An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 2 of 12 1 2 3 4 11 12
Re: THE CYBER-SECURITY THREAD
kiwichris #9054 03/26/10 11:02 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
My 3 cents worth ...

Back in the MFIF days when this policy was initiated (for exactly the reasons given by alternaut) it yielded the additional benefit that tons/tonnes of articles originating from other sources would no longer have to be stored on MFIF's (and now FTM's) server.
Moreover, nothing disappears from the InterWeb. Even if TVNZ doesn't leave such pages up, usually Googling it will bring up a cached version (ie, Google saves everything — I was even able to dredge up a disgruntled employee's diatribe against a former employer which had been removed by management on kijiji months earlier because it was defamatory).

Re: THE CYBER-SECURITY THREAD
grelber #9058 03/27/10 03:51 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: grelber
My 3 cents worth ...


Moreover, nothing disappears from the InterWeb.


I was not aware of that, thanks.

Re: THE CYBER-SECURITY THREAD
kiwichris #9059 03/27/10 06:58 AM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Originally Posted By: kiwichris
Originally Posted By: grelber
Moreover, nothing disappears from the InterWeb.


I was not aware of that, thanks.

http://en.wikipedia.org/wiki/Wayback_Machine
http://www.archive.org/web/web.php

Re: THE CYBER-SECURITY THREAD
kiwichris #9062 03/27/10 03:47 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
good article, full of interesting details and yet not too geeky for most to read


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
Virtual1 #9079 03/29/10 07:36 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Apple Mac OS X - 10.6.3
Snow Leopard operating system.

Apple Security Update - 2010-002

For Leopard Mac OS X 10.5.

Both OS versions share the same security page: http://support.apple.com/kb/HT4077

HELLO...
11 instances of the string “working with TippingPoint's Zero Day Initiative” appears in that kbdoc!!!!!!!!!!!11

Last edited by Hal Itosis; 03/30/10 05:20 AM.
Re: THE CYBER-SECURITY THREAD
Hal Itosis #9106 03/31/10 10:55 AM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Originally Posted By: Hal Itosis
11 instances of the string “working with TippingPoint's Zero Day Initiative” appears in that kbdoc!!!!!!!!!!!11

Yesterday brought 10 more ZDI-assisted fixes (among others) in QuickTime 7.6.6.

So then... 21 total would seem to cover the 20 mentioned by Miller (hopefully).

Re: THE CYBER-SECURITY THREAD
Hal Itosis #9108 03/31/10 05:14 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I'm all for encouraging "responsible disclosure", as long as the fixes are timely. It's when someone "responsibly discloses" a bug to the manufacturer, and half a year later it's still not fixed, and so the guy goes public, causing hysteria, and the manufacturer snipes back in a public response, crying about his lack of "responsible disclosure". You lose the right to cry Use Public Disclosure when you drag your feet on it.

When someone fixes things quickly in response, that's how things should work.


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
Hal Itosis #9493 04/15/10 01:35 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Originally Posted By: Hal Itosis
Originally Posted By: Hal Itosis
11 instances of the string “working with TippingPoint's Zero Day Initiative” appears in that kbdoc!!!!!!!!!!!11

Yesterday brought 10 more ZDI-assisted fixes (among others) in QuickTime 7.6.6.

So then... 21 total would seem to cover the 20 mentioned by Miller (hopefully).

Yesterday's Security Update 2010-003 mentions Charlie Miller by name (along with "TippingPoint's Zero Day Initiative"), bringing the count to 22 tweaks apparently related to that particular event.



Re: THE CYBER-SECURITY THREAD
Hal Itosis #9633 04/22/10 07:46 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
One thing on which I've never been clear... Are all the security holes on which these exploits are based present in non-current versions of OS X/Safari/QuickTime/etc, or do they exploit newly introduced holes?

Thanks.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
artie505 #9637 04/22/10 05:10 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Originally Posted By: artie505
One thing on which I've never been clear... Are all the security holes on which these exploits are based present in non-current versions of OS X/Safari/QuickTime/etc, or do they exploit newly introduced holes?

Pretty much mostly the former.


--

In other news (file under irony): Thousands believed affected by faulty McAfee virus update

Last edited by Hal Itosis; 04/22/10 05:15 PM.
Re: THE CYBER-SECURITY THREAD
Hal Itosis #9661 04/24/10 08:04 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: Hal Itosis
Originally Posted By: artie505
One thing on which I've never been clear... Are all the security holes on which these exploits are based present in non-current versions of OS X/Safari/QuickTime/etc, or do they exploit newly introduced holes?

Pretty much mostly the former.

That's interesting, because:
  1. I've always assumed that these exploits are discovered by people scrutinizing new incarnations of OS X and apps, and
  2. It suggests that at least some of the exploits address security holes that have been around (perhaps waaay) longer than I'd thought.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
Hal Itosis #9662 04/24/10 08:15 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
(Responding to this post merely as a matter of convenience.)

Edit: Oops! I was thinking of Panther's 10.3.9.

Sorry!

Last edited by artie505; 04/24/10 08:17 AM. Reason: Delete incorrect post

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
artie505 #9669 04/24/10 05:52 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Pretty much all of these "we're going to expose security holes in public next week" things do involve new "zero day" bugs. No one pays them any attention if they aren't demonstrated on fully patched, up-to-date systems.

Almost all of the holes I've seen lately involve a standard user logging in and running a program or visiting a web site, and as a result, getting a root shell on the machine (local program) or leaking information. (browser) While these aren't good things, they're much more benign than remote exploits, the things that make for worms.

The majority of the web browser issues are via java or adobe plugins. Too bad safari doesn't properly sandbox those things... they're notorious for giving safari a bad rep for security. (tho quicktime certainly has its fair share... QT itself should also be sandboxed imho)

Also, most of them are of the "denial of service" variety, meaning they cause something to crash. In all but a few cases, these crashes are difficult to exploit to get something useful like a root shell.


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
artie505 #9670 04/24/10 06:13 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Originally Posted By: artie505
That's interesting, because:
  1. I've always assumed that these exploits are discovered by people scrutinizing new incarnations of OS X and apps, and
  2. It suggests that at least some of the exploits address security holes that have been around (perhaps waaay) longer than I'd thought.
  1. wrong
  2. right

__


In other news: Cryptographer (and OS security expert) Callas joins Apple

Last edited by Hal Itosis; 04/24/10 06:18 PM.
Re: THE CYBER-SECURITY THREAD
Virtual1 #9676 04/25/10 06:02 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: Hal Itosis
Originally Posted By: artie505
That's interesting, because:
  1. I've always assumed that these exploits are discovered by people scrutinizing new incarnations of OS X and apps, and
  2. It suggests that at least some of the exploits address security holes that have been around (perhaps waaay) longer than I'd thought.
  1. wrong
  2. right

Do Hal's "wrong" and "right" contradict your "Pretty much all of these "we're going to expose security holes in public next week" things do involve new "zero day" bugs. No one pays them any attention if they aren't demonstrated on fully patched, up-to-date systems?"


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
Hal Itosis #9897 05/14/10 01:30 AM
Joined: Sep 2009
OP Offline

Joined: Sep 2009

Re: THE CYBER-SECURITY THREAD
Hal Itosis #10357 06/03/10 03:16 AM
Joined: Sep 2009
OP Offline

Joined: Sep 2009

Re: THE CYBER-SECURITY THREAD
Hal Itosis #10366 06/03/10 12:47 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Hal Itosis

In this context, various posts in MacInTouch's Security Reader Report are relevant. Among others, I found Gregory Tetrault's comments especially interesting, suggesting that—apart from the clear threat potential of this 'bundled spyware' route—Intego press releases can be seen as something of a hype by an interested party.

Note in this context that Intego retracted an initially published list of 'compromised' software after stating there were multiple instances of this issue when in fact they had found only one. This list has now been published in the recently edited MacUser article you linked to (the list did not appear in the original version of the article, only a link to the Intego press release containing it, the one that was later retracted by Intego). Moreover, if Tetraults observations are correct, the installation of spyware items 'bundled' with the listed packages can easily be avoided.

The reader report also contains posts discussing diagnosis (e.g., searching a suspected volume for 'PremierOpinion'), repair and possible prevention (Little Snitch port monitoring, taking care while installing the 'carrier' software).


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #10367 06/03/10 02:17 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Originally Posted By: alternaut
Among others, I found Gregory Tetrault's comments especially interesting, suggesting that—apart from the clear threat potential of this 'bundled spyware' route—Intego press releases can be seen as something of a hype by an interested party.

Well i agree there... i'm no fan of Intego, i don't use it and i don't recommend that anyone else use it. (ClamXav is more my speed).

Nonetheless, i still find this particular screensaver/trojan rather suspicious (especially in the admin password request department).

Here is Intego's update posted yesterday:
Originally Posted By: Intego
Intego has been monitoring the actions of the different versions it has found of this spyware. It has discovered that, after a certain time, the spyware makes an “upgrade” and installs another application, which is another variant of the same spyware, called PermissionResearch. (It is also possible that further versions of this spyware will upgrade themselves to other variants.) Intego has updated its threat filters today (June 2, 2010) to improve proactive detection of this type of spyware. We strongly recommend that all VirusBarrier X5 and X6 users update their threat filters as soon as possible.


And also: some place called Hardmac has posted the "terms of agreement" between the user and some company called VoiceFive.

idunno... perhaps they don't harvest credit card numbers, but it still smells rotten somehow.

Albeit, very sugar-coated: http://7art-screensavers.com/Mac_OS_X.shtml   (vomit)

Last edited by Hal Itosis; 06/03/10 04:16 PM.
Re: THE CYBER-SECURITY THREAD
Hal Itosis #10373 06/03/10 04:46 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
I absolutely agree about the less than user-friendly approach of the spyware distributor, aided and abetted by the original software publisher (7Art). Anyone used to simply hit Return during the installation of ‘regular’ software stands a good chance of installing ‘bonus’ material of the spyware kind. Requiring an admin password for software that doesn’t need it (i.e., the screen saver, not the spyware) is bad manners and a clear sign of potential danger to the educated user.

Unfortunately, not everyone is sufficiently alert all of the time, so inadvertent installs will increase with this setup. Since the software involved seems to be exclusively freeware, at least you’re not paying for the VoiceFive privilege. Still, the main reason to mention Tetrault’s experience was to point out that it’s apparently possible to install the main software of a 7Art package while avoiding that of bonus material like this spyware.

Of course, the main importance of this issue in this tabnabbing week is the addition/improvement of yet another route for distributing malware, and in that sense Intego’s alert is appreciated.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #10474 06/10/10 10:46 AM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Think i'll post this news here instead, because (so far) the real culprit seems to be AT&T:

AT&T's Worst Security Breach: 114,000 iPad Owners Exposed

Originally Posted By: Talking Points Memo
Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application. The security researchers were able to guess a large swath of ICC IDs by looking at known iPad 3G ICC IDs, some of which are shown in pictures posted by gadget enthusiasts to Flickr and other internet sites, and which can also be obtained through friendly associates who own iPads and are willing to share their information, available within the iPad "Settings" application.

To make AT&T's servers respond, the security group merely had to send an iPad-style "User agent" header in their Web request. Such header identify users' browser types to websites.

The group wrote a PHP script to automate the harvesting of data. Since a member of the group tells us the script was shared with third-parties prior to AT&T closing the security hole, it's not known exactly whose hands the exploit fell into and what those people did with the names they obtained. A member tells us it's likely many accounts beyond the 114,000 have been compromised.

Goatse Security notified AT&T of the breach and the security hole was closed.

Of course —as i googled earlier —most of the hyped-up headlines are worded in such a way (to attract more hits i guess) which sound as if the iPad itself was responsible.

Re: THE CYBER-SECURITY THREAD
Hal Itosis #10484 06/10/10 08:34 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
AT&T has always had problems like this. Back before the iPhone allowed MMS, when someone tried to text me a picture, I would get a text with an AT&T Web site address instead. By going to the address, I would see the picture.

The AT&T Web site that allowed me to see the MMS pictures had the exact same security flaw. I could manipulate the address bar to see pictures that other people were getting in MMS messages, too! It was trivial to do so--and in fact I discovered it because of a bug in the AT&T system that would only let me see the full-sized picture that had been texted to me if I messed with the address in the address bar.

I never bothered to report it because shortly after I discovered it, AT&T enabled MMS on the iPhone and did away with the need to go to their Web site to see an MMS picture. But it worked *exactly* the same way as the bug that exposed iPad information, so I bet the same Web developer was responsible.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
tacit #10565 06/16/10 11:54 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009

Last edited by Hal Itosis; 06/17/10 12:01 AM.
Re: THE CYBER-SECURITY THREAD
Hal Itosis #12617 11/01/10 06:25 AM
Joined: Sep 2009
OP Offline

Joined: Sep 2009
Ho-hum... may as well toss this one into the mix for good measure:

Initial analysis of trojan.osx.boonana.a

[i've always made sure Java was disabled in Safari anyway, so] what can i say?

Re: THE CYBER-SECURITY THREAD
Hal Itosis #12863 11/23/10 12:19 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009

Page 2 of 12 1 2 3 4 11 12

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.055s Queries: 65 (0.044s) Memory: 0.7215 MB (Peak: 0.9044 MB) Data Comp: Zlib Server Time: 2024-03-28 20:38:48 UTC
Valid HTML 5 and Valid CSS