A Photography forum. PhotoBanter.com

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PhotoBanter.com forum » Digital Photography » Digital Photography
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Mac users - be aware



 
 
Thread Tools Display Modes
  #11  
Old August 5th 15, 01:41 AM posted to rec.photo.digital
Savageduck[_3_]
external usenet poster
 
Posts: 16,487
Default Mac users - be aware

On 2015-08-04 23:19:31 +0000, "Mayayana" said:

| You should read the article to which I linked.
|

It does sound rather mild. If someone downloads
and runs an installer, while running in lackey
mode with restrictions, that installer can bypass
the restrictions. "Elevation of privilege". Someone
still has to be sucked into running the installer.


Exactly!

Elevating privilege when already accessing the
machine is not such a big deal. (I've never even
run in lackey mode. It's too much hassle.)

What *would* be a big deal would be if Macs were
getting "driveby downloads" -- attacks like the
Flash bug at Yahoo this past week. Maybe Macs
do get them. I don't know. But I'm not aware of
any. On Windows with script/Flash/Acrobat enabled
it's a constant, real risk.


That doesn't seem to be the case.


--
Regards,

Savageduck

  #12  
Old August 5th 15, 02:07 AM posted to rec.photo.digital
Eric Stevens
external usenet poster
 
Posts: 13,611
Default Mac users - be aware

On Tue, 04 Aug 2015 18:56:19 -0400, nospam
wrote:

In article , Eric Stevens
wrote:

It doesn't sound easy to do but if Malwarebytes are into it, it's real
and out there.


it's also been fixed in 10.10.5.


Good.
--

Regards,

Eric Stevens
  #13  
Old August 5th 15, 02:08 AM posted to rec.photo.digital
Eric Stevens
external usenet poster
 
Posts: 13,611
Default Mac users - be aware

On Tue, 4 Aug 2015 19:19:31 -0400, "Mayayana"
wrote:

| You should read the article to which I linked.
|

It does sound rather mild. If someone downloads
and runs an installer, while running in lackey
mode with restrictions, that installer can bypass
the restrictions. "Elevation of privilege". Someone
still has to be sucked into running the installer.
Elevating privilege when already accessing the
machine is not such a big deal. (I've never even
run in lackey mode. It's too much hassle.)

What *would* be a big deal would be if Macs were
getting "driveby downloads" -- attacks like the
Flash bug at Yahoo this past week. Maybe Macs
do get them. I don't know. But I'm not aware of
any. On Windows with script/Flash/Acrobat enabled
it's a constant, real risk.

If there were any I'm sure Malwarebytes would be into them.
--

Regards,

Eric Stevens
  #14  
Old August 5th 15, 02:09 AM posted to rec.photo.digital
Eric Stevens
external usenet poster
 
Posts: 13,611
Default Mac users - be aware

On Tue, 4 Aug 2015 17:38:14 -0700, Savageduck
wrote:

On 2015-08-04 22:21:24 +0000, Eric Stevens said:

On Tue, 4 Aug 2015 14:19:24 -0700, Savageduck
wrote:

On 2015-08-04 20:47:33 +0000, Eric Stevens said:

http://www.theregister.co.uk/2015/08..._exploit_wild/

"The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.

According to Adam Thomas of Malwarebytes, dodgy software distributed
on the internet is now exploiting the vulnerability to inject the
VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and
point users at an app to download from the official App Store."

... more

Thanks for the warning, but this is more of the usual FUD. Can you say
proof of concept, yet to be found in the wild.


You should read the article to which I linked.

"According to Adam Thomas of Malwarebytes, dodgy software
distributed on the internet is now exploiting the vulnerability to
inject the VSearch and Genieo adware plus the MacKeeper junkware on
to Macs, and point users at an app to download from the official
App Store."

It doesn't sound easy to do but if Malwarebytes are into it, it's real
and out there.


The Mac groups have been discussing this for the last two days and they
address another source. rather than that anti-Apple screed and FUDfest
"The Register".

The vulnerability might exist and Mac Usenet users are well aware of
it. However, it is one that most Mac users running the latest software,
and using established installation procedures of apps from known
sources, are not going to have to deal with.

As with all of these things the ones most vulnerable are those who
install questionable stuff to start with, and they have to play an
active part in that installation. The malware in question is not going
to infect any Mac without being invited in by that Mac's owner.


That's what the article said.
--

Regards,

Eric Stevens
  #15  
Old August 5th 15, 02:10 AM posted to rec.photo.digital
Eric Stevens
external usenet poster
 
Posts: 13,611
Default Mac users - be aware

On Tue, 04 Aug 2015 18:56:19 -0400, nospam
wrote:

In article , Eric Stevens
wrote:

It doesn't sound like the same thing.


true. the one malwarebytes is yapping about has already been fixed.


As I've already said - Good.
--

Regards,

Eric Stevens
  #16  
Old August 5th 15, 04:35 AM posted to rec.photo.digital
Davoud
external usenet poster
 
Posts: 639
Default Mac users - be aware

FUD. Where are the reports of infections?

Eric Stevens:

..."The amusing vulnerability in Apple's OS X that grants
administrator-level access to anyone who asks is being exploited in
the wild by malware. Yeah, malware exists for Macs, this isn't the
1990s.

Anyone logged in to a vulnerable OS X computer, or any software
running on it, can use the security hole to gain the same privileges
as the powerful root user, meaning they can install new programs,
change files, remove or add new users, wreck the system, and so on, at
will.


Ah, requires physical access. I can wreck anything if I have physical
access.

--
I agree with almost everything that you have said and almost everything that
you will say in your entire life.

usenet *at* davidillig dawt cawm
  #17  
Old August 5th 15, 02:37 PM posted to rec.photo.digital
PeterN[_6_]
external usenet poster
 
Posts: 4,254
Default Mac users - be aware

On 8/5/2015 7:06 AM, AnthonyL wrote:

snip


It strikes me as being bad form to let users have physical access to
their computers and even worse form to allow them permissions to
install anything on them. Bring back the mainframe I say.


Many software publishers would like to see that happen. Except, what you
call mainframe, they call the cloud.

Bring back dumb terminals.

--
PeterN
  #18  
Old August 5th 15, 06:01 PM posted to rec.photo.digital
PeterN[_6_]
external usenet poster
 
Posts: 4,254
Default Mac users - be aware

On 8/5/2015 12:05 PM, android wrote:
PeterN Wrote in message:
On 8/5/2015 7:06 AM, AnthonyL wrote:

snip


It strikes me as being bad form to let users have physical access to
their computers and even worse form to allow them permissions to
install anything on them. Bring back the mainframe I say.


Many software publishers would like to see that happen. Except, what you
call mainframe, they call the cloud.

Bring back dumb terminals.

--
PeterN

iPads?


There is a distinction between terminals, and users. ;-p

--
PeterN
  #19  
Old August 5th 15, 06:56 PM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Mac users - be aware

| What *would* be a big deal would be if Macs were
| getting "driveby downloads" -- attacks like the
| Flash bug at Yahoo this past week. Maybe Macs
| do get them. I don't know. But I'm not aware of
| any. On Windows with script/Flash/Acrobat enabled
| it's a constant, real risk.
|
| That doesn't seem to be the case.

No, not by a longshot. The driveby install is
passive and usually requires nothing more than
enabling script. What they're describing requires
actually choosing to install software.


  #20  
Old August 5th 15, 07:03 PM posted to rec.photo.digital
Mayayana
external usenet poster
 
Posts: 1,514
Default Mac users - be aware

| Duck, don't engage. PLEASE.

Don't engage what? Tech talk? Windows users?

I don't recall being rude to you. Do you have
some sort of issue with my posts? I try to only
post about things where I may have some
worthwhile input. Tech issues are one of those
topics.

Looking into recent posts I can only find one
from you, where you pointlessly insulted PeterN
in a pro-Mac post. Is that what bothers you?
You're such a Mac fan that you didn't even notice
I was making a pro-Mac comment?


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple-Verizon's latest ingratiating, self-aware, pandering iPhone ad Savageduck[_3_] Digital Photography 4 May 14th 14 01:29 AM
Are you aware about your health?? [email protected] Digital Photography 1 May 21st 07 06:53 PM
ICM-aware image viewer? [email protected] Digital Photography 7 April 20th 06 07:59 AM
ACDSee 7 ICC Aware? Nathan Gutman Digital Photography 5 January 6th 06 06:59 PM
viewer/album software that is version aware and can tag photos? peter Digital Photography 6 August 12th 04 09:50 PM


All times are GMT +1. The time now is 12:27 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PhotoBanter.com.
The comments are property of their posters.