How To Train Your POODLE part I – Clients

As you may be aware, a serious vulnerability dubbed ‘POODLE’ has been discovered in SSL version 3.0. A successful POODLE attack could allow a malicious person (with network access) to decrypt an SSLv3.0 connection. What does that actually mean? Well, … Continue reading

Posted in Apple, Current Threats, Google, Microsoft | Comments Off on How To Train Your POODLE part I – Clients

Bash ‘Shellshock’ Bug – Now You Can Panic

UPDATE: The initial round of patches to fix CVE-2014-6271 have proven ineffective at fully resolving the issue; a new CVE code has been issued, “CVE-2014-7169“, use this to track news and updates regarding this bug and patch status. Remember Heartbleed? Get ready to … Continue reading

Posted in Apple, Current Threats, General Security, Web Security | Comments Off on Bash ‘Shellshock’ Bug – Now You Can Panic

Cruelty to cats: Apple’s new security support policy?

On Tuesday of last week, Apple proudly proclaimed the launch of their latest and greatest operating system, OS X 10.9 Mavericks. After over 12 years, they’ve finally run out of big cats and moved on to Californian placenames. What’s more, … Continue reading

Posted in Apple, General Security | 1 Comment

Apple support lifetimes strike again

Wednesday saw the official launch of Apple’s iOS version 7, the operating system behind the iPhone, iPad and iPod Touch. But as with some previous updates, there’s a bit of a sting in the tail. I’ve complained about Apple’s security … Continue reading

Posted in Apple, General Security | 2 Comments

Musings on Mac Malware

Over the past couple of weeks, OxCERT have been somewhat overwhelmed by Mac malware. This isn’t quite the first time we’ve dealt with problems on Macs – we’ve seen several compromised over the years through weak or exposed ssh credentials, … Continue reading

Posted in Apple, General Security | 10 Comments

Apple and security support

In a companion article I discuss Mac malware, and how this has recently become much more of a problem than has previously been the case. As well as Apple’s apparently slow response to a recent vulnerability, and general air of … Continue reading

Posted in Apple, General Security | 13 Comments