First iWork ‘09, now Adobe PhotoShop CS4. Both software packages have been found BitTorrent sites and contain a trojan horse which creates a backdoor with root privileges. The difference is that the trojan that comes with Adobe PhotoShop CS4 is not installed via the app, but instead via a “crak” app that comes with it [...]
Read the rest of this entry »

Brian Mastenbrook has discovered a vulnerability in Apple’s Safari browser that could allow remote sites to read files from a user’s hard drive without user intervention. The vulnerability is in the way Safari handles RSS requests. Omniweb is also affected by this. Users may also be affected by this vulnerability if a malicious link is [...]
Read the rest of this entry »

A group of security researchers have successfully cracked SSL by using 200 PlayStation 3 consoles and about $700 worth of test certificates to create a rogue Certification Authority (CA). This is significant because at leat six CA’s are still using the MD5 encryption with the exploitable weakness. The solution to this problem is for the CAs [...]
Read the rest of this entry »

Kinda, but not quite. Security researchers Erik Tews and Martin Beck claim to have found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes. They have not however cracked the encryption. The exploit is performed by getting the WPA router to [...]
Read the rest of this entry »

I installed a Linksys WVC54GCA wireless video camera last night. The WVC54GCA supports 802.11g wireless networking or 10/100 wired ethernet. I chose the WVC54GCA for its wireless capability. Once the WVC54GCA arrived, I powered it on and turned off the wireless security on my network. Hopefully your wireless network is the only one within range, [...]
Read the rest of this entry »

ATM skimmers are now being manufactured with the ability to send to the thief an SMS message containing all skimmed card data, thus greatly reducing the risk of the thief getting caught retrieving data from the skimmer. For those who don’t know, an ATM skimmer is a device that is inconspicuously mounted over an ATM’s card [...]
Read the rest of this entry »

Fire up Software Update and grab the 10.5.5 update containing updates for Address Book, Disk Utility and Directory Utility, iCal, Mail, MobileMe, and Time Machine. Also included are security updates for ATS, BIND, ClamAV, Directory Services, Directory Services, Finder, ImageIO, Kernel, libresolv, Login Window, mDNSResponder, OpenSSH, QuickDraw Manager, Ruby, SearchKit, System Configuration, System Preferences, Time [...]
Read the rest of this entry »

Nick Wingfield with The Wall Street Journal gets confirmation that a plan is in place for Apple to remotely kill certain iPhone / iPod touch applications if they are found to be malicious. Mr. Jobs confirmed such a capability exists, but argued that Apple needs it in case it inadvertently allows a malicious program — one [...]
Read the rest of this entry »

Security Update 2008-005 fixes the BIND DNS cache poisoning vulnerability by updating BIND to 9.4.2-P1(Leopard) and 9.3.5-P1(Tiger). Also of note, this update addresses the OSA privilege escalation issue by not loading scripting addition plugins into applications running with system privileges. Other items affected by this update include CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, [...]
Read the rest of this entry »

Apparently, the Aurora Feint game would send your contact list unencrypted to the company’s servers. Hopefully the developers will fix this properly and get their game back in the App Store.
Read the rest of this entry »