Wednesday, November 29, 2017
MacOS High Sierra Root Exploit
Turkish software developer Lemi Orhan Ergin has discovered a very serious flaw in the latest macOS, High Sierra that allows anyone with local (and/or possibly, remote) access to the machine to log in as the “root” user without supplying a password. Until Apple patches this flaw you must change the root account’s password NOW. Open up a Terminal (in the Spotlight search box just type “terminal”) and type “sudo passwd root”.
Note that disabling the root account does not fix the problem because the exploit actually causes the account to be re-enabled.
Wednesday, April 20, 2011
iPhone Tracker Revealed
A story from the Guardian reveals Apple keeps a file on the iPhone and iPad that contains the latitude and longitude of the phone's recorded positions coupled with a time stamp. When synchronised with the owners computer this file is copied over resulting in two copies. The file data can be accessed with mimimal effort by anyone with possession of the device(s). You can access this file with this handy application called IphoneTracker. The only saving grace is that the file is apparently not uploaded to Apple. Stay tuned for the fallout from this.
Saturday, August 02, 2008
DNS servers the world over have been targeted by evil doers. Flaws in these servers could allow creeps to silently redirect your browser sessions to anywhere.
To check to see if your ISP is vulnerable go here.
If the results (above) are less then satisfactory do contact your ISP and complain bitterly.
You could also use DNS servers that are patched. I suggest OpenDNS.com - they even have a handy application that corrects your settings when your ISP's DHCP server changes your IP.
Here is a good synoposis from the blog Security Fix:
At issue is a basic design flaw in the domain name system. DNS is the communications standard that acts as a kind of telephone book for the Internet, translating human-friendly Web site names like example.com into numeric addresses that are easier for networking equipment to handle and route. When people type a Web site name into their Internet browser, the process of routing of that name to Internet address is generally handled through DNS servers managed by Internet service providers and corporations. But according to research released this month, most of those DNS servers are vulnerable to a security flaw that allows miscreants to silently alter the virtual road maps that those systems rely on to route traffic. As a result, a cyber criminal could trivially rewrite those records so that when customers of a vulnerable ISP or network provider try to visit a particular Web site, they are instead taken to a counterfeit site created by the bad guys.
Security begins at home. Never assume your ISP has a clue.