An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 12 1 2 3 ... 11 12 >
Topic Options
#8479 - 02/19/10 10:39 AM THE CYBER-SECURITY THREAD
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
 
A recent iPad thread got diverted briefly into an exchange about cyber-security (in the context of maintaining software updates). This inspired YA <excellent post> by tacit.

i think it would be good if we could have one thread to turn to as a resource for such info. Hopefully, this will be it.

In his own online blogs, tacit furnishes a wealth of articles (only three of which i list here):
  1. Polyamory and crime on the Internet -- Dec. 12, 2007

  2. Anatomy of computer crime -- Mar. 26, 2008

  3. More computer crime anatomy -- May 5, 2008


Back in the MFI forums, we were sometimes treated with supplemental threads, such as:
  1. Analysis of virus distribution -- Dec. 13, 2007

  2. Mac virus distributed by Russian Business Network -- Mar. 26, 2008

  3. Well, the Russians are back -- Dec. 27, 2008


As we have learned from the links above, the dangers out there are not limited to pr0n sites or pirate-laden p2p networks... but rather everyday places like google.com, and various "worldpress" forums (who don't update their software and/or take sufficient precautions). The trends tacit taught us about continue today...
  1. Preview to a Possible Future of Rogue AV -- Dec. 2, 2009

  2. Be Careful Clicking on the Google Doodle -- Dec. 15, 2009

  3. Yet Another Reputable Site Asks You to Install Rogue AV -- Dec 18, 2009

  4. Scammers Cashing in on Facebook ‘Un named App’ Hoax -- Jan. 30, 2010

And here's a small item i ran into today: The world is hacked, and it's users' fault -- Feb. 19, 2010

--

Anyway, i hope members will choose to use this thread as a convenient one-stop place where useful security info can be either deposited or easily located.



Edited by Hal Itosis (02/19/10 10:00 PM)

Top
#8480 - 02/19/10 10:59 AM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
For example, this (Mac-oriented) website was quite good (in terms of articles) in the past...

http://blog.iantivirus.com/

...and i believe that's still the case today.

Note however that the name “iAntiVirus” also appears on some sketchy-looking software product, which is *not* related to that blog (afaik).


EDIT: ooops, i guess they're the same?
Hmm, what do you folks think about it?
[the blog was pretty good a ways back.]

Anyway, it is freeware... i just hope it's safe. crazy
[i definitely like ClamXav 2.x myself.]


Edited by Hal Itosis (02/19/10 11:09 AM)

Top
#8491 - 02/19/10 09:43 PM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
artie505 Online


Registered: 08/04/09
Wow! A whole new resource for me to ignore. grin

Seriously though... Thanks for starting this thread; may I suggest to the M Squad that it be made "sticky?"
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#8517 - 02/21/10 08:47 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
cyn Offline

Administrator

Registered: 08/03/09
I split a branch of replies off to a separate thread so this one can stay focused on the subject of cyber security. I might end up moving the new one to FineTunedMac Feedback, but for now at least it's here in the Lounge: Discussion about "THE CYBER-SECURITY THREAD"
_________________________
FineTunedMac Forums Admin

Top
#8531 - 02/21/10 08:59 PM Re: THE CYBER-SECURITY THREAD [Re: cyn]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Hmm, anyone ever heard of this?

Trusteer   (Rapport)

I've poked around and read parts of the FAQ, but if someone could assess its value to Mac users and summarize how we would use it (or whether we should bother with it), i'd be interested to learn more.

Top
#8534 - 02/21/10 10:45 PM Re: THE CYBER-SECURITY THREAD [Re: tacit]
artie505 Online


Registered: 08/04/09
tacit, I'm wondering if you missed the question I posed in my original response to this post, namely, which, if any, of your three "how-they-do-its" is of the nature that it can be prevented by an existing or future Apple Security Update?

Or, on the other hand, are they all simply "user beware" type threats?

(I'm trying to put your post into perspective with the rest of the discussion.)

Thanks.


Edit: This was originally a response to tacit's reply in "iPad" (the same "<excellent post> by tacit" that Hal referred to in his opening post of this cyber security thread).


Edited by cyn (02/23/10 05:35 AM)
Edit Reason: Moved this post and the 3 followups to it from the "iPad" thread.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#8537 - 02/22/10 09:09 AM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Originally Posted By: Hal Itosis
Hmm, anyone ever heard of this?

Trusteer   (Rapport)

I've poked around and read parts of the FAQ, but if someone could assess its value to Mac users and summarize how we would use it (or whether we should bother with it), i'd be interested to learn more.


Thread about this here

I eventually signed up just to shut them up / stop them nagging me every time I logged in.

Interestingly, it's attached to my ID, not to my computer. How do I know this? Because I went into on-line banking from another computer. No nagging, Rapport already "loaded".

As to whether it's any use or not, I cannot tell from this end.


Top
#8541 - 02/22/10 12:15 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: artie505
tacit, I'm wondering if you missed the question I posed in my original response to this post, namely, which, if any, of your three "how-they-do-its" is of the nature that it can be prevented by an existing or future Apple Security Update?

Or, on the other hand, are they all simply "user beware" type threats?

(I'm trying to put your post into perspective with the rest of the discussion.)

That's hardly the point, nor does it belong in this iPad thread (as presented).

If we both visit some page and click on some link which contains code exploiting some vulnerability for which my OS/browser has been patched and yours hasn't... then your computer will crash (or whatever), and mine won't. It's really really really simple: known weaknesses get patched... and there is zero wisdom involved in not updating. We could argue about whether or not that page actually exists and whether or not we might actually click that link, and conclude that it probably won't ever happen (and so the extra security may not be needed "necessarily")... but that's not a very meaningful discussion.

Supplemental reading:
edit: note that —on those 3 pages there —the phrase arbitrary code execution is a euphemism which (more often than not) actually means a cleverly crafted script could run (likely with root privileges, and thus do whatever it wants to).


Edited by Hal Itosis (02/23/10 11:30 AM)

Top
#8543 - 02/22/10 01:13 PM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
artie505 Online


Registered: 08/04/09
> That's hardly the point, nor does it belong in this iPad thread (as presented).

My bad... I should have posted, with a link, in the other thread. I posted to tacit in the thread in which he posted.

And it is the point, because I posed a clarification question, not one about security.

Edit: You're saying then that the situations described in tacit's post are of the nature that's addressed by security updates?


Edited by artie505 (02/23/10 04:05 AM)
Edit Reason: [s][/s]+
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#8556 - 02/23/10 04:25 AM Re: THE CYBER-SECURITY THREAD [Re: artie505]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Originally Posted By: artie505
Just to be certain, though, which, if any, of your three "how-they-do-its" is vulnerable to an Apple Security Update?


Any of them.

The people, usually Eastern European organized crime, who distribute malware via compromised Web sites or poisoned banner ads will often rely on known security vulnerabilities in popular Web browsers or plugins in order to download malware.

Once you have ended up on an attacker's site, whether that's by a poisoned banner ad or by clicking on a seeded link in Google or whatever, the site will often attempt an assortment of different exploits. It may try to exploit holes in the Flash player plugin, for instance (that's one I'm seeing a lot of lately--on Macs it just crashes the browser, on Windows it silently downloads and runs malware); ir it might try to exploit known flaws in known browsers (like Internet Explorer flaws); or it might try to exploit something like a RealPlayer security hole. If all of those fail, it will try to trick you into downloading and installing the malware yourself.

Apple security updates will fix flaws in the browser and often will include third-party software or plugin fixes as well. For example, the update that just came out earlier this year fixes flaws in the Mac version of the Adobe Flash plugin. Even though Apple didn't write the plugin, they included the security fix as part of the general security update.

So to answer your question directly, security updates can mitigate Web attacks regardless of the mechanism used to get you onto the attacker's page.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#8569 - 02/24/10 01:19 AM Re: THE CYBER-SECURITY THREAD [Re: tacit]
artie505 Online


Registered: 08/04/09
Thanks, tacit, for continually sharing your in-depth knowledge of this subject. smile

Last link in this particular chain...

> It may try to exploit holes in the Flash player plugin, for instance (that's one I'm seeing a lot of lately--on Macs it just crashes the browser, [....]

Will running ClickToFlash, which prevents Flash content from loading, prevent such exploits?
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#8581 - 02/24/10 09:27 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Yes. The exploit works by loading a poisoned SWF file that contains special code which crashes the Flash player (and, on a Windows machine, allows the execution of arbitrary code. Applications which block Flash code from loading will mitigate against this kind of attack.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#8582 - 02/24/10 11:11 PM Re: THE CYBER-SECURITY THREAD [Re: tacit]
artie505 Online


Registered: 08/04/09
Thanks! smile
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#8665 - 03/01/10 02:33 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)


Edited by Hal Itosis (03/01/10 02:35 PM)
Edit Reason: reworded their title

Top
#8687 - 03/02/10 11:20 PM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
artie505 Online


Registered: 08/04/09
Thanks for the link. There's not really much to read, but I did find the info that there's "a program that purchases the rights to vulnerability information in exchange for exclusivity to broker fixes with affected vendors" interesting.

I guess my neck is now stretched 8 notches longer than it used to be stretched. crazy
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#8784 - 03/11/10 10:50 PM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: Hal Itosis

I suppose Safari 4.0.5 may address some of those.

[hello... anybody? wink ]

Top
#8785 - 03/12/10 02:24 AM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
artie505 Online


Registered: 08/04/09
Quote:
[hello... anybody? wink ]


Dare I say it? wink
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#8943 - 03/19/10 03:38 PM Re: THE CYBER-SECURITY THREAD [Re: artie505]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Perhaps not Safari-specific (or "cyber" related even), but...

Charlie Miller to reveal 20 zero day security holes in Mac OS X

... i guess we'll have to wait and see what the world is permitted to learn.
[in the past, actual "how-to" details have been kept (more-or-less) private.]


EDIT: here's the original article at the "Heise Media" website:
Mac OS X: "safer, but less secure" -- March, 18 2010


EDIT#2: and here are the rules/gameplan for the upcoming (March 24th) event:
Pwn2Own 2010


Edited by Hal Itosis (03/19/10 09:27 PM)

Top
#8953 - 03/19/10 08:38 PM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Charlie Miller to reveal 20 zero day security holes in Mac OS X

100% of which will require having physical access to the computer and a local account to login to. They usually leave that factoid out until they show them off. When someone comes up with a network exploit, I'll pay more attention.
_________________________
I work for the Department of Redundancy Department

Top
#8955 - 03/19/10 09:04 PM Re: THE CYBER-SECURITY THREAD [Re: Virtual1]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Originally Posted By: Virtual1
Charlie Miller to reveal 20 zero day security holes in Mac OS X

100% of which will require having physical access to the computer and a local account to login to. They usually leave that factoid out until they show them off.

Not true.

This is the same guy as the last few years, and all previous reports used words to the effect:
• The MacBook was able to withstand external network attacks.
but then later on...
• [ . . . ] with the interaction of a user who surfed to a specially crafted website.

Sorry but, that's not physical access in the sense that the term "physical access" is normally used. If simply visiting a webpage page can infect a computer, then that's a serious problem (imho). Trying to lump that sort of weakness under "physical access" is a prevarication.


More past clips...

Pwn2Own 2009: Safari, IE 8 and Firefox exploited -- March 2009
Quote:
Security researcher Charlie Miller, in a repeat performance of last year, used a prepared exploit to crack the Safari web browser on a MacBook running the latest version of Mac OS X, in a matter of seconds. The exploit won him $5,000 and the MacBook. According to CNet Miller said that he used a security hole which he discovered last year that allows a remote attacker to gain control of a machine when a user visits a malicious URL. Last year Miller also cracked Safari in a few minutes and won a MacBook Air and $10,000 in prize money.


MacBook Air first to be cracked at PWN to OWN hack competition -- March 2008
Quote:
Of three laptops to be hacked, a MacBook Air with Mac OS X 10.5.2 was the first to fall victim to crack attempts of participants in the PWN to OWN contest at CanSecWest. The laptops running Windows Vista SP1 and Ubuntu 7.10 remain uncompromised. According to information provided by organisers of the TippingPoint competition, Charlie Miller, Jake Honoroff and Mark Daniel of security service provider Independent Security Evaluator were able to take control of the machine through a hole in the Safari web browser. The vulnerability has supposedly not yet been made public and is still under wraps until Apple is able to provide a patch. In addition to $10,000 prize money, the winners also get to keep the MacBook as a bonus.


Hack-a-Mac - security vulnerability found in Apple's Safari -- April 2007
Quote:
As part of the Hack-a-Mac "PWN to own" competition at the CanSecWest security conference, two competitors succeeded in hacking a fully patched MacBook Pro running Mac OS X 10.4.9. They did not, however, penetrate the computer directly, rather they exploited a vulnerability in Apple's Safari web browser. On visiting a website prepared by the hackers, malicious code was injected onto the MacBook and executed with user privileges.

crazy


Originally Posted By: Virtual1
When someone comes up with a network exploit, I'll pay more attention.

Well the local ones are no party either, especially if they give admin->root escalation. Because that's the first place a hacker will head, once they poke through one of these little backdoors in Safari.

But don't worry, i'll keep you posted from now on. cool


Edited by Hal Itosis (03/19/10 09:32 PM)

Top
#8973 - 03/21/10 12:06 AM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)
Wow... interesting article (all on one page too):
http://www.sans.org/top-cyber-security-risks/

Top
#9037 - 03/24/10 09:23 PM Re: THE CYBER-SECURITY THREAD [Re: Virtual1]
Hal Itosis Offline


Registered: 09/03/09
Loc: 10.6.8 (build 10K549)


Edited by Hal Itosis (03/25/10 09:12 PM)

Top
#9051 - 03/25/10 05:20 PM Re: THE CYBER-SECURITY THREAD [Re: Hal Itosis]
kiwichris Offline


Registered: 08/05/09
Loc: New Zealand
interesting article on inside a global cyber crime ring. Wondering should i copy and paste the whole article?

http://tvnz.co.nz/technology-news/inside-global-cybercrime-ring-3431576

Top
#9052 - 03/25/10 06:03 PM Re: THE CYBER-SECURITY THREAD [Re: kiwichris]
alternaut Offline

Moderator

Registered: 08/04/09
Originally Posted By: kiwichris
Wondering should i copy and paste the whole article?

Hi Chris, and thanks for that link. You did the right thing by posting it rather than copying the page's contents into your post. The latter might infringe on copyright, and for that reason is not recommended. cool
_________________________
alternaut moderator

Top
#9053 - 03/25/10 06:24 PM Re: THE CYBER-SECURITY THREAD [Re: alternaut]
kiwichris Offline


Registered: 08/05/09
Loc: New Zealand
Thanks Alternaught, I am not sure how long TVNZ leaves web pages and items like that up, hence the query on copy and paste. laugh

Top
Page 1 of 12 1 2 3 ... 11 12 >

Moderator:  alternaut, cyn