Re: Flashback Malware Hits 600,000 Macs???
At 9:10 AM -0700 4/6/2012, Bruce Johnson wrote: HAHAHAHAHAHAHAHAHA! Java is a dying language like C++ is a dying language. Ed Bott's latest. In short, Java is easy to avoid, except when you can't. http://www.zdnet.com/blog/bott/how-big-a-security-risk-is-java-can-you-really-quit-using-it/4749 Backdoor.OSX.SabPub.a... http://www.zdnet.com/blog/security/new-targeted-mac-os-x-trojan-requires-no-user-interaction/11545 - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
hum. Apple Snubs Firm That Discovered Mac Botnet, Tries To Cut Off Its Server Monitoring Infections http://www.forbes.com/sites/andygreenberg/2012/04/09/apple-snubs-firm-who-discovered-mac-botnet-tries-to-cut-off-its-server-monitoring-infections/ The comments after the article are good too. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
On Apr 11, 2012, at 1:20 PM, Dan wrote: Some more articles: http://www.infoworld.com/t/java-programming/its-time-run-java-out-of-town-190525 Might as well write an article C++'s done, time to stick a fork in it. This idiot hasn't got a clue of just how widespread Java is in enterprise programming. Perhaps it's time to stop allowing java applets to run unchallenged in web browsers, but fer crying out loud, this is like blaming Ford for drunk driving deaths... Also: If the Flashback.G infector finds that you have installed both of the old Java patches, it simply asks if it's OK to install the payload. The Mac installation dialog box says the content is signed by Apple Inc but the digital signature of this certificate could not be verified. By and large, Windows users are savvy enough to walk away from a warning like that. But many Apple users aren't quite so experienced, or damaged, or inured. Many of them took the bait. HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAbreaatheHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA If I had a nickel for every damn time I watched a Windows user just blindly click on OK like that I'd be a wealthy man, with a Scrooge McDuck-style vault/swimming pool full of nickels. Also, Apple's solution is coming in Mountain Lion, and you all are going to howl like stuck pigs about it, because it's Application Signing, the App store on steroids, where only approved apps will run on OS X. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
At 2:25 PM -0700 4/11/2012, Bruce Johnson wrote: Also, Apple's solution is coming in Mountain Lion, and you all are going to howl like stuck pigs about it, because it's Application Signing, the App store on steroids, where only approved apps will run on OS X. By default. Overrideable. And Apple's TC's are so onerous, I'm guessing that overriding will be the norm after a few months of ML's release. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
At 2:25 PM -0700 4/11/2012, Bruce Johnson wrote: On Apr 11, 2012, at 1:20 PM, Dan wrote: Some more articles: http://www.infoworld.com/t/java-programming/its-time-run-java-out-of-town-190525 Might as well write an article C++'s done, time to stick a fork in it. This idiot hasn't got a clue of just how widespread Java is in enterprise programming. http://www.infoworld.com/d/application-development/java-loses-top-spot-in-language-index-190635 *smirk* Perhaps it's time to stop allowing java applets to run unchallenged in web browsers yup. , but fer crying out loud, this is like blaming Ford for drunk driving deaths... No. Ford builds cars with good quality *debugged* safety features. From the number of vulnerabilities reported in Java, over the past year or so, it seems that Sun/Oracle can't be trusted to either design or debug their own code. Perhaps they've been hiring exAdobe peeps? HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAbreaathe HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA If I had a nickel for every damn time I watched a Windows user just blindly click on OK Yea. People will always be people. Also, Apple's solution is coming in Mountain Lion, and you all are going to howl like stuck pigs about it, because it's Application Signing, the App store on steroids, where only approved apps will run on OS X. Gatekeeper *by default* will require app signing, but it's all overrideable. Goto blindly click. And ML... That's the OS that will run on only 1/4 of the Mac userbase? Yea. That's a good solution. Fragmenting the userbase always works in the long term. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
At 9:48 AM -0400 4/6/2012, Kristina Rost wrote: http://www.techlicious.com/blog/flashback-malware-hits-60-macs/http://www.techlicious.com/blog/flashback-malware-hits-60-macs/ I read this blog this morning and do not know how to launch the terminal application [Lion] to check for infection according to the instructions. Terminal.app is in /Applications/Utilities/. Launch it just like you would any other app. Just copy those commands from the original article, and paste them into Terminal's window. Be sure to include the carriagereturn at the end of the last command! What do you all think about this? It's annoying. But in the grand scheme of things, no big deal. 0. Recall that Java and JavaScript are two very different things. JavaScript is the public name for ECMA Script, and is used to do all the pretty things on web pages. Java is a full programming language, now owned by Oracle. 1. This should never have happened. Oracle patched Java quite a while ago, and Apple totally FAILED to distribute the update in a timely manner. Apple seems to be making a habit of this. Very bad. 2. Apple isn't making the update available for the Java engines on older versions of Mac OS X - which leaves them vulnerable. Vulnerable is relative - the hole is there, but as I understand it, the current trojan doesn't run well in earlier releases, for now. sigh. Apple's total abandonment of their older userbase is unacceptable, IMO. 3. Because Java is a dying language, Apple is no longer including it with OS X by default. So most newer Mac owners don't even have it installed ... unless they're using one of the many apps that require it. :\ OTGH, there have been so many Java vulnerabilities that, like Flash, most people have already disabled it in their browsers. Keep in mind that this trojan is rather tiny. It doesn't do anything evil, other than installing itself then waiting for commands from its botnet (potentially telling it to silently download and install another payload). Because it runs automatically, as a web page object, traditional anti-virus products that watch for files on your hard drive, cannot stop it. So it is *important* that you disable Java in ALL your browsers. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
On 4/6/12 6:35 AM, Dan wrote: At 9:48 AM -0400 4/6/2012, Kristina Rost wrote: http://www.techlicious.com/blog/flashback-malware-hits-60-macs/http://www.techlicious.com/blog/flashback-malware-hits-60-macs/ .8 snip! 8... 3. Because Java is a dying language, Apple is no longer including it with OS X by default. So most newer Mac owners don't even have it installed ... unless they're using one of the many apps that require it. :\ You obviously don't have any kids that play Minecraft! But the part about OLD is correct. I couldn't get Minecraft to run on my wife's old white MacBook running Tiger because the version of Java was too old. Stephen -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
On Apr 6, 2012, at 8:15 AM, Stephen E. Bodnar wrote: On 4/6/12 6:35 AM, Dan wrote: At 9:48 AM -0400 4/6/2012, Kristina Rost wrote: http://www.techlicious.com/blog/flashback-malware-hits-60- macs/http://www.techlicious.com/blog/flashback-malware-hits-60-macs/ .8 snip! 8... 3. Because Java is a dying language, Apple is no longer including it with OS X by default. So most newer Mac owners don't even have it installed ... unless they're using one of the many apps that require it. :\ You obviously don't have any kids that play Minecraft! But the part about OLD is correct. I couldn't get Minecraft to run on my wife's old white MacBook running Tiger because the version of Java was too old. Stephen I gotta have Java for My ebay too. John Carmonne Placentia CA 92870 From iMac Core Duo 2.0 -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
At 7:15 AM -0800 4/6/2012, Stephen E. Bodnar wrote: On 4/6/12 6:35 AM, Dan wrote: 3. Because Java is a dying language, Apple is no longer including it with OS X by default. So most newer Mac owners don't even have it installed ... unless they're using one of the many apps that require it. :\ You obviously don't have any kids that play Minecraft! Personally, I loathe Java. I've not yet seen any app or applet that couldn't have been done better in a real programming language. But I do recognize that it's needed for specific things... But the part about OLD is correct. I couldn't get Minecraft to run on my wife's old white MacBook running Tiger because the version of Java was too old. So much for the whole premise of Java - write once, run everywhere. In Terminal, the command java -version will tell you what you have. Up-to-date (heh) Tiger, should be: java version 1.5.0_19 The latest is 1.6.0_31. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
At 8:25 AM -0700 4/6/2012, JOHN CARMONNE wrote: I gotta have Java for My ebay too. Exactly what part of My eBay requires Java? My eBay is *** JavaScript *** heavy. I don't see any client-side Java there. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
On Apr 6, 2012, at 7:35 AM, Dan wrote: 3. Because Java is a dying language, HAHAHAHAHAHAHAHAHA! Java is a dying language like C++ is a dying language. Java never took off as a web applet language and a general purpose language for consumer applications, but Java is GINORMOUS in the business-oriented and enterprise computing world. Java is the main reason Oracle bought Sun. Android is coded in Java. Apple is no longer including it with OS X by default. That's because they used to have Apple's Own *Almost* Compatible With The Rest Of The World Java Port, but now the standard JVM works on OS X, so they're no longer including it. Now, first, I'll withhold judgement on this 600K infections until some source more reputable than some russian AV company no one's ever heard of confirms it, and second, 600,000 macs infected *sounds* like a big, big number, until you realize that since 2006 Apple's sold probably around 55-60 MILLION Macs. http://tech.fortune.cnn.com/2011/04/09/how-many-macs-did-apple-sell-last-quarter/ 600,000 of 55 million is ~1%. And that's only if EVERY mac sold before 2006 is suddenly poofed out of existence. This is a large number, granted, but also, as I said, highly suspect. Also, too: http://infosecisland.com/blogview/11619-Report-Half-of-All-Computers-Infected-with-Malware.html I agree, btw, with Dan's comment about Apple's glacial slowness in releasing patches, it's annoying at times. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
In Terminal, the command java -version will tell you what you have. Up-to-date (heh) Tiger, should be: java version 1.5.0_19 The latest is 1.6.0_31. I have Tiger 10.4.11 (G5 DP 2.7). When typing java -version in Terminal, it replies with: -bash: java: command not found :-( I installed several Java updates, so there must be some Java on my Mac. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
At 9:10 AM -0700 4/6/2012, Bruce Johnson wrote: Android is coded in Java. I thought Android and its apps are coded in a Google-perverted Java. Isn't that why Oracle is suiing? :P Apple is no longer including it with OS X by default. That's because they used to have Apple's Own *Almost* Compatible With The Rest Of The World Java Port, but now the standard JVM works on OS X, so they're no longer including it. Yea. But the point is that Java is no longer on *every* Mac. And since most people won't bother installing it unless they need it... Now, first, I'll withhold judgement on this 600K infections until some source more reputable than some russian AV company no one's ever heard of confirms it, and second, 600,000 macs infected *sounds* like a big, big number, until you realize that since 2006 Apple's sold probably around 55-60 MILLION Macs. yea. Some of the articles posted today are backing off on that number. Apparently it's total Flashback infections, not just this particular variant, and some of which are Windoze. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
A nice article on TidBITS about Flashback... How to Detect and Protect Against Updated Flashback Malware http://tidbits.com/article/12918 - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
On Apr 6, 2012, at 8:38 AM, Dan wrote: At 8:25 AM -0700 4/6/2012, JOHN CARMONNE wrote: I gotta have Java for My ebay too. Exactly what part of My eBay requires Java? My eBay is *** JavaScript *** heavy. I don't see any client-side Java there. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. I turned off Java in my browsers and I can't get into My Ebay without it. John Carmonne Placentia CA 92870 From iMac Core Duo 2.0 -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
At 12:52 PM -0700 4/6/2012, JOHN CARMONNE wrote: On Apr 6, 2012, at 8:38 AM, Dan wrote: At 8:25 AM -0700 4/6/2012, JOHN CARMONNE wrote: I gotta have Java for My ebay too. Exactly what part of My eBay requires Java? My eBay is *** JavaScript *** heavy. I don't see any client-side Java there. I turned off Java in my browsers and I can't get into My Ebay without it. Are you sure you have JavaScript ON and Java OFF ? My eBay works just fine for me, in Safari, Firefox, and TenFourFox -- with Java *disabled*. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: Flashback Malware Hits 600,000 Macs???
I gotta have Java for My ebay too. Exactly what part of My eBay requires Java? My eBay is *** JavaScript *** heavy. I don't see any client-side Java there. I turned off Java in my browsers and I can't get into My Ebay without it. Are you sure you have JavaScript ON and Java OFF ? My eBay works just fine for me, in Safari, Firefox, and TenFourFox -- with Java *disabled*. What Dan said. Relatively few sites require Java. A lot of sites need *JavaScript*. They have nothing in common except the name and some intentional syntactic coincidences. TenFourFox doesn't support Java (it's handled by a plugin and, well, you know). But it definitely supports JavaScript. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- I'd love to go out with you, but I'll be at the opening of my garage door. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list