mSec - Macintosh Security

**News:**
11.27.03 - Mac OS X DHCP Advisory A DHCP vulnerability has been discovered that could result in a root compromise. http://www.msec.net/advisories/dhcp_vuln.html
11.22.01 - Malevolence 2 Released Malevolence is a tool that allows unprivileged users to view a unshadowed version of the NetInfo password database on a Mac OS X and Mac OS X Server machines. http://www.msec.net/software/index.html#malevolence2
09.20.01 - Disengage added to Vuln-Dev Disengage has been added to Security Focus' Vulnerability Database. The full advisory is now available: http://www.securityfocus.com/bid/3213
08.10.01 - Disengage 1.0 Released Disengage 1.0 is an application that decrypts the user information stored by FileGuard 4.0 and DiskGuard 1.9. http://www.msec.net/software/software/index.html#disengage1
08.10.01 - FW Sucker 1.0 Released With the FirmWare Update 4.1.7, Apple has made it possible for certain models to use a password protection before the system boots up. This protection method is similar to the BIOS password protection found on WinTel computers. mSec has already issued an advisory on how to reset the FW password by physical means. FWSucker on the other hand can be used to displays the existing Firmware password on a computer that is already running. http://www.msec.net/software/index.html#fwsucker
05.25.01 - OpenFirmware Password Vulnerability Marukka's advisory on password vulnerabilities in the recent OpenFirmware update, which included a new security feature allowing a user to password protect the boot up process and OpenFirmware itself. http://www.msec.net/advisories/of_pwd_bypass.html
05.01.01 - Website Redesign Completed In preparation for several new upcoming releases, ParallaX and redwave have been busy throwing together some actual working links. Please forward feedback to support@msec.net.
04.28.01 - DiskOffGuard Released ProZaq releases DiskOffGuard, an application that displays the password that is set by the security application DiskGuard 1.9. http://www.msec.net/software/index.html#diskoffguard
04.28.01 - Single-User Patch Released Disables the ability to boot into single-user mode under Mac OS X. http://www.msec.net/software/index.html#singleuserpatch
04.23.01 - Malevolence OSXploit Released Allows a user to dump a unshadowed version of the /etc/passwd file regardless of any set privileges. http://www.msec.net/software/index.html#malevolence
Archived News...

Copyright © 1998-2003 mSec
About	Advisories	Contact	Links	Software