Linked by Thom Holwerda on Wed 27th Oct 2010 21:02 UTC
Mac OS X It's one of those days again. A supposed security threat appears, and the internet loses its collective brain and starts panicking like Alpha and Omega's kingdom come. This time around, it's a trojan horse thing (it's a trojan, worm, and root kit all in one, though) that targets Mac OS X and Windows. As it turns out, though, the threat this thing poses is not very large (at this point in time).
Order by: Score:
v Alpha and Omega? Or the 12th Imam?
by gus3 on Wed 27th Oct 2010 22:20 UTC
Thom_Holwerda Member since:
2005-06-29

Wtf? Since when is a simple reference to the biblical end of days a swipe at religion?

Reply Score: 6

gus3 Member since:
2010-09-02

When it immediately follows "loses its collective brain and starts panicking". Your own words, Thom.

Reply Score: 0

WereCatf Member since:
2006-02-15

When it immediately follows "loses its collective brain and starts panicking". Your own words, Thom.

It was not a swipe at religion, it was a swipe at the sheep herd mentality of some people. You really need to work on your reading comprehension.

Reply Score: 4

mrstep Member since:
2009-07-18

When it immediately follows "loses its collective brain and starts panicking". Your own words, Thom.

It was not a swipe at religion, it was a swipe at the sheep herd mentality of some people. You really need to work on your reading comprehension.


Exactly. But you know, if there really was some sort of end of times thing going on, I'd imagine people would lose their minds and panic. So I'm not sure what the swipe is even supposed to be even without any reading comprehension.

Reply Score: 2

Tuishimi Member since:
2005-07-06

Hmmm. I am generally very sensitive about things like that and it didn't set off my alarm.

Reply Score: 3

n.l.o Member since:
2009-09-14

Hmmm. I am generally very sensitive about things like that and it didn't set off my alarm.


Me neither.

Should I complain about the "swipe" at my religion by gus3 in his subject heading too? ;)

Reply Score: 1

n.l.o Member since:
2009-09-14

It isn't like a swipe at religion (organized or otherwise) is pertinent to an article about a Java non-vulnerability.


You are far too sensitive/paranoid.

Reply Score: 2

Worm?
by Stratoukos on Wed 27th Oct 2010 22:28 UTC
Stratoukos
Member since:
2009-02-11

Can it be considered a worm just because it's posting on a social networking site by itself? I'm pretty sure it needs to be replicating by itself to be considered one.

Reply Score: 3

Sacrilege!
by fran on Wed 27th Oct 2010 23:18 UTC
fran
Member since:
2010-08-06

What sacrilegious articles about Apple and Linux being vulnerable to worms and viruses and other stuff when we all know it is totally impossible ;-)

Reply Score: 2

Disabling java is sometimes not an option
by dvhh on Thu 28th Oct 2010 00:11 UTC
dvhh
Member since:
2006-03-20

Considering that the academics they still rely on java applet to display data, and some of them rely on opengl (native binding so users get a lot of these popup).
Advising disabling java is quite the same as advising disabling javascript, that is asking them to disable a vital part of the todays website on which most the user are relying.

Reply Score: 3

Lennie Member since:
2007-09-22

Todays websites ? Really ? Like what uses Java-applets ?

I know their are many Networking-vendors that ship java-tooling, but that is for the desktop or atleast for that very specialized group of people.

Reply Score: 4

Dirge Member since:
2005-07-14

I noticed the ASUS support site used Java for the download manager when I grabbed some motherboard drivers just yesterday.

Edited 2010-10-28 08:59 UTC

Reply Score: 1

gnufreex Member since:
2010-05-06

Microsoft zealots don't care about functionality you loose. They only want to libel and FUD Java. (and possibly make you install SilverBlight) That's the purpose of this article.

Reply Score: 3

aesiamun Member since:
2005-06-29

You forgot the ever popular Micro$oft and other silly ways that people think will cause Microsoft to go all emo...

Reply Score: 2

Google Chrome immune?
by patrix on Thu 28th Oct 2010 03:54 UTC
patrix
Member since:
2006-05-21

Not gonna test it, but I know for a fact that Chrome prevents installation of stuff by Java applets or other means on websites.

IronFox (a secured version of Firefox for the Mac) has the same thing, since both Chrome and IronFox use the Mac OS X Sandbox.

More apps should do this!

Reply Score: 1

RE: Google Chrome immune?
by Matzon on Thu 28th Oct 2010 05:37 UTC in reply to "Google Chrome immune?"
Matzon Member since:
2005-07-06

if http://lwjgl.org/applet/ runs, then chrome can't block it.

Reply Score: 2

RE[2]: Google Chrome immune?
by patrix on Thu 28th Oct 2010 05:45 UTC in reply to "RE: Google Chrome immune?"
patrix Member since:
2006-05-21

not sure about that, cuz the company I work for has a VPN thing, starts by running a Java applet that tries to install something in /Applications (a Java app). Took me a while to figure out why it never installed - I was using Chrome and Chrome would block the actual installation on the system, even though the initial applet would run/download.

(FWIW, I refused the applet you linked, have no idea what it is lol)

Reply Score: 1

RE[3]: Google Chrome immune?
by Matzon on Thu 28th Oct 2010 07:54 UTC in reply to "RE[2]: Google Chrome immune?"
Matzon Member since:
2005-07-06

hah, sorry. The applet is a GLGears demo, using java and OpenGL. It needs access because it has native code to access OpenGL.

The fact that you got the "install" dialog, basically proves that Chrome isn't blocking it.

Reply Score: 2

RE[4]: Google Chrome immune?
by patrix on Thu 28th Oct 2010 15:21 UTC in reply to "RE[3]: Google Chrome immune?"
patrix Member since:
2006-05-21

This time I went ahead and clicked "authorise" and "execute"

Here's the result, background window is Safari, foreground is Chrome:

http://grab.by/76v1

Just as I thought, Chrome blocks anything from installing so the applet can't run. Even if the Java plugin asks me to execute it, Chrome will prevent it from putting anything on the system.

<3 OS X Sandbox

Reply Score: 1

RE[5]: Google Chrome immune?
by Matzon on Thu 28th Oct 2010 18:19 UTC in reply to "RE[4]: Google Chrome immune?"
Matzon Member since:
2005-07-06

ohh, interresting... That doesn't happen for me on Windows 7, 64bit, chrome 8

Reply Score: 2

RE[6]: Google Chrome immune?
by patrix on Fri 29th Oct 2010 06:14 UTC in reply to "RE[5]: Google Chrome immune?"
patrix Member since:
2006-05-21

The sandboxing Chrome uses is an OS X-specific feature...

Reply Score: 1

press yes to be dumb
by stabbyjones on Thu 28th Oct 2010 04:52 UTC
stabbyjones
Member since:
2008-04-15

if only people learnt to read instead of always clicking yes.

Reply Score: 2

RE: press yes to be dumb
by Kroc on Thu 28th Oct 2010 06:47 UTC in reply to "press yes to be dumb"
Kroc Member since:
2005-11-10

If only the questions weren’t so unhelpful.

Reply Score: 3

RE: press yes to be dumb
by Laurence on Thu 28th Oct 2010 09:31 UTC in reply to "press yes to be dumb"
Laurence Member since:
2007-03-26

if only people learnt to read instead of always clicking yes.

Agreed. Because it's well documented how normal users make the best security experts.

In fact, more OSs should move away from their current security set up in favour of prompting the users what their opinion of an unknown application is.

Edited 2010-10-28 09:32 UTC

Reply Score: 4

the elephant in the room
by kaelodest on Thu 28th Oct 2010 05:29 UTC
kaelodest
Member since:
2006-02-12

Just Because your member can fit in a light bulb, does not mean you should try to fug one. It seems funny to an old graybeard but if you want quality stolen SW then -good luck- I mean remember Limewire? I really wonder how many machines I fixed because of what that beast downloaded so:
1.> I do not think that turning off Java, or javascript will fix it, because Vuze is a java app. (or at least last time I checked) So while the major parties and browsers can easily patch this I do not think that the torrent vendors are going to be in the security business and that is shame. - and a newsgroup binary? puhleez. If You do not know your source then you do not know. (at least for sure)
2.>Security in this new internet is going to be so much harder than in the old internet. I suspect that before long the wise and the cunning will have to run VMs inside of VM's and have system snapshots every hour to ensure that they stay safe (while surfing naughty) - (note: sarcasm + tongue in cheek)
Or
3.> Only get your Media and SW from reputable sources. Not to play an holier than thou harp, but there is an inherent risk assessment that you will make on a task like .torrents.
-=-A few years back there was no such thing as p2p. And hate it or not there was no iTunes store or Amazon or whoever is number 3 in the market. But once I could find something weird like 'Screaming Jay Hawkins-I put a spell on you' or something treasured like a Nina Simone Anthology, Steely Dan or Stevie Wonder or Miles Davis and get it safely and pay what 99¢ each or $10 an album? I know I have gifted hundreds of dollars worth of music and movies/media to friends and family, and yhy not? Before the store we were all at a greater risk. THAT is the elephant in the room in this equation. Because phishing can be to a large extent patched or mitigated by the OS and Browser vendors, BUT the end user who really wants that file will still click on that link will get burned. Sure the link will get taken down - and maybe reposted - so it is a buyer beware world.
_Realistically_ I do not think the p2p world can support the entire string of hangers on in Hollywood and Silicon Valley and I have no Idea where the rest of the world gets or makes their SW and Media, but if you want to download media from strange sources then OK but please be advised of this: that cutting edge can cut

Reply Score: 1

Disabling plugin X is not an option
by Matzon on Thu 28th Oct 2010 05:35 UTC
Matzon
Member since:
2005-07-06

Whenever people say that you should just turn of plugin X I almost throw a hissy fit.

Disabling X does not solve the greater issue.

Next you'll be asing me to not use the browser at all? - they have almost weekly 0-day exploits.

Oh, and my OS is insecure too? - best pull the plug entirely then.

We use Flash, Java, Unity, Plugin X for a reason. It provides features that browsers do not allow.

In the case of Java, you can scream all you want, but html/5 + webgl + tracemonkey is simply not good enough for running stuff like minecraft - or other OpenGL based Java games (see: http://lwjgl.org).
Furthermore, for instance in Denmark, then national ID scheme is using a Java component to securely log in on all sites.
You may argue that it should have been done in another way, and I would probably agree. But the fact remains that to use the government provided national ID, you MUST have Java installed and enabled for your browser.

Reply Score: 3

Kroc Member since:
2005-11-10

In the case of Java, you can scream all you want, but html/5 + webgl + tracemonkey is simply not good enough for running stuff like minecraft - or other OpenGL based Java games


But it is good enough for running Quake II, ne? http://www.osnews.com/story/23097/Quake_II_Ported_to_HTML5

Of course, this technology isn’t shipping in non-beta builds of browsers at the moment, but to think outright that HTML5+WebGL won't _ever_ compete is silly. Give it another two years and we’ll be seeing very serious 3D games being released directly on the web. And why not? It’s still OpenGL, it’s still 3D, and no installer is needed (bar an up to date browser).

There’s a ton of game websites out there like miniclip, who have been reliant on Flash and Java for a decade and they are going to have to face an upheaval in their market where they will have to embrace JavaScript games in order to expand onto the iPad / iPhone and other mobile devices. What company, in this instance, would choose death over new technology, bar ignorance?

Reply Score: 1

Matzon Member since:
2005-07-06

I agree that eventually WebGL will replace a lot of this, however do remember, that we were doing OpenGL in applets in 2006 using Java.

4 years later and HTML is still not there.

I would prefer that everything was open like html and javascript - but the fact of the matter is that plugins provide content producers with means for doing stuff that wouldn't otherwise be possible.

Reply Score: 4

Kroc Member since:
2005-11-10

There is also NaCl. And anyway, 4 years ago there were no HTML5 websites or barely anybody using this tech. A lot of this tech is still not shipping in browsers.

That’s like saying to me that 100 years ago they didn’t have quantum computers. We barely have them now, so the time-frame is irrelevant.

Given that the only option outside of the App Store for the iPad / iPhone is HTML5, I think it has plenty of chance for big things. Mozilla are holding an HTML game competition; wait for the results of that before reserving judgement.

Reply Score: 1

Matzon Member since:
2005-07-06

Exactly! Which is why I am saying that plugins have their merit!

My comment was mostly in response to the:

What on earth are you using it for anyway in your web browser?

We need to use Java (with OpenGL) to do stuff like Minecraft (or any of the other lwjgl games (lots)).
And this is of course only one example. There are many things that simply cannot be done, easily - or not at all, in a cross browser fashion using html/5.

Reply Score: 2

Neolander Member since:
2010-03-08

There’s a ton of game websites out there like miniclip, who have been reliant on Flash and Java for a decade and they are going to have to face an upheaval in their market where they will have to embrace JavaScript games in order to expand onto the iPad / iPhone and other mobile devices. What company, in this instance, would choose death over new technology, bar ignorance?

No, in my opinion they wouldn't embrace JS. In the worst case the number of browser games is simply going to shrink.

The problem is that Javascript and HTML5 are ugly technologies. Most creative people want to deal with a simple, high-level language, which works in the same way in all supported browsers, and has a good official IDE. It's precisely what Flash offers, and no replacement exists among web standards I think..

Reply Score: 2

Kroc Member since:
2005-11-10

Because nobody makes games with C++, obviously.

Reply Score: 1

nt_jerkface Member since:
2009-08-26

where they will have to embrace JavaScript games in order to expand onto the iPad / iPhone and other mobile devices. What company, in this instance, would choose death over new technology, bar ignorance?


Why would choosing Flash be death?

Reply Score: 2

Kroc Member since:
2005-11-10

Not death, lack of growth. And in the stock market, lack of growth == death in analysts eyes ;)

Reply Score: 1

nt_jerkface Member since:
2009-08-26

Casual pc gaming is a growing market.

Reply Score: 2

how convenient ...
by freeaks on Thu 28th Oct 2010 07:27 UTC
freeaks
Member since:
2010-10-28

how convenient ...
just when apple is thinking to phase out java from osx,
and this move could potentially get criticized by community,
java turn out to be a security threat
where horrible crackers use it to attack poor osx (and fail of course..)

can you imagine a more convenient picture ?

Reply Score: 2

RE: how convenient ...
by FealDorf on Thu 28th Oct 2010 09:04 UTC in reply to "how convenient ..."
FealDorf Member since:
2008-01-07

Exactly what I was thinking. Instead of downplaying the trojan, mac fanatics may as well raise it to defcon 5 (more accurately, drop it to defcon 1) and insist on deprecating java for great justice..

Reply Score: 1

Java security alert
by Dirge on Thu 28th Oct 2010 08:39 UTC
Dirge
Member since:
2005-07-14

"In their report, they say the initial Java apple portion throws up a nice Java warning cancel/allow dialog, meaning everything works as intended and the threat level of this attack is low."

Ok so how useful is the standard Mac OS X Java security alert? From what I can tell the alert is non descriptive and a non technical user might just as well click allow.
I mean how are they to know whether this alert has any merit, and what does it matter to them when all they want is access to their file or video. Even if one were to view the certificate, what would a non technical user make of it.

Reply Score: 2

Sample?
by trams on Thu 28th Oct 2010 12:01 UTC
trams
Member since:
2010-06-15

Does anyone know of where a sample can be found? i would like to test what happens within ironfox if it is exploited.

Reply Score: 1

Can't blaim 'em
by Eddyspeeder on Thu 28th Oct 2010 14:35 UTC
Eddyspeeder
Member since:
2006-05-10
As well as Boonana there is now Koobface
by lemur2 on Fri 29th Oct 2010 03:38 UTC
lemur2
Member since:
2007-02-17

http://news.softpedia.com/news/New-Koobface-Variant-Infects-Linux-t...

Security researchers warn that a new drive-by download attack is capable of infecting Windows, Mac OS X and Linux systems with a new variant of the notorious Koobface worm.


Apparently, this one works.

Once installed on a computer, the worm hijacks the social networking accounts of its owner and uses them to propagate.

Infected systems join together in a botnet and contact a command and control server, from where they receive instructions.

According to Jerome Segura, a security researcher at ParetoLogic, who analyzed the attack, the Linux Koobface version is attached to a Java applet called jnana.tsa.

The applet is dropped inside the user's home directory and stops running at computer reboot. This means that on Linux, unlike on Windows, the Koobface infections are temporary.

However, Linux computers tend to stay open much longer than Windows ones, which gives attackers enough time to use them for malicious purposes.


The good news I suppose is that it works longer on a Mac or Windows machine.

Edited 2010-10-29 03:40 UTC

Reply Score: 1