ep's blog

Early Macintosh Snow Leopard Update Sites Lead to DNS Changers


The latest Mac OS X update Snow Leopard is released today. Several faux
update sites have cropped up in the last week offering a pre-release of
Snow Leopard.

Users who visited the sites will install a Trojan DNS changer called

Trend Micro Smart Surfing for Macs is able to detect and block this
trojan from installation.

RSA revealed that the majority of breaches are actually caused unintentionally by employees.


This is an interesting article revealing some research by RSA on insider attacks.  Although malicious insider attacks are high, 19%, the majority of insider attacks are believed to be unintentional, 52%.

"The figures are hard to quantify, but the average annual financial loss to insider risk adds up to $800,000 (£480,000) overall per organisation in the US and between $300,000-$550,000 (£180,000-£330,000) in the UK, France and Germany."

Pidgin Remote Code Execution Vulnerability in MSN plugin


A vulnerability in the MSN plugin for pidgin allows remote users to
execute arbitrary code and/or cause a DoS attack.

Affected Products:

Pidgin prior to 2.5.9
Libpurple prior to 2.6.0
Gaim 0.79 and later
Adium 1.3.5 and prior

Updated versions are available for most OS Vendors. It is highly
recommended to update to the latest version of the product.

Apple releases Leopard update 10.5.8 which fixes varios security vulnerabilities


Thanks to Kevin for the heads up on this one. Looks like Apple updated
Macintosh Leopard to 10.5.8 which in addition to new features, fixes 55
security vulnerabilities in earlier releases.

It is recommended to install these security updates manually, or upgrade
to 10.5.8.

ISC BIND 9 vulnerable to denial of service via dynamic update request [Net #1026]


"By sending a specially-crafted dynamic update packet to a BIND 9
server, a remote, unauthenticated attacker can cause a denial of service
by causing BIND to crash."

This vulnerability is fixed in "ISC BIND versions 9.4.3-P3, 9.5.1-P3,
and BIND 9.6.1-P1."

Please report which versions of BIND we are using so that we can assess
our exposure.