lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200711011536.00961.prb@lava.net>
Date: Thu, 1 Nov 2007 15:36:00 -1000
From: Peter Besenbruch <prb@...a.net>
To: full-disclosure@...ts.grok.org.uk
Cc: Alex Eckelberry <AlexE@...belt-software.com>, bugtraq@...urityfocus.com
Subject: Re: mac trojan in-the-wild

On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote:

> The future of malware is going to be largely through social engineering.
> Does that mean we ignore every threat that comes out because it requires
> user interaction?  Seems like whistling past the graveyard to me.

Alex, no-one is saying we should ignore it. I would say we downgrade the level 
of threat if it requires user interaction. If it requires a lot of 
interaction to launch the threat, we downgrade it some more.

Apple is faced with a significant design flaw in OS-X: You can have trusted 
file types auto-execute when downloaded in Safari. This is an old problem, 
partially mitigated by Apple in later versions of the OS. This has been 
coupled with the ancient scam of the fake CODEC.

The one unique aspect of this attack is the target, Apple users. I suppose 
Linux users are next. When they get targeted, I will be ready. I don't 
typically browse porn sites, so I see a greater danger in targeted attacks 
from third party advertisers. Of course, these tend to target drive by 
download flaws in Windows, but I'll be ready. I suppose, though, that other 
Linux users browse porn. I can see it now...

Firefox throws up a download dialog, asking what I should do 
with "prettyyoungthing.rpm," while a Javascript pop-up explains that to see 
these great images, I need to save the file, and type "rpm -i 
prettyyoungthing.rpm," and that I need to do it as root. If running Suse or 
Mandriva, this may not work. If I run Debian or Ubuntu, I should 
run "alien -dci prettyyoungthing.rpm" as root. If this doesn't quite work, 
please find a Deb file with "prettyyoungthing" in its name, using "find 
prettyyoungthing*.deb" and issue the command "dpkg -i prettyyoungthing*.deb. 
Regardless of installation method, please have the following dependencies 
installed...

Oh yes, I'll be ready.
-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ