An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 7 of 12 < 1 2 ... 5 6 7 8 9 11 12 >
Topic Options
#21546 - 04/12/12 02:52 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
More Java updates from Apple tonight:

- Security update Java for OS X Lion 2012-003 including automatic plugin configuration and Flashback removal tool, and
- Java for Mac OS X 10.6 Update 8.
_________________________
alternaut moderator

Top
#21547 - 04/12/12 03:16 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
That's only the article HT5242. There is no associated Java download on the Support Downloads website.

EDIT: I just ran my Software Update which confirms that Jave SE 6 2012-003 is available (just not on the Downloads website).


Edited by grelber (04/12/12 03:33 PM)

Top
#21549 - 04/12/12 03:40 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
alternaut Offline

Moderator

Registered: 08/04/09
That's correct: the updates are currently available via Software Update only. Presumably Downloads will post them later.
_________________________
alternaut moderator

Top
#21550 - 04/12/12 03:48 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
artie505 Online


Registered: 08/04/09
They may be covering their butts by restricting the d/l to Software Update (for the moment) after the last round of confusion. (I don't go that route as a rule, but I guess I will this time.)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21553 - 04/12/12 07:21 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Hmmm, I haven't yet found them at Apple's Downloads, but the updates are posted here (Lion) and here (Snow Leopard). Looks like the real McCoy.
_________________________
alternaut moderator

Top
#21554 - 04/12/12 07:44 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
artie505 Online


Registered: 08/04/09
Originally Posted By: alternaut
Hmmm, I haven't yet found them at Apple's Downloads, but the updates are posted here (Lion) and here (Snow Leopard). Looks like the real McCoy.

Your linked MacUpdate page (Snow Leopard) is headed "Update 8," but every doc linked to on the page is headed "Update 7."

On the other hand, the SHA1 check sum posted on that page, which differs from the Update 7 checksum, agrees with the checksum of the d/l I got by clicking on the "Download Now" link, which, I guess, means...something.

I went with Software Update with no ill effects.

Edit: As I was posting, the 1st and 3rd links changed to Version 8, but the 2nd link is still at Version 7.

Edit 2: The freestanding updates just turned up on Apple - Support - Downloads.


Edited by artie505 (04/12/12 07:48 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21557 - 04/13/12 06:38 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Man, there must be heavy demand for Java SE 6 2012-003.
I'm on a T-base 100 line which normally downloads lickety-split (ie, at many MB/s — in fact, concurrently, I downloaded a 3MB file in less than a half second). It's downloading this sucker at ca 22 KB/s !!!
It's been at it for over a half hour now, and there are still 10 min left to go.
Sheesh.

~~~~~~~~~~

EDIT:
The article HT5242 states that "This Java security update removes the most common variants of the Flashback malware." But after having installed Java SE 6 1.6.0_31-b04-415 (literally uneventfully), no indication was given that it performed such tasks – nothing positive, nothing negative.

Now I ask you: Is that any way to do business?

I also forgot to close my browser (as requested) prior to installation, but the installer didn't chide me for not doing so and didn't balk at installing.


Edited by grelber (04/13/12 08:28 AM)
Edit Reason: Post-installation

Top
#21558 - 04/13/12 06:39 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
Your linked MacUpdate page (Snow Leopard) is headed "Update 8," but every doc linked to on the page is headed "Update 7."

Except for the MU download link: that one performed as advertised, as did the link to the Lion updater on its MU page. I made sure of that before I posted those MU links.

I was fully aware of the fact that the Apple links on the MU pages didn't provide access to the new updaters, and neither did a search of Apple's Downloads, an observation I mentioned in my previous post. Obviously, it was only a matter of time before Apple would post its download links itself.

PS, '3rd' link?
_________________________
alternaut moderator

Top
#21560 - 04/13/12 12:56 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
artie505 Online


Registered: 08/04/09
The MacUpdate page presented a pretty confusing picture at the moment, so I clarified it. ("Visit Developer's Site" + 2 = 3 links.)

These last coupl'a updates have been like a "breaking news" situation.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21567 - 04/14/12 06:55 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Apple also released the a standalone version of its Flashback malware removal tool for those running Lion who only recently removed Java, and consequently couldn't use the latest Java updater incorporating this removal tool.


Edited by alternaut (04/14/12 09:48 AM)
Edit Reason: addressed ambiguity in target group description
_________________________
alternaut moderator

Top
#21570 - 04/14/12 09:29 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: alternaut
Meanwhile, Apple also released the a standalone version of its Flashback malware removal tool for those running Lion who don't have Java installed, and consequently couldn't use the latest Java updater incorporating this removal tool.


I remain confused. I thought one could not be victimized by this malware unless he first had Java installed. Is that not true?

Or, is this just for those who got infected and then removed Java?
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21571 - 04/14/12 09:43 AM Re: THE CYBER-SECURITY THREAD [Re: Pendragon]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: Pendragon
I thought one could not be victimized by this malware unless he first had Java installed. Is that not true?
Or, is this just for those who got infected and then removed Java?

You're right about Java presence and malware susceptibility. And yes, the users who removed Java only recently constitute the target group. Thanks for pointing out this ambiguity in my post. I have (hopefully) fixed that.

Update: the MacWorld article Apple offers standalone Flashback removal tool points out another reason for the (non-Java based) stand-alone Flashback removal tool: dealing with (mostly older) variants using non-Java based attack vectors.


Edited by alternaut (04/16/12 06:51 AM)
Edit Reason: update
_________________________
alternaut moderator

Top
#21594 - 04/16/12 09:31 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
jchuzi Online


Registered: 08/04/09
Loc: New York State
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#21599 - 04/16/12 11:33 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The Flashback Trojan sometimes spreads through exploits like the Java vulnerability, but in the past it has spread as a fake Flash player update, which is how it got its name.

There's a bit of a personal history with this for me. For years, I've been at war with the Russian Zlob gang, the people who make the W32/Zlob malware and the Mac DNSchanger (aka RSplug, RSplugin.a, or OSX/Zlob) malware. I've been writing articles about how their malware distribution network works on my blog and in other places, and they've been reading my blog, using keywords and phrases from my blog on malware sites, and occasionally mailbombing me.

At the end of last year, police from many countries raided the Zlob gang and made a bunch of arrests in Estonia. All but one of the suspected members of the Zlob gang were arrested; the one who got away, a Russian, fled back to Russia.

The security articles I've been reading suggest that the Mac Flashback Trojan may have been written by the former Zlob gang member who evaded capture. There are coding similarities between Flashback and DNSchanger, the phony Flash installer that was used to install the DNSchanger malware is identical to the one used to install the first variants of Flashback, and interestingly, the same network of affiliates is being paid to spread Flashback. (In Eastern Europe, organized crime groups often pay people to spread malware. They set up affiliate networks of people who aren't directly part of the organized crime gang, who are given copies of the malware coded with an affiliate ID that they transmit when they infect a computer. The affiliates spread the malware however they can--by hacking legitimate Web sites and planting malware on them, by sending out spam, or by setting up fake sites with keywords that generate a lot of traffic--and are then paid a small fee every time an infected computer connects to a C&C server with their affiliate code.)

While it's difficult to be 100% sure, it *looks* like the guy who escaped capture in Estonia is setting himself up with a new crime gang and is responsible for Flashback.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#21675 - 04/22/12 08:58 PM Re: THE CYBER-SECURITY THREAD [Re: tacit]
artie505 Online


Registered: 08/04/09
Linking to malware prevention detection software described here.


Edited by artie505 (04/22/12 08:59 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21716 - 04/26/12 02:06 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Not exactly 'new' news, but for what it's worth ...

One in five Macs infected with Windows malware: Sophos

Top
#21731 - 04/26/12 02:30 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
I just received the following [below the dotted line] and have a sneaking suspicion that it's a phishing expedition and that the sender has had his computer hacked.
Snopes provides no intelligence in this matter.

- - - - - - -

Welcome to The New York Times. You have been provided with a complimentary digital gift subscription that will give you 12 weeks of unlimited access to NYTimes.com and NYTimes smartphone apps. To start experiencing everything The New York Times has to offer, just follow the instructions below.

1. Copy and paste nytimes.com/redeem into the address bar of your Internet browser.

2. If you are a registered NYTimes.com user, please log in. If you are not a registered user, please create a free NYTimes.com account.

3. Enter Complimentary Digital Gift Subscription Code 51dd265c****** and fill out the online form to process your subscription.

Please be reminded that only new subscribers are eligible for this offer. If you have any questions, just call our Customer Care representatives at 1-800-591-9233.

Top
#21732 - 04/26/12 02:53 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
alternaut Offline

Moderator

Registered: 08/04/09
FWIW, the NYT does occasionally offer temporary promotional free full access to their web site instead of imposing an access limit of about 5 articles/day for non-subscribing registered visitors, IIRC. If you're interested, but don't trust the email, try the 800 number to verify the offer.

Anyway, to me this looks like a genuine offer, not a phishing attempt, but checking never hurts. cool
_________________________
alternaut moderator

Top
#21733 - 04/26/12 03:47 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
NYT dialed back their free access at the beginning of April:
"Visitors can enjoy 10 free articles (including blog posts, slide shows, videos and other multimedia features) each calendar month on NYTimes.com, as well as unrestricted access to browse the home page, section fronts, blog fronts and classifieds.
"Your free, limited access resets every month: at the beginning of each calendar month, you'll once again be able to view 10 free articles for that month."

The toll-free telephone number seems to be legit; it's the same one given on their website for Customer Service.

Top
#21739 - 04/27/12 11:56 AM Re: THE CYBER-SECURITY THREAD [Re: grelber]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#21743 - 04/27/12 02:31 PM Re: THE CYBER-SECURITY THREAD [Re: tacit]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Yowzah. That's what I (ultimately) got from my e-correspondent who forwarded the message from someone else who was trying to give away the 'gift'.

Of course, the 'gift' is just NYT's ploy to glom onto new subscribers and/or mine their IP addresses and such. tongue

Fool me once, shame on you. mad Fool me twice, shame on me. frown

Top
#21750 - 04/28/12 04:45 AM Re: THE CYBER-SECURITY THREAD [Re: grelber]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: grelber
Of course, the 'gift' is just NYT's ploy to glom onto new subscribers and/or mine their IP addresses and such.

Fool me once, shame on you. Fool me twice, shame on me.

The NYT and virtually every newspapers in this country is struggling for financial survival. The techniques they are using to garner new online subscribers is little different than previous marketing campaigns targeting paper and ink subscribers. I don't see the 10 free articles a month as any different than those who read the news above the fold of the paper on the newsstand without buying a paper. Neither do I see any difference in selling their email subscriber list to marketers and selling their home delivery lists to the same marketers?
_________________________
joemikeb • moderator

Top
#21776 - 04/30/12 04:42 PM Re: THE CYBER-SECURITY THREAD [Re: joemikeb]
artie505 Online


Registered: 08/04/09
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#21788 - 05/03/12 12:40 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
[Not a reply; just tacked on to last post.]

How to Muddy Your Tracks on the Internet

Top
#21980 - 05/14/12 08:32 AM Re: THE CYBER-SECURITY THREAD [Re: grelber]
jchuzi Online


Registered: 08/04/09
Loc: New York State
Kaspersky Lab asked by Apple to advise on OS X security

And, in another development, Kaspersky Lab was not asked by Apple to advise on OS X security [u]

It appears that the original link has been edited and it is now the same as the second link.


Edited by jchuzi (05/14/12 01:24 PM)
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
Page 7 of 12 < 1 2 ... 5 6 7 8 9 11 12 >

Moderator:  alternaut, cyn