The new revision of TrueCrypt - Version 5.0(a) — has now been released for Mac. Downloads are available here. I haven’t had a change to work with it since I’m traveling, but initial word from some colleagues is that it works as expected.
Got to do some testing with TrueCrypt on the Mac - and immediately hit a wall. One of the unique features of TrueCrypt is the ability to create a hidden TrueCrypt volume inside of another TrueCrypt volume. The idea is that if you were forced to reveal a passphrase, you give up the passphrase to the ‘outer’ volume, and nobody would know that another volume exists inside of the main one.
This isn’t a requirement for many folks, but the ability to do it is going to be missed for the time being. Regular TrueCrypt volumes are working great though.
More info about TrueCrypt Hidden volumes is available here.
A staple on the Windows OS for quite a while, TrueCrypt has finally been ported to OS X. While it doesn’t have a lot of polish yet, it does indeed seem to work like the Windows version does. TrueCrypt has the ability to create an encrypted volume — which can be stored as random data on your disk — essentially hiding the fact that you have any hidden data. If nobody knows you have something encrypted, how would they know to even ask for your passphrase? As a note, TrueCrypt on Windows has been used by folks doing various illegal things over the years, and using it to hide data; real Dateline kinds of stuff. It’s good at what it does, but having it around could make someone think you have something to hide.
Try it out here: http://www.truecrypt.org/downloads.php
This is making the rounds, but CERT has the dirt. At this early stage it seems like the only “easy” fix is blocking RTSP traffic at a port level on the network, but hopefully something more practical come around in the next few days. More info here as well.
As a note, I’ve got more tool ‘how-to’s that I’m writing now, so more is coming soon.
I’d say it’s less ‘risk’ and more ‘real’ at this point — but I’m traveling and I haven’t had much time to look into it yet. Heise has more info available here.
See here. Just a quick note: if you read the Symantec advisory regarding the Quicktime RTSP Header Vunerability, they mention blocking certain traffic if you’re worried about the exploit — which appears to be Windows specific at this point. In the interest of being safe though, here is a set of ipfw rules for blocking access as suggested:
01000 0 0 deny tcp from me to not me dst-port 554 out
01100 0 0 deny tcp from me to 85.255.117.212 out
01200 0 0 deny tcp from me to 85.255.117.213 out
01300 0 0 deny tcp from me to 216.255.183.59 out
01400 0 0 deny tcp from me to 69.50.190.135 out
01500 0 0 deny tcp from me to 58.65.238.116 out
01600 0 0 deny tcp from me to 208.113.154.34 out
You can put these in on a command line (via Terminal or iTerm) using ‘ipfw’ or using WaterRoof.
At the end of November, SubRosaSoft released “FileDefense” - a new application for securing Mac OS X computers. SubRosaSoft makes and sells a number of utilities as well as some freeware for Macs; I primarily know of them for their MacForensicsLab and MacLockPick programs. From their website:
“FileDefense is a program that forms the first line of defence in file access. It is a set of programs that provide an easy interface to locking down files and making sure that unwanted access is not given to malicious scripts, applications and services on the your computer.”
Symantec is reporting details of a vulnerability in Quicktime 7.2 and 7.3 that is currently unpatched by Apple. Right now the exploits in the wild for this vulnerability appear to only be loading Windows executables, but the suggestion is that OS X systems could potentially be vulnerable as well. Recommended steps until there is a patch include blocking outbound TCP traffic on port 554, or even blocking certain IP blocks that the Windows exploit is known to be sending data back to. The CERT page for this vulnerability is here with tons of details. As a note for anyone running OS X in a corporate environment — SourceFire’s SEU 118 has the Snort signatures for this vulnerability.
Thought it was funny, this past Sunday’s 60 Minutes on CBS aired a segment called “High-Tech Heist” — specifically about credit card fraud and vulnerability in the physical world. They talked to staff at the FBI and showed how easy it is to buy and sell card numbers and ‘full identities’ online — no big shock there. One of the CBS reporters drove around with an InfoSec expert who was using his Mac and KisMAC to do some Wardriving, which was amusing. They talked about cracking WEP, and a few other basic concepts. Interesting. For anyone who wants to play with KisMAC, get it here. More on KisMAC soon.