I was a bit worried when I found out about this story, but I should have seen it coming. Engadget reports that people who are purchasing refurbished iPhones (from Apple, no less) are able to recover old data off of the devices using some freely available tools.
I’ve had to take my iPhone in to the [...]
Apple updated their PGP product security key as part of their two-year cycle. The new key is valid up through May 15, 2010 and will eventually be posted to their Protecting Security Information page. The announcement was made on their mailing list which you can subscribe to via mail or RSS.
How To Use The Key
Unlike [...]
Microsoft has been busy today, releasing security updates, announcing a new service pack and committing to restoring functionality to their Mac office suite.
Yep, It’s Patch Tuesday Again
Microsoft released security bulletin MS08-014 today that contains a patch to a remote code execution vulnerability effecting Microsoft Office 2004 & 2008 for Macintosh. Office 2004 is bumped up [...]
As someone who both works in a high-theft environment (university campus, anyone?) and who owns a piece of portable Apply goodness that contains my entire life, I’m rather concerned about security and theft prevention. I had considered a laptop lock, but considerations of how much I really do move my laptop about and [...]
Apple posted an update to Safari that – amongst other fixes – patches 4 vulnerabilities in the Windows version and 2 in the OS X version of their flagship browser. One of the Windows issues – CVE-2007-2398 – is especially tricksy: “[the vulnerability allows] a web page to change the contents of the address bar [...]
Apple has posted Quicktime 7.4.5 to Software Update that includes 11 security fixes, three of which only impact Windows systems. Some of the vulnerabilities can lead to arbitrary code execution (i.e. bad people can run programs on your system) by just tricking you into viewing specially crafted content. While that may seem unlikely to you [...]
With less than six months under its belt, Leopard is preparing to receive its third update to 10.5.3. This update includes 75 fixes from Address Book to VoiceOver. The list includes changes to: AddressBook, AppleScript, Audio, Back To My Mac, Dashboard, Dock, DVD Player, Finder, Graphics, iCal, Mail, Portable Home Directories, Printing, Rosetta, Spaces, Spotlight, [...]
Dan Benjamin of The Talk Show fame posted a general inquiry to the Twitterverse on how to disable the Leopard open confirmation dialog that comes up when you attempt to access a recently downloaded file.
This dialog is a one of Leopard’s new security features called “File Quarantine” and is primarily designed to protect users from [...]
By now, you’ve seen the announcement of the March 6th iPhone announcement (which better be more than discussing a future announcement since that’s already two pointer de-references we have to manage). While I am – and many other and far more capable developers are also – eagerly awaiting the SDK release, the promise of “exciting [...]
Given the large amount of “feedback” I receive from many venues on why I’m crazy for suggesting that OS X users employ some type of client-side security software, I wanted to point out a very recent exploit that I saw over at Joel Esler’s blog. The vulnerability is around the IPv6 networking layer of the [...]
While I’m not trying to only focus on security topics, they just seem to pop up more often than not, including today’s serendipitous discovery that TrueCrypt is available for OS X. Security isn’t just about maintaining system integrity (loosely defined as keeping malicious code from getting onto/running on your system). A critical component is ensuring [...]
For those that have installed Office 2008, you may have seen some news floating on the internets about improper permissions — that were created by the installer — potentially allowing another local user to access your documents. It’s not a remote exploit issue and most folks are probably not vulnerable (you only need to [...]
After blogging about the need to use and maintain an anti-virus solution for your OS X systems, an anonymous reply questioning the need to use security tools at all on OS X systems gave me pause. You do not need me to link to the numerous articles flying around the internets that report on how [...]
F-Secure is reporting on the first, widespread rogue Mac application that comes in the guise of security software: MacSweeper. It is hosted at www.macsweeper.com, but I do not recommend visiting that site. I’m not convinced this is the first rogue Mac application ever to hit the internets, but the F-Secure folks are top-notch researchers who [...]
ArpSpyX has just been updated to version 1.2 which adds full support for Intel Macs. If you’re not familiar with ArpSpyX you should give this utility at least a quick look if you care at all about the security or contents of your local network.
The program works by either monitoring ARP (Address Resolution Protocol) traffic [...]
InformationWeek is reporting that an Italian security researcher has posted a exploit for a zero-day vulnerability in QuickTime 7.3.1 that impacts both OS X and Windows versions of the software. This exploit will allow an attacker to execute malicious code on the target system.
The “researcher”, Luigi Auriemma, describes the exploit as being based on a flaw in QuickTime’s [...]
Apple managed to sneak a few security updates in at the tail end of December and Security Update 2007-09 adds 41 to the CVE totals for OS X in general, with 31 for 10.4 (Tiger), and only 20 for OS X 10.5 (Leopard). This is in addition to the Java and QuickTime updates released on [...]
With the year rapidly coming to a close it’s time for all those year-end retrospectives to pop up across the internets (and traditional media). 2007 was an especially busy year for Apple who introduced a plethora of revolutionary new hardware and software that has given fodder for post-upon-post to blogs old and new.
When not contributing [...]
Is it possible the AirPort Extreme base station isn’t catching all the malicious traffic bound for my home network? I just opened Console to check on an issue I was having with lookupd, but I was distracted when the ipfw.log firewall log file popped up with quite a lot of blocked attempts.
How many? Try 7831 [...]
Crunchgear points out PCWorld’s article stating that a bug in Samba may open OS X up to hackers. Samba is the open source file and print sharing software that OS X employs to make those tasks easier for users to setup. Most notably found in the Sharing section of the System Preferences as [...]
© 2009 The GigaOM Network. Marketing consulting by ACS.
