Apple

Steve Jobs (1955-2011)

by certifiedbug on October 5, 2011

in News

R.I.P

http://www.apple.com/stevejobs/

http://www.msnbc.msn.com/id/44794300/ns/business-us_business/t/visionary-apple-co-founder-steve-jobs-dies/

http://www.washingtonpost.com/local/obituaries/steve-jobs-apple-computer-co-founder-dies/2010/09/21/gIQAc14aOL_story.html

{ 0 comments }

DigiNotar SSL Certificate Hack

by certifiedbug on September 1, 2011

in Internet Security

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
Published: August 29, 2011 | Updated: August 29, 2011

Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers.

Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.

All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003.

Microsoft is continuing to investigate this issue and may release future updates to help protect customers.

http://www.microsoft.com/technet/security/advisory/2607712.mspx

Edit
V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue.

Computerworld

Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today.

The count is considerably higher than DigiNotar has acknowledged. Earlier this week, a company spokesman said that “several dozen” certificates had been acquired by the attackers.

http://www.computerworld.com/s/article/9219663/Hackers_may_have_stolen_over_200_SSL_certificates

Mac OS X can’t properly revoke dodgy digital certificates
http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates

Firefox and Thunderbird 6.0.1 released after the Mozilla team removed DigiNotar from their root program to protect users.


{ 0 comments }

Backdoor Olyx

by certifiedbug on August 3, 2011

in Internet Security

Microsoft Malware Protection Center

The recent emergence of rogue security software applications for Mac demonstrates how cybercriminals effectively use social engineering techniques to manipulate users’ responses – specifically, exploiting user’s fear of revealing sensitive information such as credit card details. This scare tactic evidently works regardless of the platform. While financial gain is primarily the motivation that drives elaborate schemes of Internet fraud, a threat that appears limited and specific to its target raises interesting questions about whether this threat is on a mission.

http://blogs.technet.com/b/mmpc/archive/2011/07/25/backdoor-olyx-is-it-malware-on-a-mission-for-mac.aspx

{ 0 comments }

iTunes hack

by certifiedbug on June 9, 2011

in Internet Security

Betanews

iTunes hack goes global, new affected games identified

With Apple all but silent on the issue, it has been difficult to determine what may be the source of the problem. However, with the quantity of reports received now numbering over three dozen, a pattern has emerged: every game targeted is a free download, and the fraudulent charges are all due to in-app purchases.

For this reason, Betanews now has reason to believe that this particular hack affecting iTunes is likely sourced to an exploit existing in Apple’s in-app purchasing mechanism. It is the only similiarity between every report received.

http://www.betanews.com/article/iTunes-hack-goes-global-new-affected-games-identified/1307564070?

iTunes hack widespread, and Apple appears to know about it

From the reports a pattern is emerging. Nearly every victim had a gift card balance on their account, and some have reported that their credit card and/or payment information had been removed from their account. This indicates that Apple likely is aware of the attacks, and is actively trying to protect its users.

http://www.betanews.com/article/iTunes-hack-widespread-and-Apple-appears-to-know-about-it/1307390216

{ 0 comments }

Mac Malware

May 20, 2011

An AppleCare support rep talks: Mac malware is “getting worse” By Ed Bott | May 18, 2011 Over the weekend, I got an e-mail from an AppleCare support rep, who was responding to my recent reports of Mac malware being found in the wild. At least one prominent voice in the Mac community dismisses these [...]

Read the full article →

Apple Mac malware

November 24, 2010

Graham Cluley at Sophos. There’s been a lot of discussion in the media recently about the threat that malware poses on the Mac OS X platform. It’s clearly an emotive subject, with strongly held views on both sides. To help some of the discussions, here’s a brief overview of some of the malware we have [...]

Read the full article →

Apple OS X Spyware

June 3, 2010

Intego Security Alert Malware: OSX/OpinionSpy Risk: High Description: Intego has discovered a spyware application that is installed by a number of freely distributed Mac applications and screen savers found on a variety of websites. This spyware, OSX/OpinionSpy, performs a number of malicious actions, from scanning files to recording user activity, as well as sending information [...]

Read the full article →

Apple patches 58 bugs

November 11, 2009

Apple patched 58 vulnerabilities in its Mac operating systems Monday. http://support.apple.com/kb/HT3937 More than half of the vulnerabilities patched today, 32 out of the 58, were accompanied by the phrase “may lead to arbitrary code execution,” which is Apple’s way of saying that a flaw was critical and could be used by attackers to hijack a [...]

Read the full article →

Apple Security updates available

September 11, 2009

Apple has issued security updates for the Mac OS X operating system. http://support.apple.com/kb/HT3865 http://support.apple.com/kb/HT3864 http://support.apple.com/downloads/ About the security content of QuickTime 7.6.4 http://support.apple.com/kb/HT3859 About the security content of iPhone OS 3.1 and iPhone OS 3.1.1 for iPod touch http://support.apple.com/kb/HT3860 September 2nd, 2009 by Graham Cluley, Sophos. Apple ships a known vulnerable version of Flash with [...]

Read the full article →

The Register: Apple looking into anti-malware protection

August 26, 2009

Apple commercials portray the Mac as an operating system free of malware threats, interesting to see this report at the Register. “Apple sneaks malware protection into Snow Leopard Coverage goes only so far” http://certifiedbug.com/blog/tag/apple/

Read the full article →

← Previous Entries