Slashdot Mirror
Apple Hit By Hackers Who Targeted Facebook
snydeq writes "Apple was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date, Reuters reports. 'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. ... A person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers.'"
Thank you folks, I'll be here all week.
What political party do you join when you don't like Bible-thumpers *or* hippies?
I think you've got Mac OS X mixed up with OpenBSD.
Funny, if it's Windows that gets hit, the first thing said around here is that the OS should be secure enough to prevent such attacks.
And, unless the attack affects one user account only... They are right. That goes for Windows, MacOS, Linux, *BSD, and INSERT_ANY_OTHER_FSCKING_OS_HERE
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Well, not having the details at hand (although I did RTFA), it seems that the OS allowed a user app to corrupt the system.
So, yes, I can blame it on the OS. Java may have been the initial vector that allowed the malware entry to the system, but the OS allowed the malware to do things it shouldn't have been able to.
And the worms ate into his brain.
Trojan != Virus for the love of god trolls, please learn this. I am sooo tired of hearing trojans being called viruses. They're both "malware", but that's where it ends.
Anyway, this is why Apple is getting really sick and tired of Flash and Java, they've been the top two security thorns in their side for the last decade. Feeding the Apple bashers and giving Apple a bad rap. Apple doesn't write the flash or java interpreters, they don't have much control over the code monkeys at oracle and adobe.
I work for the Department of Redundancy Department.
Being that this was a Java exploit which required a visit to a website at the least, I would say that those that got infected have more time on their hands than they know what to do with.
That was a bit quick to jump to conclusions:
Rather than using typical targeted approaches like "spear phishing" with e-mails to individuals, the attackers used a "watering hole" attack—compromising the server of a popular mobile developer Web forum and using it to spring the zero-day Java exploit on site visitors.
"The attack was injected into the site's HTML, so any engineer who visited the site and had Java enabled in their browser would have been affected," Sullivan told Ars, "regardless of how patched their machine was."
Source: http://arstechnica.com/security/2013/02/facebook-computers-compromised-by-zero-day-java-exploit/
They don't like it because you have to run an update twice a week to keep up with the latest exploits found in flash and java. IF oracle/adobe were generous enough to roll up an update this week for the new exploits.
And the boneheads at oracle kept insisting on rolling up whole new installers most of the time, that would only work if you had the previous version installed. (installer or updater make up your mind!) So you'd install vers 10, then 11, then 12, then 12.1, then 13, then 14, most of which were 55-56mb each. Idiots. Java needs to die in a fire. And I'll bring the marshmallows.
It's not entirely oracle and adobe's fault though really... they're just keeping it up because devs keep using it. I'll admit it, writing games in flash (or java) is pretty quick and easy. But quick-n-easy comes at a price, a price to the users
I work for the Department of Redundancy Department.
But...they were using Apples. Everyone knows that the Apple OSs can't be hacked. So it is perfectly OK to click on any link that strikes ones fancy. Isn't it?
You do realise that this was a bug in Oracle Java don't you? That's a cross platform vulnerability, the Mal/JavaJar-B trojan for example also affected Windows, Linux and Unix systems.
According to The New York Times: "But according to a person with knowledge of Facebook’s investigation, the compromised site, iPhonedevsdk, an online forum for software developers, is still infected. (In other words, unless you want to be owned by hackers, do not visit the site.)" http://bits.blogs.nytimes.com/2013/02/19/apple-computers-hit-by-sophisticated-cyberattack/
I used to do Mac support and have spent plenty of time removing viruses from the old Mac System 6/7/8/9.x machines. I have never seen a Mac OSX virus 'in the wild'.
Like any other form of security theatre, if you go long enough without being attacked, you get alert fatigue and begin to consider the threat negligible or non-existent and begin to consider yourself immune. I don't even have an anti-virus software on my home computers and would probably need to hear about a mass outbreak before I would consider installing any given my experiences of the performance hit windows machines seem to take when running anti-viral software.
I used to swear by McAffe or Norton's, now I consider them potentially worse than half the malware out there for how they turn a perfectly good machine to molasses.
Sara
Designer, Gamer, Macgrrl in an XP World
Being cross platform still means it affected Macs. So the GPs tirade against the idea that Macs are immune to malware is valid. The GP was not claiming that other systems were immune to it.
No Apple user I know and who has even basic knowledge of what malware is claims Macs are immune to malware. Even totally clueless 'drone' type users don't assume that. I know because a friend of mine has a small Apple shop and people regularly show up at his dealership and ask about infection risks on OS X and half the time they walk out with a free info booklet on malware and having bought a basic anti malware suite (he installs and configures it for free). This guy is just another nerdy zealot venting his irrational hatred of all things Apple. That "OS X is immune to malware and h4x0rs" mantra is so old it has whiskers on it and regurgitating it makes him just as lame as those sad plonkers who still spell Microsoft with a $ sign.
You do realise that this was a bug in Oracle Java don't you? That's a cross platform vulnerability, the Mal/JavaJar-B trojan for example also affected Windows, Linux and Unix systems.
A few years ago, when Apple shipped iPods with Windows Virus they said "As you might imagine, we are upset at Windows for not being more hardy against such viruses...". So now they now should be upset with themselves.
Actually, before you ripped it out of context, the full quote was: "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it." So even at the time they admitted they were upset with themselves even though they could't help but take a shot at Microsoft for reasons that have to do with events that took place while you were probably still in diapers. Come to think of it I could fill a book with snide comments by Linux Fanbois about Windows security made on this forum, comments that ignore the fact that there is way more malware targeted at Windows than there malware targeted at Linux. If you take that into account Microsoft is doing a pretty good job on security, snide comments by Apple Marketing drones and Slashdot Linux fanbois not withstanding.