Recently a new PDF-based malware threat for OS X was discovered that displays a Chinese PDF file while it installs and runs its malicious code in the background. While the initial version of this malware (OSX/Revir.A) was detected over a week ago, the criminals developing the code are busy revising and refining it, and over the weekend a variant has been identified (OSX/Revir.B). As with all malware, new versions of these threats are likely to surface in the future, and as they do, expect malware detection utilities (including Apple’s XProtect) to follow close behind and label them alphabetically as they appear.

SAINT Professional is now available on Mac OS X Lion (10.7).
You can now fingerprint iPhones and iPads connected to your network. SAINT includes OS Fingerprinting during network discovery and/or vulnerability scanning.
New OWASP Top 10 Web Application scanning policy including 12 new web application checks.
DoD IAVA – Department of Defense Information Assurance Vulnerability Alert scanning policy and report template added (Requires IAVA plugin).
A new OS Password Guess policyhas been added including:
all SAINT password-guessing features (excluding password configuration policies) designed to guess the operating system password
checks for default FTP passwords
the capability to provide dictionary-based password guessing for operating systems (Windows, *nix), including Cisco and other devices, that have Telnet, SSH or FTP. These checks to do not include password guessing for databases or Web Auth.

Enhanced content scanning probe now includes performance enhancements as well as assessments on numerous file formats for Linux and UNIX OSs, in addition to Windows.
Live hosts that were identified during network discovery can now be displayed within the GUI. A report can also be generated from this discovery file.
Enhancements have been made to the backup & restore functionality to include credentials, custom logos, and additional configuration data.
New menu-driven launcher application allows starting SAINTmanager, SAINT nodes, and SAINT web listeners from the desktop menu without command-line knowledge.
New SAINTmanager RPM and DEB packages for easier SAINTmanager installation on Linux.

Apple released a security update for Mac OS X that patches 13 vulnerabilities.

The release fixes issues in several components, including CoreGraphics and Apple Type Services. Several of the vulnerabilities are buffer overflows, and can be exploited to execute arbitrary code.

Apparently, everyone was waiting for the update, while small in size and a quick download for the iPad, the same could not be said for the iPhone. The patch for the iPhone took over an hour for the 300+ MB file to be downloaded. The latest versions are now 4.0.2 for the iPhone and 3.2.2 for the iPad.

As the popularity of the small Apple products (iPhone, iPad, iTouch) take off, they are drawing the attentions of hackers. Some hackers just want to access the OS so they remove roadblocks for application customization and to add unauthorized tools and programs, while others might want to do damage or steal your information.

A very interesting article from my friends at MacApper, they cover everything about Apple and Mac over. As the title stated, Google’s Android OS gets hacked again and it provides an advantage to Apple and its iPhone. Not sure if I feel the same way about that, but what is does say to me is that Apple’s AppStore vetting process does provide more security to the users than the more wide open style of Android. Enjoy Keri Facey’s full article here from MacApper.

For those who are not familiar with the term jailbreak, it is freeing a device from the constraints imposed by the vendor. It normally requires the installation of software on a computer that will allow it to be installed on the device thus breaking it wide open for access and full modification as well as access to third party non-approved software.

I have been running VMWare Fusion with Windows XP as my guest OS for some time on my MacBook Pro. The other day, Windows XP while shutting, just hung as it seems to do from time to time on regular PC-based installed. I spent 2-days, waiting for it to complete. I even used the:

VMware Fusion menu bar > Virtual Machine > select Power Off

But it seem by using:

VMware Fusion menu bar > Virtual Machine > press the option key and select Power Off

It is the equivalent of pulling the plug out of the wall and it worked. Hope this will help someone out as it did me.

Kellep

A login banner is a statement made by the system owner that asserts their rights and informs the users of the system what expectation of privacy they should have. Login banners are a critical aspect of IT system security as they allow IT systems administrators and IT Security staff to monitor the system for intrusion and abuse.

The reports were about the iPhone 4 suffering from a severe drop in signal reception. Even Consumer Report, which publishes reviews and comparisons of consumer products and services based on reporting and results from its in-house testing laboratory with approximately 7.3 million subscribers stated, “we can not recommend the iPhone 4 due to the antenna/signal issues that are obviously and apparent.”

Apple’s new iPad is set to be released on April 3rd and SecurityOrb.com a Washington D.C.-based information security media company has looked beyond the hype into the possible security matters consumers should be concerned about.