Archives for Category : Security

I just received a bogus Apple App Store order confirmation email containing an Order Status link that points to (a presumably compromised) guitar store web site. I can only assume that clicking on the link will take me to a faked form where the low-life scammer will try to steal credit card or other information. Here is what the message looked like:

This is a fake! When I hover the mouse cursor over the Order Status link for a few seconds I see that it points to a web site named best-guitar.net rather than Apple, which is a pretty big hint that’s it’s not legitimate. I’ve never received a notification from Apple’s App Store that looks like this so that raised alarm bells as well.

Be aware that this and similar scams are making the rounds.

Apple has released a bug fix update to the iPhone OS, version 3.0.1, that fixes a very critical security issue which could allow someone to compromise the device by sending a carefully crafted SMS text message. Plug your iPhone into the Mac or PC you normally sync with, select the iPhone in the devices section of iTunes, then perform an update using the appropriate button on the Summary tab.

NOTE: This does not impact iPod touch users since those devices do not support SMS texting.

Intego, the makers of the VirusBarrier anti-virus software for the Mac, has issued a security warning that the supposed anti-virus software MacGuard is in reality itself malicious software:

• INTEGO SECURITY MEMO – October 17, 2008
• Macworld: Intego warns against MacGuard malware
• MacGuard knows malware because it is malware

Created by the same company that makes a Windows™ package called Winiguard:

which is both a scam that attempts to sell useless software and a dangerous rouge tool that “hijacks the user’s desktop and typically displays exaggerated or false claims of spyware found to frighten the user into paying for the program,”

Regarding MacGuard:

The software may be dangerous to Mac OS X, and there is a risk that the company “selling” this software may be scamming users and some sources suggest that they may be using the credit card numbers they harvest for nefarious purposes.

Now available via Software Update in the Apple menu or via direct download from Apple’s download site, Security Update 2007-009 is a very significant update for Mac OS X 10.4 and 10.5 covering many aspects of the OS including Mail, AddressBook, printing and much more.

• About Security Update 2007-009
• Security Update 2007-009 (10.4.11 Universal)
• Security Update 2007-009 (10.4.11 PPC)
• Security Update 2007-009 (10.5.1)

Apple has released three updates, all available via Software Update in the Apple menu:

• Java for Mac OS X, Release 5 v5.0
• Security Update 2007-002 v1.0
• Daylight Saving Time Update v1.0

The Security update addresses a handful of issues from the recent “Month of Apple Bugs” and the Daylight Saving Time update corrects the built-in adjustment rules for the changes introduced by the government for this year.