MAAS History
Archives

Entries by shogunNULL (4)

Monday
Nov032008

New Features

DateMonday, November 3, 2008 at 03:10PM

I am happy to introduce a new weekly journal called "The Command Line." Twice a week my alter ego, dr. strangep0rk will be posting his odd take on the MacOSX command line. From the simple cp or rm command to specific commands for the Mac such as softwareupdate and unload. Once you realize how powerful it is to use executables via the command line you will never want to go back.

Second I will be offering up Mac centric Information Assurance Guides. Our first offering is for the OSX10.5 client. Drawing on over 20 years of experience including on the Apple ][, Mac Classic, Solaris, Linux, NeXT and OSX these guides will not forget what makes the Macintosh platform so unique, the user. These guides will be useful to Macintosh Users and System Administrators. They are being developed with the intention of enhancing the security foot print of MacOSX. Using this program and guides organizations will be able to seamlessly incorporate the Mac platform into their IA program. My goal is not to reinvent the wheel but create a program that is uniquely focused on the Mac platform. 

AuthorshogunNULL | CommentPost a Comment |
in
Sunday
Oct052008

Potential Vulnerabilities in Illustrator for the Mac CS2

DateSunday, October 5, 2008 at 11:22PM

In the continuing effort by attackers to take advantage of a lack of awareness of Macintosh users another attack has emerged that needs user interaction. This can be successful since many Macintosh users tend to be less skeptical of files from unknown users. The Mac community for a long time has never really had to think about exploits, this is changing. In this case if a user opens an Illustrator file to take advantage of this vulnerability then it is possible for an attacker the continuing effort by attackers to take advantage of a lack of awareness of Macintosh users who tend to be less skeptical of files from unknown users. The Mac community for a long time has never really had to think about exploits, more and more we are identifying attack vectors that rely on some interaction from a user. If a user opens an Illustrator file to take advantage of this vulnerability then it is possible for an attacker to exploit the system. So, again if you do not trust the file do not open it, only open files from a known source and confirm the hash using md5 <filename in the terminal> or openssl sha1 <filename in terminal>. 

This gets to a large issue of trust. Evidence is presented to a system or in this case a user that builds a case to trust the action or file. Explaining to a user that they must ask themselves has the file passed a certain amount of evidential benchmarks to trust the file. These benchmarks should be set by the information security policies. Procedures for validation should also be included. It would only be obvious to say that you one benchmark is knowing the party that sent the file. 

More to come on trust...

 

CVE number:  CVE-2008-3961

AuthorshogunNULL | CommentPost a Comment | Reference1 Reference |
in
Thursday
May292008

Over 40 Security Fixes in Mac OSX 10.5.3

DateThursday, May 29, 2008 at 07:42AM

Apple released security updates that are a must install for administrators. The fixes address local and remote attacks that can occur in several applications including the following:

Address Book
AirPort
Automator
ICal
IChat
Mail
Parental Controls
Spaces
Time Machine
Voice Over

The core vulnerabilities in the fixes are AppKit code execution, Help Viewer buffer overflow vulnerability and CoreGraphics code execution vulnerability. These flaws could include Denial of Service Attacks (DOS) and elevation of privileges by an attacker. Administrators should backup their systems before the install.

AuthorshogunNULL | CommentPost a Comment | Reference1 Reference |
in ,
Wednesday
May282008

Apple ICal 3.0.1, DOS Attack

DateWednesday, May 28, 2008 at 11:20AM

ICal 3.0.1 allows remote CalDav servers and user assisted remote attacker to allow for DOS attack. This can result in a system crash and the posiablilty of code execution. No log in is requiered to exploit this weakness. The client interact with the remote attacker in some manner. The user must import a .ICS file from teh attacker. Currently there is no fix for this attack, make sure that your users do not import in and .ICS file from someone they do not know.

AuthorshogunNULL | CommentPost a Comment |
in ,