Yesterday Apple released a security update for a number of critical flaws found in the NTP (Network Time Protocol) service that OS X utilizes. The most worrisome of these is a buffer overflow that allows an attacker to remotely send specially crafted packets to a system, resulting in them being able to run malicious code with the privileges of the ntpd service (system level privileges on OS X). Be aware though, since NTP is an open source protocol more than just Macs are affected. Continue reading
I noticed the other day that my XProtect file had been updated for the first time in quite a while. The reason this caught my eye is because prior to this update, the last one was back in October of 2013, and I hadn’t heard of any new threat. So I decided to do some digging. Continue reading
OS X Server comes with FreeRADIUS pre-installed, but does not have any GUI interface for enabling or configuring it. This guide will walk you through, step-by-step, how to enable, configure, and test your RADIUS server. I’ll probably follow up with a separate guide on configuring various devices to work with the FreeRADIUS server you will be configuring here. Continue reading
Given the content of this Blog, and the type of information someone on it would be looking for, I figured I would cover one lesser known vulnerability that SysAdmins often open themselves up to without thinking. This is not a high tech attack vector, but it is an easy one. This attack can occur if you copy/paste commands from a website directly into terminal. I will first show you an example of what happens, then explain how it is happening and how to protect yourself.