Feb 23, 2012

How to test OS X Mountain Lion's Gatekeeper in Lion, (Wed, Feb 22nd)

How to test OS X Mountain Lion's Gatekeeper in Lion, (Wed, Feb 22nd): While I started working on comparing various OS X hardening guides (see the prior diary from a coupl ...(more)...

Feb 21, 2012

The Ultimate OS X Hardening Guide Collection, (Mon, Feb 20th)

The Ultimate OS X Hardening Guide Collection, (Mon, Feb 20th): Many security professionals tend to use OS X systems. Maybe for the nice and shiny looks, or the Uni ...(more)...

Feb 19, 2012

An Early Look At Mac OS X 10.8

An Early Look At Mac OS X 10.8: adeelarshad82 writes "Earlier today Apple announced their next OS, Mountain Lion. According to an early look, OS X 10.8 does more to integrate social networking and file-synching into a personal computer than any other OS. It tightly integrates with the whole Apple ecosystem that includes iOS devices and the free iCloud sharing service. Moreover Mountain Lion adds a powerful new line of defense against future threats where a malware app is prevented from running even if it is deliberately downloaded to a computer. Even though Apple's clearly got a lot of fine-tuning to do—and possibly a few features to add, there's no doubt that Mountain Lion already looks very fine." Update: 02/16 15:04 GMT by T : New submitter StephenBrannen writes with some more details culled from CNET. The newest OS X has now been released to developers, with an official release date planned for this summer. "Mountain Lion, as it is called, will further blur the lines between iOS and its Mac OS. iOS features that are being ported include: Messages (replacing iChat), Notification Center, Game Center, Notes, and AirPlay mirroring. Also new to Mac OS is the addition of Gatekeeper, which should help prevent malware attacks on Apple products. Not announced is whether Siri will be ported to the Mac."

Feb 17, 2012

Impressions: Windows Sysinternals Administrator's Reference

Impressions: Windows Sysinternals Administrator's Reference: Mark Russinovich and Aaron Margosis have written another awesome addition to the Microsoft Press catalog, Windows Sysinternals Administrator's Reference. Per my policy, because I did not read the whole book I am only posting "impressions" here and not a full Amazon.com review.
In brief this book will tell you more about the awesome Sysinternals tools than you might have thought possible. One topic that caught my attention was using Process Monitor to summarize network activity (p 139). This reminded me of Event Tracing for Windows and Network Tracing in Windows 7. I remain interested in this capability because it can be handy for incident responders to collect network traffic on endpoints without installing new software, relying instead on native OS capabilities.
I suggest keeping a copy of this book in your team library if you run a CIRT. Thorough knowledge of the Sysinternals tools is a great benefit to anyone trying to identify compromised Windows computers.
Copyright 2003-2011 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)