We’ve got the latest on some mysterious mac malware that’s been lurking for years, a handy new tool to help you monitor, backup and generally work with your DNS infrastructure & possibly more problems for Symantec, the certificate authority who just can’t seem to get things right.

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:


Show Notes:

How I tricked Symantec with a Fake Private Key

  • If true, not very good.

  • The Baseline Requirements – a set of rules that browsers and certificate authorities agreed upon – regulate this and say that in such a case a certificate authority shall revoke the key within 24 hours (Section in the current Baseline Requirements 1.4.8).

  • I registered two test domains at a provider that would allow me to hide my identity and not show up in the whois information. I then ordered test certificates from Symantec (via their brand RapidSSL) and Comodo.

  • Comodo didn’t fall for it. They answered me that there is something wrong with this key. Symantec however answered me that they revoked all certificates – including the one with the fake private key

Alert, backup, whatever on DNS NOTIFY with nsnotifyd

  • Fair warning: blog post is from 2015, but with Let’s Encrypt all around us, I think this is relevant now.

  • “Tony Finch has created a gem of a utility called nsnotifyd. It’s a teeny-tiny DNS “server” which sits around and listens for DNS NOTIFY messages which are sent by authority servers when they instruct their slaves that the zone has been updated and they should re-transfer (AXFR / IXFR) them. As soon as nsnotifyd receives a NOTIFY, it executes a shell script you provide.

  • offical repo

  • nsnotifyd on GitHub

  • man 1 nsnotifyd

  • man 1 nsnotify

  • man 4 metazone

New details emerge on Fruitfly, highly-invasive Mac malware

  • Mysterious Mac Malware Has Infected Victims for Years

  • The recently discovered Fruitfly malware is a stealthy, but highly-invasive, malware for Macs that went undetected for years. The controller of the malware has the capability to remotely take complete control of an infected computer — files, webcam, screen, keyboard and mouse.

  • Apple released security patches for Fruitfly earlier this year, but variants of the malware have since emerged. The core of the malware is an obfuscated perl script using antiquated code, with indicators in the code that suggest the malware may go back almost half a decade or more, the security firm said.

  • Wardle said based on the target victims, the malware is less likely run by a nation state attacker, and more likely operated by a single hacker “with the goal to spy on people for perverse reasons.” He wouldn’t say how many were affected by the malware, but suggested it wasn’t widespread like other forms of malware.


Round Up:

Question? Comments? Contact us here!