An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 4 of 12 1 2 3 4 5 6 11 12
Re: THE CYBER-SECURITY THREAD
tacit #20874 02/27/12 10:46 PM
Joined: Sep 2009
OP Offline

Joined: Sep 2009

Looks like Intego may be drumming up some business.
Or perhaps there's more to it, as i haven't read this yet:

Flashback Mac Trojan Horse Infections Increasing with New Variant

Re: THE CYBER-SECURITY THREAD
Hal Itosis #20893 02/28/12 12:17 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
I haven't seen this malware yet. It's interesting that it uses a bogus certificate named "Apple Inc"--that's a nice trick that will likely fool a lot of people.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
Hal Itosis #20926 02/29/12 08:39 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
In the spirit of Ghostery here's another neat-looking tool: Firefox add-on Collusion shows who's tracking you online.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #21016 03/08/12 07:30 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
This may be slightly off-topic, but Viewpoint: How hackers are caught out by law enforcers is an interesting read. It never explains "onion routing", however. Tacit? Anyone?


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #21020 03/08/12 08:32 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
I thought tacit had discussed this somewhere along the line, but a search of the forums couldn't bring it up.

Check out: www.onion-router.net/


Re: THE CYBER-SECURITY THREAD
grelber #21021 03/08/12 09:25 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Thank you. I should have googled that myself. blush


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #21027 03/09/12 07:37 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
support tor. run an exit node.


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
Virtual1 #21029 03/09/12 09:12 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
¿Qué?

Re: THE CYBER-SECURITY THREAD
Virtual1 #21044 03/10/12 10:13 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
I'm unconvinced that Tor is really as secure as it thinks it is. For one thing, all that a hostile government or law enforcement agency would need to do to eavesdrop on it is to run a large number of entry and exit nodes themselves.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
tacit #21292 03/29/12 04:24 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Despite the obvious interest of anti-virus utility makers in publishing it, this may be worth to keep an eye out for: Malware infects Macs through Microsoft Office vulnerability.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #21300 03/29/12 08:42 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
This may be old news, at least according to New exploit uses old Office vulnerability for OS X malware delivery


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #21366 04/03/12 06:22 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
More 'old' news: Mac Trojan Flashback is at it again with a new variant, no longer needing an admin password. Plus, some anti-malware utility makers' opinions on Mac vulnerability.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #21370 04/03/12 11:58 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #21372 04/04/12 09:36 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Just what do these trojans do? I can't find any info in the related articles as to what might happen if it infects my Mac — ie, what sort of havoc does it wreak?
Will the Java update remove or render inoperable anything which might have been installed? And if not, what to do?
(After 15 minutes I'm still unable to access Oracle's release notes.)

EDIT:
Finally got the release notes which had no user-friendly information whatsoever.

Last edited by grelber; 04/04/12 09:56 AM. Reason: New info
Re: THE CYBER-SECURITY THREAD
grelber #21373 04/04/12 10:03 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Flashback malware evolves to exploit unpatched Java vulnerabilities provides some insight into what the trojan in question does.

Quote:
When these programs are then launched, the malicious code attempts to contact remote servers and upload screenshots and other personal information to them.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
artie505 #21374 04/04/12 10:20 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Thanks. But am I safe? And how might I find that out?
The article you cite (dated 2 days ago) has contradictory statements, one on top of the other:
"... in most cases Mac users should be relatively safe. Starting with OS X 10.7 Lion, Apple stopped including a Java runtime with OS X, so if you have purchased a new system with OS X 10.7.0 or later, or have formatted and reinstalled Lion, then you will, by default, not be affected by this malware.
"However, if you do have Java installed on your system, then for now the only way to prevent this malware from running is to disable Java."

According to my iMac, it came from Apple with both 64-bit and 32-bit versions installed: Java SE 6 v 1.6.0_29-b11-402.

Re: THE CYBER-SECURITY THREAD
grelber #21375 04/04/12 11:02 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Those statements aren't contradictory; "if you do have Java installed" refers to versions of OS X earlier than 10.7 and to those users who've elected to install Java in 10.7 on their own. (That article has been cleaned up; the first time I looked at it it said that Apple had dropped Java in Snow Leopard as well as in Lion.)

I wonder why your iMac has got both Lion and Java?

> But am I safe? And how might I find that out?

Here's a pretty much useless description of what the trojan does:

Originally Posted By: MacFixIt - CNET Reviews
First it will ask for an administrator password, and if supplied it will install its payload into target programs within the /Applications folder. However, if no password is supplied, then the malware will still install to the user accounts where it will run in a more global manner.

If you've installed the update and haven't been doing any questionable browsing lately, you're probably safe.

I hope somebody will be able to expand on that.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
artie505 #21376 04/04/12 11:59 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: artie505
Those statements aren't contradictory;
I wonder why your iMac has got both Lion and Java?

That's why (I consider that) they're contradictory.

Originally Posted By: artie505
I hope somebody will be able to expand on that.

So do I.

EDIT:
For what it's worth, my Java SE 6 is now updated to v 1.6.0_31-b04-413.
But/And I'd still like answers to earlier queries.

Last edited by grelber; 04/04/12 01:25 PM. Reason: Java updated
Re: THE CYBER-SECURITY THREAD
grelber #21377 04/04/12 02:45 PM
Joined: Aug 2009
Likes: 5
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 5
I would hazard a guess that somewhere early on when you were trying out some website such as http://www.speedtest.net (which runs a Java Applet to get its' result) you were prompted to install Java from the Apple support download page and simply forgot that you did that.....

In my case, that's exactly what I did.....and then there are those pesky Java utilities that companies as DLink embed in their control pages for IP cameras and such. I discovered that 10.7.3 actually disabled the Java runtime that I had installed earlier and I had to go find the intermediate update which resolved the security issues at that time -- and now the latest version is the one that we both have installed, 1.6.0_31-b04-413.

That version specifically addresses the risk presented by the Trojan described in the article above. (CVE-2012-0507)

(Edited to add the specific CVE addressed)

Last edited by MacManiac; 04/04/12 04:54 PM.

Freedom is never free....thank a Service member today.
Re: THE CYBER-SECURITY THREAD
MacManiac #21378 04/04/12 03:18 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Re the latest Java Trojan: I'm a bit surprised that some enterprising chap or chapette has not yet created a (free) app/script or whatever that ascertains if one is infected, and if so, removes the offending code.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
MacManiac #21379 04/04/12 04:42 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: MacManiac
I would hazard a guess that somewhere early on when you were trying out some website such as http://www.speedtest.net (which runs a Java Applet to get its' result) you were prompted to install Java from the Apple support download page and simply forgot that you did that....

It's possible, but if so, I've long since forgotten that I did.

Originally Posted By: MacManiac
I discovered that 10.7.3 actually disabled the Java runtime that I had installed earlier ....

When I checked my Java Preferences - General earlier I did notice that the the applet plug-in had been disabled. Whether that was a saving grace, I don't know.
The Java Applet Plug-in 14.0.3 is still enabled in my browser (Firefox 11.0).

But it would still be nice to know if there's something lurking in some program somewhere.

Re: THE CYBER-SECURITY THREAD
grelber #21380 04/04/12 04:59 PM
Joined: Aug 2009
Likes: 5
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 5
It's a computer with all the flaws (and benefits) of being made by humans.....of course there's something lurking in some program somewhere!

...and there are folks out there right now searching for just the right "something lurking" in order to find an exploit for same.

...and I personally still have no concerns for the security of my Mac OS and installed software as things currently stand.


Freedom is never free....thank a Service member today.
Re: THE CYBER-SECURITY THREAD
MacManiac #21387 04/05/12 12:05 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
Pendragon #21394 04/05/12 04:46 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Pendragon
Re the latest Java Trojan: I'm a bit surprised that some enterprising chap or chapette has not yet created a (free) app/script or whatever that ascertains if one is infected, and if so, removes the offending code.

Those who cannot update Java with the latest patched versions because they are running Mac OS X versions earlier than Snow Leopard, can do the following before browsing the Web:

- disable Java in your browser (e.g., Safari>Prefs>Security>Enable Java; Firefox, Chrome)
- disable Java on your Mac (use Java Preferences in Utilities to uncheck the boxes in the first column) Caveat: this may make Firefox 11.0 quit incorrectly (see Raj Gurdwara's comment).

Note that you can temporarily re-enable Java on known sites, or for known apps whenever you need it.

Testing for the presence of and removing Trojan-Downloader:OSX/Flashback.I * can be done with Terminal, following the instructions provided by F-Secure. That said, I don't know if these instructions are valid for all current Flashback variants out there (but see below).

*) PS, the (similar) detection/removal instructions for the more recent Downloader:OSX/Flashback.K variant are found HERE. This is the variant that doesn't require an admin password to install. For other variants, see this list.

PS2, the following list with definitions of threat categories may come in handy for those of us who are losing track of the mushrooming details.

Last edited by alternaut; 04/05/12 08:23 PM. Reason: updated info & links

alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #21404 04/05/12 09:54 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: alternaut
Testing for the presence of and removing Trojan-Downloader:OSX/Flashback.I * can be done with Terminal, following the instructions provided by F-Secure. That said, I don't know if these instructions are valid for all current Flashback variants out there (but see below).

*) PS, the (similar) detection/removal instructions for the more recent Downloader:OSX/Flashback.K variant are found HERE. This is the variant that doesn't require an admin password to install.


The F-Secure protocol for identification and disinfection seems to be valid only for Safari.

I'm way too unsophisticated to make the necessary changes to see if my iMac might be infected via Firefox.

Any other suggestions?

Page 4 of 12 1 2 3 4 5 6 11 12

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.055s Queries: 64 (0.044s) Memory: 0.7194 MB (Peak: 0.8827 MB) Data Comp: Zlib Server Time: 2024-03-28 18:24:27 UTC
Valid HTML 5 and Valid CSS