The Mac Security Blog
iThreats published information about a new remote administration tool recently, and other sites are presenting this as a serious new threat to the Mac. Actually, this is hardly a threat at all. This tool, BlackHole, is something that needs to be installed on a Mac, generally via a Trojan horse, and, while it offers simple functionalities to control a Mac, merely having shell (Terminal) access is more than enough. A RAT, or remote administration tool (and not a “remote access Trojan,” as one site claims), such as this is designed to simplify the tasks of a malicious user who wants to control an infected computer, but in most cases, the people who are infecting Macs will be able to do all of this with a simple ssh connection using Terminal.
Backdoors are relatively easy to install once you get a user to install a Trojan horse. A remote administration tool is not in itself a threat; it requires that a backdoor be installed, and this in turn requires effective payload from a Trojan horse or other means of installation. While Intego will be detecting and blocking BlackHole in its threat filters, we consider this to not be a serious risk.
Intego was named the Global Mac Endpoint Security Entrepreneurial Company of the Year for 2010 by Frost & Sullivan. Intego CEO Laurent Marteau (on the left in the photo) attended the Frost & Sullivan Excellence in Best Practices Awards Banquet in New Orleans, on February 9. Laurent Marteau was very proud to receive this prestigious award, saying, “I’m greatly honored that Frost & Sullivan has recognized Intego’s importance as the leader in the Mac security market. Of the many awards and recognitions we have received over the years, we value this one especially as it comes from a third party whose analysis of the Mac security market is totally objective.”
In a paper to be presented at this week’s Usenix FAST 11 conference in California, a groupe of security researches from the University of California, San Diego, have found that securely erasing SSDs (solid-state drives) is not efficient, and may leave large amounts of data on the drives, which is then accessible via file recovery software. As they point out in their paper, “none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs.”
The researchers used a number of devices and techniques, and notably found that Mac OS X’s “secure erase Trash” – most likely the “Secure Empty Trash” feature – left 67% of data accessible on an SSD, compared to only 9.8% on a USB drive. Even overwriting free space on SSDs turned out to be ineffective.
Given that SSDs are increasingly popular – and are provided on the MacBook Air – this suggests that data protection requirements for users of SSD-based computers are much more stringent. When users securely delete files, or securely erase free space on their drives, they have no way of knowing how effective these operations are. The paper concludes, saying that, “the increased complexity of SSDs relative to hard drives requires that SSDs provide verifiable sanitization operations.”
iPads are becoming increasingly common in businesses, as people find new uses for them. They can be used not only as portable devices for checking e-mail and browsing the web, but also for showing photos and product portfolios to clients, running presentations, and storing product information.
A Macworld article gives five tips for keeping iPads secure in the enterprise. This covers such things as encryption and centralized management, segregating data, authenticating and using company e-mail servers. iPad security is a new challenge, and businesses need to think carefully about how their data can be at risk on iPads, and how best to deal with these risks.
6 minutes; that’s all it takes for someone who finds or steals your iPhone or other iOS device to decrypt your passwords. Researchers from the Fraunhofer Institute of Secure Information Technology have released a video showing how easy this is. They jailbreak the device, access the keychain file, and decrypt it. Any passwords you’ve stored will be accessible – your e-mail account, web sites, banking information, etc. There’s not much we can say about this for now, other than to hope that Apple fixes this pretty quickly.
The researchers have published a paper with full details of the attack.
Adobe has released new versions of its Acrobat and Reader software, patching 30 vulnerabilities, some of them critical. These fixes affect all platforms – Windows, Mac and UNIX – and “could cause the application to crash and potentially allow an attacker to take control of the affected system.”
Users can download new versions of Adobe Reader here, and can get the latest versions of Acrobat here.
Adobe has also released a new version of Flash Player, fixing 13 flaws; more information here, and downloads of the new version available here.
Finally, Shockwave Player sees patches for 21 vulnerabilities. Users can download a new version here.