Domain: securosis.com
Stories and comments across the archive that link to securosis.com.
Comments · 7
-
Re:but what about mountain lion
That didn't sound right so I looked up it up. I would not have put it past Apple to require every single program be signed by them or as an approved developer to keep out "undesirables", however, that's not what's going on. https://securosis.com/blog/os-x-10.8-gatekeeper-in-depth
-
problem solved:
how to set up ipfw in leopard:
see here and here:
http://www.netmojo.ca/2007/10/31/fixing-leopards-firewall/
http://securosis.com/blog/help-build-the-best-ipfw-firewall-rules-sets-ever
or use the GUI tool wateroof to configure the firewall.
add the rules decribed here:
http://www.macgeekery.com/hacks/software/traffic_shaping_in_mac_os_xthen turn it on at boot like this:
http://lists.macosforge.org/pipermail/macports-users/2008-May/010337.html
and then turn off the application firewall in system preferences.
-
Re:!secure
SSL has certification authorities. Needless to say, initiating an encrypted connection via tor with a site that is not certified is at least as careless as not using SSL at all.
Because CA signing has never been compromised ?
IE, Chrome, Safari duped by bogus PayPal SSL cert
MD5 Weakness Allows Fake SSL Certificates To Be Created
Or because no one ever gets suckered by a proxy just stripping out the SSL altogether ?
Man-in-the-middle attack sidesteps SSL
And no one has ever been tricked into clicking "OK" when a MITM attack passes on its own cert ?
TOR exit-node doing MITM attacks
Now I know you (and the guy who modded me "overrated") probably take all possible precautions but they only need to catch you or some less careful type off guard once. I don't know why anyone would route a secure connection through an untrusted node on purpose. Sounds like asking for trouble to me.
-
Re:Any name server?
I thought the resolver was the thing in the libc (or someplace) that handled the query. Isn't dnscache a caching forwarder? dnscache's manpage refers to it as a "cache" and contains the string "resolution" once and "resolv" 0 times. TFA says that this affects "home users" which usually implies Windows (or they would say so.) I got this understanding of the word "resolver" some years ago relinking something for DNS support on SunOS 4.1.1/sun3, I could have sworn it was the kernel but it was probably libc, either one would reasonably require a reboot so my memory is fuzzy. (It's been a while since I wanted to run Unix on a 68020, too.)
-
Re:Where's the ODF version?
From the site (I know, I know):
The same content as a set of
.csvs is available here: http://securosis.com/publications/MozillaProject.zip -
Re:Nothing to fear from iPhonesiPhones are extremely secure against attack, and most definitely via remote.
I'm not betting money on that. The fact that the iPhone will connect to any network with the same SSID as the users doesn't seem to be what I'd call secure...
Anyone else have thoughts on this?
-
Three Year Anniversary of Blaster
Tomorrow is the three year anniversary of the Blaster virus, which just happened to take advantage of a very similar vilnerability. Today might be a good day to patch... http://securosis.com/2006/08/10/today-is-a-good-d
a y-to-patch/