Slashdot Mirror
Apple Hit By Hackers Who Targeted Facebook
snydeq writes "Apple was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date, Reuters reports. 'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. ... A person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers.'"
Thank you folks, I'll be here all week.
What political party do you join when you don't like Bible-thumpers *or* hippies?
Among my computers is a windows machine. I have no fear of being compromised because it has no exposed ports, a safe browser, and all 3rd party plugins disabled until I activate them.
I also have an android phone, and I'm near certain it'll get malware from an advertisement someday, because I have no means of blocking anything. It has nothing to do with the underlying safety of the system, but always the weakest link the chain.
compromising your privacy and security since 2004...
I suspect this is an elaborate hoax perpetrated by Microsoft or possibly Google.
They hired Robert T. MORRIS.
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Introducing the new Viri virus scanner, for only $30 it will prevent all infections and coo to you while it does it!
Scan different
Being that this was a Java exploit which required a visit to a website at the least, I would say that those that got infected have more time on their hands than they know what to do with.
Security starts and ends with the user. If someone gets a virus, it is most likely that they do not care, are not paying attention, or are clicking on stupid links that go to stupid things that are not related to their work duties.
Corporations have yet to learn that training is required (less than 30 minutes to show someone the tricks to look out for), and an actual damage assessment and punishment system in relationship to breaches.
Sure IT may get an increase in calls at the start, but it is worth it in the long run.
Yes, Unix is secure by design and Mac OS X has a built-in virus scanner. There is no need to run additional software as none of it would've stopped this exploit short of disabling Java (which was also lauded as secure by design/sandboxing)
Custom electronics and digital signage for your business: www.evcircuits.com
And I've only owned and used PCs for the past 15-20 years. Yes, Macs it does just *work* but never did I ever consider it 100% or foolproof. I like their design and simplicity. But I'm also learning Bash shell in Red hat which throws me back to the DOS days and I like it even better. I can't stand people who put Macs on a pedestal and glamorize its terminal and *nix roots. True, it's there and functional but the people who preach that to me have never used it.
At the end of the day, computers are just tools, and the perceived danger is proportional to what kind of data is in the computer and the particular role the computer is playing in the workplace/ home. If I'm just storing movies or working as an occasional render machine, then it's disposable as far as I'm concerned. But if it's mission-critical, then I treat it like Fort Knox with several layers of security and backup plans.
Anyways, computers are just tools and I believe the attack vector will always be the operator. Seems like Spear Phishing is the best balanced attack for the amount of effort these days.
as opposed to all the ones running windows? Ever seen the computer banks at a military base? I would expect MOST of them have been compromised by adware/malware or the like.
'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers"
I thought Apple disabled Java in the browser months ago?
This is such a delicious day for the tech "press" because despite their constant barrage of warnings to the contrary, Apple viruses have been pretty much non-existent. Sure, OS X has had some vulnerabilities, but they were generally in various Unix packages and daemons, and those same problems generally affected Linux and BSDs and Solaris and so forth.
Anyway, my question: who the hell uses Java as a browser plugin anyway? On my rigs, it is disabled and has been for years. It's still installed (unlike Flash) because some desktop software needs it, but in the browser? Fuck that.
According to TFA the eploit was in Oracle's version of Java, a third party product that was installed on the machine. Hardly something that the OS could be blamed for.
Only if they used windows then the users would have noticed something was wrong. Oh wait...
Of course they can, especially when the hacked software was an installed copy or Oracle's version of Java.
Virus scanners on Windows catch Java exploits! Having a virus scanner technology could have prevented this.
>Java
>secure
Choose one
Among my computers is a windows machine. I have no fear of being compromised because it has no exposed ports, a safe browser, and all 3rd party plugins disabled until I activate them.
I also have an android phone, and I'm near certain it'll get malware from an advertisement someday, because I have no means of blocking anything. It has nothing to do with the underlying safety of the system, but always the weakest link the chain.
I don't understand - explain each and every line.
I'm not in security. Please help in my ignorance ....
I think you've got Mac OS X mixed up with OpenBSD.
What is new in this post compared to the last one?
Well, to be fair, it is a *different* virus... :)
Funny, if it's Windows that gets hit, the first thing said around here is that the OS should be secure enough to prevent such attacks.
And, unless the attack affects one user account only... They are right. That goes for Windows, MacOS, Linux, *BSD, and INSERT_ANY_OTHER_FSCKING_OS_HERE
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
You mean something like this?
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
Well, not having the details at hand (although I did RTFA), it seems that the OS allowed a user app to corrupt the system.
So, yes, I can blame it on the OS. Java may have been the initial vector that allowed the malware entry to the system, but the OS allowed the malware to do things it shouldn't have been able to.
And the worms ate into his brain.
So it sounds like the newer, Oracle Java 7 SE was the vulnerable hole? Also hasn't that been the case for the last several months' worth of "Java Exploit" headlines? .... who need dat Java 7 anyway? What is it's be for?
I am's be wonderin'
I never installed it, just running the good ole' Java 6 SE which lets me run all the crap the interwebs brangs forth towards me.
TFA doesn't say which version of Java was responsible, only "a version". Was it Apple's modified Java 6, Oracle's latest and greatest Java 7, something in between, or something earlier?
Yes.
Join the Slashcott! Feb 10 thru Feb 17!
Trojan != Virus for the love of god trolls, please learn this. I am sooo tired of hearing trojans being called viruses. They're both "malware", but that's where it ends.
Anyway, this is why Apple is getting really sick and tired of Flash and Java, they've been the top two security thorns in their side for the last decade. Feeding the Apple bashers and giving Apple a bad rap. Apple doesn't write the flash or java interpreters, they don't have much control over the code monkeys at oracle and adobe.
I work for the Department of Redundancy Department.
Being that this was a Java exploit which required a visit to a website at the least, I would say that those that got infected have more time on their hands than they know what to do with.
That was a bit quick to jump to conclusions:
Rather than using typical targeted approaches like "spear phishing" with e-mails to individuals, the attackers used a "watering hole" attack—compromising the server of a popular mobile developer Web forum and using it to spring the zero-day Java exploit on site visitors.
"The attack was injected into the site's HTML, so any engineer who visited the site and had Java enabled in their browser would have been affected," Sullivan told Ars, "regardless of how patched their machine was."
Source: http://arstechnica.com/security/2013/02/facebook-computers-compromised-by-zero-day-java-exploit/
Well, to play devil's advocate -- does the install of Java end up bypassing some of the security?
I see a lot of stuff which doesn't want to install into user space, but wants Admin rights and wants to integrate tightly with other things. At which point, installing what should be trusted software is really just opening you up to all sorts of problems.
Though, at this point, it's hard not to conclude that all versions of Java browser plugins are insecure and not to be trusted.
Lost at C:>. Found at C.
Exactly! Yet the /. cabal calls *me* a troll!
This post should be modded up an additional forty, with a side note that it applies to mobile OSes as well.
Let's be honest here. Apple doesn't dislike Flash and Java because of security. They dislike them because people can use them to play games and use apps without Apple getting their 30% cut.
What political party do you join when you don't like Bible-thumpers *or* hippies?
Qft
"compromising the server of a popular mobile developer Web forum"
So far, all of the press reports and statements from those compromised have left off the most important bit of information: WHAT "popular mobile developer Web forum" was used?
One would imagine this would be important information to disseminate to developers...
On OS X, I can purchase/download a game from a third party maker, and be off and running. In fact, there are a few utilities (InsomniaX) that are not up for sale in Apple's store due to doing low level kernel functions.
Now, iOS is a different story. Without a JB, one is forced to go through iTunes (beta apps, or enterprise apps) or they go through the App Store. However, this doesn't apply to OS X.
Just say NO to Java.
If you can compromise computers across so many companies, including defense contractors which obviously would have access to classified/sensitive information, why would you waste it by attacking Facebook?
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
They don't like it because you have to run an update twice a week to keep up with the latest exploits found in flash and java. IF oracle/adobe were generous enough to roll up an update this week for the new exploits.
And the boneheads at oracle kept insisting on rolling up whole new installers most of the time, that would only work if you had the previous version installed. (installer or updater make up your mind!) So you'd install vers 10, then 11, then 12, then 12.1, then 13, then 14, most of which were 55-56mb each. Idiots. Java needs to die in a fire. And I'll bring the marshmallows.
It's not entirely oracle and adobe's fault though really... they're just keeping it up because devs keep using it. I'll admit it, writing games in flash (or java) is pretty quick and easy. But quick-n-easy comes at a price, a price to the users
I work for the Department of Redundancy Department.
But...they were using Apples. Everyone knows that the Apple OSs can't be hacked. So it is perfectly OK to click on any link that strikes ones fancy. Isn't it?
You do realise that this was a bug in Oracle Java don't you? That's a cross platform vulnerability, the Mal/JavaJar-B trojan for example also affected Windows, Linux and Unix systems.
And, unless the attack affects one user account only...
If the goal is to penetrate a company's systems, one user account is all you need. From there you can get the credentials to get to the juicy stuff.
Multiuser OSes essentially only protect the system files. Guess what? Hackers don't care about your system files. They want your user data.
And it was so light and thin.
Being cross platform still means it affected Macs. So the GPs tirade against the idea that Macs are immune to malware is valid. The GP was not claiming that other systems were immune to it.
I used to do Mac support and have spent plenty of time removing viruses from the old Mac System 6/7/8/9.x machines. I have never seen a Mac OSX virus 'in the wild'.
Like any other form of security theatre, if you go long enough without being attacked, you get alert fatigue and begin to consider the threat negligible or non-existent and begin to consider yourself immune. I don't even have an anti-virus software on my home computers and would probably need to hear about a mass outbreak before I would consider installing any given my experiences of the performance hit windows machines seem to take when running anti-viral software.
I used to swear by McAffe or Norton's, now I consider them potentially worse than half the malware out there for how they turn a perfectly good machine to molasses.
Sara
Designer, Gamer, Macgrrl in an XP World
any engineer who visited the site and had Java enabled in their browser would have been affected
It seems like not many Mac developers would have been affected - because (1) you have to specifically install Java, and (2) as the response from Apple states Java (in the browser) is disabled if you do not use it for 35 days...
But it would be great to know the sites involved so we would know if we were at risk.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I can't find any reference to what the attack actually does. Does it crash the machine? Erase the hard drive? Cause ugly pop-ups? Spam email?
The only thing worse than a Democrat is a Republican.
Correct me if I'm wrong but isn't Java included with the OS?
No, you have to download and install it.
And even if you do that, if Java is not used for 35 days the system disables it.
Now THAT's how to handle Java so most people will not get burned...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Perhaps in this case it was a targeted site that was compromised, but the point still stands.
By making it harder to "phish" people, they must use other means which potentially expose them much easier than an email spam campaign.
It also points out the problem with complex coding platforms like Java.
As I never liked Java because of many other factors, this is just icing on the cake to my issues with it. Java is terrible.
On OS X, I can purchase/download a game from a third party maker, and be off and running.
For now.
Give it a few more releases (assuming Apple still thinks they're on top of the world then). They'll make it harder and harder to do just that, until finally you're jailbreaking your laptop to install programs. And you'll just treat that as standard operating procedure.
Funny, if it's Windows that gets hit, the first thing said around here is that the OS should be secure enough to prevent such attacks.
Well, that's what they are doing with iOS. However some people have objections about that as well.
Introducing the latest SomeAntic Antivirus.
We Hose Your Computer, So Viruses Don't Have To!!
Sounds like their aim needs some practice.
/* No Comment */
any hints on how to remove the malware?
by the way: it was: iphonedevsdk.com
(http://arstechnica.com/security/2013/02/web-forum-for-iphone-developers-hosted-malware-that-hacked-facebook/)
Microsloth is trying this crap with their suggestion that they should decide what apps I can run on MY machine.
It'll either never happen or will induce the largest Linux/FOSS migration in 20 years....LOL
Being cross platform still means it affected Macs. So the GPs tirade against the idea that Macs are immune to malware is valid. The GP was not claiming that other systems were immune to it.
No Apple user I know and who has even basic knowledge of what malware is claims Macs are immune to malware. Even totally clueless 'drone' type users don't assume that. I know because a friend of mine has a small Apple shop and people regularly show up at his dealership and ask about infection risks on OS X and half the time they walk out with a free info booklet on malware and having bought a basic anti malware suite (he installs and configures it for free). This guy is just another nerdy zealot venting his irrational hatred of all things Apple. That "OS X is immune to malware and h4x0rs" mantra is so old it has whiskers on it and regurgitating it makes him just as lame as those sad plonkers who still spell Microsoft with a $ sign.
You do realise that this was a bug in Oracle Java don't you? That's a cross platform vulnerability, the Mal/JavaJar-B trojan for example also affected Windows, Linux and Unix systems.
A few years ago, when Apple shipped iPods with Windows Virus they said "As you might imagine, we are upset at Windows for not being more hardy against such viruses...". So now they now should be upset with themselves.
Funny, if it's Windows that gets hit, the first thing said around here is that the OS should be secure enough to prevent such attacks.
That's because the attacks are usually around IE or open ports. So of course people would blame the OS for the security failure.
If the attacks are "usually" around IE or open ports, when was the last such attack?
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
You do realise that this was a bug in Oracle Java don't you? That's a cross platform vulnerability, the Mal/JavaJar-B trojan for example also affected Windows, Linux and Unix systems.
A few years ago, when Apple shipped iPods with Windows Virus they said "As you might imagine, we are upset at Windows for not being more hardy against such viruses...". So now they now should be upset with themselves.
Actually, before you ripped it out of context, the full quote was: "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it." So even at the time they admitted they were upset with themselves even though they could't help but take a shot at Microsoft for reasons that have to do with events that took place while you were probably still in diapers. Come to think of it I could fill a book with snide comments by Linux Fanbois about Windows security made on this forum, comments that ignore the fact that there is way more malware targeted at Windows than there malware targeted at Linux. If you take that into account Microsoft is doing a pretty good job on security, snide comments by Apple Marketing drones and Slashdot Linux fanbois not withstanding.
The main problem many people fail to realize is this: there is no such thing as 100% security....ever! I don't care if you build a bunker 1000 miles into earth's core and cover the bunker in cement and re-bar, there is still a threat to security if someone is willing to spend the time and resources (money?) to infiltrate said device and drill down to the computer (even if it takes 100 years to do so). So when people say it's Java's fault, or it's Oracle's fault, or whoever, there is always something or someone that can infiltrate/hack something else. Whether or not the action of an attacker appears plausible, threats always exist and will continue to exist no matter what. The better term would be, "Some devices can be built more secure than others. OR Some settings/configurations can be more secure than others, never 100% secure." All of this depending on infinite amounts of factors, so no, there is no such device or code that can ever be written that is 100% secure and "un-crackable" by someone else (given enough time and resources).
But...they were using Apples. Everyone knows that the Apple OSs can't be hacked. So it is perfectly OK to click on any link that strikes ones fancy. Isn't it?
You do realise that this was a bug in Oracle Java don't you? That's a cross platform vulnerability, the Mal/JavaJar-B trojan for example also affected Windows, Linux and Unix systems.
The Java vulnerability is only a doorway, what you send through it is totally different.
Hi theVarangian, I own a Mac, I use Avast for Mac, and I'm very careful what websites I visit. I realize no OS is virus immune. Does that qualify for a first? A decade of windows usage taught me. Now please stop spewing crap about what mac users know and don't know. Thanks.
No Apple user I know and who has even basic knowledge of what malware is claims Macs are immune to malware. Even totally clueless 'drone' type users don't assume that. I know because a friend of mine has a small Apple shop and people regularly show up at his dealership and ask about infection risks on OS X and half the time they walk out with a free info booklet on malware and having bought a basic anti malware suite (he installs and configures it for free). This guy is just another nerdy zealot venting his irrational hatred of all things Apple. That "OS X is immune to malware and h4x0rs" mantra is so old it has whiskers on it and regurgitating it makes him just as lame as those sad plonkers who still spell Microsoft with a $ sign.
Come to my company. We have many users with Apples at home that swear to me that their Apples cannot get viruses, malware, hacked, etc... They all want to use them on the company network.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Speaking from my perspective only, it's been quite a while since I felt that way about Windows, and it seems to me that the majority of comments about Microsoft being singled out unfairly have been from people claiming that Linux- or Mac-fanbois would be freaking out if the same exact thing had happened on a Windows box.
There was a time that a HUGE number of exploits existed against Windows itself (or IE, which is part of Windows), and an equal number of exploits existed against other major MS products such as Word, Excel, and Outlook. This was when everyone was wound up and ready to blame Microsoft for anything. In some cases, they were wrongly blamed for exploits against third-party products such as Firefox, and there were certainly times when the same people who decried MS for those third party exploits defended Apple or Linux in nearly identical circumstances, but really, overall, the Windows ecosystem *was* less secure back then. Now, things have mostly evened out, and it seems to me that 99% of the exploits these days go through Java, Flash or Acrobat.
One interesting thing that Apple has done is the whole shift towards the app store even for desktops, with the sandboxing requirement. Love it or hate it, if they've done it right, it will indeed make the system more secure. It'll be interesting to see if Microsoft starts moving that direction as well.
The CB App. What's your 20?
This wouldn't have happened if Steve was alive!
Call me ignorant, but the recent wave of Java bugs, are they Oracle implementation bugs, or problems with the Java specification? Are OpenJDK/IcedTea affected?
You know what the joke is? I really do hope that Apple disables installation of software from anywhere but the App Store. Software distributed through the App Store cannot ask for root privileges. Nowadays, every utility and its dog asks for root, when they absolutely do not need it. Very, very few pieces of software require root access to function properly. Wy are they all asking for it? Fuck them. If the App Store became a requirement, then they would be forced to stop.
Perhaps in this case it was a targeted site that was compromised, but the point still stands. By making it harder to "phish" people, they must use other means which potentially expose them much easier than an email spam campaign.
No, your point does not stand. You were blaming the stupid users with too much time browsing porn sites or whatnot as well as the corporation that did not train them properly.
There isn't much you can do against a browser plugin silently executing malicious code planted into a normally harmless popular website. No matter how knowledgeable were the respective FB developers, if the cited information is correct and complete, there was no way he they could have avoided the problem except by having java blocked/disabled.
But...they were using Apples. Everyone knows that the Apple OSs can't be hacked. So it is perfectly OK to click on any link that strikes ones fancy. Isn't it?
You do realise that this was a bug in Oracle Java don't you? That's a cross platform vulnerability, the Mal/JavaJar-B trojan for example also affected Windows, Linux and Unix systems.
1. If it counts as a vulnerability on Windows, then it counts as one on Mac and any other OS, too.
2. Apple runs marketing and fanboys spread the idea that there is some quality to Macs which make them immune to attack, regardless of the vector.
Wait, the people who are smart enough *NOT* to have their overly expensive laptops serviced in APL stores (they probably bought it for the name or how pretty it looks) because they'd charge retarded prices are also smart enough to ask about malware.
You also realize that on APL's main website *AND* promotional materials -- for the longest time -- said it was "virus free".
I wonder where people's misconceptions come from...
Work without fear.
Decrease your downtime and forget about needing an IT person stationed in the kitchen. PCs were plagued with 114,000 viruses by the end of 2005 and that number skyrocketed to 257,000 in 2007. On a Mac, you don’t have to waste your valuable time keeping up with all those viruses and trying to protect your system from them. Instead, you’re free to amaze yourself with everything you can accomplish.
How interesting.
Uhm, you're taking that out of context too. They're upset at themselves for having unauthorized software on their music players.
Here, let me replace "it" with what "it" represents:
"... we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching having a Windows-only virus preinstalled on our devices."
They're not upset at themselves for "not being hardy against viruses".
Actually, before you ripped it out of context, the full quote was: "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it."
It wasn't out of context. The statement is damning Windows for having the vulnerability, and apologizing for not protecting the "lesser" OS. The parent's point still stands- why are not upset with themselves now for having an OS which is, to use your exact quote "not more hardy against such viruses"?
The answer is simple- Apple has spent a shitload of marketing money promoting the idea that Macs are somehow more secure and less vulnerable to attacks, of any kind. Don't get all lawyer on me about their language and the fine print, that's the image they wanted the average user to see and it's worked well for them over the years. So they don't want to admit that as predicted by many, as their market share increased they became a more viable target, and today there is nothing fundamentally "better" about their OS than the one they constantly bash as being "vulnerable".
Of course they can, especially when the hacked software was an installed copy or Oracle's version of Java.
Well if you're going to start discounting hacks and malware due to 3rd party software, extensions, etc. then modern versions of windows are just as air-tight and rock solid as an Apple OS is.
"if they've done it right, it will indeed make the system more secure"
Java and Flash are both sand boxed against the user account (both inside the Flash plugin *AND* the browser -- so there's two sandboxes!) All consoles will only run signed code by default, but all major consoles have been hacked into (mostly to run copied software, be it for backup or pirating purposes).
If you're supposing that one company can magically "do it right", then I laugh at you.
Why malware users haven't abused them? Probably because that even with the "popularity" of their tablet and phone sales, even if you count them into desktops. I think I read that they sold 100m tablets, and about the same in phones... Then you see articles like this: http://www.zdnet.com/blog/btl/microsoft-600-million-windows-7-licenses-sold/79276 , not counting XP/Vista installs purchased for the past 10 years.
Well, not having the details at hand (although I did RTFA), it seems that the OS allowed a user app to corrupt the system.
So, yes, I can blame it on the OS. Java may have been the initial vector that allowed the malware entry to the system, but the OS allowed the malware to do things it shouldn't have been able to.
I didn't see in TFA that the OS did things it shouldn't have been able to do.
For now.
Nice crystal ball you got there. You got a 3 Insightful for setting up apple and slagging them off for something they haven't done.
Pure straw man. /. has fallen to the trolls
You could fill a book but back then when those comments were stated, YES MICROSOFT DID HAVE A PROBLEM. We know damn well that Microsoft has stepped up since then. Even though you fucking Windows morons told us that it was impossible for MS to do anything because of their dominating market position. Yeah, that same position they maintain today. You Windows boobs were wrong about it. Microsoft proved it when they finally stepped up. They're still number one in the market and yet they're no longer the number one exploit vector. Market share alone doesn't dictate what hackers go after. You have to have both the market share and bad software.
Those comments you'd use in your book were accurate within their historical context. So, before you go griping about someone taking things out of context, you'd better make sure you're not doing the same.
Really? I don't recall anyone blaming MS for Flash or Reader. Seems to me it's always been Adobe that took the brunt of the cursing for Flash and Reader defects.
No Apple user I know and who has even basic knowledge of what malware is claims Macs are immune to malware.
Actually, Macs claim that they are immune to PC Viruses.
Being that this was a Java exploit which required a visit to a website at the least, I would say that those that got infected have more time on their hands than they know what to do with.
Security starts and ends with the user. If someone gets a virus, it is most likely that they do not care, are not paying attention, or are clicking on stupid links that go to stupid things that are not related to their work duties.
Corporations have yet to learn that training is required (less than 30 minutes to show someone the tricks to look out for), and an actual damage assessment and punishment system in relationship to breaches.
Sure IT may get an increase in calls at the start, but it is worth it in the long run.
Riiiigth.
Write once, run anywhere.
"This is a new campaign. It's not like the other ones you read about where everyone can tell it's China," the first person said." I'm a bit lost with all attacks, java security alerts, java patches, java this, java that. Could we give each java alerts a feminine first name like we do with tornado ?
Why does everywhere seem to be keeping the identity of the site in question top secret?
That's rather unacceptable, as many other developers using said site could also have been impacted.
This helps no one other than the admins of a site who failed to properly secure it and they shouldn't have right to anonymity of their site when others may well be at risk.
Apologies, my hand grazed the touchpad and my laptop took that as an indication I wanted to moderate you as flamebait. Posting to undo.
Change is certain; progress is not obligatory.
If the App Store became a requirement, then they would be forced to stop.
They would also be forced to give Apple a 30% cut of their sales and let Apple and Apple only decide if their software was "appropriate" for your computer.
What political party do you join when you don't like Bible-thumpers *or* hippies?
Hi theVarangian, I own a Mac, I use Avast for Mac, and I'm very careful what websites I visit. I realize no OS is virus immune. Does that qualify for a first? A decade of windows usage taught me. Now please stop spewing crap about what mac users know and don't know. Thanks.
WOOOSH!!!
Oh shit.
Let's be honest here. Apple doesn't dislike Flash and Java because of security. They dislike them because people can use them to play games and use apps without Apple getting their 30% cut.
Yes, because Apple had an app store in 2007 when the first iPhone came out without Flash support. Even after the store came around, all those free apps though... 30% of nothing is—let me do the math here. Nothing into nothin'. Carry the nothin'...
Let's be honest here. Apple doesn't like Flash and Java IN PART because people could then use them to play games and use apps without Apple getting a 30% cut, IN PART because of security issues, and IN PART because the user experience on mobile for existing content was bad. Bad enough that even Adobe finally killed mobile Flash development, despite Flash-capable Android rising to prominence.
(Yes, new content could be developed targeting mobile Flash, but let's be honest again--the main reason people wanted Flash on their mobile devices was to access *existing* content, despite their mouse-oriented UI)
Sure, but a decent OS should at least have file access rights in place that forbid the exection of programs that are not properly installed into the system.
So, a file downloaded from the internet and stored on the user's network share or temporary directory on the local disk should never be executed as a program.
As the attackers usually want to run some custom software on the local system, setting this up correctly prevents a lot of trouble.
Oh shit.
No Apple user I know ... claims Macs are immune to malware
It happens....
To be clear, she makes her connections on the internet. She makes her money on her knees. At least that's what I heard from kutahuja's mom.
Reply to undo Mod.
Of course news about a fake are Fake News.
Virus scanners on Windows catch Java exploits! Having a virus scanner technology could have prevented this.
Sure. Virus scanners can catch 0-day vulnerabilities. Whatever you say.
Of course news about a fake are Fake News.