Skip to main content

Posts

Showing posts from May, 2012

Apple Hardens Security with Mac OS X 10.7.4 and Safari 5.1.7

TidBITS Safe Computing: Apple Hardens Security with Mac OS X 10.7.4 and Safari 5.1.7:

What a fantastic idea.

From the article:


Safari will now check the version of Flash you are running and disable it if it is not capable of updating itself to a current version. Flash versions 10.1.102.64 (yes, that’s a version number, not an IP address) and older don’t include the capability to update themselves to new releases, requiring users to update manually. Newer versions will self-update as Adobe releases fixes, which minimizes the chances a user will be exposed to Flash-related security issues.
It also fixes this error:

Mac OS X 10.7.4 fixes a security error introduced in 10.7.3 that exposed a user’s password if they upgraded to Lion while leaving the legacy version of FileVault enabled. The flaw was due to a developer leaving debugging code enabled, which logged the user’s password in plain text. This problem affected only the older version of FileVault that encrypted a user’s home directory,…

I believe this pcap to be bad.

Alerts (2.9.2.2, dump-1.pcap)
1:18275:9 FILE-IDENTIFY HyperText Markup Language file download request Alerts: 1
1:16425:15 FILE-IDENTIFY Portable Executable binary file download request Alerts: 3
1:21860:1 SPECIFIC-THREATS Phoenix exploit kit post-compromise behavior Alerts: 4
1:21042:4 BLACKLIST URI possible Blackhole post-compromise download attempt - .php?f= Alerts: 1
1:21492:12 SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch Alerts: 3
1:21347:3 BLACKLIST URI possible Blackhole URL - .php?page= Alerts: 1
1:13245:2 BACKDOOR troya 1.4 runtime detection - init connection Alerts: 2
1:21646:6 SPECIFIC-THREATS Blackhole landing page with specific structure - prototype catch Alerts: 2
1:11192:12 FILE-IDENTIFY download of executable content Alerts: 2
120:8:1 (http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE Alerts:…