Apple released in the last days upgrades to it's Tiger (10.4) and Leopard (10.5) versions of OS X.
For those unfamiliar with Mac OS X: this isn't just security patches, it somewhat comparable to what Microsoft calls a service pack. As such it can include stability fixes, features, etc. and security fixes.
10.4.11 includes a long list of security fixes. Since it's a all or nothing deal, there's very little real use in discussing all of them individually. Just take the plunge: there are a few bad ones in there, so you'll need it anyway. Some readers wrote us that there might be some issues with it all, so be careful. That said, I'm running it for a bit already and have not seen a single bad thing so far.
* CVE-2007-3456
* CVE-2007-4678
* CVE-2007-2926
* CVE-2005-0953
* CVE-2005-1260
* CVE-2007-4679
* CVE-2007-4680
* CVE-2007-0464
* CVE-2007-4681
* CVE-2007-4682
* CVE-2007-3999
* CVE-2007-4743
* CVE-2007-3749
* CVE-2007-4683
* CVE-2007-4684
* CVE-2007-4685
* CVE-2006-6127
* CVE-2007-4686
* CVE-2007-4687
* CVE-2007-4688
* CVE-2007-4269
* CVE-2007-4689
* CVE-2007-4267
* CVE-2007-4268
* CVE-2007-4690
* CVE-2007-4691
* CVE-2007-0646
* CVE-2007-4692
* CVE-2007-4693
* CVE-2007-4694
* CVE-2007-4695
* CVE-2007-4696
* CVE-2007-4697
* CVE-2007-4698
* CVE-2007-3758
* CVE-2007-3760
* CVE-2007-4671
* CVE-2007-3756
* CVE-2007-4699
* CVE-2007-4700
* CVE-2007-4701
10.5.1 includes some security fixes too, all centered around the application firewall:
* CVE-2007-4702
* CVE-2007-4703
* CVE-2007-4704
Apple also released patches for the beta of safari, but hey, it's beta software!
Rex pointed out we were missing the security update to 10.3.9 (Panther) that fixes many of the security problems also fixed in 10.4.11.
Friday, November 16, 2007
Panther/Tiger/Leopard Updates
http://isc.sans.org/diary.html?storyid=3656:
Sunday, November 04, 2007
DNS changer Trojan for Mac (!) in the wild
http://isc.sans.org/diary.html?storyid=3595
This is rather shocking (and not so shocking...both at the same time).
This is NOT a failing of OS X. This trojan installs via some social engineering...a human and not object failure.
[UPDATE:
I've added the following rule (highlighted at the above link) to two of my Snort sensors:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)"; flow:established,to_server; content:"GET "; depth:4; content:" HTTP/1.1|0d 0a|Accept-Language\: "; pcre:"/Accept-Language\: [a-zA-Z0-9]{20}/"; classtype:trojan-activity; sid:2007650; rev:1;)]
This is rather shocking (and not so shocking...both at the same time).
This is NOT a failing of OS X. This trojan installs via some social engineering...a human and not object failure.
[UPDATE:
I've added the following rule (highlighted at the above link) to two of my Snort sensors:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE CURRENT_EVENTS Mac Trojan HTTP Checkin (accept-language violation)"; flow:established,to_server; content:"GET "; depth:4; content:" HTTP/1.1|0d 0a|Accept-Language\: "; pcre:"/Accept-Language\: [a-zA-Z0-9]{20}/"; classtype:trojan-activity; sid:2007650; rev:1;)]
Friday, October 19, 2007
Mac Security - ISC Cyber Security Awareness
http://isc.sans.org/diary.html?date=2007-10-18
Cyber Security Awareness Tip #18: Mac Tips
Published: 2007-10-18,
Last Updated: 2007-10-18 18:13:37 UTC
by George Bakos (Version: 1)
Welcome to day 18 of Cyber Security Awareness Month. Today we're welcoming your tips on securely working with Apple Mac systems. Let's start off with a bit of sage guidance I already received: Don't assume that your machine is secure simply because it's a Mac. While OS[789X] doesn't enjoy the sheer volume of badguy attention as other operating systems, the number certainly isn't zero and you can expect it to grow.
It's amazing how many Mac users and admins are submitting tips. What is even more amazing is how many of those tips are repeated by the majority of you. Can you spell c-o-n-s-e-n-s-u-s?
The vast majority of them are Mac versions of general Best Practices, but with a few software-specific tweaks. Here is a list sent in from Kim at Pepperdyne:
1. Keep your firewall up - the Mac firewall is decent - use it consistently.
2. Keep patched - its better for Jobs' engineers to do a job on your computer, than for an intruder to do so. If you want to check for patch problems because your system has critical uptime, I find macintouch.com to be a prompt bellwether for patching issues. Oh, and see #3
3. Back up your system - an external HD and Carbon Copy Cloner is an effective solution for single computers. Back up to an encrypted HD image and/or physically secure your backup disk.
4. Do updates and installs with an administrator account; do your web and email with a different account.
5. Keychain is a huge advantage on the Mac, but definitely use a strong password. I advise one that is over 15 characters to defeat the behind-the-scenes LANMAN hashing that takes place on Macs that provide windows fileshares.
6. Turn on Filevault home directory encryption. As strong as your password x 128-bit AES. Make a strong master password and put it in an envelope and place it with your secret papers (tell your partner/lawyer/boss/spouse where it is, as appropriate). I've been using FileVault under Tiger for over a year. My home directory has survived crashes and forced reboots (yah, they happen on Macs) on both Intel & PPC architectures.
If you have a tip, shoot it in using our contact form and I'll post them here throughout the day.
Cheers!
g
Saturday, October 13, 2007
PHPSysInfo installed on G4 PowerMac
I wanted to better understand the internals of the 'new' system and get a feel for how it deals with load, so I installed PHPSysInfo for Macs.
I had problems getting .php files to render (dunno why, as I run several sites that utilize PHP on my LAN. I guess the issue was that I keep forgetting that Macs are similar to BSD and that I'm still a bit intimidated by the file structure of Macs.), so I did a web search and found the following:
http://www.devarticles.com/c/a/Apache/Using-Apache-and-PHP-on-Mac-OS-X/
This helped totally, and I can now monitor my system in a pretty GUI.
I'd still like to give ntop a spin, though. I friend showed me his install of ntop and I was highly impressed. Looks like a new project for me!
I had problems getting .php files to render (dunno why, as I run several sites that utilize PHP on my LAN. I guess the issue was that I keep forgetting that Macs are similar to BSD and that I'm still a bit intimidated by the file structure of Macs.), so I did a web search and found the following:
http://www.devarticles.com/c/a/Apache/Using-Apache-and-PHP-on-Mac-OS-X/
cd /etc/httpd
Next step is to use "root" privileges, start up the text editor named "Pico" and edit the "httpd.conf" file.
Use the following command in the Terminal.app:
sudo pico httpd.conf
Type the root password and you are ready to go.
Locate the 4 lines:
#LoadModule php4_module
#AddModule mod_php4.c
#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
Use your arrow keys to navigate the document and remove only the pound signs "#". The best way to navigate is to use the DOWN arrow key and stay to the left Side of the document. To remove the pound sign, hit the right arrow to the right Of the sign and then hit the DELETE key.
Warning: Only remove the pound signs!! Keep the lines of code where they are and do not relocate them!! You have been warned!
The changed lines should look like this:
LoadModule php4_module
AddModule mod_php4.c
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Save the file by hitting the CTRL + X keys. Pico will ask you if you want to save the document, just hit the Y key to say “YES”. By uncommenting the lines you will load PHP as a module and help the Apache Web Server Serve any PHP file types. You can also create PHP files with another extension simply by adding another Type to the list in the "httpd.conf" file.
What if I wanted all of my PHP files to end with the. bozo extension? Simple, just add this line to the "httpd.conf" file situated next to the AddType section.
AddType application/x-httpd-php .bozo
After you save the file and restart the Apache Web Server, any PHP file saved with that .bozo extension would display your PHP coding just like a normal PHP file. Now close and save the file. We have to restart the Apache Web Server for everything to take effect. If Apache is running, turn it off by clicking the "Web Sharing On" button that says, "Stop" located in the "Sharing" Section of the System Preferences.
This helped totally, and I can now monitor my system in a pretty GUI.
I'd still like to give ntop a spin, though. I friend showed me his install of ntop and I was highly impressed. Looks like a new project for me!
Thursday, October 04, 2007
What's Up With My Macbook?
I haven't done much with my Macbook since adding more RAM.
I'm using a good bit of dashboard widgets. For instance, I'm using the calendar, Ministats, AccuWeather, calculator, temperature monitor, and RAM/CPU monitoring tools.
I'm also using iStats...it is a pretty awesome tool!
I've not done much else, though... :(
I'd like to add a GB of RAM soon, but other than that, I'm fine with things the way they are at this point in time.
I'd also like to jump to Leopard when it is finally released (sometime in October).
I'm using a good bit of dashboard widgets. For instance, I'm using the calendar, Ministats, AccuWeather, calculator, temperature monitor, and RAM/CPU monitoring tools.
I'm also using iStats...it is a pretty awesome tool!
I've not done much else, though... :(
I'd like to add a GB of RAM soon, but other than that, I'm fine with things the way they are at this point in time.
I'd also like to jump to Leopard when it is finally released (sometime in October).
'New' Mac G4 Power Mac acquired!
I've not posted in QUITE awhile. Not that I've been idle, but I've been more active in my Slackware blog, documenting mostly security-oriented material, but 2 weeks ago, I got a surprise.
A friend of mine has purchased a sailboat with the intention of living in it, which means that everything in his current home has to be trashed, sold, or given away. He had a Macintosh G4 Power Mac that he needed to get rid of, so I took it off his hands! The image to the upper left is a spitting image of the machine that I now have.
The machine itself isn't particularly powerful, but it appears to be cutting-edge for its day: dual 550MHz PowerPC processors (!!), 30GB hard disk (this is the original disk), 768MB of RAM, a CD-RW drive, and a ZIP drive. I did not know that this was a dual processor system until I checked while typing this post...this is quite a surprise.
Now, I got the Mac and it was running Mac OS X 10.3.9 Panther Server, but the drive immediately began to make noises and I got fed up and replaced it with a 100GB Seagate IDE drive, which was only $50. I could've went bigger, but these machines only recognize 120GB or so, due to BIOS limitations. There are workarounds to avoid this limitation, but I'm not going to spend a lot of money on a 7-year-old system if I can help it. I went out and bought the latest Mac OS X Tiger and installed it on the new drive without issues. The system runs very well. I think I'd much rather run Panther (Server) but my friend didn't provide me with the disks.
The stats of this system are below:
Machine Name: Power Mac G4
Machine Model: PowerMac3,4
CPU Type: PowerPC G4 (11.3)
Number Of CPUs: 2
CPU Speed: 533 MHz
L2 Cache (per CPU): 1 MB
Memory: 768 MB
Bus Speed: 133 MHz
Boot ROM Version: 4.1.8f5
This box is going to be a riot! Hopefully, I can even upgrade the CPU to something more substantial, but for now, I can probably get away with adding more RAM. [EDIT 03/17/2010: Not! CPUs for this machine are EXPENSIVE! I've also added more RAM and the system now has 1GB of PC133-333 (1x512MB and 2x256MB)...one slot is still empty. It'll take 2GB of RAM when using OS X, but only 1.5GB if using OS 9.]
This system will most likely end up serving web pages and serving MySQL content.
Sunday, February 18, 2007
The Dreaded Brown Stains...
I've got the dreaded staining on the sides of the touchpad and the touchpad and pad button. I've been using Mr. Clean's Magic Erase and it's doing a decent job but not removing 100% of it. I do wash my hands a lot but evidently this isn't a cleanliness thing. I've had the laptop since last July and while I don't use the laptop overly much (I've 8 other machines in the house, not including my wife's laptop), I use it just enough to where it should be getting a bit of wear on it in 7 months of use, so I'm not going to report it to Apple just yet, unless it gets a lot worse.
Subscribe to:
Posts (Atom)