I can’t copy and paste anything but it explains how the latest intel “Security” addons aren’t secure at all….they make it trivially easy for your system to be hardware rooted..making it impossible for you to regain control of your system.
Intel Small Business Advantage is a security nightmare | SemiAccurate.
…………….. let’s look closely at the facts around the Flashback Trojan causing all this consternation, and clear up what it is versus what it is not, and put the results of the incident in perspective.
Yes it’s true that some 600,000 Macs are confirmed to have been infected. The claim, first made by Dr. Web, an outfit I had never heard of, has since been corroborated by Kaspersky Labs, whose research and analysis capabilities are well-respected. More than half of the compromised machines are in the U.S., 95,000 in Canada, 47,000 in the U.K., and 41,000 in Australia.
The trojan targets a vulnerability in software that is not even an Apple product: Java. You’ll recall that Java is add-on software created by Sun Microsystems and now the property of the software giant Oracle. Rather common, it is no longer shipped as a default add-on to Apple’s Mac OS X beginning in 2011, when Apple first shipped Lion.
Through this hole in Java, certain Web sites are serving up malicious Java applets. Once inserted on the machine, the software then prompts the user to enter the password they use to run the machine. It attempts to trick the user by appearing as an update to Adobe’s Flash video and animation software.
If the user doesn’t fall for the trick, it tries something else. Here again it checks to see if there are any Microsoft Office applications on the machine, or Skype. If there are, it deletes itself.
Then it does something interesting. It scans the contents of the Mac’s hard drive to determine if certain applications are present, and if they are, it deletes itself. Among those applications are security tools such as Little Snitch, a networking security tool, or Packet Peeper, another security tool. It also deletes itself if it sees the user has installed XCode Mac developers tools, and any kind of anti-virus software.
Presuming it finds none of them, it proceeds to contact a command-and-control server for the purpose of downloading and installing more malware. That malware is being used to commandeer the Macs and generate Web traffic to boost revenue for some pay-per-click ads on Web sites, making money for someone who’s behind the scheme. Nothing surprising there.
Apple has issued a fix to Mac OS X that closes the hole in Java, and you can protect yourself by running Software Update from within your machine’s System Preferences. Today would be a good day to do that if you haven’t already. Once you’ve done this you’re no longer vulnerable to the attack.
If you’re among the 600,000 already compromised you can turn to third parties to help you remove it. F-Secure has some instructions here for determining if your machine is affected. If you’re comfortable running some commands in the Mac’s terminal program, there are also some good instructions here at ArsTechnica.
So what does all this say about the state of security on the Mac? Nothing that wasn’t true already. No system is perfectly secure, and this, along with MacDefender, amounts to exactly the second security incident worth mentioning to hit the Mac in about a year. The number of machines affected is less than 1 percent of the 63 million Macs currently in use around the world.
The conventional wisdom has often held that Macs are targeted by malware less often than Windows machines because of their relatively small market share. This still has some merit, but the fact is that Windows is also where the vulnerabilities are. Historically, Mac OS X has been substantially less vulnerable to this sort of thing than Windows.
Does that let Apple off the hook entirely? No, though to its credit, Apple had a fix ready within a week of learning of this vulnerability. That’s not exactly a pokey response, especially when the problem lies not directly within Apple’s software, but in Oracle’s.
via What’s This? A Mac Virus? No Actually It’s a Weakness in Java. – Arik Hesseldahl – News – AllThingsD.
Let’s get one thing straight. The media, as usual, is not only blowing this out of proportion but also not keying on the right part of the problem. This is not a Mac issue but a java problem. Java had and exploit(java itself has become an exploit…much like activex..but worse) that apple didn’t patch as quickly as oracle(the developer of java). Keep in mind that OSX Lion does not contain java so only folks who forever whatever reason can’t or won’t run the latest Lion release were the only ones vulnerable. Frankly I banished java from my network a looooong time ago…as the amount of websites that require it for proper operation aren’t enough to even bother with. How to NOT get infected? uninstall Java..never install it in the first place.
Update your machines now. If you are running a server with rdp exposed first firewall it off the internet then use another actual secure vpn to get to that server and update. I would then never allow rdp direct access to the net again.
Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazons EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.”This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine,” Amol Sarwate, director of Qualys vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a “big concern” because it is so widely used in large organizations and business settings.The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said theres no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change.”Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Suha Can and Jonathan Ness, of Microsoft Security Response Center Engineering, wrote in an advisory published Tuesday.
via Critical Windows bug could make worm meat of millions of high-value machines.
This all depends on if they get the patchwaork dns server order extended. If they do then your infected pc will work fine. I hope they do not then these mahcines will cease to work and the infection will become obvious.
If your PC starts acting weird or totally goes offline on or after March 8th(for folks who keep their computers off) Please contact ECC for assistance.
Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan — Krebs on Security.
Time for me to start recommending routers with dd-wrt and NO WPS capabilities. If turning it off doesn’t turn it off then security is non-existent for wireless network. Ick.
The attack took about six hours to properly guess the PIN and return the SSID and password for the target network. During that time, the router locked up once under load, as I was putting normal levels of network traffic through it from other devices. Some routers will also lock out WPS requests for five minutes or so when they detect multiple failed PIN submissions—mine stopped responding occasionally, generating a string of warnings, but Reaver picked back up where it left off once the Linksys started responding again.
Having demonstrated the insecurity of WPS, I went into the Linksys’ administrative interface and turned WPS off. Then, I relaunched Reaver, figuring that surely setting the router to manual configuration would block the attacks at the door. But apparently Reaver didn’t get the memo, and the Linksys’ WPS interface still responded to its queries—once again coughing up the password and SSID.
The tool also managed to repeatedly cause the router to stop responding to other computers on the network, essentially creating a denial of service attack—a great thing to remember for the next time my neighbors have a loud, all-night Call of Duty session.
In a phone conversation, Craig Heffner says that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they’ve tested. “On all of the Linksys routers, you cannot manually disable WPS,” he said. While the Web interface has a radio button that allegedly turns off WPS configuration, “it’s still on and still vulnerable.”
I figured it was a matter of time before this was exposed. The pins are usually 8 digits which it has been known for quite some time that you need at least 12 sufficiently random characters for any kind of protection against brute force attacks. Of course the lack of a lockout system makes it even more trivial.
WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs | threatpost.
This link aggregates all of techcrunchs coverage with decent linking to outside sites about this too.
Crapware on a pc or mac is easy to combat….format the machine and use your own, known good image. Phones however are a new frontier of badness for the enterprise and anyone with need for data security. Folks wonder why I’ve advocated locking smartphones out of sensitive networks…this is why. I’ve figured this for a while…now it’s been proven. There are quite a few links in this story..please read them. The video that’s blown the lid off this is right here.
You just can’t make this stuff up. If I had told you six months ago to be very careful about entrusting corporate data to mobile carriers who pre-install app crap, because they would build spyware into phones, collect secure web browsing information, and embed this software so deeply that you have to change the ROM to get rid of it, you would have written me off as a paranoid. Yet, that appears to be the situation with CarrierIQ, a carrier utility gone wild.
Like the Master Control Program in the 80s science fiction classic, “Tron,” CarrierIQ collects data for an ostensibly harmless purpose: to help carriers improve the quality of their network and improve the user experience. Then, it goes crazy and tries to kill everyone. It may not be as bad in this case, but the trouble is, though Carrier IQ claims, “we are counting and summarizing performance, not recording keystrokes or providing tracking tools,” third party analysis of Carrier IQ begs to differ.
Specifically, researcher Trevor Eckhart writes on his blog that the Carrier IQ application “is receiving not only HTTP strings directly from browser, but also HTTPs strings. HTTPs data is the only thing protecting much of the ‘secure’ Internet.” Carrier IQ, realizing how damaging this revelation was, tried to squelch Eckhart through a cease-and-desist letter (giving him two whole days to respond, and threatening damages starting at$180K), but the Electronic Frontier Foundation came to the rescue. Carrier IQ relented after the assault from the EFF, and is now “deeply sorry for any concern or trouble” that the letter may have caused Eckhart.
From an enterprise perspective, this is massive. It’s the Jerry Sandusky of mobility. It is an insane breach of trust.
[ Not up to date on Carrier IQ? See Carrier IQ Withdraws Legal Threat Against Security Researcher. ]
Enterprises have long put up with “app crap” on Windows platforms, and, then, on mobile platforms. On the Windows platforms, enterprises would shrug, wipe the machines, re-image them, and move on with work as usual. On mobile, enterprises believed that the app crap was benign enough. Wrong.
We all knew that spyware existed on PCs, but the big difference is that spyware and rootkits got installed by malicious third parties, not our trusted partners who get paid for services that they provide.
All of a sudden, Steve Jobs’ perspective about who should control mobile device firmware doesn’t seem to be such a bad idea.
Carrier IQ has no relationship, at all, with the enterprise. They’ve said that “we do not sell Carrier IQ data to third parties” or “provide real-time data reporting to any customer.” But once you generate the data, it’s there for the taking.
This year’s Data Breach Investigations Report, co-sponsored by the US Secret Service, and, ironically, a mobile provider, emphatically states that organizations need to eliminate unnecessary data collection (since it can and will be stolen.) As enterprise trusted partners, it’s time for carriers to eliminate the middleman. Carrier IQ had no incentive at all to limit the type of data that it collects.
Because Carrier IQ is so carrier focused, it may have even come as something of a surprise to the Carrier IQ folks that they may have violated wiretap laws.
The whole model needs to change, or this incident will be repeated. Carriers currently control the phone, and work with third parties to build management software that they need. The third parties have no skin in the game in terms of the trust relationship with the enterprise. Frankly, in this case, if Carrier IQ’s reputation becomes so tarnished that they can no longer sustain a viable business, they can pull up their tent stakes, change their name, and resume operations.
Well, good for them, but BAD for the enterprise, because the enterprise now needs to start investing the type of time that used to be reserved for Windows PCs, in order to re-image spyware-vulnerable smartphones. It’s not a matter of just removing the software. InformationWeek contributor Mathew Schwartz told me this morning that “some deployments of Carrier IQ by the carriers have an ‘off switch’ that smartphone owners can trigger,” but that he’s also seen reports that it simply doesn’t work.
Carrier IQ: Mobile App Crap Must Stop – Security – Mobile Security – Informationweek.
Watch this folks. I talk about this over and over. a/v isn’t enough..it is only a start. Please start with these basics. Please contact ECC on how to minimize your exposure.
