![]() Ostiarius will be posted on Wardle's website, which has a collection of OS X security tools that he's developed. "It doesn't care if the executable was run by the user or if an attacker was abusing some signed code to kick that off." "It's kind of a global approach," Wardle said. Their role is twofold: admitting their brethren onto the Material Plane andmore insidiouslyconvincing mortals to willingly journey with them to their shadowed homeland. Ostiariuses mind the gate between the world of mortals and the delights of the Plane of Shadow. If a process isn't digitally signed and comes from an executable that was downloaded from the Internet, it is stopped. Cloaked in shadows, every curve and sculpted muscle of this creature suggests some new gasping pleasure or titillating torture. ![]() It monitors all the new processes created in OS X's kernel. That means an advanced attacker with network access wouldn't have trouble conducting a man-in-the-middle attack and replicating Wardle's attack.Īt Shmoocon, Wardle will release a tool called Ostiarius - the Latin word for Gatekeeper - that he says accomplishes what Apple should have done the first time around to fix Gatekeeper. "These guys are supposed to be security professionals," he said. Surprisingly, Wardle found early last year that many security software makers still don't use SSL to deliver their installers. ![]() In a demonstration video, Wardle showed how he could inject malicious code into one application, a Kaspersky antivirus software package, that is not delivered over SSL. The weakness can also be used in a man-in-the-middle attack, especially when software makers do not deliver their installers over SSL/TLS (Secure Sockets Layer/Transport Layer Security). He said the company has indicated it is working on a more effective patch but he decided to go public anyway since users are still at risk. Essentially, the company blacklisted some of its own files.Īpple officials told him that they'd blocked his targeted attack, but Wardle said he pointed out he could simply use different executables to get around the patch. When he studied Apple's patch, he found that the company had simply blacklisted the Apple-signed code that Wardle had used in his proof-of-concept code. "The problem is that Gatekeeper does not verify that second component," he said.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |