Sounds familiar.

http://isc.sans.org/diary.html?storyid=3690

--
Joel Esler
http://www.joelesler.net

The Trend Micro blog reported today that three exploits have been
released and outlined the following illustrated scenario for QuickTime
exploitation:

"The attacker executes the exploit on his/

[ more ]  [ reply ]

The Trend Micro blog reported today that three exploits have been
released and outlined the following illustrated scenario for QuickTime
exploitation:

"The attacker executes the exploit on his/her own computer, listening on
port 554 (port 554 - default port for RTSP protocol). The attacker's
mach

[ more ]  [ reply ]

"A Polish researcher published on Friday exploit code for a previously
unknown vulnerability in Apple's QuickTime media player, which can be
triggered by a call to a real-time streaming server..."

Read the rest here:

http://www.securityfocus.com/brief/633

Also see:

http://www.securityfocus.com/b

[ more ]  [ reply ]

Has anyone successfully used iChat 4 with the OpenSSH dynamic proxy
mode? I've been attempting to use this to bypass a broken firewall
config and it appears to be broken in 10.5. I haven't done this
recently but it used to work in previous versions and all of the other
apps which I've tried

[ more ]  [ reply ]

Hi List,

I know it's slightly poor form to point at your own site for
reference material, but there isn't much else out there at the moment
about the new(-ish looking) RTSP vulnerability in Quicktime 7.2 and
7.3 (at least) on Windows, complete with exploits.

Nice timing of the hackers who fo

[ more ]  [ reply ]

Quoting F-Secure Security Labs' Security Response Manager, Runald, APC Magazine reports that "[It's] only a matter of time before malicious software targets the iPhone, which could trigger a wave of mobile malware - with made-for-Mac viruses, spyware and more all soon to follow."

Full article here:

[ more ]  [ reply ]

"The bug in Apple Mail makes it possible for attackers to run malicious
code on a victim's machine by disguising an executable program as an
image or other type of innocuous file, said Juergen Schmidt,
editor-in-chief at Heise Security. A user can become infected simply by
clicking on an attachm

[ more ]  [ reply ]

Intego has a blog with lots of useful info:

http://blog.intego.com

Kirk

Author of: The Mac OS X Command Line: Unix Under the Hood

http://www.mcelhearn.com/unix.html

- - - - - -

Read my blog: Kir

[ more ]  [ reply ]

I've been compiling a list of websites and blogs that I frequently visit for "Macs in the enterprise" or "Mac security" specific news, information and analysis.

Although this is no official endorsement on behalf of Symantec, in my personal capacity I would like to start off by suggesting a blog tha

[ more ]  [ reply ]

I'm not quite sure when this hit, possibly when 10.5.1 came out, but I
just saw today that 10.5's code is out, so give it a gander.

http://www.opensource.apple.com/darwinsource/10.5/

IND-CCA
~~~~~~~~~~~~~~~~
$todd_sig =~ s/Engineer//g;

[ more ]  [ reply ]