Monday, June 19, 2017

Stack Clash:
A UNIX Security bug likely to affect macOS

--

I'm posting this information as a warning to those running macOS as a server. The 'Stack Clash' security bug is likely to affect macOS owing to the fact that macOS is certified BSD UNIX.

Apple has been notified and no doubt will examine the situation and provide a patch ASAP if required. (Likely required).

For now, have a read of this article by Dan Goodwin over at Ars Technica.

Serious privilege escalation bug in Unix OSes imperils servers everywhere
“Stack Clash” poses threat to Linux, FreeBSD, OpenBSD, and other OSes.
Anyone running a Unix-based OS should check with the developer immediately to find out if a patch or security advisory is available. The best bet is to install a patch if one is available or, as a temporary workaround, set the hard RLIMIT STACK and RLIMIT_AS of local users and remote services to a low value. 
The Stack Clash security bug is listed as CVE-2017-1000364.

This isn't a PaNiC situation. But it's important to be aware that this bug is likely to affect macOS.

There will be more information available shortly, no doubt. I'll post here as it is released.

:-Derek



--

Tuesday, February 28, 2017

Making My Own Trouble: Calling Out Kaspersky

--

Introduction:

It's been fairly quiet regarding Mac security. There have recently been three malware out-in-the-wild, but they've proven to be not much of anything. Therefore, I haven't bothered to FUD anyone about them. I don't like FUD.


Therefore, having a low boredom tolerance, I often make my own trouble for my own amusement. I decided to share this particular experience with those here who are interested. It's my call out to Kaspersky for distribution of BS.


The Article Of Interest:


I visit snarky The Register every day for computer security news, among several other websites. I get tired of the puerile cockney humor but they do a good job covering the subject. This was the article that inspired my trouble making today:


Apple's macOS is the safer choice – but not for the reason you think
Eugene Kaspersky looks forward to a new darker dawn
Apple's Mac operating system may be the safer choice – but only because cybercriminals can't get their hands on people who know how to exploit it.

That's according to security showman Eugene Kaspersky, who gave a keynote at the Mobile World Congress in Barcelona on Monday. In recent months, Kaspersky has made a habit of giving MacOS a kicking, and this keynote was no different.

"People still think MacOS is safe," he told attendees with some measure of incredulity. But it's not. While there is certainly less malware for the operating system than, say, Windows, it's more a case of difficulty in hacker recruitment than evidence of stronger inherent security.

Of course, this zeal may have something to do with a big push from Kaspersky for its security software for the Mac, not that you'd need it from Eugene's logic. And that may have something to do with Kaspersky's huge certificate cock-up at the start of the year that exposed millions of people to interception attacks. . . .

So what's the solution? A complete redesign of all of our systems, starting from scratch by building on top of secure platforms and software. He dreams of systems that are no longer "secure" but "immune."
Emphasis mine. Before I continue, let me point out that creating an 'immune' operating system is exactly what we want. Let's all champion that effort.

But Mr. Kaspersky's keynote comments about the Mac remind me of something from way back in 2005 when lousy (IMHO) Symantec attempted to FUD Mac users into believing their chosen computer platform was going to be inundated with malware, just like Windows. It was only a matter of time.


Symantec: Mac users deluding themselves over security

Symantec's 2005 FUD campaign, obviously an attempt to promote Norton for Mac sales, was the impetus that inspired me to study and write about Mac security. Thank you Symantec! I hate you. 


Therefore, here's what I have to say back to assertions Mr. Kaspersky made in his keynote, which is what I posted at The Register:

Maybe Aricept Can Help

"So what's the solution? A complete redesign of all of our systems, starting from scratch by building on top of secure platforms and software. He dreams of systems that are no longer "secure" but "immune.""

OS X (macOS) is an operating system started from scratch by building on top of a secure platform and software. It was built on top of BSD UNIX, which remains the single most secure (by testing and reputation) operating system available. OS X is certified BSD UNIX. 
So Mr. Kaspersky, maybe Aricept can help. Either that or do your research before you blether.

An "immune" OS is something else entirely. We have no such thing at this time apart from running a standalone computer with no input and no output, no EM radiation or sound emanations, etc.

Hint To Kaspersky: 
One reason your anti-malware isn't a hit on OS X (macOS) is that, thanks to the work of many people, both volunteer and paid, malware is discovered, described and tested with the results passed along to Apple. On a good day, Apple then responds ASAP by providing automatic OS subsystem updates blocking that malware within their XProtect anti-malware system. (Yes, Apple has plenty of bad days when they don't keep up, such as their current forgetfulness about blocking out-of-date versions of Adobe's supremely dangerous Flash Player Internet plug-in).

As a result, there's very little point in bothering to write malware for OS X seeing as it will typically be squashed by Apple within a brief period of time, thanks again to the work of many of us OUTSIDE of Apple.

Mr. Kaspersky, realism is always welcome. Pulling bonehead Symantec quality FUD manoeuvres is NEVER welcome. Make your choice.

In any case, thank you Kaspersky for your many contributions to the computer security community. Apologies that they don't result in profits from your Mac software.
If I die before I wake, you know why. ;-)



Oh and here's The Register's 4 Jan 2017 article about "Kaspersky's huge certificate cock-up" mentioned above:


Kaspersky fixing serious certificate slip
Security smashed for 400 MEEELLION users
Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. 
Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. . . .
~ ~ ~ ~ ~

--