magmatic.com - Squawk Box

MAAS History

Entries by drStrangeP0rk (171)

Monday

Aug312009

Snow Leopard Installs Flash 10.0.23.1, Users Have to Reinstall 10.0.32.18

Monday, August 31, 2009 at 08:58AM

Users that upgrade to Snow Leopard in production systems should visit Adobe's download page for Flash and download the latest version 10.0.32.18. The older version can be exploited by various Flash exploits. Users should also check their Flash Privacy Settings using the Settings Manager. These settings should be set for maximum privacy.

Users can check their version of Flash here http://kb2.adobe.com/cps/155/tn_15507.html

Fake Snow Leopard Sites Spreading OSX_JAHLAV.K Trojan

Thursday, August 27, 2009 at 06:59PM

It is being reported that fake Snow Leopard sites are spreading the OSX_JAHLAV.K Trojan. This Trojan has been evolving and performing different levels of havoc, the current manifestation is changing DNS entries which redirect users to malicious sites. From here users may experience phishing and be directed to download FAKEAV which is malicious anti-virus software.

Users should not expect to download free copies of OSX or any software for that matter that is a commercial product. Many cracked software has malicious code and should not be trusted. If you suspect that you may have been infected users should review http://www.magmatic.com/currents/2009/6/23/trojan-jahkav-c-more-to-come.html including the follow-up postings.

drStrangeP0rk |

Post a Comment |

1 Reference |

Apple,

Mac OSX 10.6,

Mac OSX Trojan,

Trojan

Tuesday

Aug252009

Apple Will Release OSX 10.6, aka Snow Leopard, This Friday

Tuesday, August 25, 2009 at 08:19AM

The release of OSX 10.6 includes various refinements and security benefits including 64-bit code for the Finder and other common applications. Sandboxing, library randomization and protection of memory are all standard under the 64-bit schema and are implemented with no effort by the average user. 64-bit applications use enhanced checksums, secure argument passing and hardware-based execute disable for heap memory making it much more difficult for attackers to use exploits which are triggered by memory corruption .

Update on Tuesday, August 25, 2009 at 05:07PM by

drStrangeP0rk

Intego has a posting showing 10.6 flagging a download that has the OSX.RSPlug.A Trojan allowing the user options including ejecting the image. OSX 10.6 does have some new anti-virus features, this example appears to be the result of mounting a downloaded disk image for the web. It may be the result of sandboxing, malware/virus/trojan identification and detailed reporting. OSX server does include Anti-Virus capabilities, this seems to be a expansion into the client side.

http://blog.intego.com/

Update on Thursday, August 27, 2009 at 06:10PM by

drStrangeP0rk

Mac World has details of the protection provided in the above example reported. In OSX 10.5 "File Quarantine" apeared to the user as the dialog box which warned of content from the web invoking an user decision. This goes one step further in that "File Quarantine" now checks the files against malware definitions in a plist file located at System/Library/Core Services/CoreTypes.bundle/Contents/Resources/XProtect.plist. Currently the definitions contain OSX.RSPlug.A Trojan Horse and OSX.iService which was part of the illegal iWork installer. I always recommend that an intergraded Virus/Firewall protected application be used on any Mac OSX system and that is still the case with Snow Leopard.

This is one of the many improvements to Mac OSX adding to the layered approach to security. All to often my first question is what kind of virus and or firewall are you using and the response is "We are Mac users, we don't have those problems." It is like many of the improvements in Snow Leopard which tighten up an already excellent OS.

http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

Update on Friday, September 4, 2009 at 09:15PM by

drStrangeP0rk

This site has the current list of incompatible software with the current release of Snow Leopard.

http://support.apple.com/kb/HT3258

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Updates

Friday

Aug212009

Update of Apple Remote Desktop Client and Admin Released

Friday, August 21, 2009 at 04:25PM

Apple has released updates to Apple Remote Desktop Client and Admin with various improvements to control and security. It is recommended that you update the Administration computers then the clients but we have not seen any compatibility issues in mixed environments. (Updated and Non-Updated Clients) This update does not requirer a reboot.

Improvements Directly from HT3301

Improves support for accessing client computers and task servers behind NAT (Network Address Translation) routers.
Includes Task Server and Directory Server scanners, for finding client computers known by your task server and clients in computer groups on a directory server.
New "Reporting" tab in client computer Info window, to set a single reporting policy for the client computer, shared by all Remote Desktop administrator computers.
New "Administrators" tab in client computer Info window, to display and control which admin computers and task servers are associated with each client computer.
Client settings configurable by Managed Preferences in Workgroup Manager.
Support for finding and adding client computers via wide-area Bonjour.
Resolves an issue using Lock Screen or Curtain mode on a client computer that's at the login window.
Improves stability when running Remote Desktop Admin on a Task Server.
Resolves an issue that could cause build_hd_index files to become very large.
Improves compatibility with the Application Firewall.
Change Client Settings task now works when the Remote Desktop administrator has an Active Directory account.
Improves client stability when Sharing Screen.
Scheduled UNIX Commands stay scheduled.
When controlling a remote client, function keys and key combinations for actions such as Force Quit, Log Out, and the Application Switcher are now all sent to the remote computer.
Improves screen sharing performance with RealVNC.
Improves performance of encrypted file copies.
Improves performance of encrypted screen sharing connections

drStrangeP0rk |

Post a Comment |

1 Reference |

ARD,

Apple,

Updates

Wednesday

Aug122009

Apple Security Update Fixes BIND Update Triggered Assertion Flaw

Wednesday, August 12, 2009 at 05:16PM

Apple has released a security update for Mac OSX and MacOSX server that fixes a logic issue related to the dynamic DNS update message. The flaw allowed allow an assertion to be tiggered resulting in the BIND service to be disrupted. All masters servers of zones could be exploited in this manner no matter if they accepted updates by a maliciously crafted update. The update is aviable via Softwre update or via http://support.apple.com/downloads/ and is recomended to be installed right away.

drStrangeP0rk |

Post a Comment |

2 References |

Apple,

Client,

DoS,

Server,

Software Update,

Updates