I recently discovered an absolutely atrocious article on Mac ransomware, thanks to a friend who forwarded the link to me. The article, found on the MacUpdate blog, is a minefield of glorious wrongness and fear-mongering.
Continue reading Fear-mongering about Mac ransomwareHow I became a Mac security researcher
Over the years, I’ve been attacked and criticized many times over my views on security. At times, it’s been completely justified, while other times, it stems from not knowing the things that I know.
Thus, spurred on by events that are ultimately unimportant, for the first time publicly, I’ve decided to tell the entire story of how I got into security, how I ended up at an antivirus company, and how and why my views have changed. This is the story of someone who went from a rabid “Macs don’t get viruses” fanboy to a professional malware researcher, and why exactly such a strange turn of events occurred. With a smattering of stories about the history of Mac malware thrown in. 🙂
Continue reading How I became a Mac security researcherOdd recursive symlink bug in Catalina
I’ve been tracking a strange issue on macOS 10.15.1 since yesterday. Two people were having a problem installing Malwarebytes, and an error like the following was found in the install.log on both systems:
2019-11-01 13:14:19-06 some-imac Installer[606]: install:didFailWithError:Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory" UserInfo={NSFilePath=/private/tmp/PKInstallSandbox.XXXXXX}
While investigating, both I and a Malwarebytes support engineer both independently found the same thing on these two systems: the /private/tmp
folder had been replaced with a recursive symlink, pointing back to itself. And, worse, that symlink was marked with a restricted
flag, meaning that it was protected against being modified by System Integrity Protection. 😱
Notarization of AppleScript applets
As Catalina’s release date approaches, I find myself faced with a dilemma that many others are facing. At Malwarebytes, we have a number of AppleScript applets that we can provide to customers, for troubleshooting, gathering logs, incident response, etc. Come Catalina, those customers will be unable to run these scripts without special instructions… unless we notarize them.
Continue reading Notarization of AppleScript appletsWelcome!
Welcome to the White Hat Mac website! My name is Thomas Reed, and this is my personal security-related website. There’s not a lot here yet, but it will eventually be a repository of open code and knowledge, meant to be shared freely.
Enjoy! (Once there’s more content, anyway… 😄)