SlideShare une entreprise Scribd logo

Security on the Mac

Allison Sheridan
Allison Sheridan

Delivered on MacMania 15 in Australia, this talk covers the history of how the Mac used to

Technologie
1  sur  33
Télécharger pour lire hors ligne
Mac OSX Security Allison Sheridan November 2012 http://podfeet.com Sunday, November 25, 12 1
Definitions Malware - a generic term to describe anything put on your machine with the intent to harm Virus - a self-replicating type of malware that moves from machine to machine without active participation by the user Trojan Horse - malware that masquerades as something else - e.g. free Photoshop, video codecs http://podfeet.com Sunday, November 25, 12 2
Agenda History Didn’t we used to be safe? State of the Union Where are we now? (Some good news) What practical things can we do to be safe? Email safety Software updates Protecting passwords Gatekeeper Anti-Virus http://podfeet.com Sunday, November 25, 12 3
2004 - 2007 Blissful Ignorance 2004 - Mostly ignored Renepo worm is proof of concept 2006 - Denial Leap-A first ever virus for OSX 2007 - I remember this year Office Macro Virus ran on OSX, Windows & Linux (we all blamed it on Microsoft) Bad Bunny (creepy pornographic bunny) and the first Financial Trojan for Mac (and Windows) - which also offered porn http://podfeet.com Sunday, November 25, 12 4
2008 - Things star t to heat up Macs and PCs attacked by poisoned adverts offering Scareware called MacSweeper and Imunizator - without which they threatened all your data would be erased Hovdy-A Trojan stole passwords, opened the firewall and disabled security settings RKOSX-A - Helped make more trojans Video Codec claims - you can't play the video without this codec… First time Apple suggested anti-virus software, and then deleted the suggestion http://podfeet.com Sunday, November 25, 12 5
2009 - Your Own Darn Fault iWorkS-A trojan horse in pirated versions of iWork and Photoshop Another video virus MacCinema How about some more porn? Enjoy your Jahlav trojan We're all still smug that we're too smart to get infected http://podfeet.com Sunday, November 25, 12 6
2010 - Star ting to Get Ner vous Pinhead trojan allowed hackers to gain remote control - but again through downloads of legitimate software from illegitimate sites like iPhoto Boonana worm uses a Java applet to target Windows, Mac and Linux http://podfeet.com Sunday, November 25, 12 7
2011 & 2012 Hard to Ignore BlackHole RAT allows hackers to gain remote access MacDefender hits the scene - pretending to be a legitimate security application - acquired through a search engine poisoning campaign Flashback Trojan hits disguised as an update for Adobe Flash Apple acknowledges and provides removal tools source: http://nakedsecurity.sophos.com/2011/10/03/mac-malware-history/#2004 http://podfeet.com Sunday, November 25, 12 8
What Changed? Originally malware was plain old vandalism - destroy your hard drive and leave a signature for bragging rights Over time, malware has mutated into a multi-billion dollar business Hactivism - hacking for political purposes LOLSec & Anonymous Digital espionage and sabotage  Stuxnet malware distributed specifically to attack a Siemens computer system used by Iran’s nuclear program http://podfeet.com Sunday, November 25, 12 9
The Big Money - Botnets Technical bad guy writes some code and infects a lot of machines (millions) such that he/she can control those machines at will Technical bad guy sells the botnet to an extortionist Extortionist tells a gambling site, “It would be a shame if your site went down the night before your big tournament” If the gambler doesn’t pay up, extortionist tells all the machines in the botnet to attack the gambling site at the same time Creating a Distributed Denial of Service Attack http://podfeet.com Sunday, November 25, 12 10
Why was OSX Left Alone So Long? OSX is based on a relatively secure operating system - BSD with decades of security updates  Remember no OS is truly secure Secure as compared to Windows  Small number of computers meant less less profit Remember bad guys need to infect millions of computers to be Effective OSX wouldn't have added significantly to the numbers http://podfeet.com Sunday, November 25, 12 11
Apple Took Their Eyes Off the Ball Flashback Trojan didn't have to be as painful as it was Apple didn't patch Java for months after Oracle patched - would have saved so many from Flashback Apple grew complacent after decades of no real threats Microsoft in contrast became very vigilant Microsoft have implemented technologies for preventing exploits of bugs (DEP + ASLR) Apple has it NOW but they were late to the party http://podfeet.com Sunday, November 25, 12 12
#1 Thing You can Do to be Safe When Software Update tells you it’s ready to give you something - say yes! Don’t procrastinate when it wants to reboot With Lion+ resume all windows and applications it’s much faster to reboot Allow your applications to update as well http://podfeet.com Sunday, November 25, 12 13
I Have an Old OS, They Won’t Attack That Well...that’s not quite true Apple only updates one OS version back Mountain Lion is out - Lion is updated but not Snow Leopard Older OS’s often contain the same code that just got patched in the new OS Vulnerabilities still exist in the old OS so you’re not safe Best to upgrade say after the first two revs are out What’s the advantage of waiting? You know you’re going to upgrade eventually! http://podfeet.com Sunday, November 25, 12 14
Just Disable Java* Very few sites use Java these days Disable in your browsers (Tutorials on how to do that on Podfeet.com!) If you ever need Java, reenable on Chrome and then disable again Safari automatically disables Java if you don’t use it for a while (what does that tell you?) Another option is to keep one browser for Java that you never use for anything else * Apple removed Java from all browsers in late October http://podfeet.com Sunday, November 25, 12 15
Mountain Lion: Now for the Good News Gatekeeper controls how and what apps you can install Safer to download apps Harder to get malware Highest protection level: Set Security to allow apps from Mac App Store Only Apple reviews each app If an app slips by, Apple can remove from the store http://podfeet.com Sunday, November 25, 12 16
What if You Don’t Use the MAS? You: Set Security preferences Allow apps from MAS and from identified developers Developers: Register with Apple, they get a unique developer ID Digitally sign their apps with this ID Gatekeeper: Checks to see if the app is digitally signed and warns you if it’s not Result: Unsigned apps never land on your machine http://podfeet.com Sunday, November 25, 12 17
What if You Know an App is OK? An app you trust shows this when you try to open it You can still open it without turning off Gatekeeper Control-click to open the app Gatekeeper will still warn you but will give you the option to open http://podfeet.com Sunday, November 25, 12 18
I Want to Control My Own Destiny! What if you’re a sophisticated user and want to walk on the wild side? Set Security Settings to Allow from Anywhere Gatekeeper will give you one last chance to change your mind... Now you’re just as insecure as you were on Lion and before Personally, I keep it on Mac App Store and ID’d developers More on Sandboxing and Gatekeeper: http://www.apple.com/osx/what-is/security.html  http://podfeet.com Sunday, November 25, 12 19
So What’s Sandboxing Then? Sandboxing doesn’t require you to do anything Sandboxing isolates apps from critical components of your Mac Apps as submitted to the Mac App Store must declare what features they need to access For example, an address book app would ask for access to your Contacts Some apps ask for access they shouldn’t need - Sandboxing will warn you of this Why would Chrome need my contacts? Just say no! http://podfeet.com Sunday, November 25, 12 20
More on Sandboxing Apple is even Sandboxing its own apps like Notes, Reminders, Game Center, Mail and FaceTime Result - if an app is compromised by malicious code, the damage is limited to what the app is authorized to access Any downsides to Sandboxing? Some of the more creative utilities can never be in the Mac App Store because they do access core services For Example: TextExpander 4, AppDelete http://podfeet.com Sunday, November 25, 12 21
Be Safer in Email Do you ever get email where the From field says thief@iwanttostealyourmoney.com? Of course not! The From field is VERY easy to fake Never ever ever EVER click on any links in an email requesting you update your information at a site Even if it says it’s from your bank or Google, or Apple or .gov Here’s why... http://podfeet.com Sunday, November 25, 12 22
You Can’t Trust Links Learn to hover over links Anyone can fake a link Example: See how the link says it’s from paypal.com? Hovering reveals it’s actually from eagleshell.com Even if hovering shows a link is from the expected source, I still don’t click them Enter the URL directly in your browser so you’re positive it’s the real deal http://podfeet.com Sunday, November 25, 12 23
Just Disable Flash Very few sites use Flash these days For some reason restaurants have Flash menus Most other sites have swapped to h.264 for video Disable in your browsers Flashblock on Firefox addons.mozilla.org/en-US/ firefox/addon/flashblock/  Click to Flash on Safari clicktoflash.com/ Both will stop those annoying animated ads, and make your system more stable Another note - you don’t need Adobe Acrobat, you have Preview! http://podfeet.com Sunday, November 25, 12 24
Time to Talk Passwords Don’t panic, this is easier than you think! Enter LastPass at http://lastpass.com You select one (last) password then store all the rest of your passwords in one place Encryption happens on your machine, not their servers I’m lazier than just about anyone, and I can use LastPass Easy to create passwords, easy to enter passwords Plugins for Safari, Firefox, Chrome LastPass browsers for iOS! http://podfeet.com Sunday, November 25, 12 25
LastPass is the Last Password You Need Save passwords Save websites Save license keys Save credit card info Create auto-fill forms - enter your address, phone number, everything a website is asking for in a few clicks Concerned it might not be safe to trust LastPass? Believe noted security expert Steve Gibson: http://twit.tv/sn/256 http://podfeet.com Sunday, November 25, 12 26
How to Choose Good Passwords Make sure your passwords are long and complex It’s not like in the movies... The longer your password, the harder to crack The more types of characters, the harder to crack Upper/lower case, numbers, punctuation As you add 1 more character to the password each time you get 64 TIMES (x) more strength How do we remember these passwords if not using LastPass to create and store? Consider http://xkpasswd.net to generate complex and yet memorable passwords http://podfeet.com Sunday, November 25, 12 27
Protect the Crown Jewels Anything financial - banking sites, stock trading sites etc. Anything which stores your credit card (including things like your Apple ID, Skype, and store sites like Amazon) All email accounts You’d be surprised how connected your emails are All passwords relating to your work You don’t want to be the person who allowed your company’s proprietary information to leak http://podfeet.com Sunday, November 25, 12 28
Silly Sites NEVER re-use passwords you use on sites like these I used the same password on silly site Gawker Media and Skype Didn’t change my Skype password - was a silly site Forgot Skype auto-loaded credits from my Paypal account Gawker got hacked I lost $200 in 1.5 hours Good news is Paypal and Skype took care of me http://podfeet.com Sunday, November 25, 12 29
Time for Anti-Virus? Sorry, but yes Recommend ClamXav from http://clamxav.com Non-intrusive, doesn’t slow your system down, adds a layer of protection I installed it and messed with the configuration till I got something that doesn’t annoy me but gives some protection Steps to configure ClamXav: http://www.podfeet.com/ wordpress/tutorials/how-to-install-clamxav-anti-virus-for- mac/ Demo time! http://podfeet.com Sunday, November 25, 12 30
Special Thanks Over the past 5 years I’ve been tutored in Security by Bart Busschots of http://bartb.ie Pretty much everything I know on this subject is because of him Follow him on Twitter at @bbusschots Listen to the International Mac Podcast which he hosts with Stu Helm at http://impodcast.com http://podfeet.com Sunday, November 25, 12 31
http://podfeet.com Sunday, November 25, 12 32
Blog/Podcast: podfeet.com Email: allison@podfeet.com Twitter: @podfeet Slides: slideshare.net/nosillacast/presentations http://podfeet.com Sunday, November 25, 12 33

Recommandé

How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PC
thatfunguygeek
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
mkgspsu
 
Configure The Unidentified ..
Configure The Unidentified ..Configure The Unidentified ..
Configure The Unidentified ..
Cody
 
Lenny zeltser social engineering attacks
Lenny zeltser social engineering attacksLenny zeltser social engineering attacks
Lenny zeltser social engineering attacks
Travis Barnes
 
Removing virus tri fold - white
Removing virus tri fold - whiteRemoving virus tri fold - white
Removing virus tri fold - white
Rozell Sneede
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
Mehrdad Jingoism
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threats
Vincenzo Iozzo
 
Avoiding Digital Disaster or Life After Death
Avoiding Digital Disaster or Life After DeathAvoiding Digital Disaster or Life After Death
Avoiding Digital Disaster or Life After Death
Allison Sheridan
 

Recommandé

How To Protect Your Home PC
How To Protect Your Home PCHow To Protect Your Home PC
How To Protect Your Home PC
thatfunguygeek
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
mkgspsu
 
Configure The Unidentified ..
Configure The Unidentified ..Configure The Unidentified ..
Configure The Unidentified ..
Cody
 
Lenny zeltser social engineering attacks
Lenny zeltser social engineering attacksLenny zeltser social engineering attacks
Lenny zeltser social engineering attacks
Travis Barnes
 
Removing virus tri fold - white
Removing virus tri fold - whiteRemoving virus tri fold - white
Removing virus tri fold - white
Rozell Sneede
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
Mehrdad Jingoism
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threats
Vincenzo Iozzo
 
Avoiding Digital Disaster or Life After Death
Avoiding Digital Disaster or Life After DeathAvoiding Digital Disaster or Life After Death
Avoiding Digital Disaster or Life After Death
Allison Sheridan
 
Understand study
Understand studyUnderstand study
Understand study
Antonio Costa aka Cooler_
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
BHack Conference
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021
tsevier
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe final
Khürt Williams
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 
The Dynamite of Next Generation (Y) Attack
The Dynamite of Next Generation (Y) AttackThe Dynamite of Next Generation (Y) Attack
The Dynamite of Next Generation (Y) Attack
Prathan Phongthiproek
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
eLiberatica
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
Stavia
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
Gaurav Dalvi
 
Malware Goes to the Movies - Briefing
Malware Goes to the Movies - BriefingMalware Goes to the Movies - Briefing
Malware Goes to the Movies - Briefing
Aleksandr Yampolskiy
 
Malware
MalwareMalware
Malware
Nikola Milosevic
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
seth edmond
 
Malware
MalwareMalware
Malware
Anoushka Srivastava
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
kamrannasiriiui
 
Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011
Source Conference
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Malwares
MalwaresMalwares
Malwares
Abolfazl Naderi
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
V!R0L0gy - Malwares vs Glitch Art
V!R0L0gy - Malwares vs Glitch ArtV!R0L0gy - Malwares vs Glitch Art
V!R0L0gy - Malwares vs Glitch Art
Domenico Barra
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A Discussion
Kaushik Patra
 
Why Do Strong Passwords Matter?
Why Do Strong Passwords Matter?Why Do Strong Passwords Matter?
Why Do Strong Passwords Matter?
Allison Sheridan
 
Password Playdate 2015
Password Playdate 2015Password Playdate 2015
Password Playdate 2015
Allison Sheridan
 

Contenu connexe

Similaire à Security on the Mac

Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe final
Khürt Williams
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
DefconRussia
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
eLiberatica
 
Malware Goes to the Movies - Briefing
Malware Goes to the Movies - BriefingMalware Goes to the Movies - Briefing
Malware Goes to the Movies - Briefing
Aleksandr Yampolskiy
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
seth edmond
 

Similaire à Security on the Mac (20)

Understand study
Understand studyUnderstand study
Understand study
 
Palestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry morePalestra Jeferson Propheta - Wanna Cry more
Palestra Jeferson Propheta - Wanna Cry more
 
Nastiest Malware 2021
Nastiest Malware 2021Nastiest Malware 2021
Nastiest Malware 2021
 
Os x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe finalOs x security basics for keeping your mac safe final
Os x security basics for keeping your mac safe final
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
 
The Dynamite of Next Generation (Y) Attack
The Dynamite of Next Generation (Y) AttackThe Dynamite of Next Generation (Y) Attack
The Dynamite of Next Generation (Y) Attack
 
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand..."Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
"Viruses Exploits Rootkits the Dilemma of a Linux Product Manager" by Alexand...
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
 
Malware Goes to the Movies - Briefing
Malware Goes to the Movies - BriefingMalware Goes to the Movies - Briefing
Malware Goes to the Movies - Briefing
 
Malware
MalwareMalware
Malware
 
Trojan backdoors
Trojan backdoorsTrojan backdoors
Trojan backdoors
 
Malware
MalwareMalware
Malware
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011Dan Guido SOURCE Boston 2011
Dan Guido SOURCE Boston 2011
 
Malware
MalwareMalware
Malware
 
Malwares
MalwaresMalwares
Malwares
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
V!R0L0gy - Malwares vs Glitch Art
V!R0L0gy - Malwares vs Glitch ArtV!R0L0gy - Malwares vs Glitch Art
V!R0L0gy - Malwares vs Glitch Art
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A Discussion
 

Plus de Allison Sheridan

Plus de Allison Sheridan (10)

Why Do Strong Passwords Matter?
Why Do Strong Passwords Matter?Why Do Strong Passwords Matter?
Why Do Strong Passwords Matter?
 
Password Playdate 2015
Password Playdate 2015Password Playdate 2015
Password Playdate 2015
 
Turbocharge Your Mac Productivity SVMUG
Turbocharge Your Mac Productivity SVMUGTurbocharge Your Mac Productivity SVMUG
Turbocharge Your Mac Productivity SVMUG
 
Video Conversion on iOS
Video Conversion on iOSVideo Conversion on iOS
Video Conversion on iOS
 
Turbocharge Your Mac Productivity
Turbocharge Your Mac ProductivityTurbocharge Your Mac Productivity
Turbocharge Your Mac Productivity
 
How to Grow Your Audience Through Accessibility
How to Grow Your Audience Through AccessibilityHow to Grow Your Audience Through Accessibility
How to Grow Your Audience Through Accessibility
 
Podcasting live grouped
Podcasting live groupedPodcasting live grouped
Podcasting live grouped
 
Podcasting 101 no transitions
Podcasting 101 no transitionsPodcasting 101 no transitions
Podcasting 101 no transitions
 
Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009Introduction to Audio Podcasting Blogworld 2009
Introduction to Audio Podcasting Blogworld 2009
 
Social Media Presentation 2009 04
Social Media Presentation 2009 04Social Media Presentation 2009 04
Social Media Presentation 2009 04
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Dernier (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Security on the Mac

  • 1. Mac OSX Security Allison Sheridan November 2012 http://podfeet.com Sunday, November 25, 12 1
  • 2. Definitions Malware - a generic term to describe anything put on your machine with the intent to harm Virus - a self-replicating type of malware that moves from machine to machine without active participation by the user Trojan Horse - malware that masquerades as something else - e.g. free Photoshop, video codecs http://podfeet.com Sunday, November 25, 12 2
  • 3. Agenda History Didn’t we used to be safe? State of the Union Where are we now? (Some good news) What practical things can we do to be safe? Email safety Software updates Protecting passwords Gatekeeper Anti-Virus http://podfeet.com Sunday, November 25, 12 3
  • 4. 2004 - 2007 Blissful Ignorance 2004 - Mostly ignored Renepo worm is proof of concept 2006 - Denial Leap-A first ever virus for OSX 2007 - I remember this year Office Macro Virus ran on OSX, Windows & Linux (we all blamed it on Microsoft) Bad Bunny (creepy pornographic bunny) and the first Financial Trojan for Mac (and Windows) - which also offered porn http://podfeet.com Sunday, November 25, 12 4
  • 5. 2008 - Things star t to heat up Macs and PCs attacked by poisoned adverts offering Scareware called MacSweeper and Imunizator - without which they threatened all your data would be erased Hovdy-A Trojan stole passwords, opened the firewall and disabled security settings RKOSX-A - Helped make more trojans Video Codec claims - you can't play the video without this codec… First time Apple suggested anti-virus software, and then deleted the suggestion http://podfeet.com Sunday, November 25, 12 5
  • 6. 2009 - Your Own Darn Fault iWorkS-A trojan horse in pirated versions of iWork and Photoshop Another video virus MacCinema How about some more porn? Enjoy your Jahlav trojan We're all still smug that we're too smart to get infected http://podfeet.com Sunday, November 25, 12 6
  • 7. 2010 - Star ting to Get Ner vous Pinhead trojan allowed hackers to gain remote control - but again through downloads of legitimate software from illegitimate sites like iPhoto Boonana worm uses a Java applet to target Windows, Mac and Linux http://podfeet.com Sunday, November 25, 12 7
  • 8. 2011 & 2012 Hard to Ignore BlackHole RAT allows hackers to gain remote access MacDefender hits the scene - pretending to be a legitimate security application - acquired through a search engine poisoning campaign Flashback Trojan hits disguised as an update for Adobe Flash Apple acknowledges and provides removal tools source: http://nakedsecurity.sophos.com/2011/10/03/mac-malware-history/#2004 http://podfeet.com Sunday, November 25, 12 8
  • 9. What Changed? Originally malware was plain old vandalism - destroy your hard drive and leave a signature for bragging rights Over time, malware has mutated into a multi-billion dollar business Hactivism - hacking for political purposes LOLSec & Anonymous Digital espionage and sabotage  Stuxnet malware distributed specifically to attack a Siemens computer system used by Iran’s nuclear program http://podfeet.com Sunday, November 25, 12 9
  • 10. The Big Money - Botnets Technical bad guy writes some code and infects a lot of machines (millions) such that he/she can control those machines at will Technical bad guy sells the botnet to an extortionist Extortionist tells a gambling site, “It would be a shame if your site went down the night before your big tournament” If the gambler doesn’t pay up, extortionist tells all the machines in the botnet to attack the gambling site at the same time Creating a Distributed Denial of Service Attack http://podfeet.com Sunday, November 25, 12 10
  • 11. Why was OSX Left Alone So Long? OSX is based on a relatively secure operating system - BSD with decades of security updates  Remember no OS is truly secure Secure as compared to Windows  Small number of computers meant less less profit Remember bad guys need to infect millions of computers to be Effective OSX wouldn't have added significantly to the numbers http://podfeet.com Sunday, November 25, 12 11
  • 12. Apple Took Their Eyes Off the Ball Flashback Trojan didn't have to be as painful as it was Apple didn't patch Java for months after Oracle patched - would have saved so many from Flashback Apple grew complacent after decades of no real threats Microsoft in contrast became very vigilant Microsoft have implemented technologies for preventing exploits of bugs (DEP + ASLR) Apple has it NOW but they were late to the party http://podfeet.com Sunday, November 25, 12 12
  • 13. #1 Thing You can Do to be Safe When Software Update tells you it’s ready to give you something - say yes! Don’t procrastinate when it wants to reboot With Lion+ resume all windows and applications it’s much faster to reboot Allow your applications to update as well http://podfeet.com Sunday, November 25, 12 13
  • 14. I Have an Old OS, They Won’t Attack That Well...that’s not quite true Apple only updates one OS version back Mountain Lion is out - Lion is updated but not Snow Leopard Older OS’s often contain the same code that just got patched in the new OS Vulnerabilities still exist in the old OS so you’re not safe Best to upgrade say after the first two revs are out What’s the advantage of waiting? You know you’re going to upgrade eventually! http://podfeet.com Sunday, November 25, 12 14
  • 15. Just Disable Java* Very few sites use Java these days Disable in your browsers (Tutorials on how to do that on Podfeet.com!) If you ever need Java, reenable on Chrome and then disable again Safari automatically disables Java if you don’t use it for a while (what does that tell you?) Another option is to keep one browser for Java that you never use for anything else * Apple removed Java from all browsers in late October http://podfeet.com Sunday, November 25, 12 15
  • 16. Mountain Lion: Now for the Good News Gatekeeper controls how and what apps you can install Safer to download apps Harder to get malware Highest protection level: Set Security to allow apps from Mac App Store Only Apple reviews each app If an app slips by, Apple can remove from the store http://podfeet.com Sunday, November 25, 12 16
  • 17. What if You Don’t Use the MAS? You: Set Security preferences Allow apps from MAS and from identified developers Developers: Register with Apple, they get a unique developer ID Digitally sign their apps with this ID Gatekeeper: Checks to see if the app is digitally signed and warns you if it’s not Result: Unsigned apps never land on your machine http://podfeet.com Sunday, November 25, 12 17
  • 18. What if You Know an App is OK? An app you trust shows this when you try to open it You can still open it without turning off Gatekeeper Control-click to open the app Gatekeeper will still warn you but will give you the option to open http://podfeet.com Sunday, November 25, 12 18
  • 19. I Want to Control My Own Destiny! What if you’re a sophisticated user and want to walk on the wild side? Set Security Settings to Allow from Anywhere Gatekeeper will give you one last chance to change your mind... Now you’re just as insecure as you were on Lion and before Personally, I keep it on Mac App Store and ID’d developers More on Sandboxing and Gatekeeper: http://www.apple.com/osx/what-is/security.html  http://podfeet.com Sunday, November 25, 12 19
  • 20. So What’s Sandboxing Then? Sandboxing doesn’t require you to do anything Sandboxing isolates apps from critical components of your Mac Apps as submitted to the Mac App Store must declare what features they need to access For example, an address book app would ask for access to your Contacts Some apps ask for access they shouldn’t need - Sandboxing will warn you of this Why would Chrome need my contacts? Just say no! http://podfeet.com Sunday, November 25, 12 20
  • 21. More on Sandboxing Apple is even Sandboxing its own apps like Notes, Reminders, Game Center, Mail and FaceTime Result - if an app is compromised by malicious code, the damage is limited to what the app is authorized to access Any downsides to Sandboxing? Some of the more creative utilities can never be in the Mac App Store because they do access core services For Example: TextExpander 4, AppDelete http://podfeet.com Sunday, November 25, 12 21
  • 22. Be Safer in Email Do you ever get email where the From field says thief@iwanttostealyourmoney.com? Of course not! The From field is VERY easy to fake Never ever ever EVER click on any links in an email requesting you update your information at a site Even if it says it’s from your bank or Google, or Apple or .gov Here’s why... http://podfeet.com Sunday, November 25, 12 22
  • 23. You Can’t Trust Links Learn to hover over links Anyone can fake a link Example: See how the link says it’s from paypal.com? Hovering reveals it’s actually from eagleshell.com Even if hovering shows a link is from the expected source, I still don’t click them Enter the URL directly in your browser so you’re positive it’s the real deal http://podfeet.com Sunday, November 25, 12 23
  • 24. Just Disable Flash Very few sites use Flash these days For some reason restaurants have Flash menus Most other sites have swapped to h.264 for video Disable in your browsers Flashblock on Firefox addons.mozilla.org/en-US/ firefox/addon/flashblock/  Click to Flash on Safari clicktoflash.com/ Both will stop those annoying animated ads, and make your system more stable Another note - you don’t need Adobe Acrobat, you have Preview! http://podfeet.com Sunday, November 25, 12 24
  • 25. Time to Talk Passwords Don’t panic, this is easier than you think! Enter LastPass at http://lastpass.com You select one (last) password then store all the rest of your passwords in one place Encryption happens on your machine, not their servers I’m lazier than just about anyone, and I can use LastPass Easy to create passwords, easy to enter passwords Plugins for Safari, Firefox, Chrome LastPass browsers for iOS! http://podfeet.com Sunday, November 25, 12 25
  • 26. LastPass is the Last Password You Need Save passwords Save websites Save license keys Save credit card info Create auto-fill forms - enter your address, phone number, everything a website is asking for in a few clicks Concerned it might not be safe to trust LastPass? Believe noted security expert Steve Gibson: http://twit.tv/sn/256 http://podfeet.com Sunday, November 25, 12 26
  • 27. How to Choose Good Passwords Make sure your passwords are long and complex It’s not like in the movies... The longer your password, the harder to crack The more types of characters, the harder to crack Upper/lower case, numbers, punctuation As you add 1 more character to the password each time you get 64 TIMES (x) more strength How do we remember these passwords if not using LastPass to create and store? Consider http://xkpasswd.net to generate complex and yet memorable passwords http://podfeet.com Sunday, November 25, 12 27
  • 28. Protect the Crown Jewels Anything financial - banking sites, stock trading sites etc. Anything which stores your credit card (including things like your Apple ID, Skype, and store sites like Amazon) All email accounts You’d be surprised how connected your emails are All passwords relating to your work You don’t want to be the person who allowed your company’s proprietary information to leak http://podfeet.com Sunday, November 25, 12 28
  • 29. Silly Sites NEVER re-use passwords you use on sites like these I used the same password on silly site Gawker Media and Skype Didn’t change my Skype password - was a silly site Forgot Skype auto-loaded credits from my Paypal account Gawker got hacked I lost $200 in 1.5 hours Good news is Paypal and Skype took care of me http://podfeet.com Sunday, November 25, 12 29
  • 30. Time for Anti-Virus? Sorry, but yes Recommend ClamXav from http://clamxav.com Non-intrusive, doesn’t slow your system down, adds a layer of protection I installed it and messed with the configuration till I got something that doesn’t annoy me but gives some protection Steps to configure ClamXav: http://www.podfeet.com/ wordpress/tutorials/how-to-install-clamxav-anti-virus-for- mac/ Demo time! http://podfeet.com Sunday, November 25, 12 30
  • 31. Special Thanks Over the past 5 years I’ve been tutored in Security by Bart Busschots of http://bartb.ie Pretty much everything I know on this subject is because of him Follow him on Twitter at @bbusschots Listen to the International Mac Podcast which he hosts with Stu Helm at http://impodcast.com http://podfeet.com Sunday, November 25, 12 31
  • 33. Blog/Podcast: podfeet.com Email: allison@podfeet.com Twitter: @podfeet Slides: slideshare.net/nosillacast/presentations http://podfeet.com Sunday, November 25, 12 33