Tel 678.697.4783
Fax 678.840.7870
Po Box 4432
Marietta, Ga 30061
info@jamboconsulting.com
: weblog

 Subscribe in a reader



Lunarpages.com Web Hosting
Web hosting by ICDSoft

Archives

Previous Posts

Powered by Blogger

Sunday, November 23, 2008

Mac OS X targeted by Trojan and backdoor tool | Tech News on ZDNet

Not as serious as it may seem, but the hackers do seem to be gaining some ground on OS X.

The Trojan is found on porn websites posing as a codec needed to play video files, a technique used to trick the user into downloading and installing it.

OSX.Lamzev.A is a hacker tool designed primarily to allow attackers to install backdoors in a user's system, according to Intego. However, the company dismissed the tool as a serious threat because a potential hacker has to have physical access to a system to install the backdoor.


Mac OS X targeted by Trojan and backdoor tool | Tech News on ZDNet

Labels: , ,

Article Link posted by Edward at 11:42 PM
0 comments : Post a Comment : email post

<< Home

Saturday, November 22, 2008

Review: Lockdown, anti-theft system for Mac

You'd just spent your hard-earned money to buy a brand new, shiny Mac notebook. You bought a nice case to protect it. You did your best to be secure minded about using it.

Because you know there are thieves out there who will steal your baby the minute you're not paying attention. Be it at the airport, at a cafe, or in the school library. It's easy being a notebook thief these days when the machines are becoming smaller and lighter.

That's when you need to consider Lockdown, a free Mac anti-theft software. Lockdown allows you to secure your notebook by taking advantage of the motion sensors, built-in iSight camera, and Apple Remote. Once your notebook is "armed," you'll hear a chirp (much like car alarms), and you can even arm it by using the Apple Remote. Lockdown settings include detecting motion, detecting keyboard/trackpad/mouse activity, detecting external devices, detecting lid closing, and detecting the MagSafe power adapter. Also, you can set it to take a snapshot of the perp and email it to your inbox! Lockdown plays a very loud alarm (configurable) when triggered in hopes to deter the thief from taking the system. How cool is that?

This is a must-have utility for Mac notebook owners, especially when it's at no cost (donations accepted). The only gripe I have, and this is no fault of the software maker, is that my MacBook Air's speaker quality sucks, so the Lockdown alarm didn't sound as loud as I'd liked. But at any rate, it's still a wonderful tool and allows me to feel better when leaving my notebook at a table in a cafe while I take a quick restroom break...


Labels: , , ,

posted by Eugene at 11:41 PM
0 comments : Post a Comment : email post

<< Home

Thursday, November 13, 2008

Safari 3.2

Safari 3.2 is Released with mainly security fixes. This doesn't seem to include the new high performance JavaScript engine in the WebKit snapshots.

About the security content of Safari 3.2

Labels: , , ,

Article Link posted by Edward at 6:55 PM
0 comments : Post a Comment : email post

<< Home

Thursday, March 27, 2008

MacBook Air Hacked Again...

Among an Ubuntu Linux, a Windows Vista, and an OS X laptop, the Apple MacBook Air was the first to be hacked in the CamSecWest hacking contest.

Kind of disappointing considering that OS X is supposed to be more secure.

Labels: , ,

Article Link posted by Edward at 11:28 PM
0 comments : Post a Comment : email post

<< Home

Monday, November 26, 2007

Security Issue with Leopard Mail

via Daring Fireball, A security issue with opening malicious attachments in Leopard Mail has been reported by Heise Security.

The usual precautions remain, be careful opening attachments from unknown sources...

Labels: , ,

Article Link posted by Edward at 6:43 PM
0 comments : Post a Comment : email post

<< Home

Tuesday, November 06, 2007

Tech: Leopard Trojan / Phishing fix

Last week the net was swamped with reports of a new Mac malware, the OSX.RSPlug.A Trojan Horse. Macworld has a detailed report on what it does and how to remove it.

From MacWorld:


  1. In the Finder, navigate to /Library -> Internet Plug-Ins, and delete the file named plugins.settings. Empty the trash. This deletes the tool that sets the rogue DNS Server information.

  2. In Terminal, type sudo crontab -r and provide your admin password when asked. This deletes the root cron job that checks the DNS Server settings. You can prove it worked by typing sudo crontab -l; you should see the message “crontab: no crontab for root.”

  3. Open your Network System Preferences panel, go to the DNS Server box, and copy the entries you can see to a Stickies note, TextEdit document, or memorize them. Now retype those same values in the box, then click Apply.

  4. Reboot your Mac.


Bottom line is to follow typical 'safe computing' guidelines...

As always, the best way to avoid these things is to not install software from untrusted sources—especially if it comes as an installer package and requests your administrator’s password! But if you do get infected, at least you’ll know how to confirm you have an issue, and remove the troublesome software.

Labels: , , ,

Article Link posted by Edward at 11:01 AM
0 comments : Post a Comment : email post

<< Home

Thursday, November 01, 2007

Tech: Leopard Security Features

Matasano.com has a nice write up about the various security features in Leopard. Along with the various improvements are also some flaws in the implementation. I suspect some of the flaws are due to 'time constraints' of meeting the release schedule and will be addresses in future patches.

When talking about the new "Address Space Randomization" feature in Leopard Ptacek mentions:

This feature removes a talking point argument about Microsoft Windows Vista’s superior security, but it doesn’t address the underlying point of that argument. Cocoa programs running in Darwin are less secure than Win32 programs running under NTOSKRNL, and aren’t even in the same ballpark as Managed C++ or C# programs.


I wonder if that's true, Vista having superior security. Perhaps there's a side-by-side comparison somewhere.

Labels: , ,

Article Link posted by Edward at 9:45 AM
0 comments : Post a Comment : email post

<< Home

Tuesday, October 30, 2007

Tech: Adobe PDF vulnerability

There's a big scare about Adobe's PDF vulnerability lately. Adobe released patches to it's 8.x series Acrobat software and will release a patch for the 7.x series later. If for some reason you can't get the latest patched Acrobat software you can follow these steps to manually black the exploit ( from Adobe ):


Disclaimer: This procedure involves editing the registry. Adobe doesn't provide support for editing the registry, which contains critical system and application information. Make sure to back up the registry before modifying it. For more information about the registry, refer to Windows Help.

Exit Adobe Reader or Acrobat.
Open RegEdit. On Windows, go to Start > Run, type in regedit and click OK.
Choose File > Export.
Select Local Disk C for the Save in: location.
Type backup for File Name.
Choose All for the Export Range.
Click Save.
Navigate to the appropriate registry key:
NOTE: When editing the key values for Adobe Reader and Acrobat 7.0.9, Regedit will launch a Edit Binary Value window. Be sure to edit the values below using the right panel of the window.

Acrobat:
HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe Acrobat\7.0\FeatureLockDown\cDefaultLaunchURLPerms

Reader:
HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\7.0\FeatureLockDown\cDefaultLaunchURLPerms
If tSchemePerms is set as follows:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-
itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:2
To Disable mailto (recommended)
Modify tSchemePerms by setting the mailto: value to 3:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-
itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2
To set mailto to prompt
Modify tSchemePerms by removing the mailto: value:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-
itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|file:2
Close RegEdit.
Restart the application.


Alternatively, it may be sufficient to use a third party PDF reader. I'd suggest Foxit Pro; it's fast, light-weight, and free :)

Labels: , ,

Article Link posted by Edward at 5:05 PM
1 comments : Post a Comment : email post

<< Home