bug

31 Articles

Apple Finally Fixes DNS Bug

September 15, 2008 by 4 Comments

With today’s release of Security Update 2008-006 Apple has finally addressed this summer’s DNS bug. In their previous update they fixed BIND, but that only affects people running servers. Now, they’ve updated mDNSResponder. Clients are no longer susceptible to DNS cache poisoning attacks thanks to the inclusion of source port randomization.

The Security Update addresses some other interesting bugs. Time Machine was saving sensitive logs without using the proper permissions, so any user could view them.

[photo: edans]

Wiretapping And How To Avoid It

June 19, 2008 by 8 Comments


No matter who you suspect is plotting your doom, you’ll need need to know the way wiretapping works in order to learn their plans and shield yourself from their surveillance. Luckily, ITSecurity has posted a comprehensive
article about wiretapping, including information on how to wiretap and how to find out if someone is wiretapping you.

One of the more intriguing methods of wiretapping the articles discusses is a service by a company called FlexiSPY. It works by covertly installing a program onto the target’s cellphone. Once installed, the spying party can listen to anything going on in the room the target is in by calling the phone. It won’t ring, vibrate, or give any indication that it is transmitting audio data.

Some of the more hack-oriented methods involve tapping into a landline, using special software to record VoIP calls, or buying a wiretapping kit. Of course, countermeasures, are also discussed, but some of the links they provide are a little more informative on the topic of defense against wiretapping.

Using Multiple Browsers For Security

June 3, 2008 by 16 Comments


[Rich] over at Securosis takes us through some of his browser paranoia exercises. He uses different browser profiles for different types of web activities. Based on potential risk, various tasks are separated to protect from CSRF attacks and more. Everyday browsing with low risk passwords is done in one. RSS reading with no passwords is done in another. He runs his personal blog in a browser dedicated just to that.

For high risk research, he uses virtual machines to further minimize any potential nasty code getting through. Very high risk sites are browsed through a non-persistent read-only Linux virtual machine. While these techniques can be less effective if the entire OS is comprised, they can still provide a few layers of additional security.

Fellow browser paranoia sufferers may want to consider Firefox plug-ins like NoScript and memory protection from Diehard.