Saturday, August 29
Tuesday, August 25
This release is mostly enhancements to the Leopard operating system, not really any new "features" per say (even though there are a ton), but mostly bug fixes.
However, today, there has been some news circulated around about an anti-malware solution within Snow Leopard. There have been screenshots all over Gizmodo and Engadget today with this little blurb about OSX Leopard alerting you to the presence of a new piece of malware on OSX.
Now, in the past Apple hasn't taken a proactive stance against any type of malware, running ads claiming that Macs are not prone to viruses and trojans like the Windows platform.
We all know this not to be 100% true. While Apple does have it's own share of DNS Changing trojans and things like that, they are very very few and far between, and even harder to get onto an Apple system than their PC counterparts.
Some trojans and malware requiring you to perform actions like typing in your admin password and things like that. So this "anti-malware" solution is in a new territory.
Turns out there is some details starting to emerge about this anti-malware solution, apparently right now, it's in a Preferences file called "XProtect.plist", and as of right now, it appears that it only checks for two known OSX Trojans.
In addition to that, it only checks the files if they were downloaded through iChat, Safari, Entourage, and several other applications.
Files that are on a CD, Thumbdrive, etc, are not checked against this plist file. Presumably, the things that this XProtect file checks for are all "downloaded" trojans. Attack vectors that appear over iChat, like those that have come out in the past.
I find it interesting that this is taking place. Will Apple keep this file up to date with System Update? Will they enable greater functionality within the system for this file? Scan files?
Right now OSX Server uses ClamAV to check incoming SMTP email messages arriving through the software against known malware, whose to say that Apple doesn't take this solution a step further and make it simple to use?
I can't imagine that OSX as an attack platform will stay isolated for long, but we'll see, with the new security improvements that have been made within OSX, like improved address randomization and things like that, we'll see how much of a successful attack platforms these "next gen" OSes turn out to be.
Thursday, August 20
Tuesday, August 18
Monday, August 17
Sunday, August 16
Thursday, August 13
Tuesday, August 11
Tuesday, August 4
Just wanted to say hello to all my friends that I hooked up with at Defcon this year. It was great. Great parties, good friends, good talks, good times. I’ve put up a couple videos that I took during Defcon, one being this one:
Of the Bendy Girl at the IOActive Party. She was good. DJ Keith Myers did an excellent job of DJ’ing the party on Saturday.
I went to several talks, one being the Adobe 0day “debacle” talk. Where the disclosure of the PDF Vuln from Adobe was discussed. I think the presenter (from Shadowserver) did a good job of trying to explain the benefits of partial disclosure, full-disclosure, and non-disclosure. I still think full-disclosure is the way to go.
In any case, good times had by all, thanks to all for making it a great, safe, Defcon.
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
1. I don't feel like I have much to say. I do a tremendous amount of writing and blogging on the Snort, ClamAV, and Talos blogs. So...