Mac|Life Security RSS Feed

Cisco Lands On iPhone With Security App

J.R. Bookwalter — Fri, 20 Nov 2009 15:00:49 -0600

If you take your Internet security seriously, now there’s an app for that.

Launching today in Apple’s App Store, Cisco’s SIO To Go is a free iPhone app that allows users to get customized alerts on new and breaking security threats as well as additional information for safe web browsing.

SIO To Go pulls its information from Cisco’s SIO (Security Intelligence Operations) system, which collects real-time data from 700,000 sensors located at Internet service providers, customer sites and other points around the world. This collective data lets Cisco engineers track Internet and spam attacks effectively.

The iPhone app allows users to check if a certain website may be compromised, including applicable links within those sites, such as videos or podcasts. SIO To Go is also effective at spotting new malware signatures, complete with bulletins on how to handle such threats.

But Cisco is quick to point out, SIO To Go isn’t for everyone. Security marketing director Michael Weir explains that the app was written for professionals and security hobbyists, not the average Joe. “I can make it applicable to my needs and the security needs of my [enterprise] network,” Weir concludes.

Updated: MacScan 2.7

SecureMac — Mon, 26 Oct 2009 11:50:38 -0500

MacScan is designed to detect, isolate, and remove spyware, keystroke loggers, trojan horses, and make you aware of remote administration applications which could have been maliciously or inadvertently installed on your Mac. MacScan is available for Mac OS X containing the latest definitions for spyware. With Internet privacy in mind, MacScan has added a blacklisted cookie scanner. This feature maintains a list of known tracking cookies, and when run, removes them from Web browsers in which they are found. No more losing saved usernames and passwords to websites when you want to clean your cookies.

REQUIREMENTS: Mac OS 10.2.4 or later

To download a demo copy of MacScan 2.7 (5.2MB), click here.

Apple Files Theft Detection Patent

Arvind Srinivasan — Fri, 11 Sep 2009 00:36:31 -0500

Apple has just filed a patent for a system that would use the accelerometer to "determine whether a theft condition is present."

How would it do this? Algorithms, of course. The interesting part is that the patent details a system that can be tweaked by the user to recognize certain acceleration patterns. So, instead of determining that sudden acceleration means theft and it sounds an alarm when you run to class with your own laptop, you could activate it when leaving it on your desk, and make it beep angrily if someone moves it.

If this worked, it would be insanely cool. We just wish that instead of sounding an alarm, the dramatic chipmunk would pop up on the screen and say "I’m watching you." Nothing frightens thieves like a good rodent stare.

Read the full patent here.

Apple Releases Security Update 2009-005

Arvind Srinivasan — Thu, 10 Sep 2009 23:27:41 -0500

If you really didn’t feel like shelling out 30 bucks for Snow Leopard, you may want to open Software Update, because Apple has just released Security Update 2009-005 for Tiger and Leopard. The fun thing about reading the notes for security updates is that you suddenly realize how many different ways hackers could nuke your computer, pre-update of course. In this specific one, they talk about CUPS printer driver, PHP, mySQL, CoreGraphics, and even ClamAV antivirus exploits.

The update is live, so download away.

Another iPhone Security Risk, This Time with Mail

Christine Chan — Wed, 19 Aug 2009 00:14:07 -0500

Despite fixing the SMS security risk with the latest 3.0.1 firmware, it seems that there is yet another security risk with the iPhone, this time involving your precious email.

It seems that if you search for a deleted message's subject line in Spotlight, it will show up, though it will take several attempts to actually view the content of the message. This may leave the content of the email messages vulnerable to hackers and thieves, or just those significant others that may check for incriminating emails.

But word is that the upcoming 3.1 firmware will patch this up. In the meantime, you can try rebooting the phone, loading messages several times or just simply waiting.

Via MacNN

Apple Releases Security Update 2009-004

Arvind Srinivasan — Thu, 13 Aug 2009 02:40:54 -0500

Fire up Software Update, because Apple has pushed through Security Update 2009-004. What does this update do, you might ask? Well, in the wonderfully concise words of Apple Support:

"A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised."

To paraphrase, bad people will mess with your internets if you don’t install this update.

Happy Downloading!

iPhone 3.0.1 is Ready to Rock - Fixes SMS Flaw

Roberto Baldwin — Fri, 31 Jul 2009 13:10:02 -0500

We're downloading now.

The 297.9MB update fixes the SMS vulnerability demoed yesterday at the Black Hat Conference. Turns out we won't have to wait until Saturday as reported by the BBC.

Plug your iPhone into iTunes and get ready for some sweet, sweet security updating.

Yippee!

iPhone SMS Flaw to be Fixed on Saturday According to O2

Roberto Baldwin — Fri, 31 Jul 2009 12:02:15 -0500

After yesterday's SMS fuzzing demonstration by cyber-security experts Charlie Miller and Collin Mulliner, we felt a little vulnerable knowing that all it took was one jerk hacker in the audience of the Black Hat conference to build an app and our precious iPhones could turn into zombie phones.

We're going with the term zPhones. Copyright implied 2009.

Well good news from the BBC for all of nervous iPhone-owning Nellys. An O2 spokesperson told the news organization that a patch would be available on Saturday to fix the SMS issue. Keep an eye on iTunes tomorrow for the expected fix. Whew, we feel better already.

Of course, Apple had no comment on the issue.