An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 11 of 12 1 2 9 10 11 12
Re: THE CYBER-SECURITY THREAD
artie505 #28619 04/11/14 10:06 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: artie505
Heartbleed's been an open sore for more than two years, already, and there doesn't appear to be any indication that it's been exploited.

Hmmmm. And I was thinking that, if they had been collecting information for the past couple of years, it might come in handy. I could contact the bug designers and ask for some of the passwords I've forgot. wink


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: THE CYBER-SECURITY THREAD
artie505 #28620 04/11/14 02:46 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: artie505
... and there doesn't appear to be any indication that it's been exploited.

At least not on a large scale, it seems. I'd like to point out, however, that there is a continuous and sizeable 'background' of internet hacking/theft going on. While much of that can be attributed to one or the other exploit, it doesn't cover everything else, including Heartbleed. After all, any smoking gun would have to unequivocally link abuse of stolen data with Heartbleed. Unfortunately, that's only indirectly possible (i.e., after abuse pattern analysis), because when used the exploit leaves no traces on affected servers (except, possibly, in custom transaction logs). And, as you suggested, there's not much of a pattern yet.
On the other hand, if someone had indeed stumbled on this flaw and exploited it*, it's not unreasonable to assume that it probably wouldn't have remained a secret for long.

That said, I'd like to remind you that the flaw can be used to access already recorded data, as this is not affected by any post-hoc patches applied to the relevant servers. Note that this data may have been recorded in the window between the flaw's recent revelation and its patching, and that window may still be open on servers you have dealt with. This explains the now frequently heard advice to check your financial transactions carefully for unauthorized activity.


*) Despite a comment in an earlier post I didn't mention the possibility here that the NSA knew and kept mum about Heartbleed to be able to exploit the flaw, because I figured that would be beyond the pale even for that organization. It seems I was doubly wrong, and that now appears to have been the case, although it's been denied by the White House. If you needed proof that the current policies of US intelligence agencies may cause more damage than they prevent, this could be it.

Last edited by alternaut; 04/11/14 11:39 PM. Reason: Added breaking news

alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #28624 04/12/14 12:13 AM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
More selected notes:

- Heartbleed Bug: What Can You Do?
- Urgent: The Heartbleed Hit List: The Passwords You Need to Change Right Now
- Observations and commentary: Schneier on Security - Heartbleed
- Possible proof of use of the heartbleed vulnerability before Monday's disclosure: Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #28625 04/12/14 06:49 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: alternaut
That said, I'd like to remind you that the flaw can be used to access already recorded data, as this is not affected by any post-hoc patches applied to the relevant servers. Note that this data may have been recorded in the window between the flaw's recent revelation and its patching, and that window may still be open on servers you have dealt with. This explains the now frequently heard advice to check your financial transactions carefully for unauthorized activity.

I'll guess that already recorded data that has not yet been used is not in the hands of outwardly malicious persons, because those guys deal in current info rather than stockpile it and have it go bad.

Data gathered in your "window" (my "springboard" period), though, might (will likely?) result in a flurry of activity before users have secured their situations. (Happily, your linked Mashable doc reports that all the financial Websites I use are unaffected.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
alternaut #28629 04/12/14 07:52 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
The interesting thing about OpenSSL is that it's used to secure a huge percentage of the world's ecommerce sites, including some of the biggest powerhouses of the New Economy, yet all 400,000-plus lines of code are maintained by only 4 open source programmers who have a total budget of only a few thousand dollars a year.

One of those four people recently said something to the effect of "hey all you businesses spending millions to fix the problems caused by this flaw--since OpenSSL is vital to your business, how come you don't donate any money to maintaining it?"


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
artie505 #28652 04/14/14 11:25 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I've been waiting for e-mails from Websites on which I do business, and the first one only just got to me...an all-clear from SuperMediaStore.com (from whom I bought DVDs).

I've received neither alerts nor all-clears from any of my financial institutions.

Anybody else?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Last Pass
artie505 #28655 04/15/14 11:04 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
For those who may have missed it, LastPass HeartBleed Checker may help.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
1PW - AgileBits - Heartbleed Checker
Pendragon #28662 04/16/14 04:08 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
AgileBits has just published their tool, which can also check SMTP & IMAP URLs.

Here's the Link: HeartBleed Checker


MacStudio M1max - 14.4.1, 64 GB Ram, 4TB SSD; Studio Display; iPhone 13mini; Watch 9; iPadPro (M2) 11" WiFi
Re: 1PW - AgileBits - Heartbleed Checker
pbGuy #28669 04/18/14 09:49 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: pbGuy
AgileBits has just published their tool, which can also check SMTP & IMAP URLs.

Here's the Link: HeartBleed Checker


Thanks for the post/link. It will be interesting to see what, if any, differences result from the two checkers. I suspect/guess they use the same algorithm.

Or, maybe Schrödinger is at play, and it only matters if one views the results. grin


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Son of Heartbleed
Hal Itosis #30071 05/13/14 01:34 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4

Re: Son of Heartbleed
grelber #30386 06/23/14 07:51 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
It's still with us:
Heartbleed isn’t dead — 300,000 servers are still exposed — but here’s how you can protect yourself

Heartbleed isn’t dead — 300,000 serv...rotect yourself

Re: Son of Heartbleed
grelber #30751 08/05/14 10:55 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Son of Heartbleed
jchuzi #34435 05/25/15 06:17 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
It’s been quite a while since this thread saw some activity. So here goes: last January the CIRCL automatic launch object detection for Mac OS X, a free anti-malware utility was updated. The software is based on an idea by Topher Kessler, and monitors a number of Mac OS X locations known to have received malware files in past occasions. It’s up to the user to allow or disallow such installs, and provides an early warning for potential malware installation.

Other recent updates for free anti-adware/malware utilities include AdwareMedic, Bitdefender Adware Removal Tool, KnockKnock and ScamZapper.


alternaut moderator
Re: Son of Heartbleed
alternaut #34436 05/25/15 07:19 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: alternaut
It’s been quite a while since this thread saw some activity. So here goes: last January the CIRCL automatic launch object detection for Mac OS X, a free anti-malware utility was updated. The software is based on an idea by Topher Kessler, and monitors a number of Mac OS X locations known to have received malware files in past occasions. It’s up to the user to allow or disallow such installs, and provides an early warning for potential malware installation.

Other recent updates for free anti-adware/malware utilities include AdwareMedic, Bitdefender Adware Removal Tool, KnockKnock and ScamZapper.


I have Adware Medic & Scam Zapper installed. Is that sufficient, or do you suggest CIRCL additionally be installed? shocked


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Son of Heartbleed
Pendragon #34439 05/25/15 08:31 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Adware Medic actually removes certain adware on an ad-hoc basis, while Safari extension ScamZapper blocks certain browser popups. CIRCL’s ALOD runs in the background and lets you know if files are about to be installed in locations previous malware has installed components, and leaves you the choice to proceed with that or not. Only the latter two may run simultaneously with normal use. So these utilities do different things and can coexist, at least in principle.

The questions that remain include those about how well these apps play with others. Do they slow down your Mac or web browsing or otherwise negatively affect your computing, and if so, is that interference worth it to you? That’s likely both hardware and OS version dependent, and as such difficult to answer generically. For instance, and FWIW, I haven’t yet noticed anything untoward with ScamZapper and ALOD, or otherwise seen reason to uninstall them, running Yosemite on a retina iMac.


alternaut moderator
Hackers exploit Flash vulnerability
alternaut #35368 08/04/15 08:34 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4

Re: Son of Heartbleed
alternaut #35373 08/04/15 12:47 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Adware Medic has now been rolled into a new expanded product Malwarebytes. Th UI is the same but the types of undesirable ware it searches for an removes has been expanded.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Son of Heartbleed
joemikeb #35374 08/04/15 01:42 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Thanks for the tip. I decided to give it a try and got a reassuring "Malwarebytes did not find any malware or adware on your system." Of course, this doesn't mean that ongoing vigilance is less, it just means it's nice to have a way to check whether the effort is fruitful.

Last edited by ryck; 08/04/15 01:44 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Son of Heartbleed
joemikeb #35375 08/04/15 04:25 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Originally Posted By: joemikeb
Adware Medic has now been rolled into a new expanded product Malwarebytes. Th UI is the same but the types of undesirable ware it searches for an removes has been expanded.


The Mac version is on this page.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: Son of Heartbleed
Ira L #35376 08/04/15 07:47 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Thanks for catching that Ira.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Son of Heartbleed
Ira L #35377 08/04/15 07:51 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: Ira L
The Mac version is on this page.

All versions are on the downloads page. confused

thunderstrike revisited
Hal Itosis #35378 08/04/15 07:54 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
So what's the current take on mac security with firmware modifying malware? I've been seeing a lot of chat recently about a new proof of concept that can just outright replace the firmware on a mac without the usual authentication, about usb devices that can do it ("badusb"), about airgapped access... what's the current state of affairs on OS X security?


I work for the Department of Redundancy Department
Re: thunderstrike revisited
Virtual1 #35380 08/04/15 10:20 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.

This exploit can be leveraged across Thunderbolt connections (fortunately, not USB connections), provided an attacker can get physical access to a Mac and plug a malicious Thunderbolt device into it. With sudo access, you can take any measures, up to and including a malicious firmware update.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: thunderstrike revisited
tacit #35383 08/05/15 01:34 AM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: tacit
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.

You are making me even more glad I am running OS X 10.11


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: thunderstrike revisited
tacit #35387 08/05/15 11:54 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: tacit
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.

And this hasn't been patched with a security update?


I work for the Department of Redundancy Department
Page 11 of 12 1 2 9 10 11 12

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.046s Queries: 64 (0.038s) Memory: 0.7193 MB (Peak: 0.8850 MB) Data Comp: Zlib Server Time: 2024-03-28 15:19:17 UTC
Valid HTML 5 and Valid CSS