Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Extracting signatures from Apple .apps

Published: 2013-05-16
Last Updated: 2013-05-16 21:51:14 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)


As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected.

To verify and extract signatures and certificates on an Apple .app, you can do (example Mail.app)

codesign -dvvvv --extract-certificates  /Applications/Mail.app

This will save the certificates in DER format, named codesign0, codesign1, etc. These can then be displayed as usual with OpenSSL

openssl x509 -inform DER -in codesign0 -text

 

Keywords: malware signature
0 comment(s)

Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

Published: 2013-05-16
Last Updated: 2013-05-16 11:06:27 UTC
by Joel Esler (Version: 2)
1 comment(s)

Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130515-mse

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Keywords:
1 comment(s)
ISC StormCast for Thursday, May 16th 2013 http://isc.sans.edu/podcastdetail.html?id=3311
Diary Archives