Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 14
|
Joined: Aug 2009
Likes: 14 |
Heartbleed's been an open sore for more than two years, already, and there doesn't appear to be any indication that it's been exploited. Hmmmm. And I was thinking that, if they had been collecting information for the past couple of years, it might come in handy. I could contact the bug designers and ask for some of the passwords I've forgot.
ryck
"What Were Once Vices Are Now Habits" The Doobie Brothers
iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4 OS Sonoma 14.4.1 Canon Pixma TR 8520 Printer Epson Perfection V500 Photo Scanner c/w VueScan software TM on 1TB LaCie USB-C
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
... and there doesn't appear to be any indication that it's been exploited. At least not on a large scale, it seems. I'd like to point out, however, that there is a continuous and sizeable 'background' of internet hacking/theft going on. While much of that can be attributed to one or the other exploit, it doesn't cover everything else, including Heartbleed. After all, any smoking gun would have to unequivocally link abuse of stolen data with Heartbleed. Unfortunately, that's only indirectly possible (i.e., after abuse pattern analysis), because when used the exploit leaves no traces on affected servers (except, possibly, in custom transaction logs). And, as you suggested, there's not much of a pattern yet. On the other hand, if someone had indeed stumbled on this flaw and exploited it *, it's not unreasonable to assume that it probably wouldn't have remained a secret for long. That said, I'd like to remind you that the flaw can be used to access already recorded data, as this is not affected by any post-hoc patches applied to the relevant servers. Note that this data may have been recorded in the window between the flaw's recent revelation and its patching, and that window may still be open on servers you have dealt with. This explains the now frequently heard advice to check your financial transactions carefully for unauthorized activity. *) Despite a comment in an earlier post I didn't mention the possibility here that the NSA knew and kept mum about Heartbleed to be able to exploit the flaw, because I figured that would be beyond the pale even for that organization. It seems I was doubly wrong, and that now appears to have been the case, although it's been denied by the White House. If you needed proof that the current policies of US intelligence agencies may cause more damage than they prevent, this could be it.
Last edited by alternaut; 04/11/14 11:39 PM. Reason: Added breaking news
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
alternaut ◉ moderator
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
That said, I'd like to remind you that the flaw can be used to access already recorded data, as this is not affected by any post-hoc patches applied to the relevant servers. Note that this data may have been recorded in the window between the flaw's recent revelation and its patching, and that window may still be open on servers you have dealt with. This explains the now frequently heard advice to check your financial transactions carefully for unauthorized activity. I'll guess that already recorded data that has not yet been used is not in the hands of outwardly malicious persons, because those guys deal in current info rather than stockpile it and have it go bad. Data gathered in your "window" (my "springboard" period), though, might (will likely?) result in a flurry of activity before users have secured their situations. ( Happily, your linked Mashable doc reports that all the financial Websites I use are unaffected.)
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
The interesting thing about OpenSSL is that it's used to secure a huge percentage of the world's ecommerce sites, including some of the biggest powerhouses of the New Economy, yet all 400,000-plus lines of code are maintained by only 4 open source programmers who have a total budget of only a few thousand dollars a year.
One of those four people recently said something to the effect of "hey all you businesses spending millions to fix the problems caused by this flaw--since OpenSSL is vital to your business, how come you don't donate any money to maintaining it?"
|
|
Re: THE CYBER-SECURITY THREAD
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
I've been waiting for e-mails from Websites on which I do business, and the first one only just got to me...an all-clear from SuperMediaStore.com (from whom I bought DVDs).
I've received neither alerts nor all-clears from any of my financial institutions.
Anybody else?
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Last Pass
|
|
Joined: Aug 2009
|
For those who may have missed it, LastPass HeartBleed Checker may help.
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
1PW - AgileBits - Heartbleed Checker
|
|
Joined: Aug 2009
|
AgileBits has just published their tool, which can also check SMTP & IMAP URLs. Here's the Link: HeartBleed Checker
MacStudio M1max - 14.4.1, 64 GB Ram, 4TB SSD; Studio Display; iPhone 13mini; Watch 9; iPadPro (M2) 11" WiFi
|
|
Re: 1PW - AgileBits - Heartbleed Checker
|
|
Joined: Aug 2009
|
AgileBits has just published their tool, which can also check SMTP & IMAP URLs. Here's the Link: HeartBleed Checker Thanks for the post/link. It will be interesting to see what, if any, differences result from the two checkers. I suspect/guess they use the same algorithm. Or, maybe Schrödinger is at play, and it only matters if one views the results.
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Son of Heartbleed
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
It’s been quite a while since this thread saw some activity. So here goes: last January the CIRCL automatic launch object detection for Mac OS X, a free anti-malware utility was updated. The software is based on an idea by Topher Kessler, and monitors a number of Mac OS X locations known to have received malware files in past occasions. It’s up to the user to allow or disallow such installs, and provides an early warning for potential malware installation. Other recent updates for free anti-adware/malware utilities include AdwareMedic, Bitdefender Adware Removal Tool, KnockKnock and ScamZapper.
alternaut ◉ moderator
|
|
Re: Son of Heartbleed
|
|
Joined: Aug 2009
|
I have Adware Medic & Scam Zapper installed. Is that sufficient, or do you suggest CIRCL additionally be installed?
Harv 27" i7 iMac (10.13.6), iPhone Xs Max (12.1)
Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
Adware Medic actually removes certain adware on an ad-hoc basis, while Safari extension ScamZapper blocks certain browser popups. CIRCL’s ALOD runs in the background and lets you know if files are about to be installed in locations previous malware has installed components, and leaves you the choice to proceed with that or not. Only the latter two may run simultaneously with normal use. So these utilities do different things and can coexist, at least in principle.
The questions that remain include those about how well these apps play with others. Do they slow down your Mac or web browsing or otherwise negatively affect your computing, and if so, is that interference worth it to you? That’s likely both hardware and OS version dependent, and as such difficult to answer generically. For instance, and FWIW, I haven’t yet noticed anything untoward with ScamZapper and ALOD, or otherwise seen reason to uninstall them, running Yosemite on a retina iMac.
alternaut ◉ moderator
|
|
Hackers exploit Flash vulnerability
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
Adware Medic has now been rolled into a new expanded product Malwarebytes. Th UI is the same but the types of undesirable ware it searches for an removes has been expanded.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 14
|
Joined: Aug 2009
Likes: 14 |
Thanks for the tip. I decided to give it a try and got a reassuring "Malwarebytes did not find any malware or adware on your system." Of course, this doesn't mean that ongoing vigilance is less, it just means it's nice to have a way to check whether the effort is fruitful.
Last edited by ryck; 08/04/15 01:44 PM.
ryck
"What Were Once Vices Are Now Habits" The Doobie Brothers
iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4 OS Sonoma 14.4.1 Canon Pixma TR 8520 Printer Epson Perfection V500 Photo Scanner c/w VueScan software TM on 1TB LaCie USB-C
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 8
|
Joined: Aug 2009
Likes: 8 |
Adware Medic has now been rolled into a new expanded product Malwarebytes. Th UI is the same but the types of undesirable ware it searches for an removes has been expanded. The Mac version is on this page.
On a Mac since 1984. Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
Thanks for catching that Ira.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Son of Heartbleed
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
All versions are on the downloads page.
|
|
thunderstrike revisited
|
|
Joined: Aug 2009
|
So what's the current take on mac security with firmware modifying malware? I've been seeing a lot of chat recently about a new proof of concept that can just outright replace the firmware on a mac without the usual authentication, about usb devices that can do it ("badusb"), about airgapped access... what's the current state of affairs on OS X security?
I work for the Department of Redundancy Department
|
|
Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief.
This exploit can be leveraged across Thunderbolt connections (fortunately, not USB connections), provided an attacker can get physical access to a Mac and plug a malicious Thunderbolt device into it. With sudo access, you can take any measures, up to and including a malicious firmware update.
|
|
Re: thunderstrike revisited
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief. You are making me even more glad I am running OS X 10.11
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: thunderstrike revisited
|
|
Joined: Aug 2009
|
OS X 10.10 introduced a simple but catastrophic security hole that gives unauthenticated users sudo access without an administrator password. Needless to say, this allows all kinds of mischief. And this hasn't been patched with a security update?
I work for the Department of Redundancy Department
|
|
|
|