| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2007 22:03:50 -0400 (EDT) From: Jay Sulzberger <jays@...ix.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: mac trojan in-the-wild On Thu, 1 Nov 2007, Adam St. Onge <adamst.onge@...il.com> wrote: > So if i put a picture of a naked girl on a website and said to see more you > must open a terminal and enter "rm -rf". > Would we consider this a trojan...or just stupidity? Yes, a Trojan. Yes, stupidity on the part of the designer of the home system. There should be no way to destroy so much user data by the user just typing six characters into a terminal window. oo--JS. > > On 11/1/07, Alex Eckelberry <AlexE@...belt-software.com> wrote: >> >>> Let's not over-hype this-- while "Apple's day" has been coming, saying >> that users will be "hit hard" on something the user has to >>> manually download, manually execute, and explicitly grant >> administrative privileges to is *way* over the top. >> >> The future of malware is going to be largely through social engineering. >> Does that mean we ignore every threat that comes out because it requires >> user interaction? Seems like whistling past the graveyard to me. >> >> Alex >> >> >> -----Original Message----- >> From: Thor (Hammer of God) [mailto:thor@...merofgod.com] >> Sent: Thursday, November 01, 2007 8:15 PM >> To: Gadi Evron; bugtraq@...urityfocus.com; >> full-disclosure@...ts.grok.org.uk >> Subject: RE: mac trojan in-the-wild >> >>> For whoever didn't hear, there is a Macintosh trojan in-the-wild being >> >>> dropped, infecting mac users. >>> Yes, it is being done by a regular online gang--itw--it is not yet >>> another proof of concept. The same gang infects Windows machines as >>> well, just that now they also target macs. >>> >>> http://sunbeltblog.blogspot.com/2007/10/screenshot-of-new-mac- >>> trojan.html >>> http://sunbeltblog.blogspot.com/2007/10/mackanapes-can-now-can-feel- >>> pain-of.html >>> >>> This means one thing: Apple's day has finally come and Apple users are >> >>> going to get hit hard. All those unpatched vulnerabilities from years >>> past are going to bite them in the behind. >> >> Let's not over-hype this-- while "Apple's day" has been coming, saying >> that users will be "hit hard" on something the user has to manually >> download, manually execute, and explicitly grant administrative >> privileges to is *way* over the top. >> >> >> >>> I can sum it up in one sentence: OS X is the new Windows 98. Investing >> >>> in security ONLY as a last resort losses money, but everyone has to >>> learn it for themselves. >> >> Not "the new Windows 98" by a long shot - saying that is just >> irresponsible. While Apple is not used to dealing with security in the >> same way that other companies are, comparing OSX to Windows 98 is not >> only a huge technical inaccuracy, but you also insult MAC users out >> there. OSX had "UAC-like unprivileged user controls" way before Vista >> did - let's not try to start some holy-war on this like people have >> tried to do with Windows vs Linux in the past. >> >> If you want to report this, then report it-- but say what it is, a >> totally lame user-must-be-drunk "exploit" that requires that all manner >> of things go wrong before it works -- otherwise people will think that >> you've dressed up as Steve Gibson for Halloween. >> >> t >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists