Search

The Life of Josh

Computer Engineer, Security Consultant, and Tech Nerd.

Category

Security

Mac OS X 10.4.11 Tiger vulnerable to libc/strtod(3) buffer overflow too

I read the advisory for the libc/strtod(3) buffer overflow over the weekend and wondered if 10.4.11 wasn’t included simply because nobody tested, and I think I’m right. I logged in to a 10.4.11 machine in Console by entering “>console” in the Name: field of the login window. Then I logged in as my local admin account and typed “printf %1.262159f 1.1” and sure enough I was knocked out of my session back to the login window. It would appear to me that 10.4.11 is vulnerable to this overflow. Now let’s see if Apple goes back and makes a patch for 10.4.11 as well as 10.5.8 and 10.6.2. I would imagine now would be a good time for folks to remove anything older than 10.4.11 from your environment, and depending on Apple’s response you may end up moving all your 10.4.11 to 10.5.8 or 10.6.2 if they don’t issue a patch.

 

Advertisements

SmoothWall the Opensource Firewall

Now that I have my Actiontec FiOS router acting as a double bridge I am able to put devices on public IP space since I have 13 static IPs from Verizon. The problem is that I don’t really want to hang much on public IP space with no protection. It sounds ironic that I went through all that effort to double bridge only to hide devices, but it really does make sense. 🙂

Continue reading “SmoothWall the Opensource Firewall”

Spybot Search & Destroy in the enterprise

[ An update to this: They don’t make it very obvious but you need a license for Enterprise use of this product. So much for leveraging this at work. I’ll have to pull back on my installs and figure out about purchasing it for some. I hope this note helps some folks to make sure they have a proper license.]

In the battle against malware at work I have finally decided to use Spybot. For years everyone has always used it to clean up a machine after someone complained about a problem, but I thought maybe I could use it proactively, and hopefully silently. I did a lot of Googling but it is so very hard to find all the information in one place so I thought I’d share the commands I use to install and update Spybot.

Continue reading “Spybot Search & Destroy in the enterprise”

Mac OS X 10.5.6 stuck on Java 1.5.0_13

So I use InstaDMG to build my Mac OS X images for work. I got reports of Java being broken in my latest image. On looking at the problem the machines were at Java 1.5.0_13 when they should have been at 1.5.0_16. Reinstalling Java Update 2 and Java Update 3 didn’t bring the machines to 1.5.0_16 like it should have. Also the Java apps in /Applications/Utilities/ are broken.

Continue reading “Mac OS X 10.5.6 stuck on Java 1.5.0_13”

Hit by a new varient of Gaobot

At work we got hit by a rather nasty virus. I thought I would get this out there in case anyone else is being hit by it.

Continue reading “Hit by a new varient of Gaobot”

Project Honeypot

I joined an interesting project called Project Honeypot. It involves putting up scripts on websites that give harvesters addresses that are used to catch them spamming. You can donate mail domains to the project to make it so diverse that the address harvesters will have no way to know that they are harvesting Honeypot addresses. It seems like a very cool idea to catch these bastards before even a single email is sent. It will work because many harvesters also send from the same IPs, and additionally ISPs can be notified about harvesting and they can add TOS requirements that users not harvest addresses.

Rootkit Hunter 1.0 released

So Rootkit Hunter 1.0 was released. For those that don’t know what a rootkit is; It is usually an automated way of taking control of a computer and it usually hides the intrusion. Usually you see rootkits on UNIX / Linux / BSD systems, but the term could refer to any platform I believe. The “root” part of rootkit refers to the root user on a UNIX box that has full control of the system, and “kit” is because it’s like a kit that is all set up nice for you with the tools needed to break in to a system. So anyways… the reason I’m happy about this release is because I have a few minutes of fame in the Changelog. If you read it you’ll see…

Continue reading “Rootkit Hunter 1.0 released”

OS X cron job to launch LiveUpdate

So I decided I would share. 🙂 This is the cron job I use to keep OS X machines up to date with LiveUpdate and Norton AntiVirus 9.0.1. It’s a fairly simple script. I put this in /sw/etc/cron.daily/ because I use anacron that I installed with Fink. If you don’t want Fink on your system then there is a system cron that is in /etc you can use, but it requires that the machine must be on when the cron job should run. This condition was not acceptable to me. Read on to see the script…

Continue reading “OS X cron job to launch LiveUpdate”

Customizing Symantec LiveUpdate on OS X

If anyone uses Norton AntiVirus on OS X in a big company then you know how annoying it is to configure it for a big company. Well I learned some stuff that I thought I’d share with the world. Tomorrow maybe I’ll share my daily cron job that replaces the Symantec Scheduler for updates on my corporate build.

Continue reading “Customizing Symantec LiveUpdate on OS X”

Blog at WordPress.com.

Up ↑

%d bloggers like this: