An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 8 of 12 < 1 2 ... 6 7 8 9 10 11 12 >
Topic Options
#21985 - 05/14/12 02:17 PM Re: THE CYBER-SECURITY THREAD [Re: jchuzi]
alternaut Offline

Moderator

Registered: 08/04/09
This afternoon Apple released a security update and a Flashback removal utility for Leopard (Intel only). Like the previous version for Snow Leopard/Lion, this updater removes older versions of Adobe Flash Player.

As expected, PPC Macs are ignored. MacinTouch's Security Reader Report includes an interesting item about this and Apple's policy of dropping support for OS X versions more than 2 iterations old. The latter may leave about half of all Macs unsupported (with regard to security updates) when Mountain Lion is released.
_________________________
alternaut moderator

Top
#21986 - 05/14/12 02:35 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
artie505 Online


Registered: 08/04/09
> The latter may leave about half of all Macs unsupported (with regard to security updates) when Mountain Lion is released.

When I read that Apple was going to be upgrading OSX more frequently than before, I wondered how legacy versions would fare.

(As, if not more, important is whether support for iTunes...still supported in Leopard (PPC and Intel versions), will be continued?)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#22080 - 05/30/12 02:29 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Flame virus set to spread like wildfire

It is claimed that Flame is "perhaps the most sophisticated piece of malicious software ever designed".

Top
#22101 - 05/31/12 02:31 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Part of the problem with flash is that adobe insists on using their custom package installers, so they don't even have the option of placing it inside Software Update like they do with printer drivers. Apple's decision to outright disable flash when there's a new version out seems to be very prudent.

I wish they'd make it easier to see that it's been disabled. It appears that users get one warning and that's it, and there's no menu option or anything to indicate it's disabled or where to go to fix it. And adobe's installer writes its own standard from the ground-up for its behavior, so I've been running into users all week that don't understand that the installer hasn't actually finished installing, usually when it is launched right after download and is refusing to run because safari is (surprise!) still running.
_________________________
I work for the Department of Redundancy Department

Top
#22108 - 05/31/12 09:54 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Originally Posted By: grelber
Flame virus set to spread like wildfire

It is claimed that Flame is "perhaps the most sophisticated piece of malicious software ever designed".


The idea that it is "spreading like wildfire," however, is hyperbole; it's actually one of the rarest and least-spreading bits of malware in the world. It's been confirmed to have infected fewer than 1,000 systems; by way of comparison, the OS X Flashback Trojan infected more than 600,000, and W32/Zlob (my own personal favorite) is known to have infected somewhere between 4 million and 5 million. Even specialized, small-scale malware like W32/Asprox, which infects Windows computers running Web server software, infected about 12,000 systems in a single day.

So by way of comparison, not only is Flame not spreading like wildfire, just the opposite--it's extremely narrowly targeted, affecting only carefully selected computers in key industrial applications in certain very highly specific places.

The analysis I've read suggests that while Flame is certainly very highly sophisticated, and was almost certainly financed at a cost of millions of dollars by a governmental agency (Iran is pointing the finger at Israel, but it's not impossible the US was behind it), it isn't the most sophisticated bit of malware ever designed...that would probably be Stuxnet. Flame doesn't seem to spread by several zero-day exploits. Its main claim to sophistication is that once it has infected a system, its operators can upload different modules to the infected computer for different purposes. These modules, written in a scripting language called Lua, can perform different functions--acting as a keylogger, intercepting email, taking screen shots, deleting files, and so on--but each of those modules is not, of and by itself, that sophisticated.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#22109 - 05/31/12 10:02 PM Re: THE CYBER-SECURITY THREAD [Re: tacit]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: tacit
The idea that it is "spreading like wildfire," however, is hyperbole ....

Of course it is. Editors love 'overstatement'.

Top
#22110 - 05/31/12 11:04 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Interesting piece in today's New York Times about Stuxnet and how it was part of a joint US/Israeli attack on Iran's nuclear enrichment facility, and how it was discovered only after a programming error allowed it to infect computers outside the facility.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#22111 - 05/31/12 11:08 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
To be fair, it may be possible that PowerPC Macs are ignored by the Flashback update and removal tool because, to date, no PPC variant of the Trojan has been seen. PowerPC systems are immune to the attack, as the malware is compiled only for Intel processors.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#22115 - 06/01/12 07:12 AM Re: THE CYBER-SECURITY THREAD [Re: tacit]
alternaut Offline

Moderator

Registered: 08/04/09
I agree that the Flashback variants to date weren't compiled to run on PPC Macs, and consequently didn't pose a threat there. Should that change though, I'm not so sure it would make much of a difference to Apple's support policy with regard to security updates, which excludes PPC Macs for various other reasons.
_________________________
alternaut moderator

Top
#22116 - 06/01/12 07:26 AM Re: THE CYBER-SECURITY THREAD [Re: tacit]
alternaut Offline

Moderator

Registered: 08/04/09
Those interested in some background info on Flame can of course Google for details, but in case you haven't done so yet I have compiled the following shortlist of links to complement the NYT link tacit provided above:

- ‘Flame’ Virus explained: How it works and who’s behind it
- Was Flame virus written by cyberwarriors or gamers?
- Iran: ‘Flame’ Virus Fight Began with Oil Attack
- Flame virus abilities expand with Bluetooth
- The Flame Virus: Spyware on an Unprecedented Scale
_________________________
alternaut moderator

Top
#22141 - 06/04/12 06:49 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||

Top
#22163 - 06/08/12 12:05 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
On Ars Technica: Cryptography breakthrough shows Flame was designed by world-class scientists.

"It's not a garden-variety collision attack, or just an implementation of previous MD5 collisions papers—which would be difficult enough," Matthew Green, a professor specializing in cryptography in the computer science department at Johns Hopkins University, told Ars. "There were mathematicians doing new science to make Flame work."
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#22205 - 06/12/12 04:32 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Here we go again: Java SE 6 2012-004 1.6.0_33 is now out.
To what end, who knows? I thought that the previous version was the 'ultimate'.

And, man, what a flurry of activity on Apple Support Downloads over the past couple days!

Top
#22206 - 06/12/12 05:19 PM Re: THE CYBER-SECURITY THREAD [Re: grelber]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: grelber
I thought that the previous version was the 'ultimate'.

If that's ever true, it's at best a 'temporary monument'. Consider bug and security fixes, plus 'genuine' improvements. tongue
_________________________
alternaut moderator

Top
#22209 - 06/12/12 05:51 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
artie505 Online


Registered: 08/04/09
A new wrinkle:

Originally Posted By: Apple
This update configures web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#22498 - 07/12/12 07:22 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Earlier this week F-Secure reported the discovery of new, multi-platform Java backdoor malware affecting certain Macs. The Mac version is a PPC binary, meaning that it will run on PPC Macs and Intel Macs with Rosetta installed (Snow Leopard and earlier, and disregarding possible virtualization/emulation under Lion or Mountain Lion).

Yesterday the F-Secure report was picked up on by Mac sites like MacInTouch and—in more user-friendly detail—MacWorld. The new malware relies on some social engineering as you need to approve the installation of a Java applet from a questionable source. It was found on a Colombian website, but it is not yet known if that's the only source.
_________________________
alternaut moderator

Top
#23206 - 08/23/12 11:02 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
alternaut Offline

Moderator

Registered: 08/04/09
Two more backdoor variants (Crisis and NetWeirdRC) have been described that target multiple platforms, including Mac OS X and (in the case of Crisis) VMWare virtual machines. Both appear derived from commercial remote access tools. While Crisis is disseminated as a Java archive file (.jar) posing as a Flash Player Java applet, it's not yet clear what the main vector for NetWeirdRC is. There is as yet no indication how widespread either one is, and the current threat level is low.
_________________________
alternaut moderator

Top
#23277 - 08/30/12 11:22 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
alternaut Offline

Moderator

Registered: 08/04/09
Right on the heels of the Crisis and NetWeirdRC backdoors, another Java exploit appeared a few days ago, targeting the latest Java (7 v1.7). Because Apple has been running behind with Java updates even before leaving them to Oracle (home of Java) altogether, most Macs are still running Java 6 v1.6, which is not (yet) affected by this malware. MacWorld's Rich Mogul summarized this latest Java exploit, and lists the salient details for the Mac user.
_________________________
alternaut moderator

Top
#23278 - 08/30/12 01:12 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
I am one of those who previousely installed Java 1.7.0.x

Now, today, MacUpdate has posted Java SE Runtime Environment 7, v 1.7.0_07.

Is this a fix for the earlier vulnerabilities or will installing this make matters worse?

FWIW, I have Java disabled in Safari & Mail, and use Click To Plugin.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#23279 - 08/30/12 03:42 PM Re: THE CYBER-SECURITY THREAD [Re: Pendragon]
alternaut Offline

Moderator

Registered: 08/04/09
Java's version number scheme is confusing. The vulnerable versions included the first 7 (#00>06) updates of Java 7, v1.7. This is the 8th update (#07), and is said to contain a patch to stop the current malware (Oracle did not yet provide details about the update). Note that the vulnerability is exploited via the browser, and that Java may* be disabled there. Apple disabled Java in Safari by default in both Lion and Mountain Lion (required for this version of Java), but it can be turned back on.

*) Ideally it should be 'should' rather than 'may' here: the next vulnerability could be exploited tomorrow, and you don't want to step in it by default.
_________________________
alternaut moderator

Top
#23285 - 08/31/12 04:07 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: alternaut
...the next vulnerability could be exploited tomorrow, and you don't want to step in it by default.

I sure didn't imagine to be literally proven right: Researchers find critical vulnerability in Java 7 patch hours after release. shocked
_________________________
alternaut moderator

Top
#23287 - 09/01/12 03:17 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Java, apparently, is destined to be one of those apps that is so easily hacked, that patches will be a daily event. Grrrrr.

Indeed, for now, it seems the only recourse is to ensure it is fully disabled.

A pox on all their houses…

Oracle Oracles, on the other hand, are most worthy and we shall sing their praises!

Even though I think I have my Java locked down, I would manually remove v7, if I could find all the right pieces.

Me wonders why some enterprising chap or chapette hasn't developed a Java 7 uninstaller. Alas, I am of little faith re Oracle rising to that occasion.

But one can check to see if Java is accessible by running the test applet (at the bottom of the page).
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#23288 - 09/01/12 06:59 AM Re: THE CYBER-SECURITY THREAD [Re: Pendragon]
alternaut Offline

Moderator

Registered: 08/04/09
Java will be pretty much history when you remove the folder /System/Library/Java/JavaVirtualMachines/, or its contents (1.x.0.jdk). If you just want to disable Java, you could open /Applications/Utilities/Java Preferences.app and uncheck any runtime listed on the General tab. And, for good measure, don't forget to disable it in your web browser.
For details on cleaning out other Java remnants in Lion (a mostly cosmetic exercise), check out the first answer to this question.
_________________________
alternaut moderator

Top
#23291 - 09/02/12 03:18 AM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Because the Java 7 vulnerability is still proof of concept, e.g., no actual virus (yet), and I have disabled all Java settings (including browsers), it is not listed as runtime, I use ClickTo Plugin, and I have verified that the Java test applet won't run, I feel quit secure. Well, subject to change.

Of course, that begs the question: Why even have it? That answer, um, I'm still working on it…
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#23293 - 09/02/12 08:58 AM Re: THE CYBER-SECURITY THREAD [Re: Pendragon]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: Pendragon
Java ... Why even have it?

There are two reasons you may need Java. The first is that you require access to websites whose functionality depends on Java (e.g., certain banks etc.). The second is that you have a need for stand-alone* Java apps on your Mac. I've listed some of those in a previous post.


*) There are also non-Java applications, that use Java for certain tasks or modules only. These may include initial installation and/or certain functionality of the installed program.


Edited by alternaut (09/07/12 07:02 AM)
Edit Reason: added clarification
_________________________
alternaut moderator

Top
Page 8 of 12 < 1 2 ... 6 7 8 9 10 11 12 >

Moderator:  alternaut, cyn