Thought it was funny, this past Sunday’s 60 Minutes on CBS aired a segment called “High-Tech Heist” — specifically about credit card fraud and vulnerability in the physical world. They talked to staff at the FBI and showed how easy it is to buy and sell card numbers and ‘full identities’ online — no big [...]
Rich over at Securosis and some other folks have been working on a set of rules for the Leopard firewall (ipfw) that would be restrictive without breaking everything completely. The ruleset has been tweaked extensively now and takes a lot of things into account. I’ll be testing it out tonight, but it looks great so [...]
Part two (part one is here) of an expanding series where I’m providing an overview of some of the InfoSec tools that I use on a daily basis on my Mac. Down the line I’ll expand this series and write up each tool in more detail.
Nessus
Despite the controversy about Nessus going proprietary [...]
I’m sure the 10.5.1 update (which just rolled out to Software Update today) will be dissected on all of the Mac forums and blogs, but in the Security section of the release notes, there are a few highlights that were noteworthy:
The “Block All Incoming Connections” setting I talked about here has now been changed to [...]
Every blog has a ‘Top 10′ list of something — and I’m fairly sure that someone has probably even done a “Top xx Mac Security Tools” list, but I figured I’d go with the list of the tools that I use the most, and then as time permits, go through and write up something about [...]
This is the last Leopard firewall post for a while…
Over the last week or two of Leopard firewall discussions across the web, quite a bit of info has come out about how the Leopard firewall works, and what’s going on ‘under the hood’ when you change the options under System Preferences.
The firewall used by OS [...]
Apple posted documentation about the Application Firewall today which explains a lot of what many folks have been seeing.
I haven’t had much time to analyze it yet, but here’s the kicker:
Anything running as UID 0 will not be blocked, even when the Application Firewall is set to Block All Incoming Connections. This explains why the [...]
Mac side, from a Terminal:
sudo su
nc -l <port number> (I used 1000)
Ensure that your Leopard firewall settings are set to “Block all incoming connections” and “Enable Stealth Mode” (in the advanced settings)
From a remote machine:
nc <leopard ip> <port from above>
Connected! If you don’t have netcat on a remote machine, you can simply telnet to the [...]
I spent quite a bit of time tonight testing the Leopard firewall from my local host as well as from a Linux host on my local LAN while running various configurations of Nmap and tweaking the various Leopard firewall configuration options.
As I started to write it up, I found that I’ve been beaten to the punch. [...]
The Tipping Point / 3com funded Zero Day Initiative posted a whole batch of Quicktime vulnerabilities yesterday:
ZDI-07-065
ZDI-07-066
ZDI-07-067
ZDI-07-068
While all of them are interesting, the 65 and 68 items stand out to me as the less important ones, as exploitation of the issue requires that a user open a specific file. The more nefarious items in [...]