Ever click on a link in Acrobat Reader? Notice that it starts up IE and not whatever browser you have installed?
That's what happened.. of course the clicking on the link part was likely done with another flaw in Acrobat.
Leveraging flaws like this to get arbitrary code execution is about the only indication that these attackers were sophisticated.. otherwise it would just have been a dumb old "don't open the attachment idiot" attack. Although it was that, so meh, they're not that sophisticated.
Uhhh, no. You said "actually, I just went to the apple website and found this..." and I said "oh yeah, I remember that happened last year."
You honestly don't remember Apple only last year admitting that getting some anti-virus might be a good idea? You don't remember how much shit they got for it? I can't really say I'm surprised, being that no-one buys anti-virus for Macs, even now.
hehe, yes, and I remember when that went up last year and this site, among others, called Apple out for the decades of bullshit they had been peddling.
No.. How about we *don't* expand the terminology to make your argument.
I started this thread and I specifically was talking about Apple's insane response to researchers saying *viruses* are easy to write for the platform. Apple is the one making stupid semantic arguments about terms that have been well defined for decades.
I'll happily give you that Apple has done a lot to make writing *worms* harder. I'll happily give you that OS X has less malware of all sorts. What I won't give you is that OS X is harder to write *viruses* for than other platforms.. it's not, it's easier, a lot easier. The MachO file format is designed so it is trivial to "hook", "override", or whatever terminology you want to use. The App bundle format is designed so it is easy to update, and its code signing was broken on the first release and has never been fixed. The OS X media extensions system is still not locked down properly. The user-level UI extension system has been a security issue since the first release. Apple answers all these threats with non-sense arguments about terminology and fails to even acknowledge them, let alone fix them.
So please, fanbois, shut the fuck up. You don't know what you're talking about.
You just expressed a view that is completely lost of marketing fools who see features features features as the only way to sell units. This is why every ebook reader also has an mp3 player in it.
I said writing viruses for OS X is trivial. You made a witty remark that this must be why there are so many viruses for OS X. I pointed out another platform for which it is trivial to write viruses (in fact there are many).
My point is: the number of viruses on a platform is not correlated with the easy at which one can make a virus for that platform. It's a barrier, not a motivation.
Apple, on the other hand, are happy to yell from the rooftops their their platforms are virus free (they're not, but close enough) because of some fantastic engineering on their part. This is non-sense and anyone who has ever sat down with the intention of writing a virus for one of their platforms can see that. No amount of emperical virus counting will change the fact that Apple are deluded in their belief.
So why are there so few viruses for their platform? The same reason DOS was such a popular platform to write viruses for and Windows wasn't, even when Windows users outnumbered DOS users 10 to 1. Culture.
Sigh. Windows Mobile is incredibly easy to write viruses for too.. but there's virtually none. In fact, viruses in generally are lower now than they ever were.. being that users will happily install trojans and browsers can be tricked into installing them.
Yes, but it's not just that.. it's also that Apple redefines the terms as they go along.
"It's impossible to write a virus for our platform!" "Ok, here's one I wrote." "That's not a virus." "Oh really? How do you figure?" "It requires user help to move from machine to machine." "Uhhhh... yes, that's what a virus is." "No, it has to move from machine to machine without user intervention to be a virus." "No.. that's a worm.. as has been clearly defined since the Morris worm." "We call it a virus." "You're idiots. This is a virus and it is trivial to write them for your platform. In fact, it's easier to write viruses for OS X than any other platform, as there's literally dozens of ways to load code into every running process simultaneously." "We disagree."
and so on.
Apple, they believe their own hype and they're willing to deny reality to maintain that belief.
The right to revoke a license is part of TRIPS, yeah. Scary eh?
If you put a duration in the license and then revoke it within that duration (the usual proprietary case) then you're most likely going to get sued and have to pay damages, but as the copyright holder you still have the right to do it.
Silence and "I don't recall" are not the same.. not even slightly.. not only that, the guy had refused to answer other questions already.
If the police come to you and want to ask some questions, ask for your lawyer.. if they suggest you hand over some encryption keys, immediately ask "to what?" and when they point out your encrypted drive/files immediately say "oh, I have no idea, that was a long time ago". If they seek a warrant to force you to produce the keys you simply have to stick to your story. They can't prove otherwise, so you'll be fine.
At the local Fareham police station he was served with the section 49 notice. Signed by CTC's Superintendent Bell, it said: "I hereby require you to disclose a key or any supporting evidence to make the information intelligible."
JFL maintained his silence throughout the one hour time limit imposed by the notice. He was charged with ten offences under section 53 of RIPA Part III, reflecting the multiple passphrases needed to decrypt his various implementations of PGP Whole Disk Encryption and PGP containers.
Reading comprehension, you failed it.
Just say the words "I don't recall" and there is nothing they can do. Refusing to give them the keys is exactly what the law requires to incarcerate you, so don't do that!
1. You're an AC so everything you say is automatically assumed to be bullshit. 2. What part of "the new guy said how it was going to be" don't you get? He established the rules before they hired him, if you tried to go back on those rules you wouldn't need to fire him, he'd quit.
Slashdot Mirror
Umm. yeah, the problem is that you can't (easily) uninstall IE.. and Acrobat Reader can be convinced to embed it.
Ever click on a link in Acrobat Reader? Notice that it starts up IE and not whatever browser you have installed?
That's what happened.. of course the clicking on the link part was likely done with another flaw in Acrobat.
Leveraging flaws like this to get arbitrary code execution is about the only indication that these attackers were sophisticated.. otherwise it would just have been a dumb old "don't open the attachment idiot" attack. Although it was that, so meh, they're not that sophisticated.
Uhhh, no. You said "actually, I just went to the apple website and found this..." and I said "oh yeah, I remember that happened last year."
You honestly don't remember Apple only last year admitting that getting some anti-virus might be a good idea? You don't remember how much shit they got for it? I can't really say I'm surprised, being that no-one buys anti-virus for Macs, even now.
Please now, kindly fuck off fanboi.
hehe, yes, and I remember when that went up last year and this site, among others, called Apple out for the decades of bullshit they had been peddling.
No.. How about we *don't* expand the terminology to make your argument.
I started this thread and I specifically was talking about Apple's insane response to researchers saying *viruses* are easy to write for the platform. Apple is the one making stupid semantic arguments about terms that have been well defined for decades.
I'll happily give you that Apple has done a lot to make writing *worms* harder. I'll happily give you that OS X has less malware of all sorts. What I won't give you is that OS X is harder to write *viruses* for than other platforms.. it's not, it's easier, a lot easier. The MachO file format is designed so it is trivial to "hook", "override", or whatever terminology you want to use. The App bundle format is designed so it is easy to update, and its code signing was broken on the first release and has never been fixed. The OS X media extensions system is still not locked down properly. The user-level UI extension system has been a security issue since the first release. Apple answers all these threats with non-sense arguments about terminology and fails to even acknowledge them, let alone fix them.
So please, fanbois, shut the fuck up. You don't know what you're talking about.
Oh really - the base system comes with no open external ports. Write a virus that attacks infects it with no user interaction.
Thank you for proving my point for me.
You argue that it's due to popularity.
Umm, no, where did I argue that?
I believe I argued exactly the opposite of that in the DOS/Windows comparison.
You just expressed a view that is completely lost of marketing fools who see features features features as the only way to sell units. This is why every ebook reader also has an mp3 player in it.
Please tell me you can disable that feature.
You misunderstand my point. (deliberately?)
I said writing viruses for OS X is trivial.
You made a witty remark that this must be why there are so many viruses for OS X.
I pointed out another platform for which it is trivial to write viruses (in fact there are many).
My point is: the number of viruses on a platform is not correlated with the easy at which one can make a virus for that platform. It's a barrier, not a motivation.
Apple, on the other hand, are happy to yell from the rooftops their their platforms are virus free (they're not, but close enough) because of some fantastic engineering on their part. This is non-sense and anyone who has ever sat down with the intention of writing a virus for one of their platforms can see that. No amount of emperical virus counting will change the fact that Apple are deluded in their belief.
So why are there so few viruses for their platform? The same reason DOS was such a popular platform to write viruses for and Windows wasn't, even when Windows users outnumbered DOS users 10 to 1. Culture.
Sigh. Windows Mobile is incredibly easy to write viruses for too.. but there's virtually none. In fact, viruses in generally are lower now than they ever were.. being that users will happily install trojans and browsers can be tricked into installing them.
Yes, but it's not just that.. it's also that Apple redefines the terms as they go along.
"It's impossible to write a virus for our platform!"
"Ok, here's one I wrote."
"That's not a virus."
"Oh really? How do you figure?"
"It requires user help to move from machine to machine."
"Uhhhh... yes, that's what a virus is."
"No, it has to move from machine to machine without user intervention to be a virus."
"No.. that's a worm.. as has been clearly defined since the Morris worm."
"We call it a virus."
"You're idiots. This is a virus and it is trivial to write them for your platform. In fact, it's easier to write viruses for OS X than any other platform, as there's literally dozens of ways to load code into every running process simultaneously."
"We disagree."
and so on.
Apple, they believe their own hype and they're willing to deny reality to maintain that belief.
No, the iPhone vetting process is unashamedly "that competes with us, denied!"
A friend of mine works for Google, and he will be receiving the blame for this (as he does for all Google's screw ups). :)
Wow, if only someone had foreseen all this http://bit.ly/uMzJr
The right to revoke a license is part of TRIPS, yeah. Scary eh?
If you put a duration in the license and then revoke it within that duration (the usual proprietary case) then you're most likely going to get sued and have to pay damages, but as the copyright holder you still have the right to do it.
Mike, why are you being a dick?
Silence and "I don't recall" are not the same.. not even slightly.. not only that, the guy had refused to answer other questions already.
If the police come to you and want to ask some questions, ask for your lawyer.. if they suggest you hand over some encryption keys, immediately ask "to what?" and when they point out your encrypted drive/files immediately say "oh, I have no idea, that was a long time ago". If they seek a warrant to force you to produce the keys you simply have to stick to your story. They can't prove otherwise, so you'll be fine.
The wording of the GPL is such that they can't take it back or whatever
Ya know, there's never been a case where a copyright owner has been required to honor a "perpetual" license grant.
It hasn't been tested with a proprietary license, let alone the GPL.
At the local Fareham police station he was served with the section 49 notice. Signed by CTC's Superintendent Bell, it said: "I hereby require you to disclose a key or any supporting evidence to make the information intelligible."
JFL maintained his silence throughout the one hour time limit imposed by the notice. He was charged with ten offences under section 53 of RIPA Part III, reflecting the multiple passphrases needed to decrypt his various implementations of PGP Whole Disk Encryption and PGP containers.
Reading comprehension, you failed it.
Just say the words "I don't recall" and there is nothing they can do. Refusing to give them the keys is exactly what the law requires to incarcerate you, so don't do that!
They really can't ya know.. just remember these three words: "I don't recall". End of story.
I'm sure they'll end up going with a mesh greenhouse design.
1. You're an AC so everything you say is automatically assumed to be bullshit.
2. What part of "the new guy said how it was going to be" don't you get? He established the rules before they hired him, if you tried to go back on those rules you wouldn't need to fire him, he'd quit.
Wow, if only Hans had thought of that!
Don't forget TimeCube.
Or stop worrying.