An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 9 of 12 1 2 7 8 9 10 11 12
Re: THE CYBER-SECURITY THREAD
alternaut #23311 09/04/12 05:52 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23314 09/05/12 06:30 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Today, unexpectedly close on the heels of Oracle's recent (and already compromised) Java 7 updater, follow two Java 6 updaters from Apple for Snow Leopard as well as for Lion and Mountain Lion. We'll see how long these last.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #23332 09/07/12 01:56 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
The Java 1.6 updaters Apple issued earlier this week are subject to similar caveats as affected the preceding Java 1.7 updater provided by Oracle. The Oracle patch proved to be buggy and still vulnerable to certain exploits, while Apple's 1.6 updaters apparently do not patch the 1.7 vulnerability that the Oracle updater addressed. To be sure, this vulnerability has to date only been exploited in Java 1.7, and NOT yet in Java 1.6, but it could be.

Hence, all suggestions to secure your Java configuration to your needs are still valid and recommended.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #24374 12/06/12 03:23 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
And now, a new wrinkle in the cat-and-mouse game: For PC Virus Victims, Pay or Else


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #24377 12/08/12 05:32 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Earlier today MacInTouch noted a report from Sophos dealing with current and expected computer security threats. It may be of interest to regular readers of this thread:

- Security Threat Report 2013


alternaut moderator
Re: THE CYBER-SECURITY THREAD
jchuzi #24401 12/11/12 04:51 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
ya we've seen a recent upsurge in "ransomware" and the "fbi warning" trojans on the pc side as of lately. funny stuff. makes for entertaining phonecalls from customers.


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
Virtual1 #24481 12/20/12 10:49 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
For those who like this time of the year to review past issues, here's Rich Mogull's view on Apple’s Security Efforts in 2012.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
Virtual1 #24485 12/21/12 12:17 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
If it's entertainment that you seek, watch this video to the end.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
alternaut #24509 12/22/12 04:24 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
While the iOS world has been relatively clean of malware, it has (had) its share of privacy issues, and so it appears again today. AppleInsider reports that an iOS 6 bug reenables JavaScript in Safari without user consent. Even though this privacy and security vulnerability doesn't appear to be actively exploited at the moment, it could allow browser fingerprinting of those users who thought they'd stopped that by disabling JavaScript. Not!


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #24779 01/14/13 06:31 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Here is some background information about the latest Java 7 exploit* of vulnerability CVE-2013-0422, and the Java 7 Update 11 that patches it. The article also addresses potential issues with the (unrelated) JavaScript and suggests a 'best practice' approach.

*) mentioned elsewhere in this forum.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #24790 01/15/13 06:18 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
The "Best Practices" I keep seeing by the experts on this topic are "java will always have security problems"

I dunno. I generally put Java and Flash in pretty much the same boat that way.


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
Virtual1 #24791 01/15/13 06:58 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Virtual1
The "Best Practices" I keep seeing by the experts on this topic are "java will always have security problems"

I behave as if that were true, by keeping Java turned off and and Flash blocked until I choose to allow it for specific tasks or web sites. But that 'best practice' comment really was about how to deal with JavaScript and its vulnerabilities. I suppose I could have been more clear about that.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #24866 01/31/13 05:50 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #24869 01/31/13 10:27 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Either Apple's Anti-malware system does not work or the article is inaccurate and misleading. I suspect the latter to be the case.

There are three major Java implementation categories, each with its own characteristics and limitations…
  1. applications — stand alone programs that run on the computer such as NeoOffice
  2. applets — that run only within a browser and are not at all the same thing as javascript
  3. Servlets — that run on a server to provide various functionalities

I have several Java applications on my Macs including OpenOffice, NeoOffice, MoneyDance, and others used to access specific devices. All of them are working perfectly and I am scrupulous about installing every update that comes along. Therefore, it would appear that although the referenced article is easily interpreted as applying to all three Java implementations the only ones effected by the OS X anti-malware system are applets. (Thank goodness, because it would take me literally hundreds of hours of work to reconstruct all my financial records to pay last year's taxes if Java were unilaterally cut off, not to mention all my documents that are in ODF format.)

As to alternaut's concern about Javascript insecurity goes that becomes an even more difficult problem to solve as each browser has its own unique implementation of ECMAScript. (Although Mozilla's JavaScript was the original both it and Microsoft's JScript are officially two of the many dialects encompassed by the the ECMAScript standard.) So a vulnerability may exist in the dialect, the standard or, perhaps even more likely, in the particular browser's implementation of the standard. I still run across the occasional web sites that only work if you are using a specific version of Internet Explorer or maybe a Mozilla browser. mad



If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: THE CYBER-SECURITY THREAD
joemikeb #24882 02/01/13 09:30 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Oracle patches security issues with Java 7 Update 13, and I believe whatever the groundhog says tomorrow.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
joemikeb #24884 02/01/13 09:53 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Much to my surprise I was installing Adobe Creative Suite CS 6 on my son's computer today and when I launched the first application, Dreamweaver, the first thing it did was install Java. So here is another case where at least Java applications are unaffected by Apple's anti-malware. Whether there are Java applications embedded in DW or the JVM is there for site development, I have no idea.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: THE CYBER-SECURITY THREAD
joemikeb #24891 02/02/13 12:29 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Here's a real-world exploit of Java vulnerabilities: Twitter Hacked: Data for 250,000 Users May Be Stolen.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #24900 02/02/13 08:42 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Punxsutawney Phil didn't scare himself with unexplained light effects, and Apple issued its Java for Mac OS X 10.6 Update 12. I just hope for the best. wink


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #25062 02/17/13 09:35 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
It looks like "damage control" and attempted cover-ups are not restricted to governments. Google asks journalists to tone down story of "massive" Google Play security flaw. Fortunately for me, I don't have a cell phone of any description but now I know that I will never trust Google. I ditched Chrome awhile back because of my doubts about privacy.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: THE CYBER-SECURITY THREAD
jchuzi #25063 02/17/13 09:59 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Take your pick from Chrome's lack of privacy to Safari's sellout to the "trackers"... shocked


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #25104 02/21/13 06:18 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Adobe has issued critical updates for both Reader and Acrobat versions 9, 10 and 11. Until the updates are installed, it is advisable to disable JavaScript in Reader and (when optional) enable protected view before accessing PDFs on the internet.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #25202 02/28/13 09:51 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
seeing as there'll just be another critical security hole next month/week/tomorrow, it's probably smarter to just leave java off.


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
Virtual1 #25205 02/28/13 10:51 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Virtual1
... just leave java off.

Absolutely, but note that in my previous post I was referring specifically to JavaScript in Reader. For many users, that may not be too onerous, but we'd be really hurting if that should ever extend to browsers.


alternaut moderator
Re: THE CYBER-SECURITY THREAD
alternaut #25216 03/01/13 05:36 PM
Joined: Aug 2009
Offline

Joined: Aug 2009


I work for the Department of Redundancy Department
Re: THE CYBER-SECURITY THREAD
Hal Itosis #25229 03/02/13 01:35 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
well THAT didn't take long... http://thenextweb.com/insider/2013/03/01...urity-settings/

You'd think the hackers would have the common courtesy to wait until the most recent 0-day is patched before announcing another one.

ya... I think I'll just leave that OFF.


I work for the Department of Redundancy Department
Page 9 of 12 1 2 7 8 9 10 11 12

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.102s Queries: 65 (0.092s) Memory: 0.7181 MB (Peak: 0.8969 MB) Data Comp: Zlib Server Time: 2024-03-28 13:47:07 UTC
Valid HTML 5 and Valid CSS