MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

Entries in Condition:GREEN (119)

Sunday
Sep252011

Condition Remains GREEN

RISK is LOW regarding PDF Decoy malicious Apache Installer Reported by F-Secure.

Important Facts

  • It is not a Trojan from a PDF but a Decoy PDF used in conjunction with PostInstall Scripts and Actions from a Package file.
  • The decoy is designed to not raise the suspicion of the user.
  • It installs Apache after the PDF Decoy opens.
  • XProtect has been updated to detect it. 

For more information visit our analysis here.

 

Tuesday
Aug302011

Condition Remains GREEN

To disable the DigiNotar Root CA in Mac OSX for Safari do the following. 

Disabling a Certificate in Keychain Access

 

  1. Open up your Keychain Access Application located in Applications/Utilities folder.
  2. Select "All Items" in the Catagories Tab.
  3. Unlock the KeyChain and enter into the search box "digin".
  4. Select the DigiNotar Root CA and change "When using this certificate" to Never Trust.
  5. Enter the Administrator Password for the Mac to make the change for all users. 

 

Enabling Preferences in Keychain Access to use OCSP and CRL

You can enable Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) to obtain the revocation status of X.509 Certificates. This may hinder performance so we recommend that individual users set these options only temporarily. 

 

  1. Open up your Keychain Access Application located in Applications/Utilities folder.
  2. Selet KeyChain Access>Prefences and toggle to the Certificates Pane.
  3. Set Online Certificate Status Protocol (OCSP) to Best Attempt.
  4. Set Certificate Revocation Listl (CRL) to Best Attempt.
  5. Set Priority to OCSP.
  6. Close Preferences and Quit the Keychain Access appliction.