O'Grady's PowerPage » security

Apple releases Security Update 2015-002 for OS X 10.8, 10.9, 10.10 operating systems

Posted by:
Date: Tuesday, March 10th, 2015, 08:22
Category: News, security, Software


It’s not a huge security update, but it came out yesterday and is probably worth snagging.

Late Monday, Apple released Security Update 2015-002, a 4.8 megabyte update containing updated security fixes for the OS X 10.8, 10.9 and 10.10 operating systems.

The update, which addresses vulnerabilities such as the “FREAK” attack, can be located and installed through OS X’s Software Update/App Store features and requires a quick restart to install.


OS X malware on the rise, tips posted as to how to remove it

Posted by:
Date: Tuesday, March 3rd, 2015, 08:33
Category: News, security, Software


This is worth a gander.

A recent piece on How-To Geek points out the dramatic rise in malware for Mac OS X, the article highlighting a spike in spyware, adware and overall malware that comes with clicking the wrong items during an installation.

Once installed, the adware injects itself directly into your browser, analyzing your Web traffic, email and sending data back to company servers. The overall message is this: even though you’re a Mac user, there’s additional malware on the rise and it’s time to form some better habits where security is concerned. In the meantime, the Mac App Store is still secure thanks to Apple vetting what goes through there, although not all vendors distribute their software through this store front.


Hacker group may have hidden within the NSA for 14 years, successfully compromised OS X, iOS devices among other efforts

Posted by:
Date: Tuesday, February 17th, 2015, 06:40
Category: iOS, News, security, Software


This goes into the category of “man, it’s long, but you’ve got to read it”.

An article on Ars Technica discusses the Equation Group, a group of hackers that had an incredible amount of success, were able to use revolutionary methods in their work and may have been embedded within the National Security Agency.

In addition to the findings, researchers within the Kaspersky Group found “redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.”


Apple expands two-step verification to iMessage, FaceTime services

Posted by:
Date: Friday, February 13th, 2015, 04:31
Category: News, security, Software


This might come in handy where security is concerned.

Apple has now expanded the number of services protected by its two-step verification service, security-conscious users now able to count iMessage and FaceTime among those features protected by the service.

Beginning today, those who have opted in to the two-step verification program will be asked to provide a one-time security code the next time they configure iMessage or FaceTime on a device.


Apple releases OS X 10.10.2 update

Posted by:
Date: Tuesday, January 27th, 2015, 17:55
Category: News, security, Software, Yosemite


You’ve been hankering for it.

And it’s here.

On Tuesday, Apple released its long-awaited OS X 10.10.2 update. The update, a 400+ megabyte download, adds the following fixes and changes:

– Resolves an issue that may cause Wi-Fi to disconnect.

– Resolves an issue that may cause web pages to load slowly.

– Fixes an issue that caused Spotlight to load remote email content when the preference was disabled in Mail.

OS X 10.10.2 update to resolve ongoing Thunderbolt vulnerability

Posted by:
Date: Tuesday, January 27th, 2015, 11:06
Category: Hardware, News, security, Software


If you were looking forward to the next heft Yosemite update, there’s something else to look forward to that will finally secure a vulnerability on the Thunderbolt port.

Per AppleInsider and iMore, a Mac hardware vulnerability that has yet to be exploited on a wide scale will reportedly be fixed with Apple’s forthcoming OS X 10.10.2 update for Yosemite, preventing any future attacks.

The so-called “Thunderstrike” hardware exploit was publicized late last year, but the hack takes advantage of a flaw in the Thunderbolt Option ROM first disclosed in 2012. Until now, that flaw hasn’t been patched, but according to iMore, the latest beta of Apple’s OS X 10.10.2 update fixes the problem.


Latest OS X 10.10.2 build features Google Project Zero discoveries/fixes

Posted by:
Date: Friday, January 23rd, 2015, 10:23
Category: News, security, Software


If Yosemite is driving you a bit crazy, the good news is that the upcoming version won’t feature any bugs that have been pinned down by Google.

Per iMore and Ars Technica, Google’s Project Zero research program has disclosed and released proof-of-concept code for a series of 0day — previously unknown — vulnerabilities found in Apple’s OS X operating system for the Mac. It should be noted, however, that the first vulnerability was marked as fixed and closed by Google two weeks ago, and the others are fixed in OS X Yosemite 10.10.2, now in beta.


Leaked files outline NSA-sponsored hacker training, use of vulnerability within Safari web browser to gain access to devices

Posted by:
Date: Monday, January 19th, 2015, 12:30
Category: Hacks, iOS, News, security, Software


It’s interesting what the intelligence community gets up to in its day to day work.

According to Spiegel Online International, the Politerain hiring process posted ads for candidates who wanted “to break things.”

Politerain is not a project associated with a conventional company. It is run by a US government intelligence organization, the National Security Agency (NSA). More precisely, it’s operated by the NSA’s digital snipers with Tailored Access Operations (TAO), the department responsible for breaking into computers.

Potential interns are also told that research into third party computers might include plans to “remotely degrade or destroy opponent computers, routers, servers and network enabled devices by attacking the hardware.” Using a program called Passionatepolka, for example, they may be asked to “remotely brick network cards.” With programs like Berserkr they would implant “persistent backdoors” and “parasitic drivers”. Using another piece of software called Barnfire, they would “erase the BIOS on a brand of servers that act as a backbone to many rival governments.”


August Connect hub now available for pre-order

Posted by:
Date: Thursday, January 8th, 2015, 15:14
Category: Hardware, News, security


This could be useful for home automation.

The August Connect hub, which controls the August Smart Lock via Bluetooth, allows you to remotely unlock or lock your door for guests, immediately know if someone has entered or left your home and automatically locks your door, removing this uncertainty.


Security researcher demonstrates Thunderbolt firmware hack proof of concept at Chaos Computer Congress

Posted by:
Date: Monday, January 5th, 2015, 10:15
Category: Hack, Hardware, News, security, Thunderbolt


As great as Thunderbolt is, there are vulnerabilities to consider.

Per 9to5Mac, a security researcher speaking at the Chaos Computer Congress in Hamburg demonstrated a hack that rewrites an Intel Mac’s firmware using a Thunderbolt device with attack code in an option ROM. Known as Thunderstrike, the proof of concept presented by Trammel Hudson infects the Apple Extensible Firmware Interface (EFI) in a way he claims cannot be detected, nor removed by reinstalling OS X.

Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the hard drive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware.