If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Mac users - be aware
On 2015-08-04 23:19:31 +0000, "Mayayana" said:
| You should read the article to which I linked. | It does sound rather mild. If someone downloads and runs an installer, while running in lackey mode with restrictions, that installer can bypass the restrictions. "Elevation of privilege". Someone still has to be sucked into running the installer. Exactly! Elevating privilege when already accessing the machine is not such a big deal. (I've never even run in lackey mode. It's too much hassle.) What *would* be a big deal would be if Macs were getting "driveby downloads" -- attacks like the Flash bug at Yahoo this past week. Maybe Macs do get them. I don't know. But I'm not aware of any. On Windows with script/Flash/Acrobat enabled it's a constant, real risk. That doesn't seem to be the case. -- Regards, Savageduck |
#12
|
|||
|
|||
Mac users - be aware
On Tue, 04 Aug 2015 18:56:19 -0400, nospam
wrote: In article , Eric Stevens wrote: It doesn't sound easy to do but if Malwarebytes are into it, it's real and out there. it's also been fixed in 10.10.5. Good. -- Regards, Eric Stevens |
#13
|
|||
|
|||
Mac users - be aware
On Tue, 4 Aug 2015 19:19:31 -0400, "Mayayana"
wrote: | You should read the article to which I linked. | It does sound rather mild. If someone downloads and runs an installer, while running in lackey mode with restrictions, that installer can bypass the restrictions. "Elevation of privilege". Someone still has to be sucked into running the installer. Elevating privilege when already accessing the machine is not such a big deal. (I've never even run in lackey mode. It's too much hassle.) What *would* be a big deal would be if Macs were getting "driveby downloads" -- attacks like the Flash bug at Yahoo this past week. Maybe Macs do get them. I don't know. But I'm not aware of any. On Windows with script/Flash/Acrobat enabled it's a constant, real risk. If there were any I'm sure Malwarebytes would be into them. -- Regards, Eric Stevens |
#14
|
|||
|
|||
Mac users - be aware
On Tue, 4 Aug 2015 17:38:14 -0700, Savageduck
wrote: On 2015-08-04 22:21:24 +0000, Eric Stevens said: On Tue, 4 Aug 2015 14:19:24 -0700, Savageduck wrote: On 2015-08-04 20:47:33 +0000, Eric Stevens said: http://www.theregister.co.uk/2015/08..._exploit_wild/ "The amusing vulnerability in Apple's OS X that grants administrator-level access to anyone who asks is being exploited in the wild by malware. Yeah, malware exists for Macs, this isn't the 1990s. Anyone logged in to a vulnerable OS X computer, or any software running on it, can use the security hole to gain the same privileges as the powerful root user, meaning they can install new programs, change files, remove or add new users, wreck the system, and so on, at will. According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." ... more Thanks for the warning, but this is more of the usual FUD. Can you say proof of concept, yet to be found in the wild. You should read the article to which I linked. "According to Adam Thomas of Malwarebytes, dodgy software distributed on the internet is now exploiting the vulnerability to inject the VSearch and Genieo adware plus the MacKeeper junkware on to Macs, and point users at an app to download from the official App Store." It doesn't sound easy to do but if Malwarebytes are into it, it's real and out there. The Mac groups have been discussing this for the last two days and they address another source. rather than that anti-Apple screed and FUDfest "The Register". The vulnerability might exist and Mac Usenet users are well aware of it. However, it is one that most Mac users running the latest software, and using established installation procedures of apps from known sources, are not going to have to deal with. As with all of these things the ones most vulnerable are those who install questionable stuff to start with, and they have to play an active part in that installation. The malware in question is not going to infect any Mac without being invited in by that Mac's owner. That's what the article said. -- Regards, Eric Stevens |
#15
|
|||
|
|||
Mac users - be aware
On Tue, 04 Aug 2015 18:56:19 -0400, nospam
wrote: In article , Eric Stevens wrote: It doesn't sound like the same thing. true. the one malwarebytes is yapping about has already been fixed. As I've already said - Good. -- Regards, Eric Stevens |
#16
|
|||
|
|||
Mac users - be aware
FUD. Where are the reports of infections?
Eric Stevens: ..."The amusing vulnerability in Apple's OS X that grants administrator-level access to anyone who asks is being exploited in the wild by malware. Yeah, malware exists for Macs, this isn't the 1990s. Anyone logged in to a vulnerable OS X computer, or any software running on it, can use the security hole to gain the same privileges as the powerful root user, meaning they can install new programs, change files, remove or add new users, wreck the system, and so on, at will. Ah, requires physical access. I can wreck anything if I have physical access. -- I agree with almost everything that you have said and almost everything that you will say in your entire life. usenet *at* davidillig dawt cawm |
#17
|
|||
|
|||
Mac users - be aware
On 8/5/2015 7:06 AM, AnthonyL wrote:
snip It strikes me as being bad form to let users have physical access to their computers and even worse form to allow them permissions to install anything on them. Bring back the mainframe I say. Many software publishers would like to see that happen. Except, what you call mainframe, they call the cloud. Bring back dumb terminals. -- PeterN |
#18
|
|||
|
|||
Mac users - be aware
On 8/5/2015 12:05 PM, android wrote:
PeterN Wrote in message: On 8/5/2015 7:06 AM, AnthonyL wrote: snip It strikes me as being bad form to let users have physical access to their computers and even worse form to allow them permissions to install anything on them. Bring back the mainframe I say. Many software publishers would like to see that happen. Except, what you call mainframe, they call the cloud. Bring back dumb terminals. -- PeterN iPads? There is a distinction between terminals, and users. ;-p -- PeterN |
#19
|
|||
|
|||
Mac users - be aware
| What *would* be a big deal would be if Macs were
| getting "driveby downloads" -- attacks like the | Flash bug at Yahoo this past week. Maybe Macs | do get them. I don't know. But I'm not aware of | any. On Windows with script/Flash/Acrobat enabled | it's a constant, real risk. | | That doesn't seem to be the case. No, not by a longshot. The driveby install is passive and usually requires nothing more than enabling script. What they're describing requires actually choosing to install software. |
#20
|
|||
|
|||
Mac users - be aware
| Duck, don't engage. PLEASE.
Don't engage what? Tech talk? Windows users? I don't recall being rude to you. Do you have some sort of issue with my posts? I try to only post about things where I may have some worthwhile input. Tech issues are one of those topics. Looking into recent posts I can only find one from you, where you pointlessly insulted PeterN in a pro-Mac post. Is that what bothers you? You're such a Mac fan that you didn't even notice I was making a pro-Mac comment? |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Apple-Verizon's latest ingratiating, self-aware, pandering iPhone ad | Savageduck[_3_] | Digital Photography | 4 | May 14th 14 01:29 AM |
Are you aware about your health?? | [email protected] | Digital Photography | 1 | May 21st 07 06:53 PM |
ICM-aware image viewer? | [email protected] | Digital Photography | 7 | April 20th 06 07:59 AM |
ACDSee 7 ICC Aware? | Nathan Gutman | Digital Photography | 5 | January 6th 06 05:59 PM |
viewer/album software that is version aware and can tag photos? | peter | Digital Photography | 6 | August 12th 04 09:50 PM |