Magmatic Security Squawk Box - Podcast Sean OConnel

This Weeks Topics

This week I discuss Mavricks and iOS 7, the rumor mill of badBIOS, hoax, bad day or something else.

Finally, you can expect to hear more regular podcast in the future. A project that was a game changer for Magmatic has now been completed. We expect 2014 to be a real game changer for us. We have lots of tools and ideas we are really excited about. 

iTunes Preview

This Weeks Topics

This week I discuss Oracle's Java 1.7.0_09 for Mac OSX. While the System Preference Pane is a welcome addition it would be nice if it actually worked. 

After several months of using Gatekeeper it is official, I love it and you should too. Gatekeeper provides a host of protection against rouge developers. Best of all it stops rouge Java APPS in their tracks. 

Sandy reminds us all of what is important, that includes having a backup of critical data and the capability to keep your customer facing resources up and running. 

 

iTunes Preview 

This Weeks Topics

Adobe Flash, Reader, Acrobat and Shockwave Updates
iOS SMS Spoofing and Phishing

This week we discuss the recent Adobe updates. While no specific threat in the wild currently targets Mac OSX there are zero days targeting unpatched versions on the Windows platform. Criminals have regularly used the Adobe update cycle as cover to fool Mac users into installing malicious software, usually in the form as a Flash Player.

SMS protocol is vulnerable to spoofing, this includes all version of iOS. A recent release of a tool to make this process easier can allow a criminal to create SMS Phishing messages, what is called SMiShing. The pattern is similar to email phishing as are the defenses, do not visit links sent via unsecure comminication. There are a host of tools that this proof of concept was built off of. Some that requirer your iPhone to be Jail Broken, something you should never do. (See Reference Links) I consider this really low risk. Using iMessage prevents this form of attack, so for clients or users that are Mac/iOS based use iMessage. 

Lastly I have some thoughts on Cloud based services. It is important that businesses and users realize that while the data is in the cloud, the responsibility for compliance and security is completely their responsibility. 

iTunes Preview

This Weeks Topics

Social Engineering iCloud, The Curious Case of Mat Honan.
Gatekeeper Code Signing.

Summary

This week I give my take on the Apple ID account compromise of Former Journalist for Gizmodo, Mat Honan. I address some of the issues companies have to consider when working with Free-lancers who bring their own devices or their own eco-systems into your security umbrella. There are various Risk that need to be considered from a host of perspectives. I explain why it is important to have control over your backups.

Next I touch on the issue of code signing in Mountain Lion. User can override and set exceptions but the only way to manage these exceptions from the administrator perspective is via a command line tool called spctl. I argue that for most users and organizations, code signing make security sense and eliminates RISK, especially if code review is outside the scope of your business. 

Finally, my commentary on why now is the day to turn off Java on your Mac, eliminate the RISK of crime ware using Java. 

iTunes Preview

This Weeks Topics

Drop Box Spam
Icon Decoys
Java RISK and Updates

Summary

This week I address something old and something new. What do we need to consider after the recent revolation by Dropbox that an employee was compromised resulting in malicious actors gaining access to  the email addresses of account holders. 

I then discuss the social engineering method of Icon Decoying. A method that has been used over the last several months by criminals with mixed success.

Last we discuss Java and touch on how to manage RISK using the Java Preferences.app.  

iTunes Preview