Ramblings of this guy you know!

Tech Stuff and random observations on life as I see it….

Category Archives: Mac

No Java on Mac OS X Lion – Do we care?

Chances are, if you work in a commercial business some of the apps you use or systems accessed via a Java Application or applet if however you are a home user, chances are you may not need it. Up until Lion was released, you got the Java runtime if you needed it or not. With the latest release this is no longer true.

Last year, in October, Apple caused a fair amount of unrest among Java developers when, in the release notes of a Java update, it said that Java on Mac had been “deprecated” and that it “may be removed from future versions of Mac OS.” The future of Java on OS X is unclear, but for now it appears when Apple drops development of Java that Oracle will assume the reins and maintain future releases of the runtime for OS X in partnership with Apple who would contribute the likes of a Java virtual machine, class libraries, a networking stack, and base code for a new graphical client in a future release.

So, what if you do need it then? Well currently apple is providing Java 1.6.0_26 (the same version that is available for Snow Leopard) for Lion users but is not developing it any further than this. So, if an application requires it on your Mac a window will pop up and give you the option to download it. Giving permission will open up Software Update to download and install the required Java runtime. A stand-alone installed is also available from the Lion web site or from this Apple Support Article .

Rosetta was also previously deprecated by Apple, and the company barred applications using both Rosetta and Java from the new Mac App Store. With Snow Leopard, the previous version of Mac OS X, Rosetta was not installed by default, but users could install it if they chose to. Now it has been completely removed.


ITerm2, an alternative terminal app for Mac OSX

Image courtesy of iTerm2 website

I stumbled across this very nice Mac OSX terminal replacement while browsing through the Lifehacker site.
At first glance it might look unimpressive but under the hood, this app has a lot of really nice features that finally gives me that Putty like terminal app that I have been looking for since I switched over from Windows. If you spend a lot of time at the command line and you don’t want to spend out for one, this terminal app is worth looking at.

Read more of this post

Apple releases update to prevent MacDefender infection by enhancing OSX’s quarantine function, Security circumvented in less than a day.

I feel like I have been talking about MacDefender and MacGuard for a very long time now… Actually it’s only been through May but it feels longer. Today, the 31st of May 2011, Apple finally released the security patch it promised last week.

The Security Update 2011-003 adds protection to Snow Leopard 10.6.7 users only, earlier versions of OSX are not supported. The update makes a change in the Security section of Preferences to include changes to the File Quarantine feature, which is Apple’s version of antivirus software. This update includes definitions for Mac Defender and its known variants, as well as an automated removal tool.

Read more of this post

MacDefender leaps onto Facebook

In a desperate attempt to capture more victims before the latest Apple update kills MacDefender and MacGuard dead once and for all (for now anyway) the Mac malware has made the leap to Facebook and is now spreading virally, claiming to be a video of IMF boss Dominique Strauss-Kahn.

The malware is using a technique called clickjacking to spread. A message appears in your timeline apparently posted by one of your friends, in this case referring to the news story of IMF chief Dominique Strauss-Kahn who is facing charges in New York over charges of rape. You are then invited to click a link to view a story or in this case a video. Instead of opening anything however the malware download is triggered. Finally the message you received is now posted on your timeline to catch the next unwary viewer.
Read more of this post

Alfred for Mac OSX -The shortcut/launcher application

I have recently been reacquainted with a productivity app on my Mac called Alfred. Alfred likes to serve you with what you need, much like a butler – hence the name. It is much like other shortcut apps like Quicksilver but I always found the interface more complex than I wanted… This one pretty much works in one display bar and allows you to work more with the keyboard and have less switching between keyboard and mouse; great for those with RSI.
Read more of this post

New MACDefender Variant: lock up your browsers

Just mere hours after Apple announces that they will be providing an update to prevent further infections by the MACDefender trojan, a new variant named MacGuard is discovered by the Anti-virus provider Intego.

The main difference between the two variants is that this new version installs as the current user and so gets rid of one step towards infection by removing the needs to the administrator password to be entered.
Read more of this post

MACDefender: The fix – Apple shows the way!

First we heard of MACDefender, the fake Anti-Virus program and suggested it would only trap the Unwary, then we hear that more people are falling for the scam than was originally expected… Now, Apple comes to the rescue with an official support article on how to remove it and a notification that a fix from an update will arrive “in the coming days” – There’s nothing like a timescale… and that’s nothing like a timescale.
Read more of this post

It Bites: MACdefender Trojan on Macs

Back on the 9th of May I wrote an article warning about the MACdefender Trojan. Back then I said that it was one that would catch the unwary… How wrong was I? It would appear that people are falling for this one left, right and center. In fact it would seem that Mac users, smug for so long that viruses weren’t their problem and are asked to input their admin password so often, don’t recognise the danger signs when they come along. Converse to this, research is indicating that Windows users, who have been bashed and battered so regularly with attacks, are becoming much more security conscious these days.
Read more of this post

Its time has cometh – New Mac OSX Trojan Horse

I am sure that most of you reading this will already be aware of this issue, if so, move along… Nothing to see.. Likewise, if you are a user of Windows you can stop, point, say I told you so and then move on…. Otherwise please read on…

Users of Mac OSX have up until now been relatively immune to the virus problems occurring on Microsoft Windows which has had the largest market share for many years… It hasn’t lost it’s crown yet, but it has tipped slightly and late last year Mac sales tipped over the 10% level. This peeking over the parapets has come with it’s own set of problems…

It certainly isn’t the first virus to hit the Mac but its certainly the one that seems to have received the most press attention…. This particular one is going under the name MAC Defender which is similar in name to the legitimate site called MacDefender… It is also apparently coming out under the names Mac Protector and Mac Security too.. It has to be said, this Trojan is out to trap the unwary and a competent user will spot the Windows Explorer scan as false and will also (hopefully) be suspicious when asked to enter their password to install the application in the first place… However, you may want to make your less savvy friends and relatives know so they dont fall for the ploy.

The Trojan was identified by the Security firm Intego ( Link to the post here: “http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/”) and it is spread through SEO poisoning (web sites set up to take advantage of search engine optimisation tricks to get malicious sites to appear at the top of search results).

If the links are followed, a javascript application is executed to tell you that a virus has been detected on your system… Clicking OK gives you your second warning that something is wrong as the page it displays looks distinctly “Windows” in nature… All sorts of malware will be detected and you will be given the option to download the Zip Archive of Mac Defender onto your Mac. If you have the option set to Auto Open “safe” files in the likes of Safari then the zip will open and a genuine Mac installer will run and install the software on your Mac. From there the program will open and inform you that you have viruses a-plenty on your system but when you got to clean your system then you need to register your application for a sum of money.

Intego have also said that their own VirusBarrier product will protect you from this Trojan.

More information and screenshots can be found on the Intego blog here: http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/ and an update with notifications of new variants here: http://blog.intego.com/2011/05/05/intego-discovers-new-variants-of-mac-defender-fake-antivirus/

Here’s a link to an official Intego You Tube video showing you the whole infection process…

Security Alerts for Dropbox

I have long been an evangelist of Dropbox… Of course some of the time I am only looking to enhance my referral status and increase my own free Dropbox storage space but as every (worthwhile) application of the iPad allows connection with your Dropbox folder, it has almost become and essential addition to my core working.

I started listening to the Security Now Podcast on the TWIT network ( http://www.twit.tv/sn ) recently and I came across some worrying news over the security of using the Dropbox application that I thought was worth spreading ans sharing.

Dropbox encryption issue
First and foremost, in episode 297 we were aleerted to the change to the Terms of Service of using Dropbox where the company disclosed that if the American security services required access to a users Dropbox folder then they would decrypt the files and hand them over. Up till that point, users were under the impression that not only were the files transferred securely but they were also stored securely too. Essentially this is true but in this case Dropbox has the hash key required to decrypt files and this is unsalted so any Dropbox employee can look at your files even though they state that they wont except for support purposes but all it takes is one bad apple in the Company to expose someones personal information

The answer to this problem is of course for you to have your own key and pre-encrypt your secure files before sending them up to Dropbox using such tools such as Truecrypt (all OS’s) or Bitlocker (Windows Vista and above) to create a secure folder inside your synchronised folder. Another tool was suggested in episode 299 which is still in Beta right now and for Windows only currently there is which will encrypt ans sync on the fly without having to have the likes of truecrypt running a virtual folder on your drives. Heres hoping that this comes out for other OS’s soon including the iPad.

Config.db security and Dropbox authentication issue
The second worrying thing is something that I hope Dropbox fix real quick now is a possible desktop security issue highlighting the need for ensuring that your machine is made secure each time you leave your desk. I think he put this quite well so I’m not going to rearrange his words in my style so here’s the word for word text from his transcript.

Now, the other issue that came up was a question of their authentication. Someone named Derek Newton, who is a security researcher, was poking around in Dropbox-like applications, and he just decided he would take a look and see what they left behind, what was left behind after they installed. What he found was that, specifically in the case of Dropbox, there is a single file called config.db, which is an SQLite database file, which contains the email address, the dropbox_path, that is, where the Dropbox folder is on your system, which is being synchronized to the Dropbox in the cloud, and the host_id. Any SQLite DB-compatible client is able to open this file and look at it.

And what he determined by experimentation is that the only thing that identifies you to Dropbox is the host_id. There is no other lockage of that file to a given system. And so what he posted - and again, I learned about this from people saying in Twitter, hey, Steve, what do you think about this? And this has been a constant flow for the last couple weeks. And I mentioned last week that I hadn't had a chance to dig into this, but I would, to look into it and verify it. So I did want to follow up for everyone who's been wondering.

So what this means is that, if you weren't protecting this file, or if anything got onto your system which was able to grab this file through social engineering attack or spyware or malware, whatever, if you lost control of that file such that it was in any way exfiltrated from your control, then that file can be installed on any other system. And that provides the sole authentication of you, the instance of you, to Dropbox such that, with no other information, no username, password, no logon, anything, that authenticates that new system. And there is - it doesn't appear as a new machine in the set of machines that you have authorized to use. It's merely a clone of that first one, which then has full access, unencrypted access, to your Dropbox contents. Which to me says these guys aren't really looking at security.

I mean, on one hand we know now that they can decrypt the contents of our Dropboxes. And this could clearly have been done in a way that was more secure. Even if you change, if the user changes his username and password, that doesn't invalidate the host_id. It still functions. And so if somebody had it, their connectivity survives across a user changing his username and password. So it's just they really could have easily done a much better job of hashing username and password into this, tying it in some fashion, for example, to the serial numbers of the hard drives on the system. I mean, just anything to make it more difficult than simply one file which you can put on any machine anywhere, and suddenly it's authenticated just as solidly as the system it came from.

The transcript of this podcasts relating to the above can be found at http://www.grc.com/sn/sn-297.htm and http://www.grc.com/sn/sn-299.htm

You can read Derek Newtons Blog post on the authentication security issue at: “http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

%d bloggers like this: