Win a trip for 2 to L.A. for the So You Think You Can Dance dance-off
Posts with tag exploit

More on the CanSecWest exploit and Java

According to Matasano (home base for security researcher Dino Dai Zovi), the announced-but-unreleased web browser exploit that was used to win the CanSecWest MacBook Pro challenge involves browser support for Java. Turn off Java for Safari (or Firefox, or Camino) and your machine is immune.

Let's take a moment to note, before frantically shutting down all the garbage mashers on the detention level, that this is an unreleased exploit and there is no expectation of it going wild; it's in the care and feeding of the Zero Day Initiative now and notification to Apple, Sun (Java) and other affected parties will be handled professionally. The only real-world risk is if some clever soul manages to find the same unpublished vulnerability that Dai Zovi did and pairs it with a malicious payload. Personally, I use Java for a couple of work purposes, but I can presumably leave it on in one browser for those specific pages and do my general browsing with another, Java-disabled browser... that is, I would, if I was paranoid.

There are plenty of other ways to improve your Mac security, most listed via this post. Top three: turn on the firewall, run as a normal user, and turn off wireless (at least, turn off automatic connection to open networks). Apple's guide to Tiger security is also available as a PDF here.

New Mac OS X Exploit?

The UK's IT Week reports on a possible new Mac OS X exploit. A proof of concept appears on the Info-pull.com website, claiming that corrupted UDTO HFS+ image structures are vulnerable to denial of service attacks. If true, this same issue may affect FreeBSD installations. The article suggests disabling "open 'safe files' after downloading", which realistically speaking you've probably already done a long time ago if you've been worried about possible OS X attacks.

Another Look at Mac OS X Security

I take security exploits seriously. I'm responsible for many hundreds of Macintosh computers that reside in many different environments, not to mention half-a-dozen X-Serves, several of which are production boxes open to the world. When a security exploit is announced, I look to see if it will impact my workstations and servers and whether I need to take immediate action. And with the exception of the recent Safari exploit that was patched last week by Apple's Security 2006-001 Update, there hasn't yet been a single vulnerability that significantly affects my computers' operations. [Note, reader Brent points to a ZDnet article just published a few hours ago that claims Apple hasn't adequately fixed the Safari exploit in question].

So when an article claiming "Mac OS X hacked in less than 30 minutes" popped up on my news radar last night, I read through it and quickly dismissed it as a non-story, and a journalistically unsound one at that. Neither this article or any of its copycats (up to more than six now), has bothered to even attempt to actually explain the "hack" or the "exploit." Plain and simple, folks, these articles are full of hype, empty of facts, and are bunk:

Continue reading Another Look at Mac OS X Security

TUAW Features

Mac 101 iPhone Around the Worldask-tuaw
Mac News
Macworld (497)
.Mac (38)
Accessories (624)
Airport (75)
Analysis / Opinion (1290)
Apple (1607)
Apple Corporate (546)
Apple Financial (185)
Apple History (38)
Apple Professional (49)
Apple TV (160)
Audio (441)
Bad Apple (119)
Beta Beat (146)
Blogging (87)
Bluetooth (15)
Bugs/Recalls (56)
Cult of Mac (868)
Deals (199)
Desktops (114)
Developer (204)
Education (93)
eMac (10)
Enterprise (126)
Features (372)
Freeware (362)
Gaming (344)
Graphic Design (16)
Hardware (1269)
Holidays (41)
Humor (585)
iBook (65)
iLife (237)
iMac (183)
Internet (304)
Internet Tools (1287)
iPhone (1341)
iPod Family (2017)
iTS (959)
iTunes (793)
iWork (18)
Leopard (355)
Mac mini (109)
Mac Pro (50)
MacBook (196)
MacBook Air (77)
Macbook Pro (214)
Multimedia (430)
Odds and ends (1414)
Open Source (270)
OS (889)
Peripherals (190)
Podcasting (181)
Podcasts (83)
Portables (195)
PowerBook (137)
PowerMac G5 (50)
Retail (571)
Retro Mac (47)
Rig of the Week (42)
Rumors (608)
Software (4206)
Software Update (393)
Steve Jobs (252)
Stocking Stuffers (55)
Surveys and Polls (96)
Switchers (111)
The Woz (34)
TUAW Business (227)
Universal Binary (281)
UNIX / BSD (61)
Video (908)
Weekend Review (74)
WIN Business (49)
Wireless (80)
XServe (35)
Mac Events
One More Thing (27)
Liveblog (0)
Other Events (231)
WWDC (180)
Mac Learning
Ask TUAW (96)
Blogs (85)
Books (23)
Books and Blogs (63)
Cool tools (444)
Hacks (462)
How-tos (480)
Interviews (33)
Mods (184)
Productivity (582)
Reviews (99)
Security (145)
Terminal Tips (56)
Tips and tricks (558)
Troubleshooting (160)
TUAW Features
iPhone 101 (23)
TUAW Labs (3)
Blast From the Past (17)
TUAW Tips (141)
Flickr Find (32)
Found Footage (70)
Mac 101 (80)
TUAW Interview (30)
Widget Watch (196)
The Daily Best (2)
TUAW Faceoff (4)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith

Sponsored Links

The Unofficial Apple Weblog (TUAW) bloggers (30 days)

#BloggerPostsCmts
1Cory Bohon455
2Dave Caolo430
3Mat Lu354
4Scott McNulty291
5Michael Rose2919
6Erica Sadun280
7Brett Terpstra220
8Mike Schramm194
9Robert Palmer1019
10Steven Sande97
11Christina Warren618
12Joshua Ellis64
13Nik Fletcher21
14Chris Ullrich21
15Jason Clarke11
16Lisa Hoover11
17Victor Agreda, Jr.13

Featured Galleries

Macworld 2008 Keynote
Macworld 2008 Build-up
Macworld Expo 2007 show floor
The Macworld Faithful in Line
iPhone First Look
iPhone 2.0 - .Mac push e-mail
iMac 1998
TUAW Faceoff: Screenshot apps on the firing line
Boston Apple Store (Boylston Street)

 

    Most Commented On (7 days)

    Recent Comments

    More Apple Analysis

    More from AOL Money and Finance

    Weblogs, Inc. Network

    Other Weblogs Inc. Network blogs you might be interested in: