Re: When? in http://www.dslreports.com/forum/r9990202 en Tue, 24 Nov 2009 04:53:33 EDT Tue, 24 Nov 2009 04:53:33 EDT Re: Security through obscurity http://www.dslreports.com/forum/remark,10010774 Sandman5 :
said by Shamayim See Profile:
said by Sandman5 See Profile:
S
Not sure if you knew, but just recently the first worm for OSX was released.

1. It's not a worm, it's a trojan.
2. Trojans are not self-replicating like worms.
3. It wasn't a real trojan even.. Just a 'proof of concept' ("see? theoretically it can be done.").
4. It wasn't "released." Nothing damaging to OSX was 'released.'
5. Classic case of FUD (Fear Uncertainty Doubt).
:uhh:

Yeah, thanks. That'll "learn" me to spout information that I didn't really read up on.

Though, I've always wondered what FUD meant.]]> http://www.dslreports.com/forum/remark,10010774 Mon, 19 Apr 2004 00:46:35 EDT Re: Security through obscurity http://www.dslreports.com/forum/remark,10010610 Shamayim :
said by Sandman5 See Profile:
S
Not sure if you knew, but just recently the first worm for OSX was released.

1. It's not a worm, it's a trojan.
2. Trojans are not self-replicating like worms.
3. It wasn't a real trojan even.. Just a 'proof of concept' ("see? theoretically it can be done.").
4. It wasn't "released." Nothing damaging to OSX was 'released.'
5. Classic case of FUD (Fear Uncertainty Doubt).
:uhh:
--
"tick...tick...tick..." »www.jtf.org/]]> http://www.dslreports.com/forum/remark,10010610 Mon, 19 Apr 2004 00:23:43 EDT Re: Security through obscurity http://www.dslreports.com/forum/remark,9990910 wolfox :
said by ThunderCorp See Profile:
i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them).


Exactly. I run Outlook and MSIE and have never gotten an infection/system compromise via that vector. The *default* security settings are laughable at best. With a few well placed tweaks - problem solved. However, I did run one system overnight via a DMZ'd internal IP and it got whacked to shreds, it was running IIS FTP and some script kiddie tore it apart. That is another matter altogether, and a failed experiment.
--
Nothwest Arkansas' ONLY all Techno Radio Webcast, powered by SBC DSL!]]> http://www.dslreports.com/forum/remark,9990910 Fri, 16 Apr 2004 16:48:34 EDT Re: When? http://www.dslreports.com/forum/remark,9990202 AthlGrond :
said by ThunderCorp See Profile:
When? If you run Windows a NAT Router, firewall, and a battalion of Marines can't protect you from spyware and email worms if you run IE and/or Outlook.

/uses Safari and ThunderBird
I doubt that a battalion of marines would add to my computer's internet security in any event.

/BTW I'm glad you found yourself a hobby.

;)
--
System protected by Impregnable Ignorance (TM)]]> http://www.dslreports.com/forum/remark,9990202 Fri, 16 Apr 2004 15:19:07 EDT Re: When? http://www.dslreports.com/forum/remark,9989951 JIGA : I use IE and OE at home as well. My machine isn't infected and I am 100% sure of it.
Just like Iggy stated, use basic security principles and your fine. I am behind a router, run firewall and up to date on my virus dat files. I know what is on my HD and if there is something that shouldn't be there, I take care of it.
--
Just read the instructions]]> http://www.dslreports.com/forum/remark,9989951 Fri, 16 Apr 2004 14:48:48 EDT Re: Security through obscurity http://www.dslreports.com/forum/remark,9989764 ThunderCorp : McAfee's analysis of this so-called OS X Trojan:
The only mildly non-trivial discovery associated with this malware is that its author managed to combine a valid MP3 file and a PowerPC application in one file without violating any of the two file formats. That means the trojan is playable within iTunes as MP3 sound file and it can also be launched as a program by Finder. This works under MacOS 9 and OS X.
  However, dual personality of a file has little relevance to the malicious function. If a user is convinced to double click on an icon representing a file the program will run regardless of being a simple disguised application or dual-format file. Thus, the discovery of dual-format files does not really introduce any new penetration or propagation vector. It can only obfuscate a little the function of the disguised program, which will appear as a valid sound file and it can be played from iTunes.
  To achieve this dual personality of the file the PowerPC application (Type 'APPL', Creator = 'vMP3') is registered in the resource fork as 'cfrg' (code fragment) within the data fork. At the same time this data fork (with an ID3 record at the beginning of the MP3 file that holds the binary code) is a valid MP3 file image.


That, plus the fact that this "trojan" is easily killed just by sending it over the internet, which strips its executable code fork and renders it useless.]]> http://www.dslreports.com/forum/remark,9989764 Fri, 16 Apr 2004 14:25:05 EDT Re: When? http://www.dslreports.com/forum/remark,9989617 IGGY : That is interesting. I use IE and oh now hold on to your britches here - outlook express ( gasp oh gasp ) and I can tell you with a 100% certainty. This machine isn't infected, exploited or in any other way compromised. Microsoft is far from perfect. But my feeling is there product gets a lot more crap than it deserves at times. It's funny how just using basic security principles can keep you safe. And can we please shut up about how this or that other OS can't be exploited. Crap a quick look around you'll find many virus, trojan and worm for Linux have be created and released. And daily you see your favorite flavor of Linux getting patched for this or that.

On another note.

Darn good thread in the security forum. And great to see this subject on the front page.
--
Test Your Security
Team Z Member
Cable Modem Diagnostics]]> http://www.dslreports.com/forum/remark,9989617 Fri, 16 Apr 2004 14:03:43 EDT Re: Security through obscurity http://www.dslreports.com/forum/remark,9989488 ThunderCorp : i never believe in security by obscurity. i believe in security by inherent secure default settings (well written software + a good admin behind them).

Oh, and to let you know, the OSX trojan isn't out in the wild and even if it was, it has an huge achilles heel that makes its existence a joke. Once you send it over the 'Net over any protocol its resource fork is stripped off, thereby making it useless. I guess you should know better than to trust an antivirus company about virus announcements (they're out to make money if they're losing it).

Even if the trojan got onto an OS X system intact, it can only affect the files in the current user's directory, since it cannot elevate to sudo permissions with a password. And, as you know, OS X ships with root OFF so even the admin users can't affect system files without sudo.]]> http://www.dslreports.com/forum/remark,9989488 Fri, 16 Apr 2004 13:47:58 EDT Security through obscurity http://www.dslreports.com/forum/remark,9989342 Sandman5 : So do you believe in security through obscurity or are those just your tools and you're pointing out that they are more secure?

Not sure if you knew, but just recently the first worm for OSX was released.]]> http://www.dslreports.com/forum/remark,9989342 Fri, 16 Apr 2004 13:29:24 EDT When? http://www.dslreports.com/forum/remark,9989284 ThunderCorp : When? If you run Windows a NAT Router, firewall, and a battalion of Marines can't protect you from spyware and email worms if you run IE and/or Outlook.

/uses Safari and ThunderBird]]> http://www.dslreports.com/forum/remark,9989284 Fri, 16 Apr 2004 13:25:08 EDT Now that is http://www.dslreports.com/forum/remark,9988756 AthlGrond : Very well written!

Thanks for sharing that on the front page!
--
System protected by Impregnable Ignorance (TM)]]> http://www.dslreports.com/forum/remark,9988756 Fri, 16 Apr 2004 12:13:32 EDT