MAC OS X Security Tips!

http://www.intego.com/mac-security-blog/dont-jailbreak-your-iphone-if-you-want-to-stop-government-spyware/

Don’t Jailbreak Your iPhone if You Want to Stop Government Spyware

Posted on August 13th, 2014 by Graham Cluley

Normally, you can’t run whatever software you like on your iPhone.

As a corporation, Apple has something of a “controlling personality” and has locked down your iPhone and iPad to prevent you from making a wide number of changes or tweaks.

The most obvious limitation is that on a regular iPhone you can only install programs approved by Apple, and distributed via Apple’s App Store – unlike, say, the situation on your Windows PC or Apple Mac computer.

On a jailbroken iPhone, however, you can shop for apps anywhere on the net, not just the official App Store.

So, should you jailbreak your iPhone? Well, from the security point of view, I’d recommend that if you’re thinking of jailbreaking you should proceed with caution, as two recent news stories demonstrate:

Firstly, surveillance companies love jailbroken iPhones.

Last week, news emerged that a company called Gamma International, which develops commercial network intrusion malware for the purposes of surveillance and sells it to governments around the world, had been hacked.

Gamma International has something of a notorious reputation over concerns that its software may have ended up in the hands of oppressive regimes, and that the company had no qualms about disguising its FinFisher spyware as bogus versions of the Firefox web browser.

According to Gamma International sales documents leaked by the hackers, FinFisher (also known as FinSpy) has no difficulties running on Androids and Blackberrys, but if it is up against a regular, non-jailbroken iPhone – it’s powerless.

Jailbreak required for iOS devices

iOS: Untethered jailbreak required

So, if a government agent wants to listen in to the Skype calls you make, or track your location, or read files and steal phone numbers from your iPhone, they’ll have their fingers crossed that you have jailbroken it – otherwise they’re going to have to find a different way of spying on you and your activity than using FinFisher.

FinFisher requires jailbroken iPhones

The reason is that jailbreaking rips out much of the security that Apple built into iOS in the first place, to protect users from nastiness and misbehaving apps. Whereas with other popular smartphone operating systems, FinFisher can be installed and activated relatively easily – it’s a lot harder with the iPhone.

Secondly, Chinese malware gangs make money out of jailbroken iPhones.

This week brings another warning for those considering jailbreaking their iDevices.

As Virus Bulletin reports, security researcher Axelle Apvrille has uncovered that some 75,000 jailbroken iPhones have been infected by malware known as iOS/AdThief.

The malicious code, written by a Chinese hacker calling themselves Rover12421, hijacks revenue from 15 different adkits, meaning that cash ends up in the pockets of criminals rather than the makers of the ad-funded apps themselves.

AdThief on iOS

“With 75,000 infected devices, iOS/AdThief is not extremely prevalent,” wrote Apvrille. “However, there are an estimated 22 million hijacked ads, so the malware has probably had a fair amount of impact and generated significant revenue for the owner(s).”

Apvrille is right not to send owners of jailbroken iPhones running to the hills in panic. The threat should be put in proportion. Although there are clearly more risks associated with having a jailbroken iPhone compared to an un-meddled iDevice, there is still remarkably little malware written for the iOS operating system – particularly when compared to the huge problem that exists on Android.

Should you jailbreak your iPhone?

Personally, I think the typical smartphone user is safer with an iPhone than an Android, but an iPhone that isn’t jailbroken is safest of all from the malware point of view.

Yes, you might be able to do some cool things which Apple doesn’t want you to do with a jailbroken iPhone – but is it really worth the risk?
Google+
Graham Cluley Graham Cluley
About Graham Cluley
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
This entry was posted in Security & Privacy and tagged FinFisher, FinSpy, Gamma International, government, government surveillance, iOS, iPhone, jailbreak, malware, spyware. Bookmark the permalink.

Rusli · September 2014

http://www.intego.com/mac-security-blog/ios-backdoor-apple-denies-nsa-collusion/

Hacker Claims to Have Discovered Undocumented iOS “Backdoor”; Apple Denies NSA

Collusion Posted on July 23rd, 2014 by Graham Cluley

Hacker claims to have found an iOS "backdoor". Apple denies it is in league with the NSAA data forensics expert and jailbreaker has discovered what he claims to be a undocumented “backdoor” in the iOS operating system used on iPhones and iPads that could be exploited by the NSA and other law enforcement agencies. Jonathan Zdziarski (also known as “NerveGas”) presented his findings this month at the annual Hackers on Planet Earth (HOPE X) conference in New York. The talk, entitled “Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices,” claimed that the undocumented functions could be used by unauthorised parties to wirelessly extract sensitive data from iOS devices, without requiring a password or PIN. Zdziarski slides The news has, understandably, generated a lot of scary headlines—but it appears that exploitation of the so-called “backdoor” may be far from trivial. Firstly, the iPhone or iPad you wish to extract data from needs to have been paired with a regular desktop or laptop computer via USB. At that point, your mobile device and your computer create a secure encrypted SSL channel to exchange information, by exchanging certificates and encryption keys. Apple USBThe pairing data is stored on your mobile device and computer, and is normally never wiped unless you perform a factory reset. If an unauthorised party could get hold of that pairing information, then—argues Zdziarksi—they could begin an attack. So, how could they access the pairing data? Well, one way might be to install spyware onto the targeted user’s desktop or laptop computer. But bear this in mind: if your computer has already been compromised by malware, haven’t you already got a heap load of problems, aside from the possibility that your Apple iPhone may also come under attack? After all, a compromised MacBook which has a malware infection could log your passwords as you type them on the device, steal information from your computer and access your online accounts relatively easily. Chances are that that would be a more than satisfactory result for the typical data thief. But to also access the data on a paired iPhone or iPad, a malicious hacker would have to go further. For instance, they could create a bogus hotspot using a WiFi network name that has been previously used by the mobile device, allowing it to connect and scoop up sensitive data. Zdziarski’s presentation at HOPE X asked the following questions of Apple: Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount? Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone? Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU? Why is there still no mechanism to review the devices my iPhone is paired with, so i can delete ones that don’t belong? Apple clearly didn’t want to get into a detailed and public **bleep**-for-tat conversation with Zdziarski regarding his accusations, but it did defend itself, strongly denying any suggestion that it had assisted the likes of the NSA by sneakily incorporating a backdoor into the iOS code. Instead, the company claims, iOS collects diagnostic and troubleshooting information for use by developers and enterprise users: We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent. As we have said before, Apple has never worked with any government agency from any country to create a backdoor in any of our products of services. In a blog post published after his HOPE X talk, Zdziarski played down conspiratorial theories: “I am not suggesting some grand conspiracy. There are, however, some services running in iOS that shouldn’t be there, that were intentionally added by Apple as part of the firmware and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer.” “My hope is that Apple will correct the problem. Nothing less, nothing more. I want these services off my phone. They don’t belong there.” To be honest, what Zdziarski describes doesn’t feel like much of a backdoor to me. It’s not some secret method that Apple’s developers built into the iOS operating system to give them easy access later. If anything, it’s a potential point of weakness that a suitably resourced group might be able to exploit to gather private information against the wishes of the targeted user. Of course, that doesn’t mean that Apple shouldn’t do everything in its power to reduce the chances of that ever happening. Whether Apple will change the iOS code in light of Zdziarski’s revelations remains to be seen. But if they do not address it, one has to wonder, why not? Do you think Apple has acted suspiciously? Do you think the accusations of a backdoor are overblown? Leave a comment below with your opinion. Google+ Graham Cluley Graham Cluley About Graham Cluley Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley → This entry was posted in Apple, Security & Privacy and tagged backdoor, iOS, iPhone, Jonathan Zdziarski, NSA, privacy, security. Bookmark the permalink.

Rusli · September 2014

source news:-

http://www.theregister.co.uk/2014/09/04/mac_anti_virus_test/

av-test.org:-

http://www.av-test.org/fileadmin/tests/macos/avtest_summary_macos_2014-08.xlsx

av-comparatives.org

http://www.av-comparatives.org/wp-content/uploads/2014/09/mac_review_2014_en.pdf

http://www.av-comparatives.org/mac-security-reviews/

Rusli · September 2014

This is the details on xprotect....

https://www.justinrummel.com/apples-built-in-anti-virus-xprotect/

http://www.cnet.com/news/options-for-forcing-os-x-to-update-malware-definitions/

http://www.intego.com/mac-security-blog/topic/xprotect/

http://www.macastic.com/os-x-10-6/apple-xprotect/

http://support.apple.com/kb/HT3662

http://www.macworld.com/article/1142457/snowleopard_malware.html

Maverick tips

http://support.apple.com/kb/PH13730

http://support.apple.com/kb/PH14365

http://support.apple.com/kb/PH14131

http://support.apple.com/kb/PH14084

http://support.apple.com/kb/PH13763

http://support.apple.com/kb/HT4908

Protect a disk with a password

http://support.apple.com/kb/PH5861

Airport Wifi WPA2

http://support.apple.com/kb/PH5128

Password Protected Disk Image

http://support.apple.com/kb/HT1578

Secure iChat

http://support.apple.com/kb/TS3902

Keeping your confidential data secure while doing hardware repairs

http://support.apple.com/kb/HT3294

Safari Secure certificates

http://support.apple.com/kb/PH17166

Rusli · September 2014

Click this link to view for Troubleshooting Guides.

http://support.apple.com/kb/index?page=search&src=support_site.home.search&locale=en_US&q=Mac%20App%20Store%20troubleshooting

Apple Apps Store Troubleshooting guides

https://www.apple.com/support/mac/app-store/troubleshooting/

Apple iTunes Troubleshooting guides

https://www.apple.com/support/itunes/

iCloud Troubleshooting guides

http://support.apple.com/kb/TS3988

Apple ID Troubleshooting guides

https://www.apple.com/sg/support/appleid/

Game Center troubleshooting on your Mac & iOS devices

http://support.apple.com/kb/ht4314

Troubleshooting guides on FaceTime & iMessage

http://www.ilounge.com/index.php/articles/comments/the-complete-guide-to-facetime-imessage-set-up-use-and-troubleshooting

Rusli · October 2014

Maverick 10.9.5 updates

http://support.apple.com/kb/DL1761

Maverick 10.9 Bash updates

http://support.apple.com/kb/DL1769

Mountain Lion 10.8 Bash updates

http://support.apple.com/kb/DL1768

Lion 10.7 Bash updates

http://support.apple.com/kb/DL1768

iOS 8.0.2

http://support.apple.com/kb/DL1758

iOS 7.1.2

http://support.apple.com/kb/DL1750

Apple security updates here:-

http://support.apple.com/en_US/downloads/#macos

Rusli · October 2014

Hi All,

If you have ugrade to Mac OS X 10.10.

Please do a software update immediately!!!

Due to vulnerability in security of OS X 10.10.

That goes the same to Mountain Lion, Mavericks and iTunes for windows.

See details base on this sites:-

https://support.apple.com/kb/HT6535

https://support.apple.com/kb/HT6531

https://support.apple.com/kb/HT6536

https://support.apple.com/kb/HT6527

https://support.apple.com/kb/HT6529

https://support.apple.com/kb/HT6537

Rusli · October 2014

Hi All,

Here is the tips of troubleshooting on Yosemite Runs very slow....

http://www.hightechdad.com/2014/10/23/13-tips-optimize-mac-yosemite-installation/

http://osxdaily.com/2014/10/24/speed-up-os-x-yosemite-mac/

http://machmachines.com/mac-slow-yosemite-update-fix/

For Macbooks laptops...

http://www.idigitaltimes.com/os-x-yosemite-problems-how-fix-wi-fi-bluetooth-connectivity-battery-life-safari-slow-mail-and-more

Rusli · October 2014

Please read this link:-

http://www.hotforsecurity.com/blog/mac-os-x-yosemite-leaks-user-location-and-search-results-to-apple-10669.html

others:-

http://www.bitdefender.com/solutions/antivirus-for-mac.html

http://www.bitdefender.com/solutions/adware-removal-tool.html

http://www.adwaremedic.com/index.php

Rusli · October 2014

iCloud issues....

http://www.apple.com/support/icloud/

http://support.apple.com/kb/ht4895

http://support.apple.com/kb/ts3988

http://support.apple.com/kb/HT6424

http://support.apple.com/kb/ph2617

http://support.apple.com/kb/ht5621

http://support.apple.com/kb/PH2583

http://support.apple.com/kb/ht5622

http://appletoolbox.com/2011/11/daily-q-a-%E2%80%9Cyour-apple-id-has-been-disabled%E2%80%9D-my-apple-id-has-been-disabled-how-do-i-restore-my-apple-id/

http://support.apple.com/kb/ts2446

https://discussions.apple.com/thread/5025148?tstart=0

http://www.justanswer.com/mac-computers/5wm14-apple-id-disabled-enabled.html

Reference:-

On google search type these options:-

icloud apple id cannot login

apple id have been disable

to get the links like the above....

Rusli · October 2014

Go to this link for Apple ID troubleshootings.

http://www.apple.com/support/appleid/

http://www.apple.com/support/appleid/basics/

http://www.apple.com/support/appleid/password/

http://www.apple.com/support/appleid/manage/

http://www.apple.com/support/appleid/multipleaccounts/

http://www.apple.com/support/appleid/security/

http://www.apple.com/support/appleid/contact/

http://support.apple.com/kb/HT5622

http://support.apple.com/kb/HT5665

http://support.apple.com/kb/HT5616

http://support.apple.com/kb/HT5624

http://support.apple.com/kb/TS2446

http://support.apple.com/kb/HT2693?viewlocale=en_US

http://support.apple.com/kb/HT6170

http://support.apple.com/kb/HT5620

http://support.apple.com/kb/TS5404

http://support.apple.com/kb/TS4002

http://support.apple.com/kb/TS3276

http://support.apple.com/kb/HT5787

http://support.apple.com/kb/HT5577

http://support.apple.com/kb/HT6170

http://support.apple.com/kb/HT5620

http://support.apple.com/kb/HT5621

http://www.apple.com/support/systemstatus/

http://support.apple.com/kb/ht5362

http://support.apple.com/kb/TS5404

http://support.apple.com/kb/HT5620

Contact Apple Support for Apple ID

https://support.apple.com/kb/HT5699

http://www.apple.com/support/icloud/

Rusli · October 2014

apple support page

http://www.apple.com/support/

Apple downloads

http://support.apple.com/downloads/

iTunes

http://www.apple.com/support/itunes/

Mac Apps

http://www.apple.com/support/mac-apps/

ios Apps

http://www.apple.com/support/ios/

Rusli · November 2014

Rootpipe

http://www.macissues.com/2014/11/04/how-to-protect-os-x-from-the-rootpipe-vulnerability/

Wirelurker

http://www.macissues.com/2014/11/06/faq-on-how-to-detect-and-remove-wirelurker-from-os-x-and-ios/

Palo Alto Networks Wirelurker removal with python scripts...

https://github.com/PaloAltoNetworks-BD/WireLurkerDetector/blob/master/README.md

https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

Rusli · November 2014

http://www.macissues.com/2014/11/10/how-to-protect-yourself-from-masque-attacks-that-replace-ios-apps-with-malware/

How to protect yourself from ‘Masque Attacks’ that replace iOS apps with malware

November 10, 2014 by Topher Kessler
2 Replies

BurnIconXFollowing the recent finding of the widespread WireLurker malware that allows an infected system to hijack iOS applications and replace contents to convert them into malicious programs, security researchers at FireEye have revealed this as part of a long-standing flaw in iOS that similarly allows apps to be replaced with malware programs.

This vulnerability uses the same enterprise provisioning routines that are used by WireLurker, but the approach that WireLurker uses is a limited form of a wider problem with iOS that allows an app to be replaced by another one using the same app bundle identifier.

What this means is that if you have an app installed through the App Store, then this routine can allow a malicious program disguising itself as the app to be swapped out, and then run without any warnings or errors in iOS. This has potential severe security impacts, such as mobile banking apps that could be replaced with ones that mimic a bank’s interface, only to have your credentials sent to a third party.

While the threat from WireLurker was limited to attaching your iOS device to an infected Mac via a USB cable, the Masque Attack can be used to install apps from a number of other locations, including Web pages and third-party app stores. In a demonstration of this problem, FireEye researchers were able to have a Web page install an app called “New Flappy Bird” that swaps out an original Gmail app on an iPhone.

How to protect yourself from masque attacks

While this problem has potential to be a widespread threat, if you use your iOS devices under standard conditions and with apps you only install from the App Store, then you are good to go. Staying safe from this and similar threats simply involve following these common guidelines:

    Do not jailbreak your device (or do so only if you know exactly what you are doing and understand the risks).
    Do not tap “install” on any alerts from Web pages that request you install anything on your iOS device.
    Avoid third-party App Stores, and only use Apple’s built-in App Store to install programs on your iOS device.
    Avoid opening any program that shows warnings such as “untrusted app developer,” even if the app looks legitimate.

If you run across any Web page or installed app that shows these behaviors, then close it down, do not install anything, and delete any suspected app from your iOS device. You can always re-download the app to your system from the App Store to get a legitimate version.

Another security measure that enterprise-managed iOS 7 devices can take is to check your device’s profiles for any provisioning profiles. To do this, go to Settings > General > Profiles and then check any listed provisioning profiles with your enterprise’s IT department to see whether or not they are authentic. However, this feature is not available in iOS 8, so be sure you are extra careful about what apps you install for devices running this version of iOS.

Rusli · December 2014

http://osxdaily.com/2012/07/12/list-download-history-mac-os-x/

Show Download History List of All Files Ever Downloaded Within Mac OS X
Jul 12, 2012 - 29 Comments




List Download History of All Files on a Mac

Have you ever wanted to show a list of the entire download history of a Mac? Maybe you know you downloaded a file but you can’t quite pinpoint where you got it from and the “Get Info” trick didn’t work. Or maybe you are trying to track down a file that has been placed on a system that led to problems. Whether it’s for troubleshooting, personal interest, or forensics, the following command will show you everything that you’ve downloaded to a Mac regardless of the application that it came from:

    Launch Terminal from /Applications/Utilities/ and enter the following command into a single line:

sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV* 'select LSQuarantineDataURLString from LSQuarantineEvent'

Depending on how old the Mac is and how much stuff you’ve downloaded, it can take a while to query the database and dump the results. You may want to pipe the results through “sort” to group the downloaded list into similar items or sources, that would look like this:

sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV* 'select LSQuarantineDataURLString from LSQuarantineEvent' | sort

The output lists everything that has been passed through the Quarantine Manager, which for the last several versions of Mac OS X is quite literally every item downloaded to the Mac, regardless of the application it came from. The older the Mac is, the larger the list, and the longer the query can take to run.

This list even works if you have file quarantine turned off for files and apps, thanks to inket for verifying that.
Deleting the Download History List

For those who would rather not have an all-inclusive historical list of downloaded files, you can run the following command to delete the contents of the quarantine database:

sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV* 'delete from LSQuarantineEvent'

You can run that individually, or place it into .bash_profile or .profile to clear the database automatically when a new terminal window is launched.

Thanks to Scott for the great tip, and thanks to Wiggums for the delete syntax