| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2007 15:36:00 -1000 From: Peter Besenbruch <prb@...a.net> To: full-disclosure@...ts.grok.org.uk Cc: Alex Eckelberry <AlexE@...belt-software.com>, bugtraq@...urityfocus.com Subject: Re: mac trojan in-the-wild On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote: > The future of malware is going to be largely through social engineering. > Does that mean we ignore every threat that comes out because it requires > user interaction? Seems like whistling past the graveyard to me. Alex, no-one is saying we should ignore it. I would say we downgrade the level of threat if it requires user interaction. If it requires a lot of interaction to launch the threat, we downgrade it some more. Apple is faced with a significant design flaw in OS-X: You can have trusted file types auto-execute when downloaded in Safari. This is an old problem, partially mitigated by Apple in later versions of the OS. This has been coupled with the ancient scam of the fake CODEC. The one unique aspect of this attack is the target, Apple users. I suppose Linux users are next. When they get targeted, I will be ready. I don't typically browse porn sites, so I see a greater danger in targeted attacks from third party advertisers. Of course, these tend to target drive by download flaws in Windows, but I'll be ready. I suppose, though, that other Linux users browse porn. I can see it now... Firefox throws up a download dialog, asking what I should do with "prettyyoungthing.rpm," while a Javascript pop-up explains that to see these great images, I need to save the file, and type "rpm -i prettyyoungthing.rpm," and that I need to do it as root. If running Suse or Mandriva, this may not work. If I run Debian or Ubuntu, I should run "alien -dci prettyyoungthing.rpm" as root. If this doesn't quite work, please find a Deb file with "prettyyoungthing" in its name, using "find prettyyoungthing*.deb" and issue the command "dpkg -i prettyyoungthing*.deb. Regardless of installation method, please have the following dependencies installed... Oh yes, I'll be ready. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists