A couple of new software attacks have been published recently by security researchers. They are different from past attacks in that they are resistant to normal detection and removal techniques. As far as I am aware they aren’t in use in the wild yet but are scary enough that I decided to discuss them here.
The [...]
Entries Tagged as 'Security'
Super-malware
March 23rd, 2009 · View Comments · Security
Securing OS/X
March 8th, 2009 · View Comments · Mac, Security
OS/X is based on BSD Unix and carries with it a long history of security. But, at heart, it’s a consumer operating system. The defaults are very trusting and open. Apple recognizes this and provides a very thorough document on securing OS/X.
Here are the basic steps to securing OS/X:
1. Set a firmware password. This is [...]
SSL Attacks
February 20th, 2009 · View Comments · Security, Web
Interesting post by Dan Kaminsky, a security researcher:
http://www.doxpara.com/?p=1269
It talks about SSL attacks and when/how they work. He bases his post off of work done by Moxie Marlinspike:
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
What it boils down to:
You can create a man-in-the-middle (MITM) attack that strips SSL and authentication from network traffic and virtually no one will notice. This kind [...]
Tags:Security
