Apple Releases Mac OS X 10.7.4 To Fix Security Bugs

Posted on May 9, 2012 by Vinh Nguyen

Mac OS X 10.7.4 Update Image From Vinh Nguyen’s MacBook Pro

Last couple days, people have been reported that there has been a bug in Mac OS X 10.7.3’s system-wide debug log file, consequently allowing anyone or any malicious program that knows where to look and have access to a Mac OS X 10.7.3 machine to steal users’ passwords. It appears that the passwords are saved in plain text in Mac OS X 10.7.3 as the bug prevents the system from encrypting the passwords. As people are panicking and wondering when will this bug be patched by Apple, Apple has quickly released Mac OS X 10.7.4 to address this password security bug.

Furthermore, this new update to Mac OS X 10.7.4 will also address other security bugs within Safari web browser. Of course there are few other enhancements to other features too by updating to Mac OS X 10.7.4, but you can easily whisk over to Cnet’s Apple releases Safari 5.1.7, Snow Leopard updates, and more article for an in-depth look into Mac OS X 10.7.4 update. So, don’t you hesitate to update your Mac to OS X 10.7.4, because your Mac will be more secure than before with the newer update. To update your Mac to Mac OS X 10.7.4, just use the Software Update feature within Mac. You can find Software Update feature if you left click on the Apple logo at the top left corner of the monitor/screen.

Sources:

Apple releases Mac OS X 10.7.4 (gearlive.com)
OS X Lion 10.7.4 released, patches FileVault password bug (theverge.com)
Apple Releases OS X Lion 10.7.4 (techie-buzz.com)
Apple Fixes Serious iOS Security Bugs (informationweek.com)
Mac OS X Bug Exposes Lion Login Details (gizmodo.com.au)
OS X Bug Exposes Lion Log-In Details in Clear Text [Security] (gizmodo.com)
Oops! Mac OS X update exposes passwords (technolog.msnbc.msn.com)
Apple releases OS X Lion v10.7.4, fixes FileVault password bug – ZDNet (blog) (zdnet.com)
OS X 10.7.4 Update Is Out, Get It Now (cultofmac.com)
Apple issues OS X and Safari updates to patch security holes (gadgetbox.msnbc.msn.com)
Bug in Mac OS X 10.7.3 exposes passwords in plain text (9to5mac.com)
Passwords stored in plain text after Lion update (tuaw.com)
Security error in OS X 10.7.3 exposes passwords for legacy FileVault users (networkworld.com)
Amazon Cloud Drive App Won’t Work On Mac OS X If Mac Users Have Disabled Java, Also Supports Windows (essayboard.com)
Security error in OS X 10.7.3 exposes passwords for legacy FileVault users (macworld.com)
OS X Lion Exposes Login Details of FileVault Users (technocraz.com)
Security error in OS X 10.7.3 exposes passwords for legacy FileVault users (infoworld.com)
Mac OS X 10.7.3 bug stores passwords in the clear (examiner.com)

What About Symantec’s Identity Safe App On Mac?

Posted on April 25, 2012 by Vinh Nguyen

Web browser (Photo credit: Wikipedia)

Mac users who use Norton Internet Security for Mac do not have the feature where they can save passwords securely so the passwords can later be autofilled into various web destinations that they frequently visit. Windows users who use Norton Internet Security do have this feature! Just recently, I’ve found out Symantec provides free Identity Safe app in Mac App Store, and so now Mac users have the option of using this app to save and retrieve their passwords with less hassle than before.

Unfortunately, Identity Safe app seems to be pretty crude! What I mean by this is that I think it only works with Safari web browser. I can’t really use it with Chrome and Firefox web browser. For an example, once installed the app, added a web destination with its proper credential, clicked on the app icon at the very top of the screen, clicked on the web destination under recent logins list, and a web destination would open in Safari web browser automatically with proper credential filled in (i.e., password and username). Of course, Identity Safe users can click on View All Logins within the Identity Safe app to view username and password for a specific web destination, and by doing this Identity Safe users can manually copy and paste the credential into a web destination with browsers that are not supported by Identity Safe app. This is a hassle of course!

Although I haven’t yet tried the import of logins for Safari, I’ve noticed a lot of app reviewers have complained that this app isn’t allowing to batch importing logins (i.e., can only import each login one by one as one has to approve the import for each login). If this is true, then the whole purpose of importing logins from Safari can be rather self-defeating since it will be so cumbersome to actually import hundreds of logins one by one. So, this is another hassle for using Identity Safe app.

Even though Symantec’s Identity Safe isn’t yet polished to my liking, I still think it does serve a purpose of safekeeping logins securely. Nonetheless, you have to trust Symantec in order for you to trust and use Identity Safe app. In my case, I do trust Symantec, therefore I don’t mind using this app. In my opinion though, there might be many other password/login apps that may provide better features in safekeeping one’s logins than Identity Safe app. Honestly though, if one doesn’t yet have a good app which helps securing logins on Mac, then I don’t see why one should not use Identity Safe app on Mac since it’s a free logins protection app from a trustworthy security company Symantec.

Norton’s Free Identity Safe Remembers All Your Passwords So You Don’t Have To (cultofmac.com)
Norton Identity Safe Beta, PC And Mobile Password Manager (ghacks.net)
Norton Identity Safe by Symantec Offers Secure Password Management in the Cloud & Mobile (vikitech.com)
Symantec’s Norton Identity Beta Offers Painless Password Management on Desktops and Mobile Devices [Downloads] (lifehacker.com)
Apple May Add Secure Password Suggestions to Safari with OS X Mountain Lion (macrumors.com)
Windows Login system (daniweb.com)
Spring Clean Your Digital Life (makingtimeformommy.com)
Symantec Launches Norton Identity Safe Beta [News] (makeuseof.com)
Dashlane, A New Password Manager For Windows and Mac (ghacks.net)
Current status of the “Browser Wars” (royal.pingdom.com)
Tech Tidbit: MacOS Keychain (thefamilyhelpdesk.com)
Security (wiki.archlinux.org)
Onion Browser brings encrypted mobile browsing to iOS (geek.com)
Symantec launches Norton Identity Safe in beta (geek.com)
Recover the lost administrators password in Windows XP (s0ftit.wordpress.com)
10 Tips To Make Your MAC More Secure Against Viruses And Trojans (thetechnologycafe.com)
RoboForm password manager for iPhone faces hurdles (download.cnet.com)
Safari autofill exploit exposed again (download.cnet.com)
Norton 2012 extends Insight to downloads (download.cnet.com)
Norton gets personal with One (download.cnet.com)
Norton One — the brand new product from Symantec (webdev360.com)
Symantec Releases Beta of Norton Identity (beast4romtheeast.wordpress.com)
LHDNM And Symantec Offer Best Practices On E-Filing and M-Filing (it-sideways.com)
Norton and Facebook Partner to Make the Web Safer (prnewswire.com)

Latest Mac Flashback Trojan Threatens Mac Users With Java Enabled

Posted on April 2, 2012 by Vinh Nguyen

Mac?! (Photo credit: Kramchang)

It’s being reported that the newest version of Mac Flashback Trojan can now exploit Java engine in Mac OS X, all versions of Mac OS X I guess. It bypasses the administrator privilege protection, and so it can install itself onto any Mac machine with Java enabled without the need to use an administrator password. As now, Apple has yet to release a security fix to counteract Mac Flashback Trojan’s Java exploit, therefore I think it’s best for you to disable Java plugin for your browsers!

Should you disable Java on Mac altogether? Yes, but unfortunately Java is so interconnected with Mac OS X (all versions), therefore I do not yet know how to disable Java on Mac. If you know, please write a comment or two and share your knowledge with my blog’s readers. Anyhow, the easy quick fix for now is not to use Java in any browser that you use on Mac.

Without further ado, now I’m going into how to disable Java on the most popular browsers that you can use on Mac. These browsers will have to be Safari, Firefox, Chrome, and Opera! So check the instructions below…

Safari – disable Java, you need to go to Safari > Preferences > Security > and uncheck the box that says Enable Java.
Firefox – disable Java, you need to go to Tools > Add-ons > Plugins > and disable the Java Applet Plug-in plugin.
Chrome – disable Java, you need to type in about:plugins in the browser address bar and disable the Java plugin.
Opera – disable Java, you need to go to Tools > Advanced > Plug-Ins > and disable the Java Applet Plug-in.

Please don’t confuse Java with Javascript! These two are different from each other! Nonetheless, let me digress a little. Javascript can also be dangerous sometimes, therefore you can disable Javascript by using popular extensions that are made available for certain popular browsers! In Firefox, you can use Noscript extension. In Chrome, you can try out the ScriptNo extension. I don’t know any extension that can disable Javascript for Safari and Opera.

Sources:

Mac Java hole exploited by wild Flashback Trojan strain (go.theregister.com)
New Trojan variant can install without password (macworld.com)
New Java Attack Rolled into Exploit Packs (krebsonsecurity.com)
New Trojan variant can install without password (infoworld.com)
Flashback.G Trojan Targets Macs (pcworld.com)
Mac Flashback trojan exploits unpatched Java vulnerability, no password needed (arstechnica.com)
Flashback.G trojan seen exploiting ancient Java vulnerabilities to infect Macs (9to5mac.com)
New Mac OS X trojan spotted in the wild (zdnet.com)
New Version of Flashback Trojan Targets Mac Users (apple.slashdot.org)
Intego finds new strain of Mac Flashback Trojan horse (macworld.com)
Flashback Mac OS X malware exploiting (old) Java security holes (zdnet.com)
How Secure Are Macs?, Low End Mac Round Table (lowendmac.com)

Apple Releases Safari 5.1.2

Posted on December 3, 2011 by Vinh Nguyen

Safari isn’t my favorite web browser, but as a Mac user, I have to try to keep everything on my Mac up to date. It’s sort of a best practice of mine in regarding to computer security, because I sleep better knowing that even the software I won’t use is still be up to date to minimize the risk of being hacked. This time around, Apple updates Safari to 5.1.2 version. To update to the latest version of Safari, you need to do Software Update. Your Mac will download a package with file size of 40.2 MB. This update requires you to restart your Mac before Safari can be installed to a newer version. Have fun with your new Safari!