Blog

Some of the confidence Mac users have in the security of their chosen operating system derives from over-reliance on proactive patching. This outbreak highlights the need to be aware that patching of known vulnerabilities in system software or applications is not necessarily prompt enough to foresta ...

If you follow my Mac Virus blog, you’ll have noticed that I’ve been tracking some of the coverage of Mac malware incidents to hit my radar in the last couple of weeks. In fact, hits on Mac Virus have been skyrocketing in the past 24 hours, so perhaps this a good time to recap on a couple ...

I’m guessing that the myth of OS X invulnerability to malware is pretty much busted by now: at any rate, there has been wave after wave of OS X-related malware reports in the past week or two. Sophos were the latest big name to weigh in on the OSX/Imuler malware that DrWeb, Intego, ESET and yo ...

Intego recently posted some information on its blog concerning the Imuler information-stealing Trojan. The variant that Intego calls OSX/Imuler.C uses a different stealth/social engineering technique to that used by previous variants. It seems to be intended to spread via .ZIP archives containing th ...

Kurt Wismer has just put up a blog asking is the iphone really malware free? (Don’t be put off by the trademark absence of capitalization). Wismer is not illiterate and very far from stupid, asks some very pertinent questions, and his commentary is always worth reading. In fact, if keeping the ...

Unless you’re currently trekking through the Gobi, you’ve probably caught some of the fuss about Carrier IQ, accused of conduct resembling a rootkit more than legitimate logging. I think that some of the indignation has been a little overdone, as I commented here, but there are certainly ...

Computer Weekly, in an article I mentioned in my previous blog here, notes that Tablet device ownership among mobile employees increased from 33% in the second quarter of 2011 to 44%.That statistic dovetails quite neatly with a study from ComScore on Digital Omnivores: How Tablets, Smartphones and C ...

iPass tells us that a recent survey (n = 2,300) indicated that the iPhone now has 45% marketshare in the enterprise, whereas use of the Blackberry is down (slightly) to 35%. While Blackberry has traditionally been the weapon of choice for the security-conscious corporate IT administrator, Apple ...

It occurs to me that something (else) I haven't mentioned here is that Infosecurity magazine is running one of its virtual conferences on November 8th, with the virtual doors opening at 10.30 EST. If you're interested in Apple security this plenty to interest you on the agenda: Between 13.30 ...

It occurs to me that while I wrote here about the interesting but apparently work-in-progress OSX/Tsunami (or Kaiten) port from Linux to OSX a while back, I haven't had the chance to mention the even more interesting (at least in terms of sophistication) OS X Devilrobber here, even in passing. ...

Matt Hartley asks the question “Linux Malware: Are We There Yet?”  It seems strange, after so much exposure to the view that OS X is intrinsically so much safer than Windows, to read a piece calling attention to the fact that Linux users should not be complacent about malware. And, ...

I hear a great deal about 0-day attacks, and a great deal of security vendor PR is (depending on market sector) predicated on the assumption that 0-days are the most prevalent threat. Notwithstanding some highly visible 0-day attacks over the years, I don’t believe that to be true. In fact, I ...

Last week I was in Barcelona for this year's Virus Bulletin conference (the 21st, which makes me feel very old even though I wasn't there at the beginning!). The first time I presented there was in 1997, when I talked about the Mac threatscape at that time . At that point, I was working in medical i ...

I see that Graham Cluley has revised his excellent timeline article The short history of Mac malware: 1982 – 2011 on Sophos' Naked Security blogsite, bringing it up to 2011. (Thanks for the namecheck, Graham.) As regards HyperCard viruses, I have seen it asserted that the first ...

Patrick Dunstan has put up a disquieting post on Defence in Depth, following up on a 2009 blog post on cracking OS X passwords. Not to put too fine a point on it, he describes a flaw in the way in which Lion's authentication scheme has been implemented. I don't have access to a Lion system here, but ...

Jonny Evans has made some interesting points at Computer World regarding Apple's belated removal of DigiNotar root certificates from OS X (specifically Lion and Snow Leopard). Clearly, this restricts mitigation not only to users of the latest versions of the OS, but to Intel-driven hardwar ...

So can I resist the temptation to blog about the departure of Steve Jobs? Well, yes, though I wish Jobs, his successor, and the company well. But I'm not really qualified to add to the flurry of business analysis that has preoccupied the media since the announcement. However, if you're interested in ...