? - Via Privacy : Tech news from CNET :
Chertoff announces new version of electronic ID card mandate; the aftermath of the Gizmodo CES prank; and a Macworld preview.
(Read Original Article - Via Privacy : Tech news from CNET .)
Mac Users Get A Credit Card Stealing Trojan for Halloween, Security Company Reports: >Hackers are reportedly sticking virtual razor blades into Apple computers'this Halloween, as a Mac security vendor reports Wednesday'that a Mac-focussed Trojan is reportedly loose on the internet costumed as an innocent'video decoding file.
Mac OS X users visiting'malicious porn sites are told to download a special codec'that will let'Apple's Quicktime player to'play'the porn flicks, but instead of adult treats, users get a'malicious trick, according to anti-virus vendor Intego. read more »
Slashdot | OS X Leopard Firewall Flawed: "cycoj writes with a report in the German IT magazine Heise, taking a look at the new OS X Leopard firewall. They find it flawed. When setting access to specific services and programs to only allow SSH access, for example, they found that a manually started service was still accessible. read more »
It seems that Leopard is officially coming out on October 26,2007 and it has a few features that people concerned with privacy and security might find of interest. Some are listed below in no particular order. read more »
KisMAC Developer Discontinues Project: "mgv writes to let us know that the lead developer of KisMAC, a passive wireless network discovery tool for Mac OS X, is discontinuing the project. Michael Rossberg lives in Germany and that country has recently passed laws that would make his participation dangerous. He urges visitors to take a copy of KisMAC and its source as long as the site is up, so that development might be continued outside the US or EU. read more »
Apple fixes 17 Mac OS X flaws: "Apple on Thursday unveiled the year's fifth major security update for Mac OS X to patch 17 vulnerabilities, but fewer than one-third of them could lead to hackers injecting their own code into a compromised system.
Thursday's release also marked the first time this year that an operating system security update from Apple did not patch a vulnerability disclosed by the January Month of Apple Bugs project. read more »
MacForensicsLab™ is a complete suite of forensics and analysis tools in one cohesive software package. Combining the power of many individual functions into one application in order to provide a single solution for law enforcement professionals and digital forensic investigators.
When you need a single tool to perform digital forensics - you need MacForensicsLab™ from SubRosaSoft.
Detailed documentation is automatically created while you are performing your forensic examination. Logs are kept of every action performed, every item found, and freeform notes taken during the case, to tie them all together with your thoughts on the process. read more »
MacLockPick - Live Forensics for OS X: "MacLockPick is a valuable tool for law enforcement professionals to perform live forensics on Mac OS X systems. The solution is based on a USB Flash drive that can be inserted into a suspect's Mac OS X computer that is running (or sleeping). Once the software is run it will extract data from the Apple Keychain and system settings in order to provide the examiner fast access to the suspect's critical information with as little interaction or trace as possible. read more »
Security Bites Podcast: QuickTime flaw hits Mac, Windows: "A serious flaw in Apple's QuickTime affects both Mac and Windows machines. Also: Office 2003 to get Office 2007 security, and spyware busters duke it out."
(Read Original Article - Via CNET News.com: Security Bites.)
Myth crushed as hacker shows Mac break-in | InfoWorld | News | 2007-04-20 | By Nancy Gohring, IDG News Service: "A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference in Vancouver.
In winning the contest, he exposed a hole in Safari, Apple's browser. 'Currently, every copy of OS X out there now is vulnerable to this,' said Sean Comeau, one of the organizers of CanSecWest. read more »
Delicious
Digg
Reddit
Google
Yahoo
Technorati