Mail security in iOS

Yesterday we wrote about securing your mail client in OS X against automatically displaying remote content. But what about iOS?

Apple included the same feature in their mobile mail clients as well.

Under Settings, "Mail, Contacts, Calendars" and in the "mail" grouping, you will find the toggle for "Load Remote Images". Simply untoggle that switch to prevent the mail client from automatically displaying remote images.


Once this setting has been disabled, you will see the notice below when a message with remote images arrives:


Simply click the "Load All Images" link to view the images.

Work on Minotaur continues

The Minotaur Analysis Framework has been brought back online after around two whole years of downtime. The new code is a complete re-write and has been brought online on its new dedicated home. It is still very much a work-in-progress right now, but you can view the current site at

The Minotaur Analysis Framework is a system for collecting and analyzing malware, as well as an active environment with tools for researchers to work with. We hope to build it in to a community and a hub of malware research activity.

Mail security in OS X Yosemite

So you are using OS X Yosemite's built-in and you notice you are getting more spam than usual. Or you've noticed that images are being loaded in all email messages by default, instead of what you've seen with Outlook at work, where corporate policy disables displaying images in emails from unknown sources.

The two scenarios are related. There are very real reasons that policies disable the automatic display of images in incoming email. One-pixel, tiny tracking images are common in spam to alert the sender that the message was received, and that your email address is valid and is being read by a user. This means your email address is actually worth more when resold to other spammers, as there is a high(er) chance the spam will be read.

Any image can be used for this purpose. Images can also be used to exploit rendering bugs, or lend un-due credence to a fake corporate memo in a phishing campaign when the content itself would otherwise be a dead giveaway.

At any rate, you can mitigate this issue be opening your preferences in and going to the "Viewing tab and unchecking the "Load remote content in messages" option, as indicated below:


Go, do that right now. When an email arrives that uses remote images, you will now see the following bar above the email:


Sure, incoming email is a little uglier and it takes one more click, but you've given the spammers one less avenue of success, and one less reason to bother you.

AV-Comparatives releases Mac AV Report 2014

Here at NovCon we use macs a lot, and we cringe when we hear people say they aren’t vulnerable to malware or viruses. If you follow infosec news, you will have noticed that malware for OS X is a growing trend. In fact, there have even been ports of windows-based malware to the mac (

So what do you need and which product is right for you? AV Comparatives have released their latest report comparing several free and commercial antivirus products and it is well worth the read.

Fewer Doors and Windows


There are many analogies used in describing network defense. In this case, imagine that a large network is your house but in a less-than-stellar community. Before you go to bed, you have to check all the doors and windows and make sure the house is locked up and ready for the night. The larger the network or house, the more doors and windows there are, until the point that there are so many that by the time you get to the last few doors and windows, you can't remember if you checked the first, or what there status was.

How many windows were there? Did you remember them all? What if you forgot one? Some of the windows had better locks than others. Which ones were the weakest? will you remember to reinforce them later? Or replace them with better/newer locks?

The house analogy only goes so far because of the reality of the enormous complexity of even a small to mid-size network. Each door or window may have dozens of different "locks" (security controls) but it may be that only one needs to be defeated to open the window and gain access to the house.

Unlike most houses, most networks are in a constant state of fluctuation. HR needs a new web application installed and accessible to employees for timecards and payroll. The helpdesk needs a new ticketing solution available to customers. In most cases the old solutions are left online as well, during the transitions. Many times, those old systems are left online, abandoned, forgotten during the migration. Forgotten systems go unpatched and create greater vulnerability.

It is such an obvious point that it goes forgotten too often in day-to-day network operations, upgrades and re-engineering: the fewer entryways there are into the network, the harder it will be to gain access in the first place.

Obviously, this should be used in conjunction with zero-trust models, not a replacement, but removing access to unnecessary services enhances security posture in a number of ways:

  • Less exposure on the outside
    • sheer numbers
    • different vendors/different vulnerabilities
  • Less to maintain/patch/scan/test
  • Maybe even less hardware

Action List

  • Scan your external and internal address space for open services
  • Review whether each service is absolutely necessary with a valid business use case
  • Remove or block access to all other services
  • If a service does not need to be accessible to the entire public internet, add ACL controls to block access to all but known address space that users will originate from