Technical Tidbits

What was I just saying in my most recent blog, “Apple Mac Arrogance or Pure Stupidity?“??

Hmmm, maybe I’m psychic? Or maybe I just know security! Ya think?

In a just published article on InfoWorld and MacWorld, Johnny Evans (MacWorld UK) reports that security vendors, SecureMac and Intego are separately reporting a new Trojan exploit for the Mac.

The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire.

The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can reportedly transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging.

Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.

My students have heard me preach and preach about the whole Limewire issue (not to mention bearshare and the others!) and I’ve stated in my referenced blog entry that Mac users are either arrogant or stupid if they believe they are exempt from these kinds of malware.

My God people, WAKE UP and smell the MALWARE!

To read the full InfoWorld Article, click the link: Full InfoWorld Article.

written by Admin \\ tags: hacker, hackers, iChat, infoworld, Intego, Johnny Evans, Limewire, Mac, MacWorld, malware, SecureMac, trojan, Trojan horse

If you’ve ever performed a Google search for odd malicious processes running in the background, or just some basic security issues you had questions about, chances are good that Castle Cops website & forum will come up in the top searches and the answer you were looking for!

According to Spamhaus, CastleCops has been “making cybercriminals unhappy since 2002″ and now they are in need of our help!

Well, I was surprised today to find out that the site is suffering a bit. They need a new server and they have launched a Server Donation Drive Marathon. MICE is on the donors list as of today and I’d like to challenge our readers that have ever been helped by them - and you know they don’t charge! - to kick a few spare dollars their way and help them get back online with a new server (or two).

You can see the drive information here: http://www.castlecops.com/server_marathon.html

The PayPal line is also a link if you want to send a donation via PayPal. Keep in mind that PayPal takes 2.9% plus 30 cents per transaction. But if you want to donate and not have to think about writing a check, then please do. Otherwise, the information on where to mail checks is included in the link above.

Then you can join MICE’s name on the donors list here: http://wiki.castlecops.com/CastleCops/Server_Donation_Drive

And as you can see there, the list is mighty small. Please, help them out!

Debbie

written by Admin \\ tags: CastleCops, charitable giving, charity, cybercrime, cybercriminals, donate, donations, malware, Security, server, server drive

Over the past several months, I’ve heard from students and clients about how the Apple/Mac store personnel tell them how secure Mac’s are compared to PCs. So secure says one of my PC Security students that she boasts not using any antivirus software or security tools!

I received one of my many security update summaries for last week and something interesting caught my eye that made me think back to this student. The summary listed 7, yes 7, vulnerabilities in Apple/Mac software.

Of course I reported on the issue with safari here: http://mice.org/blog/microsoft-advisory-blended-threat-windows-and-safari/

But there were six others disclosed just last week that included not only the MAC OS X Server but the OS X Operating System also.

These are also beginning to sound a lot like Microsoft flaws!

Here they are:

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated byopening the document with TextEdit. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1028)

Integer overflow in the CFDataReplaceBytes function in the CFData API inCoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1030)

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1574)

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1575)

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1576)

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video inApple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to “multiple memory corruption issues.” (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1577)

This page at Apple’s site: http://lists.apple.com/archives/security-announce/2008//May/msg00001.html also lists these items and a few more, but in all of their descriptions they call a crash an unexpected system shutdown. Ummmmm, Apple folks? Here’s a heads up for you - that’s called a CRASH!

The question remains: Are Apple Mac users that arrogant to believe they are immune to flaws purely by virtue that they are running a Mac? Or, are they purely THAT STUPID?

Linux users know better than to believe their OS is infallible! Windows users have learned from experience that they are not infallible — REPEATEDLY!

So Mac users, which is it? Arrogance or stupidity? Because it’s obvious you aren’t immune!

And to the young lady in my course that doesn’t use AV software on her MAC, I’d suggest you get one immediately!

written by Admin \\ tags: apple, apple video, application crash, crash, image, Mac, mac crash, mac mail, mac os x, mac video, mail, os, os x, os x server, osx, pdf, safari, safari browser, server, text, text document, video, vulnerabilities, vulnerability

As some of our loyal readers know, MICE delivers a newsletter that updates our readers to critical technology (PC or computer related) information from recalls to security flaws as we become notified about them.

We receive over 20 early warning newsletters and feeds that allows us to keep up-to-date (early warning notification) with the latest happenings in our industry. Whether its software or hardware, our newsletter covers:

• recall
• security flaws
• vulnerabilities
• exploits
• new virus discoveries
• worm attacks
• breaches
• possible outbreaks
• critical patches & service pack releases

So, if you are on the go like many of us are these days, you can now subscribe to these alerts in plain SMS text format to be delivered to your mobile device! Sort of a mobile alert system! Just use the sign-up box on the right sidebar beneath the RSS subscribe box.

THERE ARE NO ADS in this service and your phone number will not be sold or rented to any third party.

This is a FREE service from MICE!

Standard text messaging fees may apply - consult your provider!

We have to keep updated ourselves, so why not let others benefit from our necessary but tedious task of reading, reading, reading, and reading! We do it, so you don’t have to!

Why clog up your inbox with security newsletter after security newsletter? Why overload your RSS feed reader with feeds that may or may not apply to you? With all the information being thrown at us, you need to be discriminating in your time and where you put your energy! We’ll help you manage that by doing the reading and leg work for you, just because we have to do it for ourselves!

If you want to also subscribe to the e-mail newsletter service (FREE ALSO) you can do so on our subscribe page.

written by Admin \\ tags: breach, critical alerts, early warning, early warning notificiation, exploits, free, hardware, mobile alert, patch, patches, recall, recalls, Security, security breach, security flaw, security flaws, service pack, service packs, sms, software, technology, text messaging, virus, vulnerabilities, worm

Hi! We’ve added a category for Open Source and moved our Linux category beneath it.  This will make it easier to follow posts related solely to open source!

written by Admin \\ tags: Linux, open source