An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 11 of 12 < 1 2 ... 9 10 11 12 >
Topic Options
#28619 - 04/11/14 03:06 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: artie505
Heartbleed's been an open sore for more than two years, already, and there doesn't appear to be any indication that it's been exploited.

Hmmmm. And I was thinking that, if they had been collecting information for the past couple of years, it might come in handy. I could contact the bug designers and ask for some of the passwords I've forgot. wink
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#28620 - 04/11/14 07:46 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: artie505
... and there doesn't appear to be any indication that it's been exploited.

At least not on a large scale, it seems. I'd like to point out, however, that there is a continuous and sizeable 'background' of internet hacking/theft going on. While much of that can be attributed to one or the other exploit, it doesn't cover everything else, including Heartbleed. After all, any smoking gun would have to unequivocally link abuse of stolen data with Heartbleed. Unfortunately, that's only indirectly possible (i.e., after abuse pattern analysis), because when used the exploit leaves no traces on affected servers (except, possibly, in custom transaction logs). And, as you suggested, there's not much of a pattern yet.
On the other hand, if someone had indeed stumbled on this flaw and exploited it*, it's not unreasonable to assume that it probably wouldn't have remained a secret for long.

That said, I'd like to remind you that the flaw can be used to access already recorded data, as this is not affected by any post-hoc patches applied to the relevant servers. Note that this data may have been recorded in the window between the flaw's recent revelation and its patching, and that window may still be open on servers you have dealt with. This explains the now frequently heard advice to check your financial transactions carefully for unauthorized activity.


*) Despite a comment in an earlier post I didn't mention the possibility here that the NSA knew and kept mum about Heartbleed to be able to exploit the flaw, because I figured that would be beyond the pale even for that organization. It seems I was doubly wrong, and that now appears to have been the case, although it's been denied by the White House. If you needed proof that the current policies of US intelligence agencies may cause more damage than they prevent, this could be it.


Edited by alternaut (04/11/14 04:39 PM)
Edit Reason: Added breaking news
_________________________
alternaut moderator

Top
#28624 - 04/11/14 05:13 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
alternaut Offline

Moderator

Registered: 08/04/09
More selected notes:

- Heartbleed Bug: What Can You Do?
- Urgent: The Heartbleed Hit List: The Passwords You Need to Change Right Now
- Observations and commentary: Schneier on Security - Heartbleed
- Possible proof of use of the heartbleed vulnerability before Monday's disclosure: Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?
_________________________
alternaut moderator

Top
#28625 - 04/11/14 11:49 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
artie505 Online


Registered: 08/04/09
Originally Posted By: alternaut
That said, I'd like to remind you that the flaw can be used to access already recorded data, as this is not affected by any post-hoc patches applied to the relevant servers. Note that this data may have been recorded in the window between the flaw's recent revelation and its patching, and that window may still be open on servers you have dealt with. This explains the now frequently heard advice to check your financial transactions carefully for unauthorized activity.

I'll guess that already recorded data that has not yet been used is not in the hands of outwardly malicious persons, because those guys deal in current info rather than stockpile it and have it go bad.

Data gathered in your "window" (my "springboard" period), though, might (will likely?) result in a flurry of activity before users have secured their situations. (Happily, your linked Mashable doc reports that all the financial Websites I use are unaffected.)
_________________________
The new Great Equalizer is the SEND button.

Top
#28629 - 04/12/14 12:52 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The interesting thing about OpenSSL is that it's used to secure a huge percentage of the world's ecommerce sites, including some of the biggest powerhouses of the New Economy, yet all 400,000-plus lines of code are maintained by only 4 open source programmers who have a total budget of only a few thousand dollars a year.

One of those four people recently said something to the effect of "hey all you businesses spending millions to fix the problems caused by this flaw--since OpenSSL is vital to your business, how come you don't donate any money to maintaining it?"
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#28652 - 04/14/14 04:25 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
artie505 Online


Registered: 08/04/09
I've been waiting for e-mails from Websites on which I do business, and the first one only just got to me...an all-clear from SuperMediaStore.com (from whom I bought DVDs).

I've received neither alerts nor all-clears from any of my financial institutions.

Anybody else?
_________________________
The new Great Equalizer is the SEND button.

Top
#28655 - 04/15/14 04:04 AM Last Pass [Re: artie505]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
For those who may have missed it, LastPass HeartBleed Checker may help.
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28662 - 04/16/14 09:08 AM 1PW - AgileBits - Heartbleed Checker [Re: Pendragon]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
AgileBits has just published their tool, which can also check SMTP & IMAP URLs.

Here's the Link: HeartBleed Checker
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.14.2, iPhone X & iPadPro 11 WiFi, Watch4

Top
#28669 - 04/18/14 02:49 AM Re: 1PW - AgileBits - Heartbleed Checker [Re: pbGuy]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: pbGuy
AgileBits has just published their tool, which can also check SMTP & IMAP URLs.

Here's the Link: HeartBleed Checker


Thanks for the post/link. It will be interesting to see what, if any, differences result from the two checkers. I suspect/guess they use the same algorithm.

Or, maybe Schrödinger is at play, and it only matters if one views the results. grin
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30071 - 05/13/14 06:34 AM Son of Heartbleed [Re: Hal Itosis]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||

Top
#30386 - 06/23/14 12:51 PM Re: Son of Heartbleed [Re: grelber]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
It's still with us:
Heartbleed isn’t dead — 300,000 servers are still exposed — but here’s how you can protect yourself

Heartbleed isn’t dead — 300,000 serv...rotect yourself

Top
#30751 - 08/05/14 03:55 PM Re: Son of Heartbleed [Re: grelber]
jchuzi Online


Registered: 08/04/09
Loc: New York State
_________________________
Jon

OS 10.14.2, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#34435 - 05/25/15 11:17 AM Re: Son of Heartbleed [Re: jchuzi]
alternaut Offline

Moderator

Registered: 08/04/09
It’s been quite a while since this thread saw some activity. So here goes: last January the CIRCL automatic launch object detection for Mac OS X, a free anti-malware utility was updated. The software is based on an idea by Topher Kessler, and monitors a number of Mac OS X locations known to have received malware files in past occasions. It’s up to the user to allow or disallow such installs, and provides an early warning for potential malware installation.

Other recent updates for free anti-adware/malware utilities include AdwareMedic, Bitdefender Adware Removal Tool, KnockKnock and ScamZapper.
_________________________
alternaut moderator

Top
#34436 - 05/25/15 12:19 PM Re: Son of Heartbleed [Re: alternaut]
Pendragon Offline


Registered: 08/04/09
Loc: Georgetown, Texas, USA
Originally Posted By: alternaut
It’s been quite a while since this thread saw some activity. So here goes: last January the CIRCL automatic launch object detection for Mac OS X, a free anti-malware utility was updated. The software is based on an idea by Topher Kessler, and monitors a number of Mac OS X locations known to have received malware files in past occasions. It’s up to the user to allow or disallow such installs, and provides an early warning for potential malware installation.

Other recent updates for free anti-adware/malware utilities include AdwareMedic, Bitdefender Adware Removal Tool, KnockKnock and ScamZapper.


I have Adware Medic & Scam Zapper installed. Is that sufficient, or do you suggest CIRCL additionally be installed? shocked
_________________________
Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#34439 - 05/25/15 01:31 PM Re: Son of Heartbleed [Re: Pendragon]
alternaut Offline

Moderator

Registered: 08/04/09
Adware Medic actually removes certain adware on an ad-hoc basis, while Safari extension ScamZapper blocks certain browser popups. CIRCL’s ALOD runs in the background and lets you know if files are about to be installed in locations previous malware has installed components, and leaves you the choice to proceed with that or not. Only the latter two may run simultaneously with normal use. So these utilities do different things and can coexist, at least in principle.

The questions that remain include those about how well these apps play with others. Do they slow down your Mac or web browsing or otherwise negatively affect your computing, and if so, is that interference worth it to you? That’s likely both hardware and OS version dependent, and as such difficult to answer generically. For instance, and FWIW, I haven’t yet noticed anything untoward with ScamZapper and ALOD, or otherwise seen reason to uninstall them, running Yosemite on a retina iMac.
_________________________
alternaut moderator

Top
#35368 - 08/04/15 01:34 AM Hackers exploit Flash vulnerability [Re: alternaut]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||

Top
#35373 - 08/04/15 05:47 AM Re: Son of Heartbleed [Re: alternaut]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Adware Medic has now been rolled into a new expanded product Malwarebytes. Th UI is the same but the types of undesirable ware it searches for an removes has been expanded.
_________________________
joemikeb • moderator

Top
#35374 - 08/04/15 06:42 AM Re: Son of Heartbleed [Re: joemikeb]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Thanks for the tip. I decided to give it a try and got a reassuring "Malwarebytes did not find any malware or adware on your system." Of course, this doesn't mean that ongoing vigilance is less, it just means it's nice to have a way to check whether the effort is fruitful.


Edited by ryck (08/04/15 06:44 AM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#35375 - 08/04/15 09:25 AM Re: Son of Heartbleed [Re: joemikeb]
Ira L Offline


Registered: 08/13/09
Loc: California
Originally Posted By: joemikeb
Adware Medic has now been rolled into a new expanded product Malwarebytes. Th UI is the same but the types of undesirable ware it searches for an removes has been expanded.


The Mac version is on this page.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#35376 - 08/04/15 12:47 PM Re: Son of Heartbleed [Re: Ira L]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Thanks for catching that Ira.
_________________________
joemikeb • moderator

Top
#35377 - 08/04/15 12:51 PM Re: Son of Heartbleed [Re: Ira L]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Originally Posted By: Ira L
The Mac version is on this page.

All versions are on the downloads page. confused

Top
#35378 - 08/04/15 12:54 PM thunderstrike revisited [Re: Hal Itosis]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
So what's the current take on mac security with firmware modifying malware? I've been seeing a lot of chat recently about a new proof of concept that can just outright replace the firmware on a mac without the usual authentication, about usb devices that can do it ("badusb"), about airgapped access... what's the current state of affairs on OS X security?
_________________________
I work for the Department of Redundancy Department

Top
#35380 - 08/04/15 03:20 PM Re: thunderstrike revisited [Re: Virtual1]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.

This exploit can be leveraged across Thunderbolt connections (fortunately, not USB connections), provided an attacker can get physical access to a Mac and plug a malicious Thunderbolt device into it. With sudo access, you can take any measures, up to and including a malicious firmware update.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#35383 - 08/04/15 06:34 PM Re: thunderstrike revisited [Re: tacit]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: tacit
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.

You are making me even more glad I am running OS X 10.11
_________________________
joemikeb • moderator

Top
#35387 - 08/05/15 04:54 AM Re: thunderstrike revisited [Re: tacit]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: tacit
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.

And this hasn't been patched with a security update?
_________________________
I work for the Department of Redundancy Department

Top
Page 11 of 12 < 1 2 ... 9 10 11 12 >

Moderator:  alternaut, cyn