An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 8 of 12 1 2 6 7 8 9 10 11 12
Re: THE CYBER-SECURITY THREAD
jchuzi #21985 05/14/12 09:17 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
This afternoon Apple released a security update and a Flashback removal utility for Leopard (Intel only). Like the previous version for Snow Leopard/Lion, this updater removes older versions of Adobe Flash Player.

As expected, PPC Macs are ignored. MacinTouch's Security Reader Report includes an interesting item about this and Apple's policy of dropping support for OS X versions more than 2 iterations old. The latter may leave about half of all Macs unsupported (with regard to security updates) when Mountain Lion is released.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #21986 05/14/12 09:35 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
> The latter may leave about half of all Macs unsupported (with regard to security updates) when Mountain Lion is released.

When I read that Apple was going to be upgrading OSX more frequently than before, I wondered how legacy versions would fare.

(As, if not more, important is whether support for iTunes...still supported in Leopard (PPC and Intel versions), will be continued?)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
artie505 #22080 05/30/12 09:29 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Flame virus set to spread like wildfire

It is claimed that Flame is "perhaps the most sophisticated piece of malicious software ever designed".

Re: THE CYBER-SECURITY THREAD
artie505 #22101 05/31/12 09:31 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Part of the problem with flash is that adobe insists on using their custom package installers, so they don't even have the option of placing it inside Software Update like they do with printer drivers. Apple's decision to outright disable flash when there's a new version out seems to be very prudent.

I wish they'd make it easier to see that it's been disabled. It appears that users get one warning and that's it, and there's no menu option or anything to indicate it's disabled or where to go to fix it. And adobe's installer writes its own standard from the ground-up for its behavior, so I've been running into users all week that don't understand that the installer hasn't actually finished installing, usually when it is launched right after download and is refusing to run because safari is (surprise!) still running.


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
grelber #22108 06/01/12 04:54 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: grelber
Flame virus set to spread like wildfire

It is claimed that Flame is "perhaps the most sophisticated piece of malicious software ever designed".


The idea that it is "spreading like wildfire," however, is hyperbole; it's actually one of the rarest and least-spreading bits of malware in the world. It's been confirmed to have infected fewer than 1,000 systems; by way of comparison, the OS X Flashback Trojan infected more than 600,000, and W32/Zlob (my own personal favorite) is known to have infected somewhere between 4 million and 5 million. Even specialized, small-scale malware like W32/Asprox, which infects Windows computers running Web server software, infected about 12,000 systems in a single day.

So by way of comparison, not only is Flame not spreading like wildfire, just the opposite--it's extremely narrowly targeted, affecting only carefully selected computers in key industrial applications in certain very highly specific places.

The analysis I've read suggests that while Flame is certainly very highly sophisticated, and was almost certainly financed at a cost of millions of dollars by a governmental agency (Iran is pointing the finger at Israel, but it's not impossible the US was behind it), it isn't the most sophisticated bit of malware ever designed...that would probably be Stuxnet. Flame doesn't seem to spread by several zero-day exploits. Its main claim to sophistication is that once it has infected a system, its operators can upload different modules to the infected computer for different purposes. These modules, written in a scripting language called Lua, can perform different functions--acting as a keylogger, intercepting email, taking screen shots, deleting files, and so on--but each of those modules is not, of and by itself, that sophisticated.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
tacit #22109 06/01/12 05:02 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: tacit
The idea that it is "spreading like wildfire," however, is hyperbole ....

Of course it is. Editors love 'overstatement'.

Re: THE CYBER-SECURITY THREAD
grelber #22110 06/01/12 06:04 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Interesting piece in today's New York Times about Stuxnet and how it was part of a joint US/Israeli attack on Iran's nuclear enrichment facility, and how it was discovered only after a programming error allowed it to infect computers outside the facility.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
alternaut #22111 06/01/12 06:08 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
To be fair, it may be possible that PowerPC Macs are ignored by the Flashback update and removal tool because, to date, no PPC variant of the Trojan has been seen. PowerPC systems are immune to the attack, as the malware is compiled only for Intel processors.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
tacit #22115 06/01/12 02:12 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
I agree that the Flashback variants to date weren't compiled to run on PPC Macs, and consequently didn't pose a threat there. Should that change though, I'm not so sure it would make much of a difference to Apple's support policy with regard to security updates, which excludes PPC Macs for various other reasons.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
tacit #22116 06/01/12 02:26 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Those interested in some background info on Flame can of course Google for details, but in case you haven't done so yet I have compiled the following shortlist of links to complement the NYT link tacit provided above:

- ‘Flame’ Virus explained: How it works and who’s behind it
- Was Flame virus written by cyberwarriors or gamers?
- Iran: ‘Flame’ Virus Fight Began with Oil Attack
- Flame virus abilities expand with Bluetooth
- The Flame Virus: Spyware on an Unprecedented Scale


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #22141 06/04/12 01:49 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4

Re: THE CYBER-SECURITY THREAD
grelber #22163 06/08/12 07:05 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
On Ars Technica: Cryptography breakthrough shows Flame was designed by world-class scientists.

"It's not a garden-variety collision attack, or just an implementation of previous MD5 collisions papers—which would be difficult enough," Matthew Green, a professor specializing in cryptography in the computer science department at Johns Hopkins University, told Ars. "There were mathematicians doing new science to make Flame work."


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: THE CYBER-SECURITY THREAD
grelber #22205 06/12/12 11:32 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Here we go again: Java SE 6 2012-004 1.6.0_33 is now out.
To what end, who knows? I thought that the previous version was the 'ultimate'.

And, man, what a flurry of activity on Apple Support Downloads over the past couple days!

Re: THE CYBER-SECURITY THREAD
grelber #22206 06/13/12 12:19 AM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: grelber
I thought that the previous version was the 'ultimate'.

If that's ever true, it's at best a 'temporary monument'. Consider bug and security fixes, plus 'genuine' improvements. tongue


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #22209 06/13/12 12:51 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
A new wrinkle:

Originally Posted By: Apple
This update configures web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
artie505 #22498 07/12/12 02:22 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Earlier this week F-Secure reported the discovery of new, multi-platform Java backdoor malware affecting certain Macs. The Mac version is a PPC binary, meaning that it will run on PPC Macs and Intel Macs with Rosetta installed (Snow Leopard and earlier, and disregarding possible virtualization/emulation under Lion or Mountain Lion).

Yesterday the F-Secure report was picked up on by Mac sites like MacInTouch and—in more user-friendly detail—MacWorld. The new malware relies on some social engineering as you need to approve the installation of a Java applet from a questionable source. It was found on a Colombian website, but it is not yet known if that's the only source.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23206 08/23/12 06:02 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Two more backdoor variants (Crisis and NetWeirdRC) have been described that target multiple platforms, including Mac OS X and (in the case of Crisis) VMWare virtual machines. Both appear derived from commercial remote access tools. While Crisis is disseminated as a Java archive file (.jar) posing as a Flash Player Java applet, it's not yet clear what the main vector for NetWeirdRC is. There is as yet no indication how widespread either one is, and the current threat level is low.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23277 08/30/12 06:22 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Right on the heels of the Crisis and NetWeirdRC backdoors, another Java exploit appeared a few days ago, targeting the latest Java (7 v1.7). Because Apple has been running behind with Java updates even before leaving them to Oracle (home of Java) altogether, most Macs are still running Java 6 v1.6, which is not (yet) affected by this malware. MacWorld's Rich Mogul summarized this latest Java exploit, and lists the salient details for the Mac user.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23278 08/30/12 08:12 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I am one of those who previousely installed Java 1.7.0.x

Now, today, MacUpdate has posted Java SE Runtime Environment 7, v 1.7.0_07.

Is this a fix for the earlier vulnerabilities or will installing this make matters worse?

FWIW, I have Java disabled in Safari & Mail, and use Click To Plugin.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
Pendragon #23279 08/30/12 10:42 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Java's version number scheme is confusing. The vulnerable versions included the first 7 (#00>06) updates of Java 7, v1.7. This is the 8th update (#07), and is said to contain a patch to stop the current malware (Oracle did not yet provide details about the update). Note that the vulnerability is exploited via the browser, and that Java may* be disabled there. Apple disabled Java in Safari by default in both Lion and Mountain Lion (required for this version of Java), but it can be turned back on.

*) Ideally it should be 'should' rather than 'may' here: the next vulnerability could be exploited tomorrow, and you don't want to step in it by default.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23285 08/31/12 11:07 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: alternaut
...the next vulnerability could be exploited tomorrow, and you don't want to step in it by default.

I sure didn't imagine to be literally proven right: Researchers find critical vulnerability in Java 7 patch hours after release. shocked


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23287 09/01/12 10:17 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Java, apparently, is destined to be one of those apps that is so easily hacked, that patches will be a daily event. Grrrrr.

Indeed, for now, it seems the only recourse is to ensure it is fully disabled.

A pox on all their houses…

Oracle Oracles, on the other hand, are most worthy and we shall sing their praises!

Even though I think I have my Java locked down, I would manually remove v7, if I could find all the right pieces.

Me wonders why some enterprising chap or chapette hasn't developed a Java 7 uninstaller. Alas, I am of little faith re Oracle rising to that occasion.

But one can check to see if Java is accessible by running the test applet (at the bottom of the page).


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
Pendragon #23288 09/01/12 01:59 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Java will be pretty much history when you remove the folder /System/Library/Java/JavaVirtualMachines/, or its contents (1.x.0.jdk). If you just want to disable Java, you could open /Applications/Utilities/Java Preferences.app and uncheck any runtime listed on the General tab. And, for good measure, don't forget to disable it in your web browser.
For details on cleaning out other Java remnants in Lion (a mostly cosmetic exercise), check out the first answer to this question.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23291 09/02/12 10:18 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Because the Java 7 vulnerability is still proof of concept, e.g., no actual virus (yet), and I have disabled all Java settings (including browsers), it is not listed as runtime, I use ClickTo Plugin, and I have verified that the Java test applet won't run, I feel quit secure. Well, subject to change.

Of course, that begs the question: Why even have it? That answer, um, I'm still working on it…


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: THE CYBER-SECURITY THREAD
Pendragon #23293 09/02/12 03:58 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Pendragon
Java ... Why even have it?

There are two reasons you may need Java. The first is that you require access to websites whose functionality depends on Java (e.g., certain banks etc.). The second is that you have a need for stand-alone* Java apps on your Mac. I've listed some of those in a previous post.


*) There are also non-Java applications, that use Java for certain tasks or modules only. These may include initial installation and/or certain functionality of the installed program.

Last edited by alternaut; 09/07/12 02:02 PM. Reason: added clarification

alternaut moderator
Page 8 of 12 1 2 6 7 8 9 10 11 12

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.065s Queries: 65 (0.050s) Memory: 0.7231 MB (Peak: 0.9059 MB) Data Comp: Zlib Server Time: 2024-03-28 09:52:42 UTC
Valid HTML 5 and Valid CSS