Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
I haven't seen this malware yet. It's interesting that it uses a bogus certificate named "Apple Inc"--that's a nice trick that will likely fool a lot of people.
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
This may be slightly off-topic, but Viewpoint: How hackers are caught out by law enforcers is an interesting read. It never explains "onion routing", however. Tacit? Anyone?
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
I thought tacit had discussed this somewhere along the line, but a search of the forums couldn't bring it up. Check out: www.onion-router.net/
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Thank you. I should have googled that myself.
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: THE CYBER-SECURITY THREAD
|
|
Joined: Aug 2009
|
support tor. run an exit node.
I work for the Department of Redundancy Department
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
I'm unconvinced that Tor is really as secure as it thinks it is. For one thing, all that a hostile government or law enforcement agency would need to do to eavesdrop on it is to run a large number of entry and exit nodes themselves.
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
Despite the obvious interest of anti-virus utility makers in publishing it, this may be worth to keep an eye out for: Malware infects Macs through Microsoft Office vulnerability.
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
More 'old' news: Mac Trojan Flashback is at it again with a new variant, no longer needing an admin password. Plus, some anti-malware utility makers' opinions on Mac vulnerability.
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Just what do these trojans do? I can't find any info in the related articles as to what might happen if it infects my Mac — ie, what sort of havoc does it wreak? Will the Java update remove or render inoperable anything which might have been installed? And if not, what to do? (After 15 minutes I'm still unable to access Oracle's release notes.)
EDIT: Finally got the release notes which had no user-friendly information whatsoever.
Last edited by grelber; 04/04/12 09:56 AM. Reason: New info
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Flashback malware evolves to exploit unpatched Java vulnerabilities provides some insight into what the trojan in question does. When these programs are then launched, the malicious code attempts to contact remote servers and upload screenshots and other personal information to them.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Thanks. But am I safe? And how might I find that out? The article you cite (dated 2 days ago) has contradictory statements, one on top of the other: "... in most cases Mac users should be relatively safe. Starting with OS X 10.7 Lion, Apple stopped including a Java runtime with OS X, so if you have purchased a new system with OS X 10.7.0 or later, or have formatted and reinstalled Lion, then you will, by default, not be affected by this malware. "However, if you do have Java installed on your system, then for now the only way to prevent this malware from running is to disable Java."
According to my iMac, it came from Apple with both 64-bit and 32-bit versions installed: Java SE 6 v 1.6.0_29-b11-402.
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Those statements aren't contradictory; " if you do have Java installed" refers to versions of OS X earlier than 10.7 and to those users who've elected to install Java in 10.7 on their own. (That article has been cleaned up; the first time I looked at it it said that Apple had dropped Java in Snow Leopard as well as in Lion.) I wonder why your iMac has got both Lion and Java? > But am I safe? And how might I find that out?Here's a pretty much useless description of what the trojan does: First it will ask for an administrator password, and if supplied it will install its payload into target programs within the /Applications folder. However, if no password is supplied, then the malware will still install to the user accounts where it will run in a more global manner. If you've installed the update and haven't been doing any questionable browsing lately, you're probably safe. I hope somebody will be able to expand on that.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Those statements aren't contradictory; I wonder why your iMac has got both Lion and Java? That's why (I consider that) they're contradictory. I hope somebody will be able to expand on that. So do I. EDIT: For what it's worth, my Java SE 6 is now updated to v 1.6.0_31-b04-413. But/And I'd still like answers to earlier queries.
Last edited by grelber; 04/04/12 01:25 PM. Reason: Java updated
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 5
Moderator
|
Moderator
Joined: Aug 2009
Likes: 5 |
I would hazard a guess that somewhere early on when you were trying out some website such as http://www.speedtest.net (which runs a Java Applet to get its' result) you were prompted to install Java from the Apple support download page and simply forgot that you did that..... In my case, that's exactly what I did.....and then there are those pesky Java utilities that companies as DLink embed in their control pages for IP cameras and such. I discovered that 10.7.3 actually disabled the Java runtime that I had installed earlier and I had to go find the intermediate update which resolved the security issues at that time -- and now the latest version is the one that we both have installed, 1.6.0_31-b04-413. That version specifically addresses the risk presented by the Trojan described in the article above. (CVE-2012-0507) (Edited to add the specific CVE addressed)
Last edited by MacManiac; 04/04/12 04:54 PM.
Freedom is never free....thank a Service member today.
|
|
Re: THE CYBER-SECURITY THREAD
|
|
Joined: Aug 2009
|
Re the latest Java Trojan: I'm a bit surprised that some enterprising chap or chapette has not yet created a (free) app/script or whatever that ascertains if one is infected, and if so, removes the offending code.
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
I would hazard a guess that somewhere early on when you were trying out some website such as http://www.speedtest.net (which runs a Java Applet to get its' result) you were prompted to install Java from the Apple support download page and simply forgot that you did that.... It's possible, but if so, I've long since forgotten that I did. I discovered that 10.7.3 actually disabled the Java runtime that I had installed earlier .... When I checked my Java Preferences - General earlier I did notice that the the applet plug-in had been disabled. Whether that was a saving grace, I don't know. The Java Applet Plug-in 14.0.3 is still enabled in my browser (Firefox 11.0). But it would still be nice to know if there's something lurking in some program somewhere.
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 5
Moderator
|
Moderator
Joined: Aug 2009
Likes: 5 |
It's a computer with all the flaws (and benefits) of being made by humans.....of course there's something lurking in some program somewhere!
...and there are folks out there right now searching for just the right "something lurking" in order to find an exploit for same.
...and I personally still have no concerns for the security of my Mac OS and installed software as things currently stand.
Freedom is never free....thank a Service member today.
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
Re the latest Java Trojan: I'm a bit surprised that some enterprising chap or chapette has not yet created a (free) app/script or whatever that ascertains if one is infected, and if so, removes the offending code. Those who cannot update Java with the latest patched versions because they are running Mac OS X versions earlier than Snow Leopard, can do the following before browsing the Web: - disable Java in your browser (e.g., Safari>Prefs>Security>Enable Java; Firefox, Chrome) - disable Java on your Mac (use Java Preferences in Utilities to uncheck the boxes in the first column) Caveat: this may make Firefox 11.0 quit incorrectly (see Raj Gurdwara's comment). Note that you can temporarily re-enable Java on known sites, or for known apps whenever you need it. Testing for the presence of and removing Trojan-Downloader:OSX/Flashback.I * can be done with Terminal, following the instructions provided by F-Secure. That said, I don't know if these instructions are valid for all current Flashback variants out there (but see below). *) PS, the (similar) detection/removal instructions for the more recent Downloader:OSX/Flashback.K variant are found HERE. This is the variant that doesn't require an admin password to install. For other variants, see this list. PS2, the following list with definitions of threat categories may come in handy for those of us who are losing track of the mushrooming details.
Last edited by alternaut; 04/05/12 08:23 PM. Reason: updated info & links
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
Testing for the presence of and removing Trojan-Downloader:OSX/Flashback.I * can be done with Terminal, following the instructions provided by F-Secure. That said, I don't know if these instructions are valid for all current Flashback variants out there (but see below).
*) PS, the (similar) detection/removal instructions for the more recent Downloader:OSX/Flashback.K variant are found HERE. This is the variant that doesn't require an admin password to install. The F-Secure protocol for identification and disinfection seems to be valid only for Safari. I'm way too unsophisticated to make the necessary changes to see if my iMac might be infected via Firefox. Any other suggestions?
|
|
|
|