• The Author – Bart Busschots

  

  • About
  • On Flickr
  • On YouTube
  • On Mastodon
  • On Twitter

  
  

  

  

  

  

  

• Site Search

  
  

• Site Map

  • About Bart
  • Blog
    • My Development Toolkit
    • Programming by Stealth
    • Taming the Terminal
    • Photo of the Week
    • Observer’s Log
  • Photography
  • Publications
    • Podcasts
    • Presentations
    • Software
      • HSXKPasswd – A Secure Memorable Password Generator

• Blog Categories

  • 42 (Life the Universe & Everything)
  • Computers & Tech
    • Automation
    • Security
    • Software Development
    • System Administration
  • Cooking & Food
  • History & Geography
  • My Projects
  • Photography
  • Polemics & Politics
  • Science & Astronomy

• Featured Tags

  • presentation
  • review
  • software release
  • tutorial

• Creative Commons

  Unless otherwise stated, the content on this site is licensed under Creative Commons Attribution, Noncommercial, No Derivative Works 3.0 License

  

Note: This articles was written for, and first published in, the NUI Maynooth student news paper The Maynooth Advocate.

With the recent Eircom controversy the security of our home networks has at last come to the attention of the press. That attention has focused mainly on one particular flaw in Eircom wireless routers but all broadband users could do with giving their broadband connection a quick security once-over.

Read more

Apple’s security reputation takes another dent this week with yet another zero-day exploit in its QuickTime media player. There is now proof-of-concept code out there which uses this exploit to remotely compromise computers running both Windows and Mac OS X. The vulnerability exists in QuickTime’s handling of media streamed over the RTSP protocol. If you are a bad guy all you have to do to use this exploit to attack someone is to get them to open a specially crafted RTSP URL (a url starting with rtsp://). If the victim’s browser has JavaScript enabled you can make things even easier for yourself, you can get JavaScript to open the RTSP URL for you! What this all means is that you can now have your Mac compromised by simply visiting a web page. This is a lot worse than the Trojan that I discussed a few weeks ago where you had to actually download and install a program giving it admin access in the process in order to be compromised. I should mention that this exploit does NOT give the attacker admin access to your machine, it ‘just’ lets the attacker run any code they want as the user running QuickTime. This is not as bad as an exploit which would allow the attacker to execute any command as root/admin but it’s still very bad.

You can get more details from US-CERT. That page also gives you some guidance on protecting yourself. However, those instructions are very windows-centric.

[tags]Apple, QuickTime, Zero Day Exploit[/tags]

Read more

Tagged with: OS X • vulnerability • QuickTime

Time Machine is the fantastic new backup feature built into OS X 10.5 Leopard. It’s pretty simple to set up and it will work if you leave all the defaults as they are. The defaults are fairly intelligent. For example, your Library/Caches is automatically excluded from the backup. However, if you wish to use space on your Time Machine disk efficiently you may wish to configure Time Machine to exclude a few more folders.

[tags]Apple, OS X, Leopard, Time Machine[/tags]

Read more

Tagged with: OS X • tutorial • operating system • backup

There’s a lot of buzz around the place today because something we all knew would happen eventually, has finally happened. There is malware out there actively going after Mac users. Is this malware exploiting some flaw in the Mac OS? Nope, it’s exploiting the innocence of many Mac users when it comes to security matters. The exploit actually requires the user to not only run an installer, but also to enter their password to give the installer administrative privileges! The only way this could ever work would be if there were a lot of naive Mac users out there so convinced of their security that they’ll happily install any random crap from internet. Uh oh ….

[tags]Trojan, Apple, OS X[/tags]

Read more

Tagged with: OS X • trojan

How Leopard Will Improve Your Security – a great article explaining the security enhancements brought by Leopard in plain English.

Tagged with: review • operating system • OS X • Apple

The letters which Eircom promised to send out to users to inform them of the security flaw I described previously have started arriving and one of the boards.ie users was good enough to post a scan on his website. In this post I’m just going to go through some of the choice bits of this letter and rip them apart. I really wish Eircom had made a competent reply so this wouldn’t be necessary, but sadly it really is. They still don’t get security and seem more interested in glossing over the problems rather than addressing them.

[tags]Eircom, Security, WEP, WPA, Wireless, WiFi[/tags]

Read more

Eircom’s security issues are bad enough to be getting on with but at least users can protect themselves with a few easy steps. BT customers seem to be much worse off with a remotely exploitable authentication bypass vulnerability. A quick scan of their website shows no announcement of the flaw or mention of it. They had better respond soon and respond well!

Please note that this article is a follow-on article from two previous articles (Eircom Exposes Its Broadband Customers to Serious Security Risks and Eircom Security – More Bad News and Some Suggested Solutions). The previous articles lay out the problems and some suggested solutions in detail. This article will not repeat those detailed explanations and justifications. I am writing this article with the assumption that readers will have first read the two original articles.

This article starts by presenting the details of Eircom’s response before providing a brief analysis leading to some conclusions. For those of you too lazy to read the whole article, were this to be school I’d give Eircom a passing grade, but not a great one. Say a high D or a low C.

[tags]Eircom, Netopia, WEP, WPA[/tags]

Read more

Tagged with: vulnerability • internet service providers • home routers

It’s not long ago that I posted about Apple not patching their SAMBA implementation for months after a patch became available. Now there is a Quick Time vulnerability in the wild that was apparently reported to Apple about a year ago. I constantly give off to Microsoft for this kind of carry-on, so, each time I catch Apple at it I’m going to highlight it too. The Mac user experience is currently fantastic but Apple’s continued complacency about security is putting that experience at serious risk. How bad will things have to get before Apple cop on to themselves?

For more details on this vulnerability (which affects Windows too) check out this Mac World article

[tags]Apple, Security, QuickTime[/tags]

Tagged with: OS X • vulnerability • QuickTime

This is a follow-up article to my earlier article Eircom Exposes Its Broadband Customers to Serious Security Risks. If you’re following the comments on that article you’ll see that I’m trying to bring these problems to Eircom’s attention. I haven’t gotten very far yet but I’ll keep updating those comments with what ever progress I manage to make. However, there has been another development that I feel I need to bring to people’s attention. This afternoon I was anonymously sent some very interesting information regarding yet another alleged hole in Eircom’s security. I MUST STRESS THAT I HAVE NOT VERIFIED THESE CLAIMS as to do so would involve attempting to break in to someone’s network and that’s illegal. However, should this prove to be true Eircom has yet another problem to fix. In this article I’ll start by explaining the alleged problem, then propose a simple solution, and end with some simple advice for Eircom customers who wish to protect themselves from these security vulnerabilities.

[tags]Eircom, Security[/tags]

Read more

Tagged with: vulnerability • internet service providers • home routers

« go back — keep looking »