Posted by: David Harley | March 26, 2011

OS X security and Comodo cert revocation links

Chester Wisniewski warns that Apple’s minimal anti-malware by stealth isn’t comprehensively effective even against the tiny proportion of Mac-targeting malware it has detection for: Apple’s XProtect updated in OS X 10.6.7.

While in Apple users left to defend themselves against certificate attacks, Chet also summarizes some research by Mike Shannon on how to configure a Mac so as to mitigate the impact of fraudulent SSL certificates by enabling certification revocation status checking. (It’s all very well a company like Comodo acting promptly to revoke certificates obtained fraudulently, but you really want your browser to know about the revocation.) He describes how Safari and Chrome can be configured using Keychain. Opera and Firefox have OCSP (which Comodo supports) enabled by default, but he also describes how to import Certificate Revocation Lists manually for certs that don’t support OCSP.

More links about the Comodo certs issue:

Back in the world of malware, Lee of Security FAQs asks: With The New Beta Backdoor Trojan For OS X, Is It Time For Mac Users To Start Worrying? He doesn’t counsel panic, but does suggest rational risk evaluation, and I’m not going to argue with that. More on those beta Trojans at https://macviruscom.wordpress.com/?s=darkcomet.

David Harley CITP FBCS CISSP
Small Blue-Green World

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: