Title: Beyond Pacifism: Why Japan Must Become a "Normal" Nation (Psi Reports) Purchase Item Manufacturer: Praeger Security International List Price: $75.00 Our Price: $75.00

Lies, Damned Lies, and Bill Gates Daring Fireball on Bill Gates, who says: “Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine.” Fri, 02 Feb 2007 19:57:10 GMT

Mac OS X Developers Watch Month of Apple Bugs eWeek: “Developers of applications for Apple’s Mac OS X have been watching the Month of Apple Bugs project closely, and are generally in favor of the project’s goal of uncovering OS flaws. “But they, and security companies, have questions about the MOAB group’s method, which involves making their findings public immediately, instead of first alerting Apple Computer.” Sun, 07 Jan 2007 21:03:50 GMT

Apple releases Xcode 2.4.1 MacMinute : “Changes in the release include: stability and security fixes in the Xcode IDE, cctools, debugger, and compiler; CHUD has been updated to version 4.4.3 (CHUD also releases independent from the Xcode Tools releases); and the 10.3.9 and 10.4u SDKs have been updated.” Wed, 01 Nov 2006 17:07:20 GMT

Dashboard: Widget (In)Security Macworld: Dori Smith: “A new Web page documents an issue with Mac OS X v10.4 Tiger’s new Dashboard feature that, left unchecked, could potentially be exploited by malware developers, according to the page’s author. The exploit is described and demonstrated on a page called Zaptastic: Blueprint for a widget of mass destruction.” Tue, 10 May 2005 00:07:12 GMT

Mac OS X security bug and NetNewsWire Recently a security bug was reported in Safari. Clicking on certain URLs could cause a script to run on your machine. Sylvain Carle alerted us to the fact that this security bug is not really a Safari bug, it’s a bug in WebKit. WebKit is Safari’s rendering system, provided by Apple as part of OS X, which other applications use too—including NetNewsWire. NetNewsWire uses WebKit to display feed descriptions, so NetNewsWire (and other WebKit-using applications) may be vulnerable to this bug. We certainly expect that Apple will fix the bug with a security update, and that should solve the problem. In the meantime we’re looking at the possibility of fixing it just for NetNewsWire, in case Apple doesn’t come through with a fix. For reference: here’s the report on the bug, and here’s a CNET article about it, which states that Apple is aware of the issue. If you have any questions, please feel free to email Brent Simmons at brent@ranchero.com. Update 4:00 p.m.: it turns out it’s not just a WebKit bug, it can affect other browsers and applications which display HTML but that don’t use WebKit. Thu, 20 May 2004 00:50:46 GMT

Keychain Framework It’s an open source “Objective C Foundation-based framework for accessing Keychain and Security services under MacOS X.” Sounds useful. Tue, 05 Aug 2003 08:53:48 GMT

Cocoa programming book released MacCentral: “Sections of the 1,272-page tome show you how to modify views, integrate multimedia, and access networks with Cocoa. ‘Cocoa Programming’ describes the Cocoa Text system, investigates subprocesses and threads, shows you how to get system information, and discusses authentication and security issues.” Thu, 10 Oct 2002 15:16:57 GMT

Microsoft updates IE 5.1, 5.2 for security issues MacCentral: “Internet Explorer 5.2.2 is the latest version available for Mac OS X. As with Internet Explorer 5.1.6, the update resolves a security vulnerability associated with the validation of digital certificate chains.” Wed, 25 Sep 2002 21:30:29 GMT

A Guide to Building Secure Web Applications The Open Web Application Security Project has a guide with a bunch of notes on security. Wed, 25 Sep 2002 14:39:13 GMT

Apple posts September Security Update MacCentral: “According to information provided with the update Security Update 2002-09-20 updates the Terminal application, which is pre-installed with Mac OS X.” Sat, 21 Sep 2002 00:19:27 GMT

Write Secure Scripts with PHP 4.2 WebmasterBase: “For the longest time, one of the biggest selling points of PHP as a server-side scripting language was that values submitted from a form were automatically created as global variables for you. As of PHP 4.1, the makers of PHP recommended an alternate means of accessing submitted data. In PHP 4.2, they switched off the old way of doing things! As I’ll explain in this article, these changes have been made in the name of security.” Fri, 10 May 2002 17:00:43 GMT

Apple releases Mac OS X 10.1.4 MacCentral: “Changes to Mac OS X 10.1.4 include improved network, security and additional disc recording device support, according to Apple.” Thu, 18 Apr 2002 02:41:12 GMT

Transport Layer Security for Frontier and Radio Updated Macrobyte Resources: “This product provides scripts for accessing secure websites and services from Frontier and Radio, and for serving secure websites (from the same).” Wed, 03 Apr 2002 17:24:49 GMT

User Authentication with Apache and PHP DevShed: “As it turned out, my user authentication module had enough security holes in it to drive a few hundred dump trucks through. I spent the next week plugging those holes, and along the way learnt a number of valuable things about access control—most notably, that it’s not as easy or as obvious as you might think.” Thu, 14 Mar 2002 17:58:11 GMT

Building OpenSSH 3.1 on Mac OS X 10.1.x Stepwise: “A serious security issue has been discovered in OpenSSH 3.0.2 (Apple ships this version with Mac OS X 10.1.3). Update to the latest version as soon as possible.” Thu, 07 Mar 2002 23:20:37 GMT