lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7F5FABC626E215102ECE0966@paul-schmehls-powerbook59.local>
Date: Thu, 01 Nov 2007 21:13:10 -0500
From: Paul Schmehl <pauls@...allas.edu>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: mac trojan in-the-wild

--On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <prb@...a.net> 
wrote:
>
> Firefox throws up a download dialog, asking what I should do
> with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
> see  these great images, I need to save the file, and type "rpm -i
> prettyyoungthing.rpm," and that I need to do it as root.

There is no need to do that.  In both Macs and Gnome or KDE on Unix, if 
you try to run rpm -i (of whatever the install paradigm is on your flavor 
of OS), you'll be *prompted* for the root password, not asked to run it as 
root.  Big difference, and one that many users do not appreciate at all.

The direction computing is heading is toward ease of use and obscuration 
of details.  Given that, and the human tendency to act without thinking, 
socially engineered exploits will continue to enjoy success.  No, they 
won't be as successful as self-propagating code that takes advantage of 
flaws in OSes and applications, but as the Storm bot creators if social 
engineering can successfully build a botnet of several hundred thousand 
machines.

When an internationally recognized Ph.D psychologist can lose $3 million 
US to the 419 scam and be prepared to lose more, is it really a stretch to 
think that a fake codec trojan will make inroads on the Mac?

Paul Schmehl (pauls@...allas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Content of type "application/pkcs7-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ