Only days after Apple released Mac OS X 10.4.10, it has also released Security Update 2007-006. This update affects users of Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9 and Mac OS X Server v10.4.9. Both vulnerabilities involve surfing the Internet. One could allow a cross site scripting attack, the other could cause a denial of service (crash). The update is available from within Mac OS X via the Software Update pane in System Preferences, or from Apple's Software Download only for systems that … Read more
Trend Micro today released Trend Micro OS Protection beta for its Trend Micro Internet Security 2007 customers. OS protection includes Trend Micro Firewall Booster and Trend Micro Pre-Startup Scan. Rather than rail against various kernel changes within Windows Vista as Symantec and other did last fall, Trend Micro says it wanted to work in cooperation with Microsoft. Trend Micro OS Protection works on both the 32-bit and 64-bit editions of Windows Vista.
The chief benefit from Trend Micro Firewall Booster is Windows Vista users won't have dual firewall technologies running. Firewall Booster leverages existing Windows Vista Firewall capabilities, adding … Read more
As part of their upcoming Norton Internet Security 2008 product, Symantec will include a new technology they're currently calling "Canary." The idea behind Canary is vulnerable browsers are the first point of entry for many Web threats known as "drive by" downloads. Canary will identify signatures of known Internet Explorer browser vulnerabilities then block exploits as soon as they are released. "Canary creates vulnerability signatures," said Rowan Trollope, vice president of Consumer Products at Symantec. Signatures for other browsers, including Firefox, will be included in the future.
The timing of this new technology … Read more
While IBM jumped into security with the acquisition of companies such as Consul, Internet Security Systems, Micromuse and Watchfire, Hewlett-Packard sat on the sidelines. This week, HP grabbed SPI Dynamics, an application security play that started a "who will HP buy next?" buzz on the mergers-and-acquisitions grapevine.
Yes, I've heard the rumors about McAfee and Symantec, but I don't believe them. McAfee is too deep into the desktop, an area that HP has continuously shied away from. Symantec has roots in desktop security as well and would also be a big pill to swallow. The debate … Read more
Wow. Sometimes, you read things like this and you wonder if Microsoft employees inhabit the same universe. Apparently, they haven't been following the rampant, constant security holes discovered and exploited in Windows over the past decade. Instead, they try to spin data in their favor to try to convince people that, in fact, Windows is more secure than Linux (and now OS X, which is a bit surprising since I had exactly zero security breaches in the last five years of running OS X - that's "zero" as in "none").
A Microsoft executive has claimed that Windows users faced fewer days of security risks on average last year than users of rival operating systems from Apple, Novell, Red Hat and Sun.… Read more
According to the Associated Press, the US Defense Department took 1,500 computers offline as the result of a cyber attack. No additional information about the event was provided. Defense Secretary Robert Gates said the attack happened sometime yesterday and that e-mail systems were expected to be back online later today.
Gate said during a press conference on the matter: "We obviously have redundant systems in place. ... There will be some administrative disruptions and personal inconveniences." When asked if he, personally, had been inconvenienced, Gates replied that he's a very low tech person. "I don't … Read more
The Macalope doesn't own one because it's hard to operate that little remote with his massive hooves, but Apple TV owners should be aware that Apple recently patched a potentially exploitable flaw in its eponymous set top box.
Tip o' the antlers to ISFYM which provides a humorous footnote.Ironically, the problem is in a protocol called UPnP, originally developed by, of all companies, Microsoft. Figures.
Apple today announced Mac OS X 10.4.10 along with a new security update. The updated version 10.4.10 includes fixes for Bluetooth and USB connections, plus several minor enhancements of the operating system. The security update, the sixth in what appears to be a monthly release cycle for 2007, addresses a vulnerability in the IPv6 networking protocol. It affects users of Mac OS X 10.4 and later, and is available from within Mac OS X via the Software Update pane in System Preferences, or from Apple's software downloads page.
Patch for Networking This patch affects … Read more
Apple today issued an update for its Apple TV device. The update fixes the mDNSResponder buffer overflow vulnerability, CVE-2007-2386. This vulnerability was patched last month in Security Update 2007-05 for desktop and laptop users of Apple Mac OS X 10.4 up to 10.4.9.
The Apple TV device will automatically pick up this update during its weekly schedule. Depending on the day that your Apple TV device checks for updates, this process may take up to a week to complete. Should you want the update sooner, it is also possible to force a manual update by using the … Read more
Security researchers on Tuesday found PHP exploit code embedded in a GIF on a major image hosting site. The exploit code slipped through the proverbial gates with the aid of a legitimate image at the beginning of the file, according to a posting on the Sans Internet Storm Center.
"It is a clever way to pass exploit code to others without it setting off alarms or attracting attention all while bypassing network security tools," the Sans security blog noted.
Malicious attackers planted PHP coded exploit script within an image file. PHP is often used as a programming language … Read more