Re: News: half a million Macs now infected with malware?
Hello, I have a MacOS 10.5 machine (dual 1.73 GHz PowerPC G4) with a MacOS 10.4 backup drive. What would like me to look at? On Apr 14, 2012, at 2:42 AM, Douglas Mencken wrote: AFAIK there is no 10.4 version (I would love to be proven wrong), and there is no browser plugin. But it would suffice for true Java apps, at least. Correct. http://landonf.bikemonkey.org/2009/05/17 Maintainer says that ``My ability to provide 10.4 support is constrained without access to a 10.4 machine, and any testing/development assistance is most welcome.'' And I do completely agree that browser plug-ins are not needed at all. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list Frank J. R. Hanstick tro...@comcast.net -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
Hello, I tried installing on my 10.5 PPC via MacPorts and it does not like the CPU. On Apr 15, 2012, at 12:08 AM, Frank J. R. Hanstick wrote: Hello, I have a MacOS 10.5 machine (dual 1.73 GHz PowerPC G4) with a MacOS 10.4 backup drive. What would like me to look at? On Apr 14, 2012, at 2:42 AM, Douglas Mencken wrote: AFAIK there is no 10.4 version (I would love to be proven wrong), and there is no browser plugin. But it would suffice for true Java apps, at least. Correct. http://landonf.bikemonkey.org/2009/05/17 Maintainer says that ``My ability to provide 10.4 support is constrained without access to a 10.4 machine, and any testing/development assistance is most welcome.'' And I do completely agree that browser plug-ins are not needed at all. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list Frank J. R. Hanstick tro...@comcast.net -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list Frank J. R. Hanstick tro...@comcast.net -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
Hello, I tried installing on my 10.5 PPC via MacPorts and it does not like the CPU. Ooops. Looks like they didn't provide bootstrap OpenJDK binaries for PowerPC. And OpenJDK requires OpenJDK to be built. Chicken-and-egg issue. Fortunately, we do have this: http://landonf.bikemonkey.org/static/soylatte/ 32-bit OpenJDK 7 Beta 1 for Mac OS X 10.5 PowerPC (Beta Release): openjdk7-macppc-2009-12-16-b4.tar.bz2 (sig) http://landonf.bikemonkey.org/static/soylatte/bsd-dist/openjdk7_darwin/openjdk7-macppc-2009-12-16-b4.tar.bz2 -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
Hello, Is there a maintainer for MacPorts JDK6 so that filing a bug report will be responded to? On Apr 15, 2012, at 3:23 AM, Douglas Mencken wrote: Hello, I tried installing on my 10.5 PPC via MacPorts and it does not like the CPU. Ooops. Looks like they didn't provide bootstrap OpenJDK binaries for PowerPC. And OpenJDK requires OpenJDK to be built. Chicken-and-egg issue. Fortunately, we do have this: http://landonf.bikemonkey.org/static/soylatte/ 32-bit OpenJDK 7 Beta 1 for Mac OS X 10.5 PowerPC (Beta Release): openjdk7-macppc-2009-12-16-b4.tar.bz2 (sig) http://landonf.bikemonkey.org/static/soylatte/bsd-dist/openjdk7_darwin/openjdk7-macppc-2009-12-16-b4.tar.bz2 -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list Frank J. R. Hanstick tro...@comcast.net -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
AFAIK there is no 10.4 version (I would love to be proven wrong), and there is no browser plugin. But it would suffice for true Java apps, at least. Correct. http://landonf.bikemonkey.org/2009/05/17 Maintainer says that ``My ability to provide 10.4 support is constrained without access to a 10.4 machine, and any testing/development assistance is most welcome.'' And I do completely agree that browser plug-ins are not needed at all. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
On Apr 11, 7:54 am, Kris Tilford ktilfo...@cox.net wrote: I've heard of zero people that have tested positive for this malware. Security company sales benefit from scare tactics and over-estimation. It does NOT affect any PPC Macs because this malware code is Intel-only. G3-5 list is for PPC Macs, so let's call this thread closed. Hmmm, there is this copied from the imaclist: http://groups.google.com/group/imaclist/browse_thread/thread/cc58696fb15c3de4 Dan dantear...@gmail.com Apr 11 04:25PM -0400 At 12:56 PM -0700 4/11/2012, Bruce Johnson wrote: unclear is whether the Java exploit being used is present in older versions of Java or not. If they are, the targeting PPC macs is relatively simple for the bad guys. If not then PPC macs are ok. The vulnerability *IS* present in older versions of Java. http://tenfourfox.blogspot.com/2012/04/poisoned-coffee.html By not releasing Java updates for Leopard and older, Apple has screwed both ppc and x86 users. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
unclear is whether the Java exploit being used is present in older versions of Java or not. If they are, the targeting PPC macs is relatively simple for the bad guys. If not then PPC macs are ok. The vulnerability *IS* present in older versions of Java. http://tenfourfox.blogspot.com/2012/04/poisoned-coffee.html By not releasing Java updates for Leopard and older, Apple has screwed both ppc and x86 users. And, as the author of that blog post, let me prove it. The CVE in question is 2012-0507, and Oracle themselves says the vulnerability is in 5.0u33 and before http://www.oracle.com/technetwork/topics/security/javacpufeb2012verbose-366319.html J2SE 5.0 is equvalent to JVM 1.5. So the vulnerability exists in 10.4 and 10.5 PPC (Java 6 is only available on 10.5 to 64-bit Intel, and even then the version offered is still not up to date with 10.6 or 10.7.) The Flashback trojan uses an exploit to break through the sandbox and execute Java-based malware with privileges, so the *exploit will work on PPC* because it is Java that is executing with privileges, *not* native machine code. What is not clear is what happens next. If the binary that is loaded is x86, then the attack fails, and this seems to be the case. However, if the attackers got wise and built it Universal (and worse still linked it to the 10.4 SDK), then watch out. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- FORTUNE: The moon is in Venus' house. This will make no difference. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
By not releasing Java updates for Leopard and older, Apple has screwed both ppc and x86 users. You can get OpenJDK7 from mac ports or fink. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
The Flashback trojan uses an exploit to break through the sandbox and execute Java-based malware with privileges, so the *exploit will work on PPC* because it is Java that is executing with privileges, *not* native machine code. What is not clear is what happens next. If the binary that is loaded is x86, then the attack fails, and this seems to be the case. However, if the attackers got wise and built it Universal (and worse still linked it to the 10.4 SDK), then watch out. By the binary I mean the binary loaded by the Java malware bootstrap. See http://www.h-online.com/security/news/item/Critical-Java-hole-being-exploited-on-a-large-scale-Update-1485681.html http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx The same exploit is used in both the Windows and Mac versions; the binary which they load is different. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- I can't walk a mile in their shoes. They smell funny. -- -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
By not releasing Java updates for Leopard and older, Apple has screwed both ppc and x86 users. You can get OpenJDK7 from mac ports or fink. AFAIK there is no 10.4 version (I would love to be proven wrong), and there is no browser plugin. But it would suffice for true Java apps, at least. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Po-Ching Lives! -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
Il giorno 5-04-2012 20:04, Tom ha scritto: According to this news story on the Drudge website http://tinyurl.com/ 6wgysep, half a million Apple computers are infected with malware, a trojan disguised as a flash update Here's an article/FAQ on CNET about it: http://news.cnet.com/8301-27076_3-57410050-248/mac-flashback-malware-what-i t-is-and-how-to-get-rid-of-it-faq/ Mac Flashback malware: What it is and how to get rid of it (FAQ) There's a simple three-steps-check in Terminal for checking if your Mac has been infected. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
I've heard of zero people that have tested positive for this malware. Security company sales benefit from scare tactics and over-estimation. It does NOT affect any PPC Macs because this malware code is Intel-only. G3-5 list is for PPC Macs, so let's call this thread closed. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
On Apr 8, 6:49 pm, Anne Keller-Smith earth...@ptd.net wrote: so i'm running 10.5.8, that's leopard, does that mean i don't have the new java that accepts flashback? Anne: Not necessarily. It is possible that the original Java Runtime (distinct from Javascript) in Leopard was upgraded to Java SE6 and then upgraded to the vulnerable version 1.6.0_29. Since Apple at: http://support.apple.com/kb/HT5228?viewlocale=en_USlocale=en_US says: Impact: Multiple vulnerabilities in Java 1.6.0_29 I think we are safe to assume that the vulnerability does not apply to older versions of Java. To check, use Java Preferences, an application in the Utilities Folder within the Applications Folder. Java Preferences gives information about the version installed. In Leopard, Java Preferences lists the installed Java Runtime by name. If it gives J2SE, the newer, vulnerable version is not present. If it gives Java SE6 it is possible that it has the vulnerable version installed. In Snow Leopard and Lion, the window will specify Java SE6 plus the version number, letting you know whether you have the vulnerable version. Al Poulin -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
so i'm running 10.5.8, that's leopard, does that mean i don't have the new java that accepts flashback? i did run Malware Checker from the Apple Site that said no trojan :@D On Apr 6, 2012, at 9:00 PM, Cameron Kaiser wrote: Java was only used to download and execute native x86 binaries. Citation needed, and even if that were presently the case, that doesn't mean they couldn't throw a Universal binary together. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Wherever I go, there's I AM. --- -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list Anne Keller Smith Down to Earth Web Design Intel iMac 2.4gHz Core 2 Duo 1GB RAM, 250GB Hard Drive, OS 10.5.5 Intel iMac 2.66gHz Core 2 Duo 2GB RAM, 264GB Hard Drive, OS 10.5.6 G4 Quicksilver 733mHz Tower 896 MB RAM, 40 GB hard drive, OS 10.4.11 mailto:earth...@ptd.net http://www.downtoearthweb.com -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
On Apr 5, 2012, at 2:04 PM, Tom wrote: According to this news story on the Drudge website http:// tinyurl.com/ 6wgysep, half a million Apple computers are infected with malware, a trojan disguised as a flash update, that allows other people to hijack the computer. They don't say what OS is involved, or whether every Mac OS is at risk. Does anybody have any details, or is this just another exaggerated non-story? THIS from last fall http://www.appleinsider.com/articles/11/10/19/ fake_adobe_flash_malware_seeks_to_disable_mac_os_x_anti_malware_protecti on/ more of that from this past Jan http://reviews.cnet.com/8301-13727_7-57358868-263/new-flashback- malware-variant-follows-xprotect-update/ ABC NEWS SCIEINCE quoting some Russian blog http://abcnews.go.com/blogs/technology/2012/04/mac-os-x-report-virus- infects-60-computers/ -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
They were x86 macs. No reason to worry. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
At 1:38 PM -0400 4/6/2012, Douglas Mencken wrote: They were x86 macs. Yes, some were. But that's all we know. There has been no break-down of the data, or even a release of their raw data, gathered by that russian company. No reason to worry. The vulnerability exists in previous Java versions, including those on PPC. PLEASE read the OTHER thread already discussing this subject. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
On Apr 6, 2012, at 10:38 AM, Douglas Mencken wrote: They were x86 macs. No reason to worry. Yes reason to worry. Java's an interpreted language that gets compiled to a universal p-code style executable; the underlying platform doesn't matter. There are indications that older versions of Java aren't as vulnerable, but again, this has nothing to do with the underlying architecture. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
Java's an interpreted language that gets compiled ... Thanks, Captain :) There are indications that older versions of Java aren't as vulnerable, but again, this has nothing to do with the underlying architecture. Java was only used to download and execute native x86 binaries. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
At 11:04 AM -0700 4/5/2012, Tom wrote: According to this news story on the Drudge website http://tinyurl.com/ 6wgysep, half a million Apple computers are infected with malware, a trojan disguised as a flash update, that allows other people to hijack the computer. They don't say what OS is involved, or whether every Mac OS is at risk. Does anybody have any details, or is this just another exaggerated non-story? Already being discussed in another thread. Please check the list before posting. - Dan. -- - Psychoceramic Emeritus; South Jersey, USA, Earth. -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list
Re: News: half a million Macs now infected with malware?
Java was only used to download and execute native x86 binaries. Citation needed, and even if that were presently the case, that doesn't mean they couldn't throw a Universal binary together. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Wherever I go, there's I AM. --- -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to g3-5-list@googlegroups.com For more options, visit this group at http://groups.google.com/group/g3-5-list