Another OS X Java Patch
Only a couple days after releasing the critically late Java patch (2012-001), Apple released another Java update. At this point, Apple's site doesn't mention what this new patch fixes, or why it was released. But eventually, you may see details at http://support.apple.com/kb/HT1222 . Too bad that Apple isn't getting its security house in order. It appears that OS X has reached a level of market penetration that would require a company with a meaningful security response capability behind it.
Just a couple of additional pointers for OS X security:
- Sophos is making a free Antivirus product for OS X. I am running it for a few months now without bad side effects. http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
- You can try and enable "Gatekeeper" on OS X Lion. This feature will prevent unsigned software from running. This feature will be fully integrated once the next version of OS X (Mountain Lion, OS X 10.8) arrives, but has been included in OS 10.7.3 . To activate it, you need to run: sudo spctl --enable . Expect it to complain about a lot of "normal" software as most OS X software right now is not yet signed. (but you can always allow it to still run).
Otherwise: Keep good backups...
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Social Share Privacy
For quite a while now, we used the "Add This" toolbar to allow readers to quickly share articles with various social networks. As a security site, we talk a lot about the risks of social networks, but we can't ignore them. Our mission is to get the word out about current security issues. Social media are becoming an important tool to assist us with that.
At the same time, we are very aware of the privacy issues. Lucky for us, the german technology website Heise Online came up with a great solution. The "Social Sharing Privacy" toolbar we are using as of today will not leak any data about you to social networks or companies like "Add This" until you explicitly turn on the toolbar. If you would like to share a story via Twitter/Facebook/Google , you will first need to turn on the toolbar (which will load the actual images from the respective sites) and then you are able to "share".
I hope this will not prevent too many of you from sharing our stories to your social media accounts. We will still tweak the toolbar a bit. Please let us know if you see issues with specific browsers (we are usually testing with Safari on OS X, Firefox on Linux and sometimes even with IE on Windows).
Plugins for popular tools like Wordpress are available.
Social sharing privacy source code: http://www.heise.de/extras/socialshareprivacy/
This blog post helped me quite a bit: http://benjamin-steininger.de/2011/12/07/extending-heise-socialshareprivacy-to-pass-a-dynamic-title-to-twitter/
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago