munkery
May 3, 09:48 PM
An actual news worthy Mac malware story:
http://m.krebsonsecurity.com/2011/05/weyland-yutani-crime-kit-targets-macs-for-bots/
Apparently, this malware toolkit, referred to as "Weyland-Yutani Bot" (WYB), is capable of aiding the production of malware to turn Macs into bots. But, this is not the most dangerous aspect of this toolkit. WYB also facilitates form grabbing, using a man-in-the-browser technique, to collect usernames and passwords during Firefox or Chrome browser sessions. This is basically the Mac version of the Zeus toolkit.
This is a more significant threat than MACDefender, a recent rogue AV malware, because WYB collects data from browser sessions rather than by tricking the user to give up their credit card number. Also, WYB allows more rapid development of malware variants so the amount of malware for Macs will increase at a faster pace as this toolkit and others like it that target Macs become more prevalent.
Malware derived from WYB needs to be installed with elevated privileges to be able to collect sensitive data. The malware uses social engineering to trick users into authenticating installation. As with any malware, suitable exploits could be used to facilitate installation if found.
Privilege escalation exploits are rare in Mac OS X so exploitation is unlikely to be used to completely install WYB based malware. Some degree of social engineering will be part of the installation process. This is also true for Windows malware generated from similar toolkits. But, Windows does have more privilege escalation vulnerabilities so exploitation is more likely to negate the need for social engineering to install malware even in properly configured Windows systems.
The developer of WYB is selling this toolkit for $1000 via internet forums. Let's hope the malware made using this toolkit is not profitable for those that purchase WYB so that developers of such toolkits are not able to maintain a market for their product. The only means to guarantee the lack of success of such malware that relies on social engineering is user knowledge given that AV software is never a complete solution.
For more Mac security information, check out the links found below.
http://m.krebsonsecurity.com/2011/05/weyland-yutani-crime-kit-targets-macs-for-bots/
Apparently, this malware toolkit, referred to as "Weyland-Yutani Bot" (WYB), is capable of aiding the production of malware to turn Macs into bots. But, this is not the most dangerous aspect of this toolkit. WYB also facilitates form grabbing, using a man-in-the-browser technique, to collect usernames and passwords during Firefox or Chrome browser sessions. This is basically the Mac version of the Zeus toolkit.
This is a more significant threat than MACDefender, a recent rogue AV malware, because WYB collects data from browser sessions rather than by tricking the user to give up their credit card number. Also, WYB allows more rapid development of malware variants so the amount of malware for Macs will increase at a faster pace as this toolkit and others like it that target Macs become more prevalent.
Malware derived from WYB needs to be installed with elevated privileges to be able to collect sensitive data. The malware uses social engineering to trick users into authenticating installation. As with any malware, suitable exploits could be used to facilitate installation if found.
Privilege escalation exploits are rare in Mac OS X so exploitation is unlikely to be used to completely install WYB based malware. Some degree of social engineering will be part of the installation process. This is also true for Windows malware generated from similar toolkits. But, Windows does have more privilege escalation vulnerabilities so exploitation is more likely to negate the need for social engineering to install malware even in properly configured Windows systems.
The developer of WYB is selling this toolkit for $1000 via internet forums. Let's hope the malware made using this toolkit is not profitable for those that purchase WYB so that developers of such toolkits are not able to maintain a market for their product. The only means to guarantee the lack of success of such malware that relies on social engineering is user knowledge given that AV software is never a complete solution.
For more Mac security information, check out the links found below.
Sirolway
Mar 16, 03:07 AM
Yes.
Forget WiFi & use HomePlug networking. The Devolo plugs seem particularly reliable.
I try wirelessly streaming music to an airport express in the next room & it's not a good experience. All my HomePlug networking works flawlessly & fast - no problem at all.
I have my iTunes library file on my laptop, but all the music on a firewire 800 drive on a Mac mini at the other end of the house. HomePlug gets it from mini to MBP with no lag at all
Forget WiFi & use HomePlug networking. The Devolo plugs seem particularly reliable.
I try wirelessly streaming music to an airport express in the next room & it's not a good experience. All my HomePlug networking works flawlessly & fast - no problem at all.
I have my iTunes library file on my laptop, but all the music on a firewire 800 drive on a Mac mini at the other end of the house. HomePlug gets it from mini to MBP with no lag at all
Kebabselector
Apr 25, 05:19 PM
Everytime I upgrade to a new version of LR I try Aperture, I tend to find it struggles badly on my Mac Mini - Lightroom doesn't set the world on fire in terms of performance - but it works.
For me LR is a more polished application, I have no issues with the interface (used it from Beta version) or the need to switch from Library to Develop modules.
For me LR is a more polished application, I have no issues with the interface (used it from Beta version) or the need to switch from Library to Develop modules.
Jazwire
May 4, 12:26 AM
There is a minor difference - the new iMacs have an ambient light sensor which will provide ideal brightness whether you are in a dark or well-lit environment.
If you manually set the brightness, does it return? Perhaps the display was set too bright/dim for the conditions?
From Apple's site: "To conserve power and relieve eyestrain, a built-in ambient light sensor automatically adjusts the screen brightness on MacBook, MacBook Pro and iMac to suit the ambient light of whatever room you�re in."
Very Possible, thats your answer there...
If you manually set the brightness, does it return? Perhaps the display was set too bright/dim for the conditions?
From Apple's site: "To conserve power and relieve eyestrain, a built-in ambient light sensor automatically adjusts the screen brightness on MacBook, MacBook Pro and iMac to suit the ambient light of whatever room you�re in."
Very Possible, thats your answer there...
more...
iJohnHenry
Apr 17, 08:17 AM
13 to link all posts to date, quote them in their entirety including all headers and signatures, and add "Me too"
Any death would be too quick.
1 forum lurker to respond to the original post 6 months from now and start it all over again
You are behind the curve. It has become 5 years now. ;)
Any death would be too quick.
1 forum lurker to respond to the original post 6 months from now and start it all over again
You are behind the curve. It has become 5 years now. ;)
KarlJay
Apr 17, 10:34 PM
If there's any advantage to paper books, it's that you can take it places anywhere and don't need a computer. I had a job where I took books with me and would read when it was slow.
This is not much of an advantage, esp with iPads and other readers.
All my reading right now is eBooks! Easier to have several books open to cross-reference stuff too.
This is not much of an advantage, esp with iPads and other readers.
All my reading right now is eBooks! Easier to have several books open to cross-reference stuff too.
more...
maflynn
Apr 18, 05:56 AM
It's not the number of Megapixels, but the sensor size. Jamming that many MPs into a tiny sensor will not give you a good camera
alphaod
Apr 25, 10:01 PM
If you have to ask, you don't need it; if you need it, you either wish you had it or already have it.
more...
Blue Velvet
Mar 30, 10:08 AM
$US30 is a round of drinks in the pub over here... a relative pittance.
Saran wrap may be your idea of class... :)
Saran wrap may be your idea of class... :)
Simgar988
May 25, 01:00 AM
This game is amazing. Well both of em have been. I didn't play as the default character and I can picture my specific one very well in my head. All I want is ME3
more...
Christopher387A
Apr 14, 09:59 AM
Splash Cruiser. http://www.amazon.com/splash-CRUISER-Slim-Fit-PolyCarbonate-Verizon/dp/B003Z4CNNA/ref=sr_1_1?ie=UTF8&qid=1302793082&sr=8-1
I have one and it's protected my phone several times when I've dropped it. I'm not sure how much "lighter" it is than the slider though, since I don't think the slider is particularly that heavy...
I have one and it's protected my phone several times when I've dropped it. I'm not sure how much "lighter" it is than the slider though, since I don't think the slider is particularly that heavy...
Simgar988
May 25, 01:00 AM
This game is amazing. Well both of em have been. I didn't play as the default character and I can picture my specific one very well in my head. All I want is ME3
more...
dwright1974
Apr 13, 04:32 PM
Not as big a hassle as yours but I ordered a TV off pixmania (UK) and it came with a Euro plug. Phoned to complain and they sent me an adapter.
Not a big deal but I was a bit miffed that they didnt advertise it as Eur plug. I'm a bit paranoid about having it plugged to an adapter all the time (not sure why!)
Pixmania is owned by DSGi - yes, the dreaded Currys, PC World cowboys!!
I was once going to buy a camera from there because it was so cheap. Thankfully, the 'If it's too good to be true ..." adage sprang to mind didn't go through with it.
- D
Not a big deal but I was a bit miffed that they didnt advertise it as Eur plug. I'm a bit paranoid about having it plugged to an adapter all the time (not sure why!)
Pixmania is owned by DSGi - yes, the dreaded Currys, PC World cowboys!!
I was once going to buy a camera from there because it was so cheap. Thankfully, the 'If it's too good to be true ..." adage sprang to mind didn't go through with it.
- D
Diode
May 4, 02:42 PM
Unfortunately this will never happen :(
Shouldn't take too long to port over to redsn0w. Does anyone remember how long it was last time? For 4.3.2? I think it was like 7-10 days
The only person with the source is I0n1c and he was out of the country last update so it took him some time to compile new binaries for the release (if needed).
This could also be why it's not patched yet - with no access to the source it's harder for Apple to reverse engineer the exploit and discover what they are doing. With a need to get the update out so fast they probably didn't bother. I expect it to be in the next patch though.....
Shouldn't take too long to port over to redsn0w. Does anyone remember how long it was last time? For 4.3.2? I think it was like 7-10 days
The only person with the source is I0n1c and he was out of the country last update so it took him some time to compile new binaries for the release (if needed).
This could also be why it's not patched yet - with no access to the source it's harder for Apple to reverse engineer the exploit and discover what they are doing. With a need to get the update out so fast they probably didn't bother. I expect it to be in the next patch though.....
more...
wrldwzrd89
Feb 14, 03:39 PM
I want to give a Mac mini away for a couple of days to someone who would want to play with Mac for the first time. Is there a way to return OS X to a state where you find it straight after fresh OS X installation when Mac needs to be taken through registration process, given name, etc.
I want to install all the accompanying software like iLife'05 and apply all the recent OS and iLife updates and then "reset/deauthorise" OS X so that the new user did not have to install apps and download updates the first thing after powering the Mac up and going online.
If you are familiar with what sysprep does to Windows, that's what I am looking for Mac OS X.
I assume the process should include removing all the user accounts, deleting assigned Mac name and kicking in a registration app at startup.
I just hope one does not need to buy OS X server for that!
I know there's an invisible file called .AppleSetupDone that controls whether or not the setup assistant runs (if it's there, boot normally; if it isn't, run the setup assistant). However, I don't know where it's located, nor can I search for it since I'm not at my Mac right now. Since it's really only a flag file, it's probably VERY small (less than 1 KB).
I want to install all the accompanying software like iLife'05 and apply all the recent OS and iLife updates and then "reset/deauthorise" OS X so that the new user did not have to install apps and download updates the first thing after powering the Mac up and going online.
If you are familiar with what sysprep does to Windows, that's what I am looking for Mac OS X.
I assume the process should include removing all the user accounts, deleting assigned Mac name and kicking in a registration app at startup.
I just hope one does not need to buy OS X server for that!
I know there's an invisible file called .AppleSetupDone that controls whether or not the setup assistant runs (if it's there, boot normally; if it isn't, run the setup assistant). However, I don't know where it's located, nor can I search for it since I'm not at my Mac right now. Since it's really only a flag file, it's probably VERY small (less than 1 KB).
vincenz
Apr 20, 08:04 PM
I've already stocked up on canned food.
more...
tdhurst
Dec 5, 03:24 PM
You have two solutions...max out the ram or buy a new computer. That's it.
Bitman
Nov 4, 05:15 PM
The negative post on the new 23" on the Apple forum have slowed down and seem to be populated by a few who have uneven backlighting with yellow shading on the left.
bit
bit
chrismacguy
Jan 18, 07:54 AM
It's worth about $15. In ten years maybe $10.
In thirty years, if it still works and you can find some packaging for it (Original is best) - You might get $300 or so for it (Thats what decent nick 20year old rare models go for now, so since yours isnt particularly rare, thats what Id expect its max price to be if it was fully functional at 40something
In thirty years, if it still works and you can find some packaging for it (Original is best) - You might get $300 or so for it (Thats what decent nick 20year old rare models go for now, so since yours isnt particularly rare, thats what Id expect its max price to be if it was fully functional at 40something
Dwalls90
Apr 12, 08:37 PM
Running 10.7 DP2. iTunes runs fine, until I plug in my iPhone, at which point iTunes beach balls uncontrollably.
Didn't have this problem before, this randomly started ... help?
Didn't have this problem before, this randomly started ... help?
pigwin32
Oct 17, 04:19 AM
I agree 100% with the comments about flash
I despise of flash with all my heart it is horrible
I have seen some really fun stuff coded in flash but I use a Firefox plugin to block flash content so as to avoid some of the nastier animated advertising. I occasionally come across sites that use flash for headings, personally I consider that a really bad idea for a number of reasons (which I won't elaborate).
The best way to learn html is to pick up Eric Meyer's book Eric Meyer on CSS (http://www.ericmeyeroncss.com/). Get yourself a copy and a text editor. If I could do it over again I would definitely choose this route. HTML is actually pretty easy, using it appropriately and confidently, that is the hard part.
I despise of flash with all my heart it is horrible
I have seen some really fun stuff coded in flash but I use a Firefox plugin to block flash content so as to avoid some of the nastier animated advertising. I occasionally come across sites that use flash for headings, personally I consider that a really bad idea for a number of reasons (which I won't elaborate).
The best way to learn html is to pick up Eric Meyer's book Eric Meyer on CSS (http://www.ericmeyeroncss.com/). Get yourself a copy and a text editor. If I could do it over again I would definitely choose this route. HTML is actually pretty easy, using it appropriately and confidently, that is the hard part.
thesmileman
Apr 30, 09:35 AM
I asked but they won't tell me how many they have. They do have them already.
I met with manager wants picure of me with him. We qre in an official line.
I met with manager wants picure of me with him. We qre in an official line.
jsw
Sep 19, 09:08 PM
Thanks for your help.
If I can't get the upgrade I'm just going to buy an external HD and make it a network drive.That would work quite well. If you don't mind a non-portable drive (and it sounds like you don't), you'll get a lot more for your money (vs a portable drive).
If I can't get the upgrade I'm just going to buy an external HD and make it a network drive.That would work quite well. If you don't mind a non-portable drive (and it sounds like you don't), you'll get a lot more for your money (vs a portable drive).
840quadra
Jan 4, 03:54 AM
I have been communicating via PM to HexMonkey, thanks for the clarification on what has occurred. I didn't notice that the article hadn't been moved, I mistook the "cleanup" template tag, as a tag signifying the post was moved to the "ugly" category. I was in error thinking that.
The point of the cleanup template isn't to tell the original author that they need to clean it up, but rather that the community in general needs to clean it up, since each article is not "owned" by the original author (so a PM wouldn't be appropriate). Personally I don't agree with them being called "ugly guides", it's usually more an issue of them not being consistent with formatting of other pages (and sometimes also having bad spelling and/or grammar) than them being ugly. For reference, all I originally did was add the cleanup template to the top of the page, and as a side effect it's added to the Ugly Guides category. I didn't "move" the article there.
I have no problem with people making changes, that wasn't the issue. The issue was the fact that it was changed without notice while I was still working on the page ( I and many others are still learning the interface) .
since each article is not "owned" by the original author (so a PM wouldn't be appropriate).
I understand that fully, but i don't agree with the PM comment. The issue with PM'ing people not being appropriate may be true for a huge Wiki, or one on a site that isn't associated with a forum that has a PM system. Macrumors is neither of those, and it only takes a second to see if the person that created an article is online by checking the forums.
The point of the cleanup template isn't to tell the original author that they need to clean it up, but rather that the community in general needs to clean it up, since each article is not "owned" by the original author (so a PM wouldn't be appropriate). Personally I don't agree with them being called "ugly guides", it's usually more an issue of them not being consistent with formatting of other pages (and sometimes also having bad spelling and/or grammar) than them being ugly. For reference, all I originally did was add the cleanup template to the top of the page, and as a side effect it's added to the Ugly Guides category. I didn't "move" the article there.
I have no problem with people making changes, that wasn't the issue. The issue was the fact that it was changed without notice while I was still working on the page ( I and many others are still learning the interface) .
since each article is not "owned" by the original author (so a PM wouldn't be appropriate).
I understand that fully, but i don't agree with the PM comment. The issue with PM'ing people not being appropriate may be true for a huge Wiki, or one on a site that isn't associated with a forum that has a PM system. Macrumors is neither of those, and it only takes a second to see if the person that created an article is online by checking the forums.
No comments:
Post a Comment