Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-02-24 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OS X is clearly on the radar of exploit-developers.

Published: 2006-02-24
Last Updated: 2006-02-24 23:49:44 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Love it or hate it, OS X users need to exercise increased vigilance.

Soon, even your beloved little Mac laptop will be spending its spare CPU cycles sending out advertisements for Viagra and Cialis.

The recent news of these vulnerabilities in the OS is getting plenty of attention.  Some would argue that things are being blown out of proportion.  I think there is some lazy journalism, and sensationalism afoot.  Yet, like any FUD-storm there is usually some kernel of truth.  In this case, this kernel is not so small and insignificant.

A quick review of some critical points:

  • The OS X Finder issue allows arbitrary execution of code.
  • There exists proof-of-concept code that demonstrates this vulnerability.
  • There exists easy-to-use tools in the wild to actively exploit this vulnerability.

  • The Bluetooth Directory traversal vulnerability (Bugtraq ID 13491) allows an attacker to access arbitrary files on the system.
  • There exists malicious code in the wild that exploits this (OSX.Inqtana.A ?no CME available)

  • OS X has a disparity of controls when it comes to file headers and file icons. 
  • This was exploited by OSX.Leap.A


Secure or Easy-to-Use: Pick one.  "Security is a compromise" is a well-known axiom.  In an effort to use as little hype as possible I only suggest that now is the time for Mac users to seriously consider anti-virus, personal firewalls, and safe browsing habits.  It is the time for Mac sysadmins to develop strong patch management policies.  This likely means that a Mac is no longer the no-brainer-choice for what computer to get for your parents.

It would also be simply splendid if Jobs would release his patch clusters on any day other than MS Tuesday.

Keywords:
0 comment(s)

A Sad-day for Customer Service

Published: 2006-02-24
Last Updated: 2006-02-24 23:01:58 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Today at the day-job we crossed a threshold.  Some would say we took a step backward.  As of today, everyone who sends an email to our abuse@dayjob address will receive an auto-response.  The old days of a human response within 24 hours are now forever-gone at my organization.  The increased load of traffic and the plummeting percentage of messages that actually needed a response have brought us to this decision.

Let there be a Moment of Silence.

Keywords:
0 comment(s)

Where are all of the articles?

Published: 2006-02-24
Last Updated: 2006-02-24 22:31:59 UTC
by Kevin Liston (Version: 1)
0 comment(s)
It has been ever-so-quiet on the diary.  What is it that we could be up to?
There's quite a bit going on that we can't publish (not everyone who writes in wants their name in lights.)  Nothing worth changing the InfoCon over.  Suitably-obfuscated reports will be released later.
Keywords:
0 comment(s)
Diary Archives