Friday, March 27, 2009 at 11:36PM Guido Landi has discovered a security flaw in Firefox to parse an particular XSL element. Windows and Linux are the platforms affected but it is safe to say that the Mac may be also be vulnerable. That nice thing is that a patch is availably, make sure to update to the latest version of Firefox.
Thursday, March 19, 2009 at 07:19PM Charlie Miller, a security researcher, used an exploit that he had discovered and perfected last year. If a user clicks on a malicious URL, an attacker can gain access and exploit the users machine, I have not found out if the attack is root or user sand boxed. Luckily this information will be shared with Apple but it addresses a very important point. Macintosh's can be exploited by drive by web attacks, we have also seen this with QuickTime, ICal, Acrobat etc. First up no user should be operating as the administrator when performing user level task including web surfing, email, word processing, etc.
Make sure policies and procedures about visiting web sites are reviewed and users are not lured into a false sense of security. Education of users and strict policies about administrators and root activity are very important in defending against these kinds of attacks. Network administrators should also update their white and black list of sites (This is always good to reveiw) and review application level proxies, especially at the network boundaries. As with any network, egress filtering of traffic is very important to securing your Macintosh infrastructure. Knowing what is going out is as important to knowing what is coming in.
Hey baby, it's Unix the beast }:->
drStrangeP0rk
Research Nils has claimed the trifecta, attacking IE 8 and gaining full control of a machine running Windows 7 and a zero-day flaw in Firefox.
Excellent work. }:->
drStrangeP0rk
Firefox 3.0.8 update fixes the flaws in Pwn2Own and Zero Day Flaws, including XSL transformtion vulnerability and XUL tree element code execution. The XUL was used in the Pwn2Own contest.
Thursday, March 12, 2009 at 09:05AM Adobe's current fix does not fix the actual vulnerability but you should update to version 9.1. At the firewall level it may be prudent to block PDF's from un-trusted sources. The Zero Day PDF has malicious code that can exploit a buffer overflow allowing execution of code on your system. First up you should not have JavaScript enabled, if it is disable it right away. This exploit may crash Reader if you disable JavaScript but it will be unable to install the malicious code onto your system.
One important aspect of defense against this exploit is education of users, make sure to review attachment policies and procedures. Users should not open any documents from un-trusted or unknown sources. (Make sure that your policies and procedures give users clear guidance including case examples.) Trust and un-trusted sources can be filtered at the external fire wall which you should be doing already.
CVE number: CVE-2009-0658
Wednesday, January 28, 2009 at 01:38PM I debated even including this since if you download illegal software do so at your own risk. Currently circulating various BitTorrent tracker sites and other sites which are know to offer pirated software is a Mac Trojan Horse named OSX.Trojan.iServices.A. When a user installs the illegal copy of IWorks the first item installed is this Trojan in /System/Library/StartupItems/iWorkServices . The Trojan notifies the attacker that it is alive. The attacker can remotely connect to the compromised system and perform operations as root. (If you have set up your system as root and have a limited admin the Trojan executes at that privilege level.)
Make sure never to install illegal software on your computer! When using BitTorrent always know the source and confirm the MD5 and SHA to the developers site, contact them if you must. There is no 100% protection and most Open Source offerings are sound, you however are responsible for the accumulation of evidence to establish a acceptable chain of trust. Know what your getting, check what your getting, trust what your getting.
Remember Mr. Mulder, "Trust NO ONE." X
drStrangeP0rk
The botnet that was created using pirated versions of iWork 09 and Photoshop CS4 from BitTorrent site has become active. This was not the first nor will it be the last, reports of it being the first botnet that is Mac based is a selling point, nothing more. The Mac, being an Unix platform, is susceptible to a host of rootkits and remote control exploitation. (Who hasn't in the past aliased a command on a Unix box for fun.) That has happened on occasion in the past but now the Macintosh platform is gained a place at the table of larger groups of users, this includes former Windows loyalist.
This botnet takes advantage of the PHP install on MacOSX root privileges. (Understanding access controls and users credentials can limit this attack which is true of many botnet trojans.) This botnet will have little impact due to the Mac market share but if you illegally downloaded iWork or Photoshop CS4 and are infected by OSX.Iservice you can expect to experience a massive slow down. This is due to your Mac's participation within a botnet to perform DDoS attack on targets.
A botnet is a collection of computers that act in tandem to perform a orchestrated attack. The infected machines are called zombies which can act independent using presets or controlled by a botnet master to perform his or hers biding.
http://blogs.zdnet.com/security/?p=3157
Thursday, January 22, 2009 at 07:15AM Similar to other user click and view attacks, the user is the gateway to the attack. The attacker entices a user to click on a link to view a movie file that has the malicious code in it. In the most of extreme cases the attacker can gain control of your computer and execute code on it.
