SecurityInformation
SubRosa Vol 1-File Utilities is SubRosaSoft.com Ltd’s first line of privacy products which help Macintosh users secure themselves and their personal data. The suite of software to protect your files consist of the following; file and folder encryption, multi-pass shredder, and free decryptor. Each one of these programs make it easy enough for any Mac user to enforse digital security on the personal data that is stored on the computer.
SubRosa Encryptor
The SubRosa Encryptor allows you to take files or folders and convert them into a encrypted archive that you can …
May 1, 2002 •
4 min read
SecurityFixes
To fix Internet Explorer:
This is done by updating through the Software Update Pane/Control Panel.
Patch Microsoft Office Products: Patch is Here
More Information:Security Alert
Vulnerability: Run code attacker wants.
Severity Level: Microsoft suggests Critical
Affected Software:
Microsoft Internet Explorer 5.1 for Macintosh OS X
Microsoft Internet Explorer 5.1 for Macintosh OS 8 & 9
Microsoft Outlook Express 5.0.-5.0.3 for Macintosh
Microsoft Entourage v. X for Macintosh
Microsoft Entourage 2001 for Macintosh
Microsoft PowerPoint v. X for Macintosh
Microsoft PowerPoint 2001 for Macintosh
Microsoft PowerPoint 98 for Macintosh
Microsoft Excel v. X for Macintosh
Microsoft Excel …
April 9, 2002 •
4 min read
SecurityMac OS X is UNIX at the core this is very true as described in Apple’s print advertisement, besides sending all others to /dev/null this OS is also open to all the security issues behind the UNIX environment.
Many features that are offered in the UNIX enviornment can lead to security concerns. They’re not to be considered bugs or exploits, just features. Recently Max Grosse shared with SecureMac.com how a feature in sudo could be used to the advantage of hackers to create backdoors or execute malicius code.
The code Max created …
April 6, 2002 •
6 min read
SecurityMacs are Vulnerable, too
Due to the potential vulnerabilities of Mac OS X, Macintosh computer systems are more susceptible to security breaches and threats than ever before. Many Mac users falsely believe that they are immune to virus and hacker attacks. It’s true that Macs are generally affected less by intrusions than PCs, but that’s only because Macintosh makes up such a small percentage of the market. In reality, with the growing number of viruses in existence and the increasing number of hackers on the Internet, there isn’t a computer in …
April 6, 2002 •
5 min read
SecurityThe folks at BSD-H have found a flaw that offers anyone in the admin group the ability to achieve root access via sudo. For those of you new to Mac OS X and the whole Unix environment do not get frustrated, this article will enlighten you about sudo and what steps you need to talk to fix the security issue.
The Flaw
Dubbed ‘RootX’ when this exploit is compiled, the program communicates with a sudo feature to give root to any admin under Mac OS X. Sudo means ‘do this command as …
February 7, 2002 •
4 min read
SecurityStuffing Mac OS and Mac OS X with Nimda Worm
Nimda fills the Macintosh with .eml files if File Sharing is enabled.
Includes Samba.
WW32/Nimda@mm
PE_NIMDA.A
I-Worm.Nimda
W32/Nimda-A
Win32.Nimda.A
W32.Nimda.A@mm, simply known as Nimda is a mass-mailing worm/virus that spread itself via multiple methods. Nimda will send itself out by email and will search for network shares that are open and try to copy itself to vulnerable/unpatched Microsoft IIS web servers and other network connections (Samba/File Sharing).
Nimda is a Windows worm/virus. However, if your Macintosh is connected to the internet or network with File Sharing methods enabled you …
January 5, 2002 •
61 min read
SecurityPRODUCT: Macintosh Hacker’s Workshop (MHW) v1.1
Review by: James M. Buehring
RATING: 4.5 / 5
THE PRODUCT & DEVELOPER:
MWH, or “Macintosh Hackers Workshop” is the first of (hopefully) a long line of products from a security expert team from France named CODE511. The author, grungie, offers up the only graphical UNIX password cracker for OS X to date.
This is not a program for your novice user who is unfamiliar with password files or DES encryption. If “DES” and “passwd” draw a blank for you, skip over this product.
For those of you who could …
December 11, 2001 •
3 min read
SecuritySneak Preview of MacAnalysis for Mac OS X
“Exclusive Previews of MacAnalysis X!”
Lagoon Software’s MacAnalysis has become a manditory program for Macintosh users trying to secure their systems. MacAnalyis is a security auditing suite that runs on your Macintosh, test the security of a local or remote computer system.Read about MacAnalysis @ this SecureMac.com review
After many weeks of programming they are almost ready to start distribution of their Mac OS X version. SecureMac.com was given the program to take a look at – the program follows the same style setup from …
December 2, 2001 •
2 min read
SecurityMarketing your Macintosh Security Programs Online v1.0
Once you have the program created you need people to download, test, and update the software. This simple how to guide is to share with you realms of the Internet where you can reach all different markets, from the hackers, security experts to regular Macintosh users.
Your Web Site
Create a web site the goal is to keep it as clean and simple as possible. Make sure you have pages for the following:
Contact (e-mail address, website – bookmark it, mailing list)
Program (with description, screenshots, and examples)
Index …
November 10, 2001 •
3 min read
SecurityIntroduction
Sophos declares the following in their campaign for Sophos Anti-Virus for Mac
-Malware myth: Macs can’t get viruses.
-SophosLabs have detected over 1,000 threats for Mac OS.
Sophos Anti-Virus for Mac Home Edition runs in the background and scans files for threats whenever your Mac opens them. It comes with an uninstaller (Applications/Remove Sophos) in case you want to remove it after trying it on your system.
I’ll be going through this review step-by-step and cover all the features related to the Mac system, usability, configuration and overall experience. Feel free to follow my …
November 7, 2001 •
17 min read
SecurityBy Bob LeVitus
…. continued from part 1
Most Macs aren’t affected by the latest parasitic outbreaks in the news (Nimda, Code Red, etc.). But while Mac-specific viruses and worms are rare, the most definitely do still exist. Which is why smart Mac users know if they’re at risk and if they are, they take precautions.
Are you at risk? There are three main groups at risk:
The first is anyone who uses any type of writable or rewritable, mountable media: Disk (floppy, Zip, SuperDisk), cartridge (Jaz, Orb, magneto-optical), burnable optical media (CD-R, CD-RW, …
November 6, 2001 •
4 min read
SecurityWe Mac users have a distinct advantage over our less fortunate Windows-using brethren (and sistren)-Macs are far less likely to suffer damage from an attack by a virus, worm, or even a malicious teenager. On the other hand, you shouldn’t be lulled into a false sense of security-your Mac is not immune to viruses, worms and other intrusions. Attacks that target Macs, while rare, do exist.
This subject is too big and too important to cover in a single column, so this week I’ll focus on new Internet security issues raised …
November 5, 2001 •
4 min read
SecurityIntego revolutionized the world of Macintosh security with its widely acclaimed NetBarrier personal firewall product for the Classic Mac OS. Now, they have brought the same powerful and easy to use security product over to Mac OS X. This new product, NetBarrier X, written completely in the Cocoa API, brings the same security and privacy features you expect, only now taken to a whole new level in the stable, multitasking, multi-user environment that is Mac OS X. Unlike other programs such as BrickHouse and Firewalk, which only configure the existing …
October 12, 2001 •
5 min read
SecurityFix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues.
Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability
Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV standards. They said in Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as …
October 6, 2001 •
2 min read
SecurityInformation
SecureMac.com steps into a new realm of security, that is securing the data on your computer. The best way we could think about having your data is secure is to have backups of the data. Backup your data and do it often! Fires happen, hard disks crash, and computers get stolen almost every second of the day.
Tri-BACKUP is the first backup utility for both Mac OS and Mac OS X. The programs easy to use and follow interface makes it possible for even the basic mac user to follow. When …
October 5, 2001 •
4 min read
SecurityOperating System: Max OS X Version Affected: up to 10.1
Security Risk: High
Remote: No
Fixed: 10.20.2001 see below
About
Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the operating system. Once logged into Mac OS X, any user can obtain a root shell by executing a few simple applications in specific order.
Mac OS X is already on computers in every sort of nature, even after the administrator sets up multiple accounts with specific privileges keeping the user from …
October 2, 2001 •
3 min read
SecurityInformation About Startup Security 1.1 for Mac OS 9 & Mac OS X
In case you do not know, your Macintosh may be able to have extra password protection offering you a extra touch of security if you are using Open Firmware 4.1.7 or higher running Mac OS 9 or Mac OS X.
What is Open Firmware Password Protection?
We have a whole discussion on Open Firmware Password protection here. In short it would be compared to the PC’s BIOS password where it asks you for password on startup or while trying to …
August 6, 2001 •
2 min read
Securitypublished: 08.31.2001
remote: Yes
updated: yes
vulnerable: all aim accounts under 10 characters
The security issue was addressed by AOL and to this date does not remain a concern.
Information
Has your AOL Instant Messenger (AIM) account password come up as invalid and you are sure that you entered it correctly? Figure that your account was hijacked by someone using the program AIMThief 5.2 for the Macintosh.
Hackers found a hole in the protocol used by AIM that lets them remotely change any users passwords if the user name is 10 characters of less.
After the AIM account …
August 6, 2001 •
3 min read
Security‘I’ve posted patches for xnu that allow Mac OS X / Darwin to spoof MAC addresses, for use in conjunction with tools like Nemesis and Ettercap’ -peter
Installation
If you’re a seasoned Darwin user or developer, you likely have all the tools ready to go to build xnu, the Darwin kernel. If so, skip ahead to step 5. However, if you’re running Mac OS 10.0.x, there are several steps to go through:
Grab and install the developer tools from Apple’s developer site if you haven’t already.
make and make install relpath from the bootstrap_cmds …
August 6, 2001 •
2 min read
SecurityInformation
SKS or The Shift Key Suite 1.0.6 is an extension for your Macintosh to stop users from being able to hold down the shift key during startup to disable the extensions.
“Holding down the Shift key while booting your Macintosh prevents all extensions to load – an important feature when you have start-up crashes from incompatible extensions.”
Many Macintosh computers have simple security programs setup that are supposed to keep users out, if you do not see options in the preferences to disable the shift key during startup the user may be …
August 5, 2001 •
2 min read