PDA

View Full Version : Flashback trojan affecting macs



N2RJ
04-13-2012, 10:57 AM
http://mashable.com/2012/04/05/600000-macs-flashback/

Apple closed the hole, and issued 2 Java updates.

This isn't really a problem with OSX, but rather with Java, specifically Java applets and earlier variants may have disguised themselves as Flash player updates. The Steve war on Flash and other third party plugins suddenly makes a lot of sense.

KC2UGV
04-13-2012, 11:57 AM
It's kinda easy to require signed updates...

N2RJ
04-13-2012, 03:30 PM
It is, but it's also easy to forge a certificate that says, "Signed by Adobe, Inc" or "Signed by Apple, Inc" and despite the big red warning that says that "This root certificate is not trusted" people will still click anyway.

Can't do much about the problem between the chair and the keyboard.

KC2UGV
04-13-2012, 07:41 PM
It is, but it's also easy to forge a certificate that says, "Signed by Adobe, Inc" or "Signed by Apple, Inc" and despite the big red warning that says that "This root certificate is not trusted" people will still click anyway.

Can't do much about the problem between the chair and the keyboard.

And, so, it's not a problem with Java, plugins to the browser, or Flash; but yet idiot Mac and Windows users.

NQ6U
04-13-2012, 07:59 PM
Yep, it's LUSER problem. Flashback is a Trojan Horse—malware disguised as an Adobe Flash update installer—not a virus. You have to click and enter an admin user name and password before it can install itself.

kf0rt
04-13-2012, 08:58 PM
I'm laffin'....

Just spent $499 for a Verisign developer certificate (annual renewal). Mostly, this bypasses a warning in the Windows installation and makes you "feel good" to be an "official developer."

In the back of my mind, I see a greasy old dude in Jersey (apologies, George) who just wants a few dollars or else he might burn your bar down. Protection, youse knows?

Whudda racket.

KB3LAZ
04-13-2012, 11:39 PM
And, so, it's not a problem with Java, plugins to the browser, or Flash; but yet idiot Mac and Windows users.

Problem is that you just described the majority of home computer owners/users. Particularly over 35. Though, I dont suppose this will be the case a few more years down the road when everyone is assimilated.

PS: You may not see it this way but the majority of members on this forum are not in my experience the average pc user.

KC2UGV
04-14-2012, 09:25 AM
Problem is that you just described the majority of home computer owners/users. Particularly over 35. Though, I dont suppose this will be the case a few more years down the road when everyone is assimilated.


With this I agree. I don't even think those under 35 are very skilled either. Sure, they know how to work it, but know nothing of how it works.



PS: You may not see it this way but the majority of members on this forum are not in my experience the average pc user.

And, this I agree with as well.

KB3LAZ
04-14-2012, 11:02 AM
With this I agree. I don't even think those under 35 are very skilled either. Sure, they know how to work it, but know nothing of how it works.



And, this I agree with as well.

That is a good point. I feel that I have a fair understanding of PC's both as a home user, developer of databases, and for work reasons but some of you guys still make me feel like a nub. xD

N2RJ
04-14-2012, 01:23 PM
And, so, it's not a problem with Java, plugins to the browser, or Flash; but yet idiot Mac and Windows users.

Yep, but the OSX security model is STILL a lot better than Microsoft at preventing these sorts of infections. Had this been a Microsoft virus, it would have self propagated itself pretty much without user intervention.

What's even more impressive is that Apple halved the number of infected by pushing out a simple software update.

N2RJ
04-14-2012, 01:25 PM
I'm laffin'....

Just spent $499 for a Verisign developer certificate (annual renewal). Mostly, this bypasses a warning in the Windows installation and makes you "feel good" to be an "official developer."

In the back of my mind, I see a greasy old dude in Jersey (apologies, George) who just wants a few dollars or else he might burn your bar down. Protection, youse knows?

Whudda racket.

Meh, I install my own CA and use self signed certs... except when deploying public websites in which case our CDN takes care of it nicely by using a subordinate CA.