Another Java privilege escalation exploit spotted in the wild. Trojans and web based java classes are already installing remote access tunnels into Macs across the globe. Apple finally updated their java binaries and you should too! Protect yourself! Just run Software Update from the Apple menu.
Apple Info:
http://support.apple.com/kb/HT5228
More info (including a AppleScript test for infection):
http://mashable.com/2012/04/05/mac-flashback-trojan-check/
This is Deja Vu of an attack from years ago where RAM was accessed from the firewire buss. This study published back in Sept 2011 (that i am late to discover) revisits this attack on Lion. Security researchers from frameloss published the specifics on an attack and how to avoid it. Learn how your password could be extracted from your computer’s memory via your firewire port. Even when you thought it was locked! Even with FileVault!
Mostly you must turn off fast user switching, and activate a feature that dumps the password for added security. read all about it here. . .
all the ssl blacklists are updates. we can return to thinking we are safe. Apple included the patches in a Security Update, Firefox updated to 6.0.2. Jailbroken iOS users can update or install “sslfix” in Cydia to get the protections that apple has yet to release.
After watching Moxie’s BlackHat talk, we seriously need to fix SSL. It is holding up too many technologies to be this insecure.
In the mist of #antisec and on the heels of the Vegas Hacker/Security conferences, another CA (DigiNotar) was hacked. This time the hackers got Google’s security certificates. With that criminals could use a technique known as a Man in the Middle attack to impersonate google and nothing can stop them. Personally i have heard @ioerror rant about the fundamental flaws of our present SSL system. Perhaps this will help bring about a change more quickly but for now we can blacklist the offending certificates. here is how (on a mac)
To protect Safari, the solution is, apparently, to run Applications/Utilities/Keychain Access, click on “System Root” on the upper-left, and “All items” on the lower-left, then type “DigiNotar” into the upper-right searchbox, then doubleclick on all the certs that show up (you may only have one), open the “Trust” detail area, and change “When using this certificate” to “Never Trust”, then close the dialog box.
For Firefox users, go to Firefox’s Preferences, click on Advanced, then the Encryption tab, then click on “View Certificates”, click on the “Authorities” tab, scroll down to DigiNotar, click on “DigiNotar Root or CA”, then click on “Delete…” or “Delete or Distrust…” below (depends on your version).
Read more here:
http://www.computerworld.com/s/article/9219606/Hackers_stole_Google_SSL_certificate_Dutch_firm_admits?taxonomyId=85