Oh Catalina!

 In ITC's Threat of the Week

Over the last few weeks, a number of people have called us up about issues with Apple macOS Catalina, the newest, shiniest operating system from The Sacred Orchard.

It started with reports that DJ (and other music) software like Serato, Traktor and the like refused to party with the new operating system causing DJs professional, bedroom and everything in between to panic.

The issue it seems is because Apple killed iTunes and also really haven’t done a great job on regression testing.

The next whiff of trouble was Twitter login passwords with any of the letters B,L,M,R,T in them. The issue, as the article points out, is an issue in a software module which legitimately intercepts and checks for shortcuts. In Catalina, it appears that the module then fails to pass on these characters to the application above.

Clearly this should have been spotted in testing, but as we have been saying for some time, current development pace, technique and execution (scrum masters and the like) is a perfect storm in which The Good Ship Quality can be seriously compromised.

As we all know, the world+dog rely on the availability of systems and applications, imagine what POTUS would do if this affected him? Of course availability is a basic tenet of security (along with Confidentiality and Integrity).

Since security updates for previous versions of an Operating System are continued for some time, unless you really need a feature of the new shiniest version, we would leave it a while, maybe three months or so or run the risk of having to downgrade your machine and have a lot of issues and associated stress.

Apple has not yet (at the time of writing) given any timescales for a patch, which is grim. Of course you can cut and paste the password in from any other application as a workaround.

You can be as certain as a certain thing that if this slipped through QA testing, there will be security incidents on the horizon. Let’s be careful out there.

We all know that the news is not necessarily to be trusted, so anyone in India should not be too worried about the news doing the rounds that an Indian Nuclear Power station had its ‘mission-critical systems’ compromised. Turns out that control systems were not disrupted (phew), just access to a lowly domain controller, presumably with full Active Directory access (cancel the phew!).

Apparently this has been known for some time, presumably a lot longer and a lot less hot than if the systems were compromised.

Attacks against Critical National Infrastructure (CNI) are on the rise for fraud and also certainly nation state surveillance and capability checking. Good job then that the UK has a coherent National Security Strategy, it is well documented and thorough. Is it enough? Time will presumably tell.

On the subject of potential foreign interference, a very interesting report has come out from FireEye’s research arm Mandiant. They appear to have uncovered that the Chinese APT group APT41 (great name) has developed a very devious piece of malware called MESSAGETAP, which is purpose built to spy on mobile devices. The details are fantastic and we would urge you to click through the link and prepare to drop you jaw.

This week, ITC’s splendid SOC team have noticed a very significant increase of traffic from TOR exit nodes scanning external facing web servers. It could well be the very same individuals discussed above. This hasn’t been well reported in the security press, do have a look at the Threat Horizon. As the report says, if you are an ITC managed services customer, we are all over it and we will alert and react appropriately.

If you are or, for that matter, are not yet an ITC Secure customer and would like to discuss the details of anything in this blog. Please contact us at: [email protected] or call 020 7517 3900.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900