Always Remember: With Gusto Comes Data Loss.

US-CERT Announces Critical NTP Vulnerability

ntpYesterday Apple released a security update for a number of critical flaws found in the NTP (Network Time Protocol) service that OS X utilizes. The most worrisome of these is a buffer overflow that allows an attacker to remotely send specially crafted packets to a system, resulting in them being able to run malicious code with the privileges of the ntpd service (system level privileges on OS X). Be aware though, since NTP is an open source protocol more than just Macs are affected. Continue reading

Configuring RADIUS on OS X Server (10.8-10.9)

OS X Server comes with FreeRADIUS pre-installed, but does not have any GUI interface for enabling or configuring it[1]. This guide will walk you through, step-by-step, how to enable, configure, and test your RADIUS server. I’ll probably follow up with a separate guide on configuring various devices to work with the FreeRADIUS server you will be configuring here. Continue reading

Be Careful What You Copy/Paste

Given the content of this Blog, and the type of information someone on it would be looking for, I figured I would cover one lesser known vulnerability that SysAdmins often open themselves up to without thinking. This is not a high tech attack vector, but it is an easy one. This attack can occur if you copy/paste commands from a website directly into terminal. I will first show you an example of what happens, then explain how it is happening and how to protect yourself.
Continue reading