In the event you were too distracted by the festivities associated with the ringing in of the new year and missed the news: the internets are broken (again).
To be more specific, what has actually happened is a portion of the trust system that is the foundation of secure transactions on public IP networks has been [...]
If you’re a security nut, browsing at a public hotspot can be like showering in a public bathroom. You might have no other option, depending on your circumstances, but you’re bound to feel a little creeped out and you’d probably rather have some flip flops on. Think of Hotspot Shield as flip-flops for your computer. [...]
It’s time for some more alchemy involving your beloved laptop or desktop companion. Just like last time, we’ll look at a few different apps that allow your Mac to perform some unusual tricks. That Apple is far from a one-trick pony, so forget about boring old internet browsing/photo and video editing/word processing. Prepare to add [...]
Weldon did a phenomenal job covering the visible and functional changes in the iPhone/iPod touch 2.2 firmware release. If you are holding off on the update, or just haven’t gotten to it yet, you may want to pencil in some time with iTunes as there are a twelve security fixes in this firmware release, each [...]
The security of your Mac can fall into a few different categories. One such category would be that of preventing data loss (i.e. making regular backups). Apple has helped to make this easy in recent years with the inclusion of Time Machine in OS X. Another category is trying to prevent, or minimize the problem [...]
Yesterday, Apple released Safari 3.2 for both Windows and Mac (Tiger and Leopard). As usual, Apple’s normal update announcements are a little short on details.
This update is recommended for all Safari users and features protection from fraudulent phishing websites and better identification of online businesses. This update also includes the latest security updates. For detailed [...]
Despite being an avid OS X user, there are deficiencies in this great OS of ours and many of the ones I focus on center — unsurprisingly — around security.
In the plethora of accurate claims of superiority in Apple’s “I’m a Mac” ads, one counter-example is the ability within Windows to encrypt individual folders. While [...]
Microsoft released three updates yesterday which fix bugs and address security concerns in their Office family of products and utilities.
The first is for the Open XML File Format Converter, which bumps the version to 1.0.1 and fixes a remote code execution (rated by Microsoft as “important”) associated with security bulleting MS08-057. The Open XML Converter [...]
The Mozilla crew have updated Firefox 3 and Firefox 2 to address security vulnerabilities and (in the case of version 3) bugs & usability issues, including fixes for Mac-specific bugs.
Firefox 3 had five security issues including two critical ones that could lead to either memory corruption or privilege escalation. Firefox 2 fixed nine security vulnerabilities, [...]
Ryan Naraine reported over at ZDNet Zero Day on a new iPhone vulnerability which lets anyone have full access to the majority of iPhone functionality despite your clever 4-digit passcode lock.
As mentioned by “greenmymac” and covered by The Register, full access to contacts (and, hence, browser, e-mail, SMS…) is as simple as a press of [...]
Despite Apple’s enterprise nod with the iPhone OS 2.0 feature set there are two fairly glaring omissions that make it difficult to use the iPhone in a corporate setting: the lack of encryption of the file system as a whole (or even just the message store) and the lack of available on-board virus scanners for [...]
The UK security consulting firm Corsaire has just published a new whitepaper on securing Mac OS X Leopard (you may remember them from their similar Tiger whitepaper). Written by Corsaire’s head of training – Daniel Cuthbert (whom you may remember as being in a fairly public and silly court case a few years back and [...]
The fine folks in Redmond have released Microsoft Office 2008 for Mac 12.1.2 update which includes stability and performance enhancements for Office 2008, Office 2008 Home and Student Edition, Office 2008 Special Media Edition, Word 2008, Excel 2008, PowerPoint 2008, and Entourage 2008. In addition, this fixes several vulnerabilities, some of which may allow an [...]
Apple released Security Update 2008-05 which contains fixes for:
an Open Scripting Architecture (CVE-2008-2830) privilege elevation issue [10.4/10.5 Workstation & Server]
a filename handling issue in CarbonCore (CVE-2008-2320) which may lead to an application Denial of Service (DoS) or arbitrary code execution [10.4/10.5 Workstation & Server]
a web-exploitable CoreGraphics issue (CVE-2008-2321) that could lead to application DoS or [...]
As mentioned in the previous installment, there is a very useful command buried deep within the confines of your OS X terminal. This command – lsof (LiSt Open Files) – is like the Swiss Army knife of utilities, proving information on files, directories, volumes and even what is happening on the network. Unlike iftop, lsof [...]
Trend Micro, the antivirus company, has a Malware Blog where they track all the bad stuff that can happen to your computer. Although the screenshots come from Windows machines, they did have one up this week that showed the Apple Store. Sneaky (and smart) phishers are sending emails that say there is a problem with [...]
Apple has released OS X 10.5.4 (59 MB via Software Update) to the masses which includes the content of Security Update 2008-04. The update also includes improvements to AirPort reliability and speed, many iCal improvements, two secure surfing improvements to Safari and three Spaces & Exposé bugs.
The Security Update fixes 21 security issues in [...]
Much ado has been made this week regarding the recent Apple Remote Desktop Root Privilege Escalation Vulnerability. The short story is that there is a flaw in a piece of software that Apple ships & installs with every Leopard instance which enables a local user to run scripts with root privileges (meaning they can do [...]
Apple releases a security guide for Mac OS X 10.5
In the last week, two major flaws have been reported, one in downloading .ICS (iCal) files, and one in Safari’s carpet-bombing problems. Now, Microsoft is reportedly getting in on the warnings to Apple.
Basically, Tim Rains, Microsoft’s security guy, says that “Safari…cannot be configured to obtain the user’s permission before it downloads a resource.” That means [...]
© 2009 The GigaOM Network. Marketing consulting by ACS.
