Monday, December 17, 2007

Mac-Security Column for December 2007

[NOTE: This is an article I published in the Syracuse Macintosh User Group (SMUG) monthly newsletter, AppleTree. Anyone is welcome to further publish it wherever they wish as long as the article is not further edited while my name as author and my copyright remain intact. Breaka da rulez and I breaka you head].

Mac Security column
© Derek Currie

Last month I made a quick mention of Clam as a cross platform freeware anti-malware application. For Mac OS X you can obtain and use it in the form of ClamXav or Leopard Cache Cleaner (which runs on Jaguar, Panther and Tiger as well). This month I wanted to point out a couple more shareware anti-malware programs that may or may not be of interest.

But first let's take a tour through the many security enhancements Apple have provided in the past month:

November 12th Apple released the iPhone and iPod Touch version 1.1.2 update. It addressed an all too familiar problem with maliciously crafted images being able to terminate a running program or being able to run arbitrary code, also known as an infamous buffer overflow. This happens when the memory space designated for an application is overrun with data such that it runs into the next contiguous memory sectors. The resulting data can bomb the program using the offended memory sector, or if the trouncing data is properly designed and executed it could potentially take over your computer.

November 14 Apple released the Mac OS X 10.4.11 update as well as Security Update 2007-008 which is applicable to Mac OS X 10.3.9. The both cover the same security issues. Security repairs were provided for the following parts of Mac OS X:

• AppleRAID
• CFNetwork
• CoreFoundation
• CoreText
• Kerberos
• Kernel (6 fixes)
• Networking (5 fixes)
• remote_cmds
• Safari (2 fixes)
• SecurityAgent
• WebCore (9 fixes)
•WebKit (3 fixes)

This update also provides a new security fix version of the Flash Plug-in.

November 14 Apple also released Safari 3 Beta version 3.0.4 for Windows. It patches two vulnerabilities in Safari itself, three vulnerabilities in WebCore and three vulnerabilities in WebKit. The most numerous patches it provides are related to cross-site scripting.

November 15 Apple released the Mac OS X 10.5.1 update, which included three security updates to its firewall. The Leopard firewall has been met with skepticism and disdain. These patches address the most noted problems.

December 13 Apple released QuickTime version 7.3.1 which includes three security updates. Earlier in the month Apple had been slammed by the likes of Secunia and SANS Institute for the continuation of a seemingly unending string of QuickTime security flaws. This update address a few of the problems specifically related to maliciously crafted RTSP movie files, QTL files and the QT Flash media handler. This update is for Mac OS X 10.3.9 on up as well as Windows XP SP2 and Vista.

December 14 Apple released Java 6 for Mac OS X 10.4. Does anyone remember when we were all fed the marketing spin that Java was supposed to the 'safe' programming language that couldn't harm your operating system and hardware? Yeah right, we wish. Surprise! This update covers thirty security flaws in Java for Mac OS X. The fixes prevent the ability of a malicious web page to raid or add to your Keychain (which is an outrageous security flaw) the usual arbitrary code execution and privilege escalation.

In all, these security updates are crucial, many of them patching vulnerabilities that could potentially lead to a hacker taking over your computer. Therefore, as usual, be sure you keep your Mac OS X security updates up-to-date! You can read about all these security updates in detail at:

CONCLUSION: Software coding remains a mysterious art that is constantly full of flaws. Microsoft may be the masters at security blunders, but like it or not there are blunders using even the most deliberately secure of contemporary coding methods. In other words, expect more Mac security flaws and perhaps more Mac malware in the future. But also feel secure that Apple are on their toes these days cleaning up Mac OS X security problems.

Now on to a couple more anti-malware programs for Mac OS X. The first is called MacScan, which claims to identify and isolate Mac OS X Trojans, spyware and Tracking cookies. It is a shareware program that costs around $25. When it is downloaded you are provided with a 30 day demo period. The second program is freeware called Zebra Scanner, which claims to identify disguised Trojans. It has not been updated since 2005.

Let's save some time and let me share my conclusion that both of these programs are useless and unnecessary. However, there are a couple caveats to that statement I will provide below if you care to keep reading:

MacScan has been known in the shareware world as 'MacScam' because of the rather high price for its ability to do next to nothing. Example: I used it to scan for the demo Trojan that Zebra Scanner provides. It couldn't find it. I used it to find Tracker Cookies. It found false positives, it failed to find others until I ran it a second time, and when I asked it to remove those it found it did absolutely nothing. I had to remove the Tracker Cookies by hand. And I'm supposed to pay for this privilege?

The one useful thing MacScan does provide is a list of known 'LEGAL' spyware programs for Mac OS X. You can find this list on their website as well. Legal spyware includes keystroke loggers, VNC and remote administration programs that are openly provided to the Mac market. They are typically used in professional network situations where the network administrator or the boss want to keep track of the work being done by their computer clients or employees. You can find a slew of them available for download by searching with the term 'spyware' at

Meanwhile, I tried to find the blacklist MacScan is supposedly using to identify Tracking Cookies, but I failed. Something tells me I can find one on the Internet, so I will be in search of it this coming month and will share it when I find it.

What are Tracking Cookies? They technically are a mini-version of spyware under the guise of website cookies. They watch where you go on the web, store that information, then feed it back to their home site the next time you visit. It is supposed to be a marketing tool that a website can use for choosing what products to advertise to you. Personally, I consider it privacy intrusion. So I enjoy removing tracking cookies and blocking them from being allowed by my browsers.

Last and least we come to Zebra Scanner. Back when it was written there was a scare than hackers were going to attack the Mac with Trojans that were disguised as such benign things as JPEG files and text messages. But a security fix in Mac OS X 10.4 ended that possibility. Therefore, Zebra Scanner became useless. But there is one small possibility you could still get fooled by a malware application in disguise. That would be if you have your Finder set to NOT show file extensions. I am someone who was rather angry that Apple chose to go with file extensions to identify Mac OS X file types as opposed to the file types being embedded in the file's headers. Those stupid 'dot three' extensions on files are so Windows, so Luddite, so retro, so ugly. Apple actually compromised on the issue and still allows header file type identification, but for the purposes of avoiding Trojans, the dopey file extensions actually come in handy. Here is the example Zebra Scanner provide:

Suppose you are sent something that has a folder icon and has the title 'Christmas Icons'. Great, you figure it has nifty Christmas icons inside the folder. But darn, you have the Finder set to NOT show file extensions. So you have no idea that this bogus folder is actually an application with a fake folder icon pasted on top. So you 'open the folder' but actually find you are infecting yourself with the Trojan.

If you think you could be subject to that infection method, then you should use Zebra Scanner. If however you leave your file extensions left ON, then you can't be fooled. That fake folder's name has '.app' as an extension at the end.

So what if some goon physically removes the '.app' extension? It is very easy to do in Mac OS X. Then what you can do is a Get Info on the file before you do anything with it. The operating system will STILL tell you that it is an application. Therefore, don't run it.

Don't bother trying to come up with other crafty ways to fool the operating system. If you fake an application to be a .txt file the OS will attempt to open it ONLY as a .txt file. It will NOT run it as an application. You are safe. What you will get is an error message saying that the text file is unreadable, which makes sense since it is actually an application. This same routine follows if you change the application to any other extension as well.

CONCLUSION: Be wary of anything at all you receive out of the blue and don't absolutely know to be safe. Expect it to be bad news. (1) Have your extensions turned on in the Finder (2) Always do a Get Info on suspicious anything. (3) To be extra-super-safe, only use your Mac inside a standard account, not an administrator's account. This will help prevent Trojans from doing nasty stuff on an adminstrative level. Only your current standard user account can be hurt.

Next month I will hopefully have a source for a Tracking Cookie blacklist. So stay tuned if you are interested. In the meantime you can keep track of my ongoing Mac security news here at:

Share and Enjoy,


Saturday, December 8, 2007

Symantec Massive Booboo, Again

I suspect this post will come off as snotty. But the fact is that Symantec have consistently been the #1 purveyor of anti-Mac security FUD since 2005. They pulled another FUD attack just this past month.

As ever, FUD is used as a propaganda tactic in order to frighten people into doing your bidding. Our current USA federal executive branch is using FUD to drive a war machine for the purpose of their special interests, as opposed to the actual interests of the citizens they are supposed to be representing. Their particular FUD phrase is 'The Long War' referring to the non-existant 'war' on terrorism.

What has been Symantec's purpose? They want to sell Norton Anti-Virus to Mac users. Not surprisingly their FUD started precisely at the time when it became blatantly evident that Norton AV was one of the single most buggy applications available for Macintosh. Needless to say, Symantec's efforts so far have been rebuffed. The usual response is that Mac users are deliberately ignorant about security. In actuality I think we can all agree that Mac users will very much become knowledgeable about Mac security at such time as it proves to be of actual importance.

Payback is a bitch. And Symantec pulled quite a booboo this past week. You can read all about it here:,2704,2229576,00.asp

To quote PC Magazine:

Update: Symantec Screwup Is 'Worse Than Any Virus'
By Chloe Albanesius

A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers.

. . .

Solid Oak customers including schools, libraries and personal accounts, were not provided with a recovery mechanism and subsequently lost Internet access. Solid Oak did not have an exact number of those affected, but it likely numbers in the tens of thousands, according to a spokeswoman.

Customers have had to re-install entire operating systems and software, she said.

. . .

This is the third time in less than a year that Symantec's Norton products have caused severe damage to computers running CYBERsitter software offerings, said Brian Milburn, president of Solid Oak Software, in a statement. "In my opinion, Norton products are worse than any virus I can think of," he said.

"We have thousands of users with no Internet access and all Symantec has done is to provide our mutual customers with a non-functioning support number that tell them to use on-line support," Milburn added. "The problem is even worse because [it's] the holiday season. Users are trying to order gifts on-line and they can't."

. . .

The situation is "embarrassing" for Solid Oak, Solid Oak's spokeswoman said. The company has been forced to pass along to customers instructions from Symantec, but nothing is working as of Thursday, she said. "People are upset," she said.

Solid Oak received an e-mail from Kevin Haley, Symantec's director of product management for Security Response, at 11 a.m. PST Thursday but no further instructions were relayed at the original time of this story's publication, according to Solid Oak.

Happily Symantec issued a solution this Friday.

Personal blether-fest related to the subject:

As I tell everyone, we are still in 'The Stone Age Of Computing.' Software development in particular is remarkably primitive, a PITA, consistently unreliable, and still requires drastic improvements in user-friendliness. Essentially, the software development task, using the crummy tools and coding philosophies we have at this time, is well beyond the comprehension of any one human being. And as usual, once you get into the process of coding by committee, you can break up a project into pieces, but getting the pieces to all be of the same quality and getting them all to work together properly is just about impossible.

A great example to watch right now is the progress of Mac OS X 10.5 Leopard. Undoubtedly it is the best OS on the market. But new bugs are discovered every single day. It clearly is suffering from what is called the '1.0' effect where the first publicly released version of any program is not-ready-for-prime-time. Why this effect happens so consistently is a complicated matter I may discuss some other time. Suffice it to say that it is expected and eventually works itself out. But nothing is perfect.

Much as I love Mac OS X Tiger, even at the 11th revision it still has bugs. Example: Have you noticed that even in 10.4.11 you still have the icons of some of the files in a folder disappear from time to time? It is because of flaws in the Finder. You can find a freeware tool called Refresh Finder to help overcome this nonsense at:

CONCLUSION: Every software company consistently makes mistakes. It is part of our times. But it is particularly satisfying, in a mean-spirited kind of way I must admit, when a lying, fear-mongering company like Symantec fall of their face due to their own incompetence and arrogance. Let's hope we all learn from our mistakes and learn to treat each other with more understanding and respect.

Friday, December 7, 2007

How To Utterly Destroy The 'Security By Obscurity' Myth

One of the favorite baseless myths about Macintosh is that its incredible security record is due to 'obscurity'. This week the old scarecrow was foisted on the public once again:

The Financial Times tries spreading some Apple Mac security FUD
Thursday, December 06, 2007 - 12:10 PM EST

So, in celebration I have updated a post I regularly make at the comp.sys.mac.advocacy UseNet newsgroup:

How To Utterly Destroy The 'Security By Obscurity' Myth:

Use math.

1) Take the current number of known malware in the wild for Windows. The number is so huge that I never find any sources in agreement. But let's use the very out-of-date, conservative number of 114,000 Apple used in an ad a year ago.

2) Take the number of known malware in the wild for Mac. Just to rub it in I like to inflate this number by including both the number for Mac OS X of 1 (one) and add all the old Mac OS 1 - 9 malware, that being 55. Total = 56 malware for Mac in its entire history.

3) Divide: 114,000 / 56 = 2036.

4) Slowly and kindly explain this to the myth mongers: Using verifiable data there are 2036x more malware for Windows than Mac.

5) Now go in for the kill and calculate the number of malware on a per computer basis for each OS. You can do this using market share percentages. The current agreed percentages are 92% of the US market are Windows boxes and 6% are Macs. (If myth mongers complain that you should use world market numbers, go right ahead. You'll still shock them). Using proportional math:

114,000 is to 56 malware as 92% is to 6% market share times Y, where Y is the difference or disparity factor between the number of malware per computer user for each platform.

Y = (114,000 / 56) / (0.92 / 0.06) = 132

Conclusion: There are 132 times more malware per Windows user than there are per Mac user.

There are theories about why this massive disparity exists. Blame Microsoft incompetence, blame user hatred of the Windows, blame simplicity of hacking Windows. But does 'security of obscurity' of the Mac explain this number? Obviously not.

Then stomp on the grave of this myth:

(A) Take out of the calculations the friendly 55 old non-Mac OS X active malware and point out the figure of 114,000 times more active malware for Windows than Mac. Doing the math, that gives a disparity factor of 7434 times more malware per Windows user than per Mac user. How's that sound?

(B) If there was equality in the security of the Windows platform versus the Mac platform you would at least expect something dramatically closer to a 1:1 ratio of malware per user between the platforms. 132 times more malware per Windows user is utterly insane. What does that make 7434 times more malware?

(C) Considering these figures, why does anyone use Windows? Why are businesses, designed to make money, wasting billions every year on Windows security upkeep and security damage when simply switching to Mac would wipe out nearly all those costs?

Share and Enjoy,


Thursday, November 29, 2007

Secunia report regarding Apple QuickTime RTSP "Content-Type" Header Buffer Overflow

It's Secunia Weekly Summary day! (Every Thursday afternoon). In today's issue they reported the current QuickTime problem. As is typical of Secunia they blew the problem out of all proportions, saying the problem is 'Extremely critical' simply because it affects an Apple program. Big yawn. Nothing new from them. Nonetheless, I really like their analyses once the FUD is stripped away.

You can read their full report at:

Secunia's (admittedly minimal) advice:

"Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files."

Trust, trust, trust. It's all about trust.

Just so Mac users don't feel so bad, here are some statistics for you:

1) This past week Secunia collected 193 NEW Windows malware descriptions from anti-malware providers.
(Keep in mind folks that the term 'virus' is very specific to self-replicating malware. Therefore I never use the term unless it does indeed refer to an actual virus as opposed to some other kind of malware).

2) Vulnerabilities for nine Windows applications were reported this week, including two for IBM Lotus notes.

3) The FBI believes over 2.5 MILLION computers have been hacked into botnets. This is known as zombieing. Since 2005 the FBI estimate over $20 million in losses and theft have resulted from botnet activity. Meanwhile, the computer industry, based on studies from Symantec, believe the figure is more like 5 MILLION zombied computers exist. And guess what folks: NOT ONE OF THEM IS A MAC, unless of course they are running Windows. But do keep in mind that every OS in existence has vulnerabilities and you need to be secure with your Mac when it's on the Internet.

4) There is still only one piece of Mac malware in the wild, the so-called 'Porn Trojan'. (HAHAHA!)

5) There weren't any other Mac platform vulnerabilities reported this week.

I know this has a high 'DUH!' factor among the cognoscenti, but for the rest of us: Remember that Windows malware works just as well when you run Windows via BootCamp, Parallels, or VMWare. You REQUIRE anti-malware AND the Windows firewall turned ON (unless of course you run a separate firewall on top of Windows).

Also, if you are sloppy about your WiFi router security, you can get away with it using Mac OS X. But EXPECT to be infected or zombied if you run Windows on your Mac. Therefore:

(A) Password protect your WiFi router with a nasty-difficult-unguessable password.
(B) Password protect you Mac accounts with a nasty....
(C) Turn on and use the best encryption your WiFi router will allow. WEP sucks but is better than nothing. Aim for WPA or WPA2.
(D) If you don't have visitors connection to your WiFi network regularly, use MAC address authentication.
(E) And if you feel comfortable with it, stealth both your WiFi Macs and your router so no one war-driving even knows you're there.

I'll do a rant session on freeware Windows anti-malware apps, WiFi routers and war-driving in future posts.

Share and Enjoy,


Monday, November 26, 2007

QuickTime RTSP Content-Type header stack buffer overflow

If you have been keeping up with Mac OS X security over the last year, you'll know that the Apple software with the most vulnerabilities has been QuickTime. The security company Secunia have been harping at Apple to get all the holes patched, but the going has been slow. The problem became acutely evident in December 2006 when poor programing in the MySpace interface allowed exploitation of a scripting vulnerability in QuickTime that allowed MySpace sites infected with script malware to infect the MySpace page of visitors. Apple came out with a quick patch specific to MySpace but the overall cleanup of QuickTime's problems has been ongoing.

The new vulnerability, on both Mac and Windows, affects a streaming technology built into QuickTime called RTSP. Hackers are already exploiting the security hole. You can read the details at the US-CERT (United States Computer Emergency Readiness Team) website:

Keep in mind that these are the folks that have been so incredibly inept that the US federal government computer system has been vastly compromised by bots that have been sending secure computer data to China in that country's secretly declared technology war against the rest of the world. So if US-CERT believes this problem with QuickTime is important, it is useful to believe them.

According to US-CERT the impact of this problem is:

"By convincing a user to connect to a specially crafted RTSP stream, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. An attacker can use various types of web page content, including a QuickTime Media Link file, to cause a user to load an RTSP stream."

At this time there is no single solution to the problem. Check the US-Cert link above for some temporary measures that may help. At the very least, have your firewall ON. If you want to complete the firewall cycle, blocking outgoing calls to the Internet, download and try out LittleSnitch, $25 shareware. You can get it from the usual places such as or I am going to read up a bit more on how this vulnerability is exploited to know whether LittleSnitch is any help in this case. If you are using LittleSnitch I would at the very least turn OFF the iTunes and QuickTime player settings to "Allow Any Connection" and "Allow TCP connections to port 554 (rtsp)". Instead you should approve of such connections temporarily one at a time.


Thursday, November 15, 2007

Mac-Security Column for November 2007

Mac-Security Column

© Derek Currie

Until the beginning of November, Macintosh security has been a mute subject. Suddenly it is entirely relevant thanks the very first piece of Mac malware loose in the wild. This has inspired me to fill the Mac security niche with a regular column on the subject.

A quick introduction: I became interested in knowing the facts about Macintosh security in August of 2005 when Symantec where having trouble selling their Norton Anti-Virus for Mac. The program had proven to be very buggy as well as irrelevant. In response Symantec perpetrated a FUD attack against the Mac community, attempting to scare people into buying their software. (FUD is an extremely popular form of propaganda. It is an abbreviation for "Fear, Uncertainty and Doubt.") In response to Symantec I got to work understanding the entire subject of computer security. I point out my favorite sources of knowledge at the bottom of the article. For now, suffice it to say I began writing about the subject in the Macintosh Usenet Newsgroups in order to help other folks understand reality versus FUD. My column here is an expansion of my writing on the subject over the last two years.

Today's column is going to be a crash course relevant to the malware at hand. It is a Trojan horse called OSX.RSPlug.A.

Malware is the overall term for ANY software that is malicious toward a computer. The word 'mal' means 'sick' in French. Trojan horses are applications that have to be hand installed onto a computer to do their dirty work. They are NOT viruses or worms in that by definition they have no ability to self-propagate. Typically they pretend to be something useful and harmless, but they are not. They have what I call a 'Squink' factor. This is a personal term that refers to anything that looks good but is not. In the case of OSX.RSPlug.A it disguises itself as the installer of a QuickTime component codec. Once you provide your administrative password to allow the installation, your goose is cooked and the thing can do whatever it likes on your computer. The current version sets itself up as a replacement of any DNS server you may have running. Anyone accessing your DNS server is NOT sent to the correct IP address they need. Instead they are sent to fraudulent phishing sites that pretend to be what they are not. They have what I call a 'Zunipus' factor. This made up word refers to anything that purports to be honest and true but is not. At the phishing site you are fooled into providing personal information, resulting in identity theft.

OSX.RSPlug.A was at first only available at particular pornography sites on the Internet. Recently it has been found at a variety of other web sites as well. There has been a lot of spam around the Internet enticing readers to these sites. Once you get there and try to play the videos, you are told you need a codec to access them. You are then provided with a link to download the installer. You install it, and the deed is done. This method of lying to you in order to trick you into some sort of detrimental behavior is called 'Social Engineering.' It has been a developing and popular craze in the field of malware for years. Windows users are all too familiar with it. Undoubtedly you have yourself received email enticing you to a fraudulent version of a trusted website where you are asked to provide personal information, such as an ID and password to access the site. This form of social engineering is phishing. In the case of OSX.RSPlug.A, social engineering is expanded to fool you into installing malware.

So, now that the rat is out of the bag, what can you do? As our Mac friend Douglas Adams said: "Don't Panic!" It is remarkably unlikely you are going to fall for the Squink factor of this malware. But this is an occasion to start becoming familiar with Macintosh security strategies. Below is a quickie list of useful tools:

1) Self-education: What you can teach yourself is to never take software for granted. Always download software from reliable sources, such as VersionTracker or MacUpdate. If you download from somewhere other than the proven source site of the developer of the software be very suspicious and do some homework to learn about what exactly this software is. Google is a great tool. Just type in the name of the software and dig around.

2) Anti-Malware application: In the case of OSX.RSPlug.A the only way an anti-malware (incorrectly called 'anti-virus') program would catch this Trojan would be if it scanned everything you downloaded as you download it. That means paying bucks for a professional application. I'll review the options in a later article. For now I believe the consensus is that no, you still don't need to buy anything.

There is a way to seek and destroy this Trojan after it has already been installed. This is through the use of the freeware program Clam. It is an Open Source project that, to be honest, is not perfect. Clam regularly has security issues of its own and must be updated, as an application, on a regular basis. Clam is also slow running and slow to provide malware definitions. But that's what you get for free, and it works. The only thing you can do with it is turn it loose on a regular basis on your hard drive. It has no ability to live scan anything except designated folders. As with any anti-malware program, you must update its malware definitions at least weekly.

There are a couple ways to get the Mac OS X version of Clam. The first is the free way. It is called ClamXav for Mac OS X:

The site has a nice set of documentation as well as a forum where you can talk with other folks about Mac security. Note: Versions of ClamXav are available all the way back to Mac OS X 10.2. You will find them at the site. Malware definition updates are made from within the program. If you like ClamXav, by all means donate some money to the cause.

My preferred way to get Clam is via Leopard Cache Cleaner (which actually works on all versions of Mac OS X back to 10.2). For $9 this is a brilliant program I highly recommend. But even if you don't want to pay for it, yet, the free options it provides are very good. This includes a full integration of ClamXav in a very simple GUI.

A new and niffy kewl feature in Leopard Cache Cleaner is the ability to scan for rootkits. What are they?! Stay tuned. It is quite a nasty subject. For now, let's just hope this form of malware never becomes an important issue on Macs.

3) The Mac OS X firewall: Apple provide it, so use it. Access Apple's Help in Mac OS X if you have questions. The version in Leopard is not-ready-for-prime-time I am sad to say. Apple is working on it. Leopard actually has a second, brilliant, but user-hostile firewall built-in as well. We will discuss it in a future article.

4) Little Snitch: This is what I call a 'reverse firewall.' It stops absolutely everything from contacting your LAN or the Internet without your permission. You have to be a bit of a geek to appreciate it as it pops up little windows asking for your permission to allow network access. But once you understand what it does and are willing to put in the effort to work with it properly, you can't do with out it. In the case of our Trojan OSX.RSPlug.A, it literally would be stopped dead in its tracks without your deliberately approving of it grabbing phishing URLs off the Internet, then sending out those URLs to suckers accessing its fake DNS service. In fact, Little Snitch can be used by malware warriors to find out from where the phishing URLs are being grabbed. Versions capable of running all the way back to Mac OS X 10.2 are available on the site. $25.

We have only touched the tip of the iceberg here regarding Mac security. Rather than overwhelm, I am simply going to point you to some other useful sources of information:

A) Apple have a dedicated support site for product security:

You can also subscribe to their highly recommended Security-Announce mailing list via their website or RSS:

B) Secunia: These folks are hyper-Apple critical. But they get results. They helped inspire the recent security improvements in QuickTime. Their website is stunning. I subscribe to their Weekly Summary mailing list.

C) SANS Institute: These folks are outright anti-Mac bigots. Their editors are snide and anything but objective in their comments. Their underlying motivation is to FUD you into paying for their computer security courses. Big yawn. Nonetheless I find their newsletters to be very useful. I subscribe to NewsBites, @Risk and Ouch!

That's it for this month.

Share and Enjoy! :-Derek

Sunday, November 11, 2007

Attack Of The Porn Trojan

Trojans have long been associated with pornography. But in this case, in the Macintosh community, we have a very bad Trojan called
OSX.RSPlug.A. It's not that someone poked holes in the Trojan, it's that the Trojan itself is the hole. You don't want this malware impregnating your Mac, so it's time to learn how to be safe while you enjoy Internet.

I wrote the Mac security article posted above specifically for the use of Macintosh user groups. You are entirely welcome to grab it and post it wherever you like, as long as you do not change it. That means you must include the headers with my name and my copyright. If you don't follow the rules, I will come and get you. So please be respectful of my work. You are welcome. :-Derek