By now, you’ve seen the announcement of the March 6th iPhone announcement (which better be more than discussing a future announcement since that’s already two pointer de-references we have to manage). While I am – and many other and far more capable developers are also – eagerly awaiting the SDK release, the promise of “exciting [...]
Given the large amount of “feedback” I receive from many venues on why I’m crazy for suggesting that OS X users employ some type of client-side security software, I wanted to point out a very recent exploit that I saw over at Joel Esler’s blog. The vulnerability is around the IPv6 networking layer of the [...]
While I’m not trying to only focus on security topics, they just seem to pop up more often than not, including today’s serendipitous discovery that TrueCrypt is available for OS X. Security isn’t just about maintaining system integrity (loosely defined as keeping malicious code from getting onto/running on your system). A critical component is ensuring [...]
For those that have installed Office 2008, you may have seen some news floating on the internets about improper permissions — that were created by the installer — potentially allowing another local user to access your documents. It’s not a remote exploit issue and most folks are probably not vulnerable (you only need to [...]
After blogging about the need to use and maintain an anti-virus solution for your OS X systems, an anonymous reply questioning the need to use security tools at all on OS X systems gave me pause. You do not need me to link to the numerous articles flying around the internets that report on how [...]
F-Secure is reporting on the first, widespread rogue Mac application that comes in the guise of security software: MacSweeper. It is hosted at www.macsweeper.com, but I do not recommend visiting that site. I’m not convinced this is the first rogue Mac application ever to hit the internets, but the F-Secure folks are top-notch researchers who [...]
ArpSpyX has just been updated to version 1.2 which adds full support for Intel Macs. If you’re not familiar with ArpSpyX you should give this utility at least a quick look if you care at all about the security or contents of your local network.
The program works by either monitoring ARP (Address Resolution Protocol) traffic [...]
InformationWeek is reporting that an Italian security researcher has posted a exploit for a zero-day vulnerability in QuickTime 7.3.1 that impacts both OS X and Windows versions of the software. This exploit will allow an attacker to execute malicious code on the target system.
The “researcher”, Luigi Auriemma, describes the exploit as being based on a flaw in QuickTime’s [...]
Apple managed to sneak a few security updates in at the tail end of December and Security Update 2007-09 adds 41 to the CVE totals for OS X in general, with 31 for 10.4 (Tiger), and only 20 for OS X 10.5 (Leopard). This is in addition to the Java and QuickTime updates released on [...]
With the year rapidly coming to a close it’s time for all those year-end retrospectives to pop up across the internets (and traditional media). 2007 was an especially busy year for Apple who introduced a plethora of revolutionary new hardware and software that has given fodder for post-upon-post to blogs old and new.
When not contributing [...]
Is it possible the AirPort Extreme base station isn’t catching all the malicious traffic bound for my home network? I just opened Console to check on an issue I was having with lookupd, but I was distracted when the ipfw.log firewall log file popped up with quite a lot of blocked attempts.
How many? Try 7831 [...]
Crunchgear points out PCWorld’s article stating that a bug in Samba may open OS X up to hackers. Samba is the open source file and print sharing software that OS X employs to make those tasks easier for users to setup. Most notably found in the Sharing section of the System Preferences as [...]
