'Security'에 해당되는 글 19건

  1. 2011.12.05 Information Security Interview Questions by CEOinIRVINE
  2. 2011.12.05 Security Advisory by CEOinIRVINE 1
  3. 2010.04.23 Java Applet Security Model by CEOinIRVINE
  4. 2010.04.02 Computer Security Consulting by CEOinIRVINE
  5. 2009.04.01 Visa, MasterCard In Security Hot Seat by CEOinIRVINE
  6. 2009.02.08 How to be penetration tester? (Computer Security Specialist?) by CEOinIRVINE
  7. 2009.02.06 Security Metrics by CEOinIRVINE
  8. 2009.02.06 Security Checklists by CEOinIRVINE
  9. 2008.12.30 New Mac Security News by CEOinIRVINE 1
  10. 2008.12.17 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities by CEOinIRVINE

Information Security Interview Questions

websec

What follows is a list of questions for use in vetting candidates for positions in Information Security. Many of the questions are designed to get the candidate to think, and to articulate that thought process in a scenario where preparation was not possible. Observing these types of responses is often as important as the actual answers.

I’ve mixed technical questions with those that are more theory and opinion-based, and they are also mixed in terms of difficulty. A number of trick questions are included, but the goal there is to expose glaring technical weakness, not to be cute. I also include with each question a few words on expected responses.

Where do you get your security news from?

Here I’m looking to see how in tune they are with the security community. Answers I’m looking for include syndication feeds for solid sites like liquidmatrix, packetstorm, rootsecure, secguru, astalavista, whitedust, internet storm center, etc. The exact sources don’t really matter. What does matter is that he doesn’t respond with, “I go to the CNET website.”, or, “Steve Gibson’s home page”. It’s these types of answers that will tell you he’s likely not on top of things.

If you had to both encrypt and compress data during transmission, which would you do first, and why?

If they don’t know the answer immediately it’s ok. The key is how they react. Do they panic, or do they enjoy the challenge and think through it? I was asked this question during an interview at Cisco. I told the interviewer that I didn’t know the answer but that I needed just a few seconds to figure it out. I thought out loud and within 10 seconds gave him my answer: “Compress then encrypt. If you encrypt first you’ll have nothing but random data to work with, which will destroy any potential benefit from compression.”

What’s the difference between HTTP and HTML?

Obviously the answer is that one is the networking/application protocol and the other is the markup language, but again–the main thing you’re looking for is for him not to panic.

How does HTTP handle state?

It doesn’t, of course. Not natively. Good answers are things like “cookies”, but the best answer is that cookies are a hack to make up for the fact that HTTP doesn’t do it itself.

What exactly is Cross Site Scripting?

You’d be amazed at how many security people don’t know even the basics of this immensely important topic. We’re looking for them to say anything regarding an attacker getting a victim to run script content (usually Javascript) within their browser.

What’s the difference between stored and reflected XSS?

Stored is on a static page or pulled from a database and displayed to the user directly. Reflected comes from the user in the form of a request (usually constructed by an attacker), and then gets run in the victim’s browser when the results are returned from the site.

What are the common defenses against XSS?

Input Validation/Output Sanitization, with focus on the latter.

What’s the difference between symmetric and public-key cryptography

Standard stuff here–single key vs. two keys, etc, etc.

In public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?

You encrypt with the other person’s public key, and you sign with your own private. If they confuse the two, don’t put them in charge of your PKI project.

What kind of network do you have at home?

Good answers here are anything that shows you he’s a computer/technology/security enthusiast and not just someone looking for a paycheck. So if he’s got multiple systems running multiple operating systems you’re probably in good shape. What you don’t want to hear is, “I get enough computers when I’m at work..” I’ve yet to meet a serious security guy who doesn’t have a considerable home network.

What is Cross-Site Request Forgery?

Not knowing this is more forgivable than not knowing what XSS is, but only for junior positions. Desired answer: when an attacker gets a victim’s browser to make requests, ideally with their credentials included, without their knowing. A solid example of this is when an IMG tag points to a URL associated with an action, e.g. http://foo.com/logout/. A victim just loading that page could potentially get logged out from foo.com, and their browser would have made the action, not them (since browsers load all IMG tags automatically).

How does one defend against CSRF?

Nonces required by the server for each page or each request is an accepted, albeit not foolproof, method. Again, we’re looking for recognition and basic understanding here–not a full, expert level dissertation on the subject. Adjust expectations according to the position you’re hiring for.

What port does ping work over?

A trick question, to be sure, but an important one. If he starts throwing out port numbers you may want to immediately move to the next candidate. Hint: ICMP is a layer 3 protocol (it doesn’t work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols.

How exactly does traceroute/tracert work at the protocol level?

This is a fairly technical question but it’s an important concept to understand. It’s not natively a “security” question really, but it shows you whether or not they like to understand how things work, which is crucial for an Infosec professional. If they get it right you can lighten up and offer extra credit for the difference between Linux and Windows versions.

The key point people usually miss is that each packet that’s sent out doesn’t go to a different place. Many people think that it first sends a packet to the first hop, gets a time. Then it sends a packet to the second hop, gets a time, and keeps going until it gets done. That’s incorrect. It actually keeps sending packets to the final destination; the only change is the TTL that’s used. The extra credit is the fact that Windows uses ICMP by default while Linux uses UDP.

If you were to start a job as head engineer or CSO at a Fortune 500 company due to the previous guy being fired for incompetence, what would your priorities be? [Imagine you start on day one with no knowledge of the environment]

We don’t need a list here; we’re looking for the basics. Where is the important data? Who interacts with it? Network diagrams. Visibility touch points. Ingress and egress filtering. Previous vulnerability assessments. What’s being logged an audited? Etc. The key is to see that they could quickly prioritize, in just a few seconds, what would be the most important things to learn in an unknown situation.

As a corporate Information Security professional, what’s more important to focus on: threats or vulnerabilities?

This one is opinion-based, and we all have opinions. Focus on the quality of the argument put forth rather than whether or not they they chose the same as you, necessarily. My answer to this is that vulnerabilities should usually be the main focus since we in the corporate world usually have little control over the threats.

Another way to take that, however, is to say that the threats (in terms of vectors) will always remain the same, and that the vulnerabilities we are fixing are only the known ones. Therefore we should be applying defense-in-depth based on threat modeling in addition to just keeping ourselves up to date.

Both are true, of course; the key is to hear what they have to say on the matter.

Describe the last program or script that you wrote. What problem did it solve?

All we want to see here is if the color drains from the guy’s face. If he panics then we not only know he’s not a programmer (not necessarily bad), but that he’s afraid of programming (bad). I know it’s controversial, but I think that any high-level security guy needs some programming skills. They don’t need to be a God at it, but they need to understand the concepts and at least be able to muddle through some scripting when required.

What are Linux’s strengths and weaknesses vs. Windows?

Look for biases. Does he absolutely hate Windows and refuse to work with it? This is a sign of an immature hobbyist who will cause you problems in the future. Is he a Windows fanboy who hates Linux with a passion? If so just thank him for his time and show him out. Linux is everywhere in the security world.

What’s the difference between a threat, vulnerability, and a risk?

As weak as the CISSP is as a security certification it does teach some good concepts. Knowing basics like risk, vulnerability, threat, exposure, etc. (and being able to differentiate them) is important for a security professional. Ask as many of these as you’d like, but keep in mind that there are a few differing schools on this. Just look for solid answers that are self-consistent.

Cryptographically speaking, what is the main method of building a shared secret over a public medium?

Diffie-Hellman. And if they get that right you can follow-up with the next one.

What’s the difference between Diffie-Hellman and RSA?

Diffie-Hellman is a key-exchange protocol, and RSA is an encryption/signing protocol. If they get that far, make sure they can elaborate on the actual difference, which is that one requeres you to have key material beforehand (RSA), while the other does not (DH). Blank stares are undesirable.

What kind of attack is a standard Diffie-Hellman exchange vulnerable to?

Man-in-the-middle, as neither side is authenticated.

What’s the goal of information security within an organization?

This is a big one. What I look for is one of two approaches; the first is the über-lockdown approach, i.e. “To control access to information as much as possible, sir!” While admirable, this again shows a bit of immaturity. Not really in a bad way, just not quite what I’m looking for. A much better answer in my view is something along the lines of, “To help the organization succeed. ”This type of response shows that the individual understands that business is there to make money, and that we are there to help them do that. It is this sort of perspective that I think represents the highest level of security understanding—-a realization that security is there for the company and not the other way around.

Are open-source projects more or less secure than proprietary ones?

The answer to this question is often very telling about a given candidate. It shows 1) whether or not they know what they’re talking about in terms of development, and 2) it really illustrates the maturity of the individual (a common theme among my questions). My main goal here is to get them to show me pros and cons for each. If I just get the “many eyes” regurgitation then I’ll know he’s read Slashdot and not much else. And if I just get the “people in China can put anything in the kernel” routine then I’ll know he’s not so good at looking at the complete picture.

The ideal answer involves the size of the project, how many developers are working on it (and what their backgrounds are), and most importantly — quality control. In short, there’s no way to tell the quality of a project simply by knowing that it’s either open-source or proprietary. There are many examples of horribly insecure applications that came from both camps.

What’s the difference between encoding, encryption, and hashing?

Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.

Who do you look up to within the field of Information Security? Why?

A standard question type. All we’re looking for here is to see if they pay attention to the industry leaders, and to possibly glean some more insight into how they approach security. If they name a bunch of hackers/criminals that’ll tell you one thing, and if they name a few of the pioneers that’ll say another. If they don’t know anyone in Security, well…consider closely what position you’re hiring them for. Hopefully it’s a junior position.

Advanced

Ok, now for some more advanced questions:

  1. If I’m on my laptop, here inside my company, and I have just plugged in my network cable. How many packets must leave my NIC in order to complete a traceroute to twitter.com?

    The key here is that they need to factor in all layers: Ethernet, IP, DNS, ICMP/UDP, etc. And they need to consider round-trip times. What you’re looking for is a realization that this is the way to approach it, and an attempt to knock it out. A bad answer is the look of WTF on the fact of the interviewee.


  2. How would you build the ultimate botnet?

    Answers here can vary widely; you want to see them cover the basics: encryption, DNS rotation, the use of common protocols, obscuring the heartbeat, the mechanism for providing updates, etc. Again, poor answers are things like, “I don’t make them; I stop them.”

Bonus: Scenario Role-Play

For special situations you may want to do the ultimate interview question. This is a role-played scenario, where the candidate is a consultant and you control the environment. I had one of these during an interview and it was quite valuable.

So you tell them, for example, that they’ve been called in to help a client who’s received a call from their ISP stating that one or more computers on their network have been compromised. And it’s their job to fix it. They are now at the client site and are free to talk to you as the client (interviewing them), or to ask you as the controller of the environment, e.g. “I sniff the external connection using tcpdump on port 80. Do I see any connections to IP 4.2.2.2?” And you can then say yes or no, etc.

From there they continue to troubleshooting/investigating until they solve the problem or you discontinue the exercise due to frustration or pity.

Feel free to contact me if you have any comments on the questions, or if you have an ideas for additions.

Posted by CEOinIRVINE
l

Security Advisory

Hacking 2011. 12. 5. 02:17

Adobe Releases Security Advisory for Adobe Flex SDK

added December 1, 2011 at 10:44 am

Adobe has released a security advisory to alert users of a vulnerability that affects Adobe Flex SDK. This vulnerability affects Adobe Flex SDK 4.5.1 and earlier 4.X and 3.6 and earlier 3.X for Windows, Macintosh, and Linux operating systems. Exploitation of this vulnerability may allow an attacker to perform a cross-site scripting attack within the Adobe Flex SDK application.

US-CERT encourages users and administrators to review the Adobe Security Bulletin and apply any necessary updates to mitigate the risk.


Google Releases Chrome 15.0.874.121

added November 17, 2011 at 02:23 pm

Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and Chrome Frame to address a vulnerability. This vulnerability allows an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.121.


Internet Systems Consortium Releases BIND-P1 Patches

added November 17, 2011 at 11:27 am

The Internet Systems Consortium has released updates for BIND to address a vulnerability. This vulnerability may allow an attacker to cause a denial-of-service condition. Please refer to the Internet Systems Consortium advisory for additional information.

US-CERT recommends that administrators of this product apply the respective patches for BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, and 9.4-ESV-R5-P1 or check with their software vendors for updated versions.


Apple Releases iTunes 10.5.1

added November 15, 2011 at 09:25 am

Apple has released iTunes 10.5.1 to address a vulnerability. This vulnerability may allow an attacker to conduct a man-in-the-middle attack that could lead a user to click on a forged link believed to have originated from Apple.

US-CERT encourages users and administrators to review Apple article HT5030 and apply any necessary updates to help mitigate the risks.


Fraudulent Digital Certificates Could Allow Spoofing

added November 10, 2011 at 04:25 pm | updated November 14, 2011 at 02:48 pm

US-CERT is aware of public reports that DigiCert Sdn. Bhd* has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the parent Certificate Authority to DigiCert Sdn. Bhd, has released a statement containing more information.

Mozilla has released Firefox 8 and Firefox 3.6.24 to address this issue. Additional information can be found in the Mozilla Security Blog.

Microsoft has provided an update for all supported versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2641690.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

*DigiCert Sdn. Bhd is not affiliated in any way with the US-based corporation DigiCert, Inc.


Adobe Releases Security Advisory for Adobe Flash Player and Adobe AIR

added November 11, 2011 at 09:30 am

Adobe has released a security advisory to alert users of vulnerabilities affecting Adobe Flash Player and Adobe AIR. These vulnerabilities affect Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux, Solaris, Adobe Flash Player 11.0.1.153 for Android, and Adobe AIR 3.0 for Windows, Macintosh, and Android. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Adobe Security Bulletin and apply any necessary updates to help mitigate the risk.


Apple Releases iOS 5.0.1

added November 10, 2011 at 04:16 pm

Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5052 and apply any necessary updates to help mitigate the risk.


Google Releases Chrome 15.0.874.120

added November 10, 2011 at 03:23 pm

Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.120.


Operation Ghost Click Malware

added November 10, 2011 at 12:52 pm

On November 9, 2011 US Federal prosecutors announced Operation Ghost Click, an ongoing investigation that resulted in the arrests of a cyber ring of seven people who allegedly ran a massive online advertising fraud scheme that used malicious software to infect at least 4 million computers in more than 100 countries.

The cyber ring, comprised of individuals from Estonia and Russia, allegedly used the malicious software, or malware, to hijack web searches to generate advertising and sales revenue by diverting users from legitimate websites to websites run by the cyber ring. In some cases, the software, known as DNSChanger, would replace advertising on popular websites with other ads when viewed from an infected computer. The malware also could have prevented users' anti-virus software from functioning properly, thus exposing infected machines to unrelated malicious software.

US-CERT encourages users and administrators to use caution when surfing the web and to take the following preventative measures to protect themselves from malware campaigns:

  • Refer to the FBI's announcement of Operation Ghost Click for additional information on how to protect yourself and recover from DNSChanger attacks.
  • Maintain up-to-date antivirus software.
  • Configure your web browser as described in the Securing Your Web Browser document.
  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
Posted by CEOinIRVINE
l

Java Applet Security Model

Hacking 2010. 4. 23. 18:50

Java Applet Security Model

The standard Java applet security model forces downloaded Java applets to run within a highly restrictive sandbox, severely limiting their capabilities as well as the damage they can do to the user's system. The sandbox prevents applets from accessing the machine's file system, which includes the registry on a Windows box, and does not allow them to launch other programs. Additionally, applets cannot communicate with any system on the network except with the host from which the browser downloaded them. I've always been surprised by the use of the word sandbox to describe this critical component of the Java security model. Although this word invokes happy images of children playing peacefully, most parents know that children playing in a sandbox can jump out of the sandbox and spread sand everywhere. Who uses a sandbox to improve security? I use locks, keys, cages, and other physical devices to protect my stuff. Therefore, I think of the Java sandbox as more of a locked cage. Java applets can operate within the cage, but cannot reach outside of the cage to cause any damage (provided that the cage itself is secure, of course).

In the example depicted in Figure 4.12, the SSH applet was operating within these sandbox restrictions. Therefore, I was only able to make an SSH connection to the Web server that was hosting the applet. If I asked the applet to connect to another host, say ftp.example.com, for example, the JRE would block the attempt and present me with the following error message:

java.security.AccessControlException: access denied (java.net.SocketPermission ftp.example.com resolve)


'Hacking' 카테고리의 다른 글

Back up Jailbreaked iPhone APPs  (0) 2010.09.21
TCP Analysis - Section 4:TCP Flag Options  (1) 2010.05.25
SSH JAVA APPLET http://javassh.org/space/start  (1) 2010.04.23
Malware Analysis  (0) 2010.04.23
Computer Security Consulting  (0) 2010.04.02
Posted by CEOinIRVINE
l

'Hacking' 카테고리의 다른 글

SSH JAVA APPLET http://javassh.org/space/start  (1) 2010.04.23
Malware Analysis  (0) 2010.04.23
Update Snort  (0) 2010.03.04
BASE 2010.3.3. Wed  (1) 2010.03.04
Snort IDS Installation  (0) 2010.03.04
Posted by CEOinIRVINE
l

Criminal hackers aren't just hard to catch. They're also hard to blame.

In security breach cases last year, such as Hannaford Bros. supermarket and the card processing firm Heartland Payment Systems, the cybercriminals who gained access to millions of consumers' credit card details haven't been--and may never be--identified or prosecuted.

So in a hearing Tuesday, the House of Representative's Committee on Homeland Security took aim at a more accessible target: credit card companies like Visa and MasterCard (nyse: MA - news - people ), which are responsible for creating and enforcing the Payment Card Industry (PCI) standards that failed to prevent those breaches.

Given that both Hannaford and Heartland had complied with PCI rules, the congressional panel turned the spotlight on the credit card companies, arguing that their security measures need to be redesigned or supplemented with federal laws--a potential crackdown that could require changes on the part of both retailers and financial services companies.

"I don't believe that PCI standards are worthless," said Rep. Yvette Clark, D-N.Y., who led the hearing. "But I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure. It is not."

Clark called for changes to the standards that included better encryption of data, more frequent updates to the rules to keep up with constantly shifting cybercriminal tactics and new technologies for preventing identity theft like "chip and PIN" cards--a system currently used in Britain that checks personal identification numbers against a tiny microchip in the card itself.

Behind those recommendations loomed the threat of legislation. Rep. Bennie Thompson, D-Miss., the Homeland Security Committee's chairman, suggested that the PCI rules were written by card companies to shift blame to retailers and partners rather than actually preventing cybercrime.

"I'm concerned that as long as the payment card industry is writing the standards, we'll never see a more secure system," Thompson said. "We in Congress must consider whether we can continue to rely on industry-created standards, particularly if they're inadequate to address the ongoing threat."

Congress's growing attention to obscure payment-card security practices is the result of a steady increase in the number of data breaches nationwide, combined with several high profile information spills in the last year.

The Identity Theft Resource Center counted 646 data breach incidents in 2008, a 47% increase over 2007's total of 446 breaches, itself a record for the most breaches tallied in a single year. (See: "Data Security's Worst Year Yet.")

Those dismal numbers were followed by another shock to the world of cybersecurity: the revelation in January of a breach at Princeton, N.J.-based Heartland that potentially revealed more than a hundred million credit card numbers to hackers--the most of any breach in history. Heartland, like several major breach victims before it, had been approved as compliant with the card industry's security standards.

At Tuesday's hearing, retailers chimed in with their own criticisms of those standards. Michael Jones, the chief information officer at the retail company Michael's, testified that the PCI rules were "expensive to implement, confusing to comply with and ultimately subjective both in their interpretation and their enforcement."

He argued that the rules were sloppily written and designed to shield card companies from blame. In some cases, he said, card companies required retailers to store more credit card information than is necessary, increasing the risk of data theft. He also pointed to financial services firms that aren't prepared to deal with encrypted transaction data, forcing retailers to send the transactions unencrypted and exposed to potential data thieves.

In breach situations, on the other hand, the retailer takes the brunt of the punishment for any breach of consumer data loss. "The retailer is demonized, the retailer is threatened with damages and sanctions," Jones complained.

Representatives from the payment card industry countered those attacks on PCI standards, arguing that more stringent rules and new technological requirements could be costly for small merchants. "Encryption is an expensive proposition," argued Robert Russo, director of the PCI's Data Security Standards Council. "If we make this mandatory in the standard, there are a number of merchants that will not be able to afford this immediately."

Both Russo and Joseph Majka, head of fraud control for Visa, testified that no company that has suffered a breach has ever been fully compliant with PCI rules.

But in fact, the industry certified both Hannaford and Heartland and only criticized their security measures after their networks were breached. Rep. Ben Ray Lujan, D-N.M., compared the regulatory group to a fire department that declares a home's safety system inadequate after a fire. "There's no one overseeing this. … In the case of breaches, we often depend on the Department of Justice to inform people," he said. "It seems to me that the system we have today, we can all agree, from different sides, it's not working."


'Hacking' 카테고리의 다른 글

download musics mp3 at shared libary iTunes  (0) 2009.04.08
US iPod repairman guilty of fraud  (0) 2009.04.07
Incident Reponse  (1) 2009.03.30
six questions on copyright for jonathan zittrain  (0) 2009.03.26
Copyright as Politics and Business  (0) 2009.03.26
Posted by CEOinIRVINE
l

I have decided to keep my originality about all postings here. Internet is such a nice place to find information and share knowledge. I completely agree with that. However, sometimes I feel so bad that I don't write anything about my postings when I just copied and pasted somebody's useful information/postings.

At this posting, I would like to cover how to start as web penetration tester and how to be recognized by other professionals in same field.

First of all, I recommend you to visit OWASP web page.
(the free and open application security community)


http://www.owasp.org/index.php/Main_Page


And then, please visit following website for getting security basic information.

http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project

Just download that project and unzip it.
You can find a lot of cheat sheets over there.
Those are very useful information for starter/beginner/wanna be security-professional.


After that, I would be SED/AWK guru who can analyze logs shortly.
That's the best way for you to get recognition from others.
They will respect you after noticing your fantastic analyzing and solving issues skills.


counterhacker@gmail.com

'Hacking' 카테고리의 다른 글

Technical Server Problem in Soldier Front By Mitch1490  (0) 2009.02.10
SF Hacking (Purple Folder)  (1) 2009.02.10
XSS Cheat Sheet  (0) 2009.02.06
CIS benchmarks  (0) 2009.02.06
Below is a list of resources you've selected:  (0) 2009.02.06
Posted by CEOinIRVINE
l

Security Metrics

Hacking 2009. 2. 6. 05:53

Security Metrics Consensus Team Progress

A team of more than 100 government, private, and academic experts are working to reach consensus on a small initial set of security outcome and practice metrics. At present these security metrics are in final draft. They represent outcome and practice areas of security regarded by the consensus group as important, but they are subject to further refinement by the group.

Currently, the consensus group has developed metrics covering the following business functions:

  • Application Security
    • Number of Applications
    • Percentage of Critical Applications
    • Risk Assessment Coverage
    • Security Testing Coverage
  • Configuration Change Management
    • Mean-Time to Complete Changes
    • Percent of Changes with Security Review
    • Percent of Changes with Security Exceptions
  • Financial
    • Information Security Budget as % of IT Budget
    • Information Security Budget Allocation
  • Incident Management
    • Mean-Time to Incident Discovery
    • Number of Incidents
    • Percentage of Incidents Detected by Internal Controls
    • Mean-Time Between Security Incidents
    • Mean-Time to Recovery
  • Patch Management
    • Patch Policy Compliance
    • Patch Management Coverage
    • Mean-Time to Patch
    • Mean-Time to Patch Critical Patches
  • Vulnerability Management
    • Vulnerability Scan Coverage
    • Percent of Systems Without Known Severe Vulnerabilities
    • Number of Known Vulnerability Instances

Metrics Schema

A security metrics schema has been developed that will serve as a structure for the final definition of each metric so that terms, definitions, and computational aspects are unambiguous.

Future Benefits of the Planned CIS Information Security Metrics Service

'Hacking' 카테고리의 다른 글

CIS benchmarks  (0) 2009.02.06
Below is a list of resources you've selected:  (0) 2009.02.06
CIS BenchMark  (0) 2009.02.06
CIS BenchMark  (3) 2009.02.06
Security Checklists  (0) 2009.02.06
Posted by CEOinIRVINE
l

Security Checklists

Hacking 2009. 2. 6. 04:11
Security Checklists
''''


Security Checklists | SRRs | STIGs | STIG Home Page | Whitepapers
 
Documents Date Size


'Hacking' 카테고리의 다른 글

CIS BenchMark  (0) 2009.02.06
CIS BenchMark  (3) 2009.02.06
How to Make Sigs and finding packet id's to get Addresses  (0) 2009.02.04
maxmind.com : anti proxy , block proxy users  (0) 2009.01.30
How to block Proxy Servers  (0) 2009.01.29
Posted by CEOinIRVINE
l

New Mac Security News

Hacking 2008. 12. 30. 11:37
New Mac Security News

We just added the following Data to our Site:

12.17.2008 News
It's been a year since the DNSChanger Trojan Horse was discovered in the wild. In the intervening months, it has grown to become the single most widespread piece of malware on OS X, with multiple variants actively affecting Macintosh computers world-wide. To promote safe web browsing, SecureMac has issued a bulletin on the DNSChanger Trojan Horse detailing common symptoms of infection, ways to check for and remove the Trojan, and a list of safe practices to use when surfing the web.

SecureMac has released an update to the free DNSChanger Trojan Horse Removal Tool (2.0) available for download here.

12.16.2008 News
Safari has tied for last place in the CIS report scoring the password security features in browsers. Details and score chart are displayed. This report will give better insight why it is not good to store passwords. Read more.

12.04.2008 News
SecureMac.com, Inc will be attending MacWorld San Francisco 2009 January 6th - 9th, 2009.

We will be demoing the latest version of MacScan as well as discussing macintosh security. Please stop by out booth this year in the expo hall, booth #202.

To receive a free Hall pass for MacWorld 2009, read more

12.03.2008 News
Intego has discovered a new variant of the DNSChanger Trojan horse which they have labeled as "OSX.RSPlug.E Trojan Horse". The details can be found here.

12.02.2008 News
Apple has officially acknowledged that Mac users should use anti-virus solutions in this technical note. As their market share continues to grow, so do the threats to the users.

Related Articles:
Washington Post: Apple: Mac Users Should Get Antivirus Software
The Tech Herald: Apple Encourages Anti-Virus Protection
CNet: Apple suggests Mac users install antivirus software
Apple Insider: Apple encourages Anti-Virus Software

9.10.2008 News
MacScan 2.6 the anti-spyware security privacy suite for the Macintosh has been released adding FireFox 3 support. This is a free upgrade to existing users and includes the latest definition updates.

8.3.2008 News
Apple's latest security update (2008-005) has addressed many security issues including the highly discussed Apple Remote Desktop Agent security hole. Install the latest security update by running Software Update.

7.14.2008 News
Sophos has released a whitepaper offering 10 steps to better protect your Mac from data theft. Some steps include setting firmware password, seperate keychain passwords, filevaulted home folders, securely empty trash, and setup secure virtual memory. Read the full white paper.

6.20.2008 News
Intego has posted an advisory titled OSX.Trojan.PokerStealer Trojan Horse to their website. The trojan horse is a script wrapped in an executable bundle. Once launched, the script will prompt the user for his password, and turn on SSH for outside attackers to gain access to the system.

6.19.2008 News
Security Alert: SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. AppleScript.THT Trojan Horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root. Read more.

6.18.2008 News
Security Alert: Mac OS X root escalation exploit code in the wild.
Read more.

1.09.2008 News
SecureMac has released a free utility called DNSChanger Removal Tool to remove the DNSChanger Trojan Horse, also known as OSX.RSPlug.A and OSX/Puper, which has been found on numerous pornographic websites disguising itself as a video codec. Once downloaded and installed, DNSChanger changes the DNS settings on the computer, redirecting websites entered by the user to malicious sites. If personal information is entered on these malicious websites, it can lead to identity theft.

If the DNSChanger trojan horse is detected, DNSChanger Removal Tool will give you the option to remove it. If the DNSChanger trojan horse is detected and removed, you will need to restart your computer to clear out the bad DNS entries added by the DNSChanger Trojan Horse. Download DNSTrojan Removal Tool. This detection and removal is also available in MacScan.

11.21.2007 News
Security Alert: Intego has released a security advisory entitled 'Mac OS X Leopard Quarantine Bug Allows Users to Launch Malicious Attachments in Mail' which they consider low but still a threat. They have proof of concept and details surrounding this vulnerability. Read more.

SecureMac has released MacScan 2.5.1 the premier anti-spyware security program for Mac OS X. Click to download MacScan.

10.31.2007 News
SecureMac's Anti-Spyware program for the Macintosh has been released. MacScan 2.5 adds Leopard (Mac OS X 10.5) support as well as the ability to schedule scans. Now you can have MacScan audit your system while you are sleeping or in your idle time. To download your thirty day trial of MacScan or upgrade your existing version please visit the MacScan Homepage.

7.16.2007 News
Adobe Flash exploit could log keystrokes according to three critical security updates released. Adobe Flash Players 9.0.45.0, 8.0.34.0 and 7.0.69.9 as well as earlier version running on ALL platforms are vulnerable and can be exploited by loading a malicious SWF file under these players.

5.30.2007 News
Apple has released their security update (2007-005) this month with another security update specifically for QuickTime following only a few days after. The QuickTime security issue detailed on Apples site describes the execution as "...enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution."

For those who do not have their computers set to check for updates on a regular basis should do so, and those who have it set to less frequently may consider having it check for updates more often.

4.25.2007 News
MacScan 2.4, the anti-spyware program for Mac OS X has been released. MacScan detects, isolates and removes spyware, detects blacklisted cookies and cleans up Internet clutter. The new version includes updated definition files, extended trial period to thirty days, Internet Cleaning Preference Saving as well as bug fixes. Localized in English and Korean with additional languages to follow.

4.21.2007 News
MacBook has been successfully hacked during a hack contest at CanSecWest security conference. The MacBook was fully patched with the latest security patches supplied by Apple. The hack came through a Malicious web page that exploited a flaw in Safari. Read More

3.21.2007 News
ComputerWorld writes a story about MySpace users getting hacked via a QuickTime security issue affecting both Mac and PC users infecting the computer with a Trojan Horse mining personal data and passwords. Apple stated this has already been addressed in the March 5th security update. However many users have still not done the update falling suseptable to the hack. [Read More]

03.15.2007 News
Mac OS X 10.4.9 has been released offering fixes for 30 security flaws. Updating can be accomplished by accessing the Update Control in your System Preferences or by visiting Apple's webiste.

02.20.2007 News
The BBC has a news story titled - Mac users 'still lax on security' and is worth the read.

01.19.2007 News
MacScan (a SecureMac product) 2.3 has been released with key new features. Such as the blacklisted cookie scanner. This feature maintains a list of known tracking cookies, and when run, removes them from web browsers in which they are found. No more loosing saved usernames or passwords when cleaning cookies. The cookie blacklist definitions, like the spyware definitions, come in easy to download updates. Version 2.3 also adds file cleaning support for additional browsers. Download your 15-day free trial of MacScan 2.3.

Month of Apple bugs January 17, 2007 Apple SLP Daemon Service Registration Buffer Overflow Vulnerability
January 16, 2007 Multiple Colloquy IRC Format String Vulnerabilities
January 15, 2007 Multiple Mac OS X Local Privilege Escalation Vulnerabilities
January 14, 2007 AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability
January 13, 2007 Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability
January 12, 2007 Apple DMG UFS ufs_lookup() Denial of Service Vulnerability
January 11, 2007 Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability
January 10, 2007 Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
January 9, 2007 Apple Finder DMG Volume Name Memory Corruption
January 8, 2007 Application Enhancer (APE) Local Privilege Escalation
January 7, 2007 OmniWeb Javascript alert() Format String Vulnerability
January 6, 2007 Multiple Vendor PDF Document Catalog Handling Vulnerability
January 5, 2007 Apple DiskManagement BOM Local Privilege Escalation Vulnerability
January 4, 2007 -
iLife iPhoto Photocast XML title Format String Vulnerability
January 3, 2007 -
Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability
January 2, 2007 -
VLC Media Player udp:// Format String Vulnerability
January 1, 2007 -
Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow.

12.19.2006 News
Apple Security Update 2006-008 has been released today fixing a security issue in Quicktime for Java and Quartz composer. The update is available now via Software Update and the link provided. This fix fixes a issue that could allow malicious websites to access private information without the users consent.

12.05.2006 News
Microsoft has posted an advisory warning users to a 'zero-day' security vulnerability in its popular product Microsoft Word. The Vulnerability in Microsoft Word Could Allow Remote Code Execution. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. [Microsoft Security Bulletin]

11.21.2006 News
Mac OS X Apple UDIF Disk Image Kernel Memory Corruption is an advisory and proof of concept exploit that demonstrates a bug in Mac OS X com.apple.AppleDiskImageController. The controller fails to properly handle currupted DMG images leading to an exploitable memory curruption condition with potential kernel-mode arbitrary code execution by unprivileged users.

11.11.2006 News
Intego VirusBarrier X4 Definition Bypass Exploit covers an issue discovered by Kevin Finisterre that would render the anti-virus software incapable of detecting viruses. This could lead an attacker to an attacker compromising the computer further. Intego has been advised and have provided a fix.

10.25.2006 News
The Openbase application included with Apple Xcode has been proven prone to multiple privilege escalating issues discovered by Kevin Finisterre. It was discovered that a local attacker can exploit the issue to gain superuser privileges. The issue affects Apple Xcode 2.2 and earlier. Read full report.

10.17.2006 News
Virus Infected iPods - Apple announced that a small number of iPods shipped with Windows Virus on them. Those Video iPods available for purchase after September 12th 2006 contained the windows virus RavMonE.exe. Users who connect these infected iPods to their Windows computers (including Bootcamp) should run antivirus software and wipe the iPod restoring the software.

10.04.2006 News
Mac OS X Exploit In The Wild has been reported by CNET. The article states a researcher at Matasano Security has found a hole that could exploit a weekness in Mac OS X to allow limited privileges to gain full access. Update to Mac OS X 10.4.8 to fix the security issue discussed.

9.18.2006 News
Multiple Firefox Vulnerabilities have been reported including man-in-the-middle, spoofing and cross-site scripting attacks and holes potentially compromising the users computer. [Read More]

8.02.2006 News
MacScan 2.2 spyware protection for Mac OS X has been released and is available for download as a free upgrade. This version improves scanning of spyware, definition updates, improved stability and support for 10.2.

Washington Post has an article titled 'Hijacking a Macbook in 60 Seconds or Less' going over a demonstration given at Blackhat Security conference in Las Vegas by Johnny Cache and David Maynor.

8.01.2006 News
Apple Security Update 2006-004 has been released. To update Mac OS X go to the System Update Controls in the System Preferences and check for updates. Update includes fixes for AFP Server, Bluetooth, Bom, DHCP, dyld, fetchmail, gunzip, Image RAW, ImageIO, LaunchServices, OpenSSH, telnet, WebKit, and AppKit.

Kaspersky Lab has written an article titled Malware Evolution: Mac OS X Vulnerabilities 2005-2006.

5.24.2006 News
Xcode 2.3 has been released due to a xcode security advisory (apple APPLE-SA-2006-05-23). The impact of the security issue would allow remote attackers to obtain or modify WebObjects projecs while Xcode is running. Security Focus Advisory.

4.19.2006 News
Symantec's LiveUpdate for Macintosh does not set execution path environments allowing non-privledged users to change the path opening up potential to trojan horse attacks. Symantec has released a LiveUpdate Vulnerability Report with patch and information for the issue.

4.18.2006 News
SecureMac is pleased to announce the release ofMacScan 2.1, a major update to its anti-spyware program. MacScan 2.1 has been totally revamped and is now a Universal Application, which will run natively on both Intel and PowerPC-based Macintosh Computers.

2.27.2006 News
Recent security articles of interest are as follows.
Spreading Security Awareness for OS X. And Cyberthieves silently copy keystrokes. With the recent worms for OS X security issues for the OS will be focused on in the news. Submit all news and information to macsec@securemac.com

2.16.2006 News
Mac OS X Virus Alert - Sophos Anti Virus has found the first 'real virus' for Mac OS X known as OSX/Leap-A or OSX/Oompa-A. The OSX/Leap worm or trojan is spread via instant messenger forwarding itself as a file named 'latestpics.tgz'. When launched the worm attempts to spread via iChat sending itself to the users buddy list. The application will also try to infect the recently used applications.

1.30.2006 News
Apple QuickTime/iTunes QuickTime.QTS Heap Overflow was addressed by Apple, this issue could allow for malicious code to be executed when processing a malformed .MOV (movie) file. Apple has released updated QuickTime and iTunes. Advisory with example code.

12.19.2005 News
MacScan 2.0 for Mac OS X has been released. MacScan will find, isolate, and remove spyware, keystroke loggers, and trojan horses as well as detect whether remote administration applications have been installed on a computer. By scanning files received as e-mail attachments or downloaded from the web, MacScan can proactively protect computers from inadvertently accepting new spyware. MacScan's spyware definitions are constantly being updated, letting users keep pace with the hackers.

11.30.2005 News
Apple has released Security Update 2005-009 that covers issues dealing with CoreFoundation where a maliciously-craftered URL may result in execution of arbitrary code. Also included in update: curl, iodbcadmintool, apache 2, apache_mod_ssl, openssl, passwordserver, safari, sudo, and syslog.

11.8.2005 News
Macromedia posted a Flash Player 7 security advisory. The advisory discusses that a vulnerability has been identified that could allow the execution of arbitrary code. Macromedia Flash Player 8 has been released but not for Macintosh operating systems, for security updates Macintosh users should refer to the update technote.

MacScan 2.0b3 has been released for beta testing, this product detects, isolates and removes spyware and cleans up Internet history and cookies. The beta has been tested on 10.2.4, this is a time expiring beta.

9.22.2005 News
Apple Security Update is available for Mac OS X 10.4.2 Client/Server and Mac OS X 10.3.9 Client/Server. To download go to your System Preference's software update control panel and check for new updates.

6.29.2005 News
Proxify Dashboard Widget allows you to safe securely through the Proxify network allowing for stripping of advertisements and protection of the user while surfing. Some other features include surfing in text only, remove cookies, remove scripts, hide referal information and other encoding options.

6.8.2005 News
New security update is available for Mac OS X downloadable from the Software Update system preference panel.

6.2.2005 News
QuickTime 7.0 contains a security bug where a maliciously crafted Quartz Composer object can leak data to an arbitrary web location. Apple has released QuickTime 7.0.1 which addresses this issue, users sould upgrade.

With the release of Mac OS X 10.4, the version of FileVault included addresses an issue discussed in this FileVault advisory. Mac OS X 10.4 allows the user to securely delete the data, however the issue still remains 10.3.9.

5.26.2005 News
Clam Anti-Virus (ClamAV Mac OS X) is affected by a command execution vulnerability as described within the advisory. Details within the advisory claim that when a suspected infected file is handled by the program and is not able to be removed ClamAV may attempt to copy it to another location utilizing the 'ditto' utility in Mac OS X. The ditto utility is called in an insecure manner allowing the attacker to include arbitrary commands in the file name that will would be executed in within ClamAV. The most recent version of ClamXAV is 0.85.1 and is not vulnerable, be certain you are running the latest version of this product.

5.25.2005 News
Apple's Keynote, a slideshow/presentation application has been updated due to a security issue discovered. Keynote 2.0.2 fixes an issue discovered by David Remahl that could allow malicious Keynote presentations to take advantage of the uncoducmented URI handler keynote://, automatic disk image mounting, and WebKit's abilities to manipulate the system when Keynote 2 (prior to 2.0.2) is installed. Users of Keynote 2 should download the latest version of Keynote available within Software Update. CVE-ID: CAN-2005-1408

4.15.2005 News
Apple has just released a system update, a few days prior to the release of Tiger (10.4) that fixes many issues and also states better overall performance out of the operating system. In this update Safari has a few bug fixes included not automatically opening 'safe downloads' after opening and also addition of important Verisign root certificates that allow for secure SSL connections over the web. Updates to the system are available for Mac OS X Client and also Mac OS X server. Full 10.3.9 package changes and download.

2.12.2005 News
Macintosh computers for the longest time have allowed for users while in front of the console to boot from another device by connecting it and holding down key(s) during startup bypassing all security. There are a few ways to gain access to Mac OS X from physical access status. Users are reporting that you can boot from a Firewire Drive and gain access to the computer, this is indeed true and has been. The solution for this is to enable open firmware password protection which allows for extra added security to exist and also keeping the computer locked in a secure location.

5.21.2004 News
Advisory Update Apple has released a security update to address the URI issue with the web browser. The Apple security update can be obtained through Mac OS X Software Update panel.

Mac OS X URI handler allows for arbitrary code execution. In this advisory it details the seriousness of this apple security issue and how the URI Helpers can be abused to run arbitrary maliciously. It has been reported while using IE and Safari while surfing malicious websites code may execute the browsers helper handler to run arbitrary code.

4.9.2004 News
A Mac OS X proof of concept trojan has been found showing the potential of trojans in Mac OS X. The proof of concept did not harm anything it was dubbed MP3Concept or MP3Virus.gen and added into the anti-virus definitions for future protection of this style. This trojan contains the file extension of .mp3 although it is not, the icon itself is hardcoded into the trojan and not picked up based on file creator associations. The file itself is a Carbon (CFM) application with the file type of APPL. iTunes should not be able to execute a trojan or virus, and this file would only be able to run if double clicked on to execute it. It does have potential for manipulation to cause harm but at its current state did not, it was a benign trojan proof of concept code.

Many news media sources are reporting this finding to be destructive as if it were a trojan or virus to cause harm. Again it was proof of concept showing the ability allowing the anti-virus companies to have a heads up and protect against future manipulations of the code.

12.19.2003 News
Apple released Security Update 2003-12-19 described to offer numerious security updates such as fixes for directory services, fetchmail, fs_usage,rsync, system root via usb keyboard, file server, and a few buffer overflow issues.

12.17.2003 News
Apple released 10.3.2 accessable via the software update pane in Mac OS X. The update includes enhancements for FileVault and increased security for the system.

11.26.2003 News
Security Advisory William Carrel's Security Advisory is SERIOUS. Mac OS X is vulnerable to Malicious DHCP responses granting root access to remote users. Full security advisory can be found here: http://www.carrel.org/dhcp-vuln.html

11.10.2003 News
Security Advisory FileVault in Mac OS X 10.3 (Panther) does not securely delete the files it encrypts that can be restored with file recovery software. FileVault Security Advisory - Secure Delete after Encryption.

10.31.2003 News
Security Advisory: Mac OS X 10.2.7 and prior along with a USB Keyboard contain a security vulnerability that allows a user to gain root access to the computer by holding down a two key combination during startup that only. Read about root access via USB Keyboard on Mac OS X.

10.28.2003 News
Panther Security Advisory: Mac OS X Panther (10.3) contains a security vulnerability; With access to the keyboard, an unauthorized user can access the currently active screen-locked user environment. Security Advisory - Read full

10.24.2003 News
Mac OS X 10.3 (A.k.a. Panther) has been released. This new version contains many new security features, fixes and all around new applications for the Mac OS X users. Amoungst the new features is the file security utility FileVault, review to come shortly.

9.17.2003 News
New SSH Exploit (detailed here) affects Mac OS X granting the attacker access to the computer as root. This security issue is vulnerable in OpenSSH version prior to 3.7, and Mac OS X is currently only at OpenSSH 3.4. To protect yourself from being vulnerable to this security risk disable SSH access to your computer by accessing your Sharing Control Pane and make sure that Remote Login is disable. Or setup your firewall to restrict access to the SSH port to only allow trusted connections. We will update this issue when Apple releases a security update.

7.07.2003 News
A security vulnerability in Mac OS X's password protected screensaver has been discovered allowing a user with physical access to bypass the screensaver's authentication scheme without supplying a valid password.

6.18.2003 News
IPNetSentryX released by Sustainable Softworks. IPNetSentryX offers basic protection without erecting barriers for the safe use of your Internet connection, this is the Mac OS X version of IPNetSentry. Download and product information available.

5.13.2003 News
Keep your Apple AirPort Administrator Password Safe. An advisory has been released detailing an issue how an anonymous attacker can sniff and obtain the Administrator's password when the administrator logs into the AirPort Base Station to manage while connecting to it via a network or non-WEP enabled wireless connection based on the units method of password authentication. Secure connectivity can be obtained by connecting a computer directly to the computer via a cross-over cable. Full details about the authentication credentials involved with the AirPort can be read in the @Stake advisory - CAN-2003-0270

5.07.2003 News
Mac OS X 10.2.6 is available - Update.

4.10.2003 News
Security Update!Mac OS X 10.2.5 has been made available for update! This version fixes a security issue in Apache 2.0 (CAN-2003-0132), File Sharing/Service (CAN-2003-0198), DirectoryService (@STAKE), OpenSSL (CAN-2003-0131), Samba (CAN-2003-0201), and sendmail (CAN-2003-0161). Details as follows:

Directory Services - Mac OS X and Mac OS X Server contains a security hole in DirectoryServices which allows for escalation of privledges and denial of service attack which is fixed with the 10.2.5 update. DirectoryServices is part of the operating systems information services subsystem, and is launched at being setuid as root by default. Credit for this find goes to Dave G. as noted by Apple's security advisory.

OpenSSL - The new version fixes OpenSSL so it is not suspectable to the known Klima-Pokorny-Rosa attack.

sendmail - contained a issue where it did not adequately check the length of email addresses in the address parsing code.

Apache 2.0 - Fixed a known denial of service vulnerability in Apache 2.0 - 2.0.44, the apache 2.0 service is only present in the Mac OS X server.

4.1.2003 News
PGP Corporation has released PGP 8.0.2 for Mac OS X. This is a free update to all the users of PGP 8.0. PGP Enterprise 8.0.2 for Mac OS X introduces PGP Admin for Mac OS X. 8.0.2 also adds OpenPGP security improvements and a new user interface for signature verification.

3.24.2003 News
Apple has released Security Update 2002-03-24 which is downloadable via Software Update in Mac OS X. This update addresses a few security issues which are vulnerable including Samba's vulnerability of allowing the possibility for an unauthorized remote user to access the system. OpenSSL security fixes are also included in this update, a issue lays within OpenSSL where the RSA private key could be compromised when communicating over certain protocols.

3.04.2003 News
A security vulnerability in SENDMAIL included in Mac OS X has been fixed and addressed in Apple's Software Update. Please update your Mac OS X immediately. ISS warning discusses the issue.

3.03.2003 News
MacScan Public Beta 3 has been released. MacScan runs on both Mac OS Classic and Mac OS X to detect, isolate, and remove spyware. This new version includes bug fixes, new spyware detection and also full administrative scan for Mac OS X and Mac OS X Spyware.

2.14.2003 News
Apple has released Mac OS X 10.2.4 which addresses a security issue discovered by @Stake known as the TruBlueEnvironment Privilege Escalation Attack. Clicking the link will take you to a page with information on the subject and the advisory. The security issue exists in Mac OS X system prior to 10.2.4 and allows for local users to gain root privledges.

1.31.2003 News
Mac OS X Screen Effects' password protection contains a security flaw which allows for a user with physical access to the keyboard to be able to quit or launch programs while being prompted to enter the password. When full Keyboard access is turned on (toggled on/off by pressing shift+f1) the doc can be accessed 'blindly' although you can not see it, the doc is still functioning.

1.25.2003 News
LittleSecrets allows Macintosh (X) users to store their 'little secrets' in a encrypted format using 448 bit cipher block chaining blowfish algorithm. The application may also optionally interface with your Keychain. Read the Review, See Screenshots and Download Now.

12.20.2002 News
Apple has released Mac OS X 10.2.3 which adds security fixes to the operating system as well as more support and bug fixes. Below outlines the security updates details.

fetchmail updated to version 6.1.2+IMAP-GSS+SSL+INET6
CAN-2002-1383: Multiple Integer Overflows
CAN-2002-1366: /etc/cups/certs/ Race Condition
CAN-2002-1367: Adding Printers with UDP Packets
CAN-2002-1368: Negative Length Memcpy() Calls
CAN-2002-1384: Integer Overflows in pdftops Filter and Xpdf
CAN-2002-1369: Unsafe Strncat Function Call in jobs.c
CAN-2002-1370: Root Certificate Design Flaw
CAN-2002-1371: Zero Width Images in filters/image-gif.c
CAN-2002-1372: File Descriptor Resource Leaks

Apple Software Updates are performed by accessing the Software Update pane located in the system preferences.

12.17.2002 News
Updated MacScan detects, isolates and removes spyware from your Macintosh. SecureMac.com's MacScan is available for immediate download for Mac OS Classic (PPC/68k FAT) and MAC OS X. Visit the link above to learn more about and download MacScan b2. [PRESS RELEASE]


. 12.03.2002 News
PGP 8.0 Desktop and Enterprise is now available. The new version of PGP 8.0 contains full support for Apple's Mac OS X 10.2. In this version a new user interface has been integrated, plug-in for Apple Mail supporting PGP/MIME, and Entourage integration. You will also notice dock and service integration added.

The PGP Disk format is compatible between Mac OS X and Windows. The PGP 8.0 Freeware is also available at PGPs site. Download, Purchase and get more Information on PGP 8.0 for the Macintosh.

12.02.2002 News
SecureMac.com is looking for experts to write reviews for security programs they know inside and out that we don't have reviewed on our site already. Please contact macsec@securemac.com ASAP.

11.21.2002 News
Mac OS X 10.2.2 is available for download, go to the Software Update Panel and proceed to update. The fix includes a few security related issues as well as many bugs in the system.

The security update addresses, 11-21-2002 fixes a security issue related to BIND (Domain Server and Client Library Software) where a unauthorized person disrupt the normal operation.

11.13.2002 News
FWB Privacy Toolkit Volume 1 was released today giving Mac OS 9 and Mac OS X users the ability to encrypt files on their hard disk, folders, and also securely delete files by overwriting the data making it so the data is less likely to be recovered. Visit their site today and see the demonstration, screenshots and technical details or download the Free Trial version.

SecureMac.com News
I'd like to welcome everyone back to SecureMac.com, we've added a new face to the site and are cleaning up many of the articles. Major updates will be seen throughout the site because of you - the readers - feedback and suggestions. Please let us know how you enjoy the new layout and if you find any bugs or issues viewing it on your web browsers.

SecureMac.com has many new features and great news to roll out including a Macintosh security software title for Mac OS 9(+earlier) and Mac OS X alike can enjoy.

10.11.2002 News
PGP 8.0 Beta for Mac OS X has been released. This is something Mac OS X users have been waiting for. PGP is encryption software which is supported for cross-platform use. Note that this is a beta of the software and to be cautious.

9.23.2002 News
Mac OS X 10.2 Security Update - "Terminal This update fixes a security hole introduced in Terminal version 1.3 (v81) that shipped with Mac OS X 10.2 (Jaguar) which could allow an attacker to remotely execute arbitrary commands on the user's system. Terminal is updated to version 1.3.1 (v82) with this Security Update." Updates can be downloaded from the Software Update Pane, Apple's Security update page can be found here

8.19.2002 News
PGP Corporation announces Mac OS X PGP to be released Q4 of 2002. They purchased the software from Network Associates. Good things ahead for the company and PGP product..

8.16.2002 News
The Secure Trusted Operating System Consortium ( STOS ) is pleased to announce the 1st annual Mac OS X & BSD Security Symposium. The symposium is designed for system and lab administrators, programmers, developers, strategists, and other technical staff involved in the deployment and securing of systems. Past STOS events have been the central networking events for the Mac OS X/Darwin security community. The Mac OS X & BSD Security Symposium follows the previous STOS events by providing an environment that promotes the sharing of ideas and techniques with a shared goal of maximizing the security of the involved systems. The addition of Robert Watson's TrustedBSD tutorial and several new papers on various aspects of BSD based operating, brings even more value to this event. Click the link for information, content, and registration information. There is no other event with the same depth of Mac OS X and BSD security subject matter as the Mac OS X and BSD Security Symposium.

8.8.2002 News
Security Update 2002-08-02 is out and includes the following updated programs offering increased security protecting from recent attacks and holes discovered that effected the components; OpenSSH, OpenSSL, SunRPC, mod_ssl. Download via Apple's OS X Software Update Panel or download from Apple's Web Site

7.16.2002 News
Fixed! A security issue dubbed as Mac OS X SoftwareUpdate Security Issue describes how a user could have the SoftwareUpdate Pane install files from an untrusted server by poisoning the DNS in tricking the computer to believe that another IP is Apple's host and install malicious software has been fixed by apple, performing a software update will resolve the issues or visit the depot site.

6.28.2002 News
Mac OS X users should now perform a system update to install the latest security fixes resolving the issues described below which allowed remote users to attack the system.

6.26.2002 News
Security Alert //fixed! Mac OS X systems with 'allow remote login' enabled in the sharing pane of the system preferences should be disabled until a new release of OpenSSH has been made available from Apple in the security updates.View advisory now a new version of the software is out but not available through the Apple Software Updates. This has been fixed - Update Software in Pane

6.19.2002 News
Security Advisory Cisco VPN Client for Linux, Solaris and Mac OS X contains a security vulnerability, when the exploit is executed the vpnclient grants administrative rights to the local user. More information and fix, update and advisory for the mac os x cisco client.

6.13.2002 News
Version 1.2 of SubRosa Utilities has been released and can be downloaded directly here This is the cross compatible encryption/decryption utility workable on Mac OS, Mac OS X and Windows OS. When you delete files use their secure deletion utility

5.30.2002 News
SubRosa Utilities is the newest cross platform security encryption package for Mac OS, Mac OS X and Windows 98. SubRosa Utilities is a suite of security programs to ensuring your data stays secure. The package comes with a file encryption and decryption application, and a File Shredding program to ensure when you say your files are deleted they are securely deleted making it hard to impossible for recovery. Check out SubRosa Utilities today, and download right away.

5.13.2002 News
Microsoft Office 98 running on Mac OS 8.1+ is vulnerable to a exploit that allows malicious code to be run. Microsoft has released a patch that fixes all the Office 98 applications (Excel 98, Office 98, PowerPoint 98, and Word 98) more information can be found on their bulletin Off98URLSecurity.

5.6.2002 News
Apple has announced today that they will be dropping Mac OS 9 development saying it isnt dead for the customers just for development. Steve Jobs said it was time to drop Mac OS 9 at the WWDC today. What does this mean for developers, Mac OS 9 is still more of a secure OS than Mac OS X is. The session advised developers to develop for Mac OS X rather than OS 9. Government agencies still wont use Mac OS X in their environment because of the issues still within it. Mac OS 9 - We hope developers still do their development on it to create a even more secure environment and Apple works on updating and making Mac OS X secure as its previous systems. WWDC up to the minute coverage

4.18.2002 News
On Guard 3.4 offers security improvements to the desktop security software. Apple's Navigation Services and restricting the users ability to store files in protected folders have been added in this version. For update information, download links and a review of On Guard Read more

4.17.2002 News
Mac OS X Update 10.1.4 is now available and includes the following security enhancement for your system:
* BSD-based TCP/IP connections now check and block broadcast or multicast IP destination addresses

The Software Update pane in System Preferences will update the system software with these security fixes and additional updates

4.16.2002 News
Alert! Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute code. Anyone running Internet Explorer and Office for the Macintosh should read the information here.

Intego has released an update to their content filtering software - ContentBarrier which can be downloaded from the Intego Software Update page.

4.11.2002 News
Firewalk X 2 is a GUI based firewall for Mac OS X. The new version includes setting of rules with expiration, and network restriction based on application. Download Firewalk X 2

LockOut 4.1 for OS 8, 9 and LockOut 3.3 for OS X is a desktop protection application by password. New in 4+ version is the Administration controls - Take a peak @ LockOut

4.05.2002 News
Mac OS X Security update is available for download. To do so open up the Software update in the System Panel and perform the security update or download for Apples web site. This update fixes/upgrades/installs the following:

Apache Mod_SSL - updated to version 2.8.7-1.3.23 to address a buffer overflow vulnerability which could potentially be used to run arbitrary code in conjuction Apache is updated to version 1.3.23.

groff updated version 1.17.2 to address the vulnerability CVE ID: CAN-2002-0003, where an attacker could gain rights as the 'lp' user remotely.

mail_cmds is updated to fix a vulnerability where users could be added to the mail group

OpenSSH - updated to version 3.1p1 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:13, where an attacker could influence the contents of the memory.

PHP - updated to version 4.1.2 to address the vulnerability reported in CERT CA-2002-05, which could allow an intruder to execute arbitrary code with the privileges of the web server.

rsync - updated to version 2.5.2 addresses a vulnerability which could lead to corruption of the stack and possibly to execution of arbitrary code as the root user. FreeBSD Security Advisory FreeBSD-SA-02:10

sudo - updated to version 1.6.5p2 to address the vulnerability reported in FreeBSD Security Advisory FreeBSD-SA-02:06, where a local user may obtain superuser privileges.

4.01.2002 News
Protect Your Mac from Hackers and Viruses is a article which informs Macintosh users about security and details the importances of data recovery and loss prevention. Read this article now

3.08.2002 News
Mac OS X users running Apache with PHP installed be aware there is a security issue in PHP versions prior to 4.1.2. OpenOSX.com has prepared a 4.1.2 install of PHP for Mac OS X which corrects the security issue..

2.22.2002 News
TypeRecorder released version 1.5 of their keystroke saving application which runs under Mac OS 9+ adding new features to the program.

2.20.2002 News
Mac OS X 10.1.3 has been released you can update with the built in "Software Update" feature. Networking and Security Improvements include:

Login authentication support for LDAP and Active Directory services
OpenSSH version 3.0.2p1
WebDAV support for Digest authentication
Mail includes support for SSL encryption
2.18.2002 News
MacAnalysis 2.0b9 for classic and 2.1.4 for OS X has been released. This update for the security auditing tools adds new functionality supporting the airport, adding new exploits to the security sweep, auto updating and content filtering. MacAnalysis is available for Mac OS and Mac OS X

2.13.2002 News
Ettercap 0.6.4 just released and tested with Darwin. Ettercap will sniff, intercept, and log data on LAN networks, used by system administrators to find problematic situations.

2.07.2002 News
IPNetSentry 1.3.3 for the PPC has been released fixing a few bugs in this Firewall software, not protected yet from the outside world? Give IPNetSentry a try - It's shareware, free download get more info

2.04.2002 News
February 2002 virus definitions have been released. Update your anti-virus software to protect you from the latest viruses, trojans and macros. Find the links to download the newest definitions from the left hand side of the web page.

MacAnalysis 2.1.3 X the security auditing suite for Mac OS X has been released, this version fixing a bug many users were running into and adds more improvements. Download MacAnalysis X or the classic version here

'Hacking' 카테고리의 다른 글

OllydbgKR.zip  (0) 2009.01.06
Gunz Hacking: LOLTASTIC.RAR 12/30/08  (0) 2009.01.01
Reverse Engineering and Function Calling by Address  (0) 2008.12.27
Win32 Assembler Coding for Crackers by Goppit  (0) 2008.12.25
Ollydbg Tutorial Beginners  (0) 2008.12.25
Posted by CEOinIRVINE
l
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisory: SA33179
Release Date: 2008-12-16
Popularity: 468 views

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Apple Macintosh OS X

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference: CVE-2008-1391
CVE-2008-3623
CVE-2008-4217
CVE-2008-4218
CVE-2008-4219
CVE-2008-4220
CVE-2008-4221
CVE-2008-4222
CVE-2008-4223
CVE-2008-4224
CVE-2008-4234
CVE-2008-4236
CVE-2008-4237
CVE-2008-4818
CVE-2008-4819
CVE-2008-4820
CVE-2008-4821
CVE-2008-4822
CVE-2008-4823
CVE-2008-4824


Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file.

2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive.

3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image.

Successful exploitation may allow the execution of arbitrary code.

4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information.

For more information:
SA32270

5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges.

Note: This does not affect PowerPC systems.

6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown.

7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function.

8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function.

9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended.

10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system.

Successful exploitation requires that Internet Sharing is enabled.

11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions.

12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file.

Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types.

Solution:
Update to Mac OS X 10.5.6 or apply Apple Security Update 2008-008.
http://www.apple.com/support/downloads/

Provided and/or discovered by:
1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd
2, 3, 8) Reported by the vendor.
5) The vendor credits Richard Vaneeden, IOActive, Inc
6) The vendor credits Ben Loer, Princeton University
9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc
10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing
12) The vendor credits Mauro Notarianni of PCAX Solutions

Original Advisory:
http://support.apple.com/kb/HT3338

Other References:
SA32270:
http://secunia.com/advisories/32270/


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

'Hacking' 카테고리의 다른 글

PE Format Analysys  (0) 2008.12.18
Buffer Overflow  (0) 2008.12.18
Getting Started Reverse Engineering  (0) 2008.12.16
Problems with Penetration Testing  (0) 2008.12.08
Security Job  (0) 2008.12.04
Posted by CEOinIRVINE
l