An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 4 of 12 < 1 2 3 4 5 6 ... 11 12 >
Topic Options
#20874 - 02/27/12 02:46 PM Re: THE CYBER-SECURITY THREAD [Re: tacit]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)

Looks like Intego may be drumming up some business.
Or perhaps there's more to it, as i haven't read this yet:

Flashback Mac Trojan Horse Infections Increasing with New Variant

Top
#20893 - 02/28/12 04:17 AM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
I haven't seen this malware yet. It's interesting that it uses a bogus certificate named "Apple Inc"--that's a nice trick that will likely fool a lot of people.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#20926 - 02/29/12 12:39 PM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
alternaut Offline

Moderator

Registered: 08/04/09
In the spirit of Ghostery here's another neat-looking tool: Firefox add-on Collusion shows who's tracking you online.
_________________________
alternaut moderator

Top
#21016 - 03/08/12 11:30 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
jchuzi Online


Registered: 08/04/09
Loc: New York State
This may be slightly off-topic, but Viewpoint: How hackers are caught out by law enforcers is an interesting read. It never explains "onion routing", however. Tacit? Anyone?
_________________________
Jon

OS 10.14.5, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#21020 - 03/08/12 12:32 PM Re: THE CYBER-SECURITY THREAD [Re: jchuzi]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
I thought tacit had discussed this somewhere along the line, but a search of the forums couldn't bring it up.

Check out: www.onion-router.net/


Top
#21021 - 03/08/12 01:25 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
jchuzi Online


Registered: 08/04/09
Loc: New York State
Thank you. I should have googled that myself. blush
_________________________
Jon

OS 10.14.5, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#21027 - 03/09/12 11:37 AM Re: THE CYBER-SECURITY THREAD [Re: jchuzi]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
support tor. run an exit node.
_________________________
I work for the Department of Redundancy Department

Top
#21029 - 03/09/12 01:12 PM Re: THE CYBER-SECURITY THREAD [Re: Virtual1]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
¿Qué?

Top
#21044 - 03/10/12 02:13 PM Re: THE CYBER-SECURITY THREAD [Re: Virtual1]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
I'm unconvinced that Tor is really as secure as it thinks it is. For one thing, all that a hostile government or law enforcement agency would need to do to eavesdrop on it is to run a large number of entry and exit nodes themselves.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#21292 - 03/29/12 09:24 AM Re: THE CYBER-SECURITY THREAD [Re: tacit]
alternaut Offline

Moderator

Registered: 08/04/09
Despite the obvious interest of anti-virus utility makers in publishing it, this may be worth to keep an eye out for: Malware infects Macs through Microsoft Office vulnerability.
_________________________
alternaut moderator

Top
#21300 - 03/29/12 01:42 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
jchuzi Online


Registered: 08/04/09
Loc: New York State
This may be old news, at least according to New exploit uses old Office vulnerability for OS X malware delivery
_________________________
Jon

OS 10.14.5, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#21366 - 04/03/12 11:22 AM Re: THE CYBER-SECURITY THREAD [Re: jchuzi]
alternaut Offline

Moderator

Registered: 08/04/09
More 'old' news: Mac Trojan Flashback is at it again with a new variant, no longer needing an admin password. Plus, some anti-malware utility makers' opinions on Mac vulnerability.
_________________________
alternaut moderator

Top
#21370 - 04/03/12 04:58 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
alternaut Offline

Moderator

Registered: 08/04/09
_________________________
alternaut moderator

Top
#21372 - 04/04/12 02:36 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Just what do these trojans do? I can't find any info in the related articles as to what might happen if it infects my Mac — ie, what sort of havoc does it wreak?
Will the Java update remove or render inoperable anything which might have been installed? And if not, what to do?
(After 15 minutes I'm still unable to access Oracle's release notes.)

EDIT:
Finally got the release notes which had no user-friendly information whatsoever.


Edited by grelber (04/04/12 02:56 AM)
Edit Reason: New info

Top
#21373 - 04/04/12 03:03 AM Re: THE CYBER-SECURITY THREAD [Re: grelber]
artie505 Online


Registered: 08/04/09
Flashback malware evolves to exploit unpatched Java vulnerabilities provides some insight into what the trojan in question does.

Quote:
When these programs are then launched, the malicious code attempts to contact remote servers and upload screenshots and other personal information to them.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21374 - 04/04/12 03:20 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Thanks. But am I safe? And how might I find that out?
The article you cite (dated 2 days ago) has contradictory statements, one on top of the other:
"... in most cases Mac users should be relatively safe. Starting with OS X 10.7 Lion, Apple stopped including a Java runtime with OS X, so if you have purchased a new system with OS X 10.7.0 or later, or have formatted and reinstalled Lion, then you will, by default, not be affected by this malware.
"However, if you do have Java installed on your system, then for now the only way to prevent this malware from running is to disable Java."

According to my iMac, it came from Apple with both 64-bit and 32-bit versions installed: Java SE 6 v 1.6.0_29-b11-402.

Top
#21375 - 04/04/12 04:02 AM Re: THE CYBER-SECURITY THREAD [Re: grelber]
artie505 Online


Registered: 08/04/09
Those statements aren't contradictory; "if you do have Java installed" refers to versions of OS X earlier than 10.7 and to those users who've elected to install Java in 10.7 on their own. (That article has been cleaned up; the first time I looked at it it said that Apple had dropped Java in Snow Leopard as well as in Lion.)

I wonder why your iMac has got both Lion and Java?

> But am I safe? And how might I find that out?

Here's a pretty much useless description of what the trojan does:

Originally Posted By: MacFixIt - CNET Reviews
First it will ask for an administrator password, and if supplied it will install its payload into target programs within the /Applications folder. However, if no password is supplied, then the malware will still install to the user accounts where it will run in a more global manner.

If you've installed the update and haven't been doing any questionable browsing lately, you're probably safe.

I hope somebody will be able to expand on that.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21376 - 04/04/12 04:59 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: artie505
Those statements aren't contradictory;
I wonder why your iMac has got both Lion and Java?

That's why (I consider that) they're contradictory.

Originally Posted By: artie505
I hope somebody will be able to expand on that.

So do I.

EDIT:
For what it's worth, my Java SE 6 is now updated to v 1.6.0_31-b04-413.
But/And I'd still like answers to earlier queries.


Edited by grelber (04/04/12 06:25 AM)
Edit Reason: Java updated

Top
#21377 - 04/04/12 07:45 AM Re: THE CYBER-SECURITY THREAD [Re: grelber]
MacManiac Online
Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
I would hazard a guess that somewhere early on when you were trying out some website such as http://www.speedtest.net (which runs a Java Applet to get its' result) you were prompted to install Java from the Apple support download page and simply forgot that you did that.....

In my case, that's exactly what I did.....and then there are those pesky Java utilities that companies as DLink embed in their control pages for IP cameras and such. I discovered that 10.7.3 actually disabled the Java runtime that I had installed earlier and I had to go find the intermediate update which resolved the security issues at that time -- and now the latest version is the one that we both have installed, 1.6.0_31-b04-413.

That version specifically addresses the risk presented by the Trojan described in the article above. (CVE-2012-0507)

(Edited to add the specific CVE addressed)


Edited by MacManiac (04/04/12 09:54 AM)
_________________________
Freedom is never free....thank a Service member today.

Top
#21378 - 04/04/12 08:18 AM Re: THE CYBER-SECURITY THREAD [Re: MacManiac]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Re the latest Java Trojan: I'm a bit surprised that some enterprising chap or chapette has not yet created a (free) app/script or whatever that ascertains if one is infected, and if so, removes the offending code.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21379 - 04/04/12 09:42 AM Re: THE CYBER-SECURITY THREAD [Re: MacManiac]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: MacManiac
I would hazard a guess that somewhere early on when you were trying out some website such as http://www.speedtest.net (which runs a Java Applet to get its' result) you were prompted to install Java from the Apple support download page and simply forgot that you did that....

It's possible, but if so, I've long since forgotten that I did.

Originally Posted By: MacManiac
I discovered that 10.7.3 actually disabled the Java runtime that I had installed earlier ....

When I checked my Java Preferences - General earlier I did notice that the the applet plug-in had been disabled. Whether that was a saving grace, I don't know.
The Java Applet Plug-in 14.0.3 is still enabled in my browser (Firefox 11.0).

But it would still be nice to know if there's something lurking in some program somewhere.

Top
#21380 - 04/04/12 09:59 AM Re: THE CYBER-SECURITY THREAD [Re: grelber]
MacManiac Online
Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
It's a computer with all the flaws (and benefits) of being made by humans.....of course there's something lurking in some program somewhere!

...and there are folks out there right now searching for just the right "something lurking" in order to find an exploit for same.

...and I personally still have no concerns for the security of my Mac OS and installed software as things currently stand.
_________________________
Freedom is never free....thank a Service member today.

Top
#21387 - 04/05/12 05:05 AM Re: THE CYBER-SECURITY THREAD [Re: MacManiac]
jchuzi Online


Registered: 08/04/09
Loc: New York State
_________________________
Jon

OS 10.14.5, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#21394 - 04/05/12 09:46 AM Re: THE CYBER-SECURITY THREAD [Re: Pendragon]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: Pendragon
Re the latest Java Trojan: I'm a bit surprised that some enterprising chap or chapette has not yet created a (free) app/script or whatever that ascertains if one is infected, and if so, removes the offending code.

Those who cannot update Java with the latest patched versions because they are running Mac OS X versions earlier than Snow Leopard, can do the following before browsing the Web:

- disable Java in your browser (e.g., Safari>Prefs>Security>Enable Java; Firefox, Chrome)
- disable Java on your Mac (use Java Preferences in Utilities to uncheck the boxes in the first column) Caveat: this may make Firefox 11.0 quit incorrectly (see Raj Gurdwara's comment).

Note that you can temporarily re-enable Java on known sites, or for known apps whenever you need it.

Testing for the presence of and removing Trojan-Downloader:OSX/Flashback.I * can be done with Terminal, following the instructions provided by F-Secure. That said, I don't know if these instructions are valid for all current Flashback variants out there (but see below).

*) PS, the (similar) detection/removal instructions for the more recent Downloader:OSX/Flashback.K variant are found HERE. This is the variant that doesn't require an admin password to install. For other variants, see this list.

PS2, the following list with definitions of threat categories may come in handy for those of us who are losing track of the mushrooming details.


Edited by alternaut (04/05/12 01:23 PM)
Edit Reason: updated info & links
_________________________
alternaut moderator

Top
#21404 - 04/05/12 02:54 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: alternaut
Testing for the presence of and removing Trojan-Downloader:OSX/Flashback.I * can be done with Terminal, following the instructions provided by F-Secure. That said, I don't know if these instructions are valid for all current Flashback variants out there (but see below).

*) PS, the (similar) detection/removal instructions for the more recent Downloader:OSX/Flashback.K variant are found HERE. This is the variant that doesn't require an admin password to install.


The F-Secure protocol for identification and disinfection seems to be valid only for Safari.

I'm way too unsophisticated to make the necessary changes to see if my iMac might be infected via Firefox.

Any other suggestions?

Top
Page 4 of 12 < 1 2 3 4 5 6 ... 11 12 >

Moderator:  alternaut, cyn