Today I came across a news
article
in reply to a question asked by Steven D. Levitt, "If you were a
terrorist, how would you
attack?"
The blog posting has struck controversy among many people, and it just
reminds me of all the full-disclosure debates we have had in the
security industry. Does spelling out attacks on paper help the bad guys?
I wouldn't doubt many of the ideas that people come up with have already
been discussed and analyzed by various terrorist groups.
What frightens me more is the possibility of those posting suggestions
going on some *-watch-list.
Posted by Marcin on Thursday, August 9, 2007 in
Intelligence and
Politics.
The other day I posted about a problem regarding the default behavior
under OS X, which ignores permissions for mounted firewire
drives.
I decided to look for a solution to this rather than relying on
administrators to set the proper option. What I uncovered is a nifty
tool called DenyThumbDrives that allows you to prevent the mounting of
local volumes based on their size and media type.
This tool allows me to solve the issue with insecure default settings
for firewire disks while also allowing me to prevent data theft via USB
thumbdrives and external disks. I understand data can still be stolen
via other means such as network connections; however, it's a step in the
right direction. DenyThumbDrives is also a free utility.
You can get DenyThumbDrives
here.
Posted by Casey on Thursday, August 9, 2007 in
Apple and
Security.
When you mount a firewire hard disk under OS X it will mount with the
'Ignore ownership on this volume' option set. What this means is that
owner information and file permissions will be ignored. Apple does this
so that you can share a disk across multiple systems that may not have
the same users on the system; however, from a security standpoint it can
create some major problems.
|firewire.png|
Be sure to set this option to off after you create your volume on the
new firewire disk.
Posted by Casey on Wednesday, August 8, 2007 in
Apple and
Security.
I am an avid OS X user and will be posting tools and security
information regarding OS X regularly. I often need to create secure
passwords that are easy to remember and today I found the perfect tool
for doing this. It's called QuickPass and it's a small freeware
application that runs in your toolbar. Each time you click on the key
logo it will generate and display a new list of passwords based on your
criteria specified in the preferences dialog.
|quickpass.png|
You can get QuickPass
here.
Posted by Casey on Tuesday, August 7, 2007 in
Apple and
Security.
Ryan Naraine of ZDNet points out a Greasemonkey script that blocks
Gmail cookie-theft attacks.
The script can be downloaded
here, and it redirects
Gmail to use a "secure" HTTPS connection. You can modify the script to
@include redirect any site that has HTTP or HTTPS to use HTTPS by
default.
The meat of the script
is just a couple lines:
@include http://mail.google.com/*
location.href = location.href.replace(/^http:/, 'https:');
Posted by Marcin on Tuesday, August 7, 2007 in
Privacy and
Security.
