Author Topic: The Devil's in the Details!  (Read 4091 times)

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
The Devil's in the Details!
« Reply #15 on: September 20, 2007, 05:14:58 PM »
Steve, I'm not trying to be a pain here. wink.gif I realize that for example an Apple supplier and chip maker "Atheros", could have negotiated the NDA, and that this discovery did effect many computers other than Apple, that fact, not the details was published on the AP a year ago. What makes me queasy is, the full year NDA. I could understand withholding info until the Patch was made and then releasing the why and where-with-all so that we who use third party firewalls could use the info to adjust them, if need be, or not use WiFi if security is a priority.

For the past few years I've been more reluctant to download Apple Security Fixes without first examining them and any ill effects. Automatic upgrades got me into trouble and I almost lost my whole drive and data since that last backup.

I set up computers for people who could never navigate around a bad update, Seniors mostly, who were convinced by me that Apple was the best product for their application. I couldn't allow anything automated to demand a technical answer either, like "do you want to upgrade your Firefox browser" twice a month. To allow automation would require me or someone with some basic knowledge of Macs and networks to continuously revisit them to fix their Mac. I do this as a courtesy for folks who want to communicate to their families and friends, not as a business, most of them couldn't afford it.

I know that computing should be the responsibility of the operator, but if that was the requirement there would be no such thing as IT departments or the millions of people who work 24/7 to keep people online or up and running. I have friends that have worked with office computers since the 80's that have no idea how to reboot. They depend on an Tech, and it would be my guess that most computer operators do as well. hi.gif

Offline swhitset

  • TS Addict
  • *****
  • Posts: 1213
    • View Profile
    • http://web.mac.com/swhitset/
The Devil's in the Details!
« Reply #16 on: September 20, 2007, 05:39:46 PM »
I hear what you are saying and I'm sympathetic.  I don't know what the answer is, but I'm afraid things are going to get worse before /if they are to get better.  People should not have to be IT professionals to get their email or surf the web safely.  Unfortunately, that seems to be where things are headed. I wish I had the details, but I saw an article the other day that referred to some security researcher who has been tracking the activities of a "bot net"  and the incredible degree of control that the bot controller appeared to have.  It was estimated that this bot net numbered  at least 2 million computers and could be more than 50 million.  The controller seemed to be testing his network and was demonstrating the ability to "turn on or off" any number of computers that he/she wished at will.

Again, I don't know exactly what to say.  I have several family members for which I am their only real tech support.  One of them is running windows... I have already done more than one format and reinstall due to spyware infestations.  He is running antivirus, antispyware, he is behind a NAT router and has automatic updates turned on.   You can only practice so much security.  Proper user behavior is really the only effective solution. I guess I am back to that user responsibility thing.   whistling.gif   Obviously there are always going to be a large percentage of computer users who just won't or can't protect themselves.  What we do about that is a question that I can't answer.

Steve

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
The Devil's in the Details!
« Reply #17 on: September 20, 2007, 11:40:35 PM »
Steve, I live in a very volatile area of the country, Central Command can be seen from our beach. We have Coast Guard plane fly-overs twice a day and a very well equipped police state. At any point in time my radio frequencies can be showered with interference or just blacked out, sometimes you can't get your garage door to open, not only from the Military or National Security but from the state and local cops as well. Though I live in a small bedroom town, it's part of a large metro area and when the police move on something they bring it all. Not one but two or three helicopters and something built into their networks that can stop all wifi activity in my office.

Radio frequencies are allocated and controlled. Having had some very weird things happen to mine I know there are forces and technologies beyond my control. Some people call MacDill AFB to find out why their garage doors won't work. Besides all that we are in a highly regulated and closely monitored business where breaches in security could put us at odds with a half a dozen government agencies.

As you say it's only going to get worse and I agree, but one thing I've counted on is that Apple would keep security a top priority on their march to market success. With the shadowy methods of acquiring names, like Apple and iPhone, charging a nerd tax for early purchasers of the iPhone, making exclusivity deals with companies trying to privatize the internet, and now this hide the salami tactic, I'm beginning to feel the need to be skeptical around Apple and a bit uncomfortable singing their praises. wink.gif

Offline tacit

  • TS Addict
  • *****
  • Posts: 1628
    • View Profile
    • http://www.xeromag.com/
The Devil's in the Details!
« Reply #18 on: September 21, 2007, 10:09:52 AM »
QUOTE(swhitset @ Sep 20 2007, 10:39 PM) <{POST_SNAPBACK}>
I hear what you are saying and I'm sympathetic.  I don't know what the answer is, but I'm afraid things are going to get worse before /if they are to get better.  People should not have to be IT professionals to get their email or surf the web safely.


I agree.

Unfortunately, there are two factors conspiring to keep the Internet unsafe. The first is the incredible amount of money that can be made by writing viruses; it's one of the leading moneymakers for organized crime, especially in Eastern Europe, where it has largely replaced the old-school organized crime activities like extortion rackets and prostitution.

The second is that ISPs permit it to happen. ISPs can identify virus-infected computers, botnets, spam sources, and so on, but they deliberately choose not to do anything about it. They feel that doing things like disconnecting virus-infected computers would cost too much money; they would need to pay full-time staffers to police these issues (most ISPs, even large ones, have one or two part-timers manning their abuse desks), and then they would have to pay for all the support calls from angry customers saying "My Internet access doesn't work. How come I can't see the Internet?" From the perspective of the ISP, they would be paying people money in order to decrease their revenue and increase their expenses.

QUOTE(swhitset @ Sep 20 2007, 10:39 PM) <{POST_SNAPBACK}>
Unfortunately, that seems to be where things are headed. I wish I had the details, but I saw an article the other day that referred to some security researcher who has been tracking the activities of a "bot net"  and the incredible degree of control that the bot controller appeared to have.  It was estimated that this bot net numbered  at least 2 million computers and could be more than 50 million.  The controller seemed to be testing his network and was demonstrating the ability to "turn on or off" any number of computers that he/she wished at will.


You're tlking about W32/Storm, the most widespread virus in existence.

W32/Storm, which is believed to be written by virus writers in Russia, is very, very good at spreading for several reasons. The virus writers keep changing it, sometimes several times a day, so that antivirus software is always out of date. The virus writers are very clever at finding ways to trick people into infecting themselves--at first, infected emails claimed to be electronic greeting cards, then they claimed to be a program that can keep the RIAA from telling that you are using peer-to-peer file sharing software, then they claimed to be NFL game tracking software, now the infection is claiming to be a program that allows the victim to play 1,000 vintage arcade games for free. They change the "hook" they use to trick people about once a week or so.

And ISPs know about W32/Storm infections but take no action. I have personally sent lists of dozens of infected computers to Road Runner and Comcast security, ad three weeks later the infected computers are still connected, still infected, and still spreading the virus. The ISPs could stop it, but they just plain don't care.

QUOTE(swhitset @ Sep 20 2007, 10:39 PM) <{POST_SNAPBACK}>
Again, I don't know exactly what to say.  I have several family members for which I am their only real tech support.  One of them is running windows... I have already done more than one format and reinstall due to spyware infestations.  He is running antivirus, antispyware, he is behind a NAT router and has automatic updates turned on.   You can only practice so much security.


Antivirus is worthless against Storm. The virus writers change it too often. On top of that, infected computers randomly rearrange parts of the virus code every 30 minutes, which confuses antivirus programs and makes the antivirus signatures worthless. Essentially, antivirus software any more is scarcely worth the cardboard box it comes in.

QUOTE(swhitset @ Sep 20 2007, 10:39 PM) <{POST_SNAPBACK}>
Proper user behavior is really the only effective solution.


I disagree. It is not reasonable to expect Mom and Pop America to become computer security experts. Nor is it reasonable to expect that computer users can never be tricked. What is reasonable, but so far has not been successful, is to expect ISPs to step up to the plate and take responsibility.

The traffic that is used to control virus-ifected computers, and the traffic generated by worms and vulnerability scanning software, is very, very easy to spot. A virus infected computer communicates with the virus writer, and that communication is pretty obvious. If you have 1,600 computers on your network that are all sending identical packets of information to a computer in Russia every 30 minutes, it does not take a rocket scientist to figure out what's going on!

The ISPs could shut these botnets down cold, if they wanted to. But doing so would mean spending money, and many ISPs, especially small and medium sized outfits, are losing money as it is.

So they do not take responsibility for the problem, they do not take action when they are informed of a problem, and the problem continues.
A whole lot about me: www.xeromag.com/franklin.html

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
The Devil's in the Details!
« Reply #19 on: September 21, 2007, 12:39:41 PM »
Steve, If I'm not mistaken this flaw is about a way to take over your Mac via radio waves, the Botnet only infects Microsoft software.

QUOTE
Since the flaw requires a targeted machine to receive and process a wireless management frame, the attacker must be within range in order to transmit the frame3.1.


This flaw is only applicable to intel-Macs…MacBooks and Minis, apparently using the same chipset. My point was data extraction rather than data corruption, knowing that this botnet only infected MS applications.

My major concern is that Apple & affiliates would hide this information for an unreasonable amount of time from customers of their products.

As to the issue of Worms, well your right we are isolated from them at the moment, and with folks like tacit on the job, pointing out what he finds along the way, we may remain that way into the future. wink.gif


W32/Storm: reader comment from tacit

http://business2-cnet.com.com/5208-10784_3...01&start=-1

QUOTE
Storm Worm
From Wikipedia, the free encyclopedia

The Storm Worm (dubbed so by Finnish company F-Secure) is a backdoor[1][2] Trojan horse that affects computers using Microsoft operating systems, identified as Small.dam,[3][4][5] discovered on January 17, 2007.[3] The worm is also known as:

    * CME-711 (MITRE)
    * Downloader-BAI (McAfee)
    * Troj/Dorf-Fam (Sophos)
    * Trojan-Downloader.Win32.Small.dam
    * Trojan.DL.Tibs.Gen!Pac13[3]
    * Trojan.Downloader-647
    * Trojan.Peacomm (Symantec)
    * TROJ_SMALL.EDW (Trend Micro)
    * Win32/Nuwar (ESET)
    * Win32/Nuwar.N@MM!CME-711 (Windows Live OneCare)
    * W32/Zhelatin (F-Secure)
    * Trojan.Peed, Trojan.Tibs (BitDefender)

The Storm Worm began infecting thousands of computers (mostly private) in Europe and the United States on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, "230 dead as storm batters Europe".[6] During the weekend there were six subsequent waves of the attack.[7] As of Monday, January 22, the Storm Worm accounted for 8% of all infections globally.[8]

http://en.wikipedia.org/wiki/Storm_Worm

From my anti virus provider: Sophos has an IDE file for this worm, which seems to be dormant since may.
http://www.sophos.com/security/analyses/trojdorffam.html

QUOTE
Name     Troj/Dorf-Fam
Type    

    * Trojan

Affected operating systems    

    * Windows

Side effects    

    * Allows others to access the computer
    * Downloads code from the internet
    * Reduces system security

Protection    

    * Download virus identity (IDE) file

Protection available since    20 January 2007 00:38:16 (GMT)
Protection history    

    * Updated -23 May 2007 03:32:02 (GMT)
    * Updated -9 April 2007 03:12:11 (GMT)
    * Updated -23 January 2007 03:18:38 (GMT)
    * Updated -21 January 2007 15:12:41 (GMT)
    * Updated -21 January 2007 00:08:19 (GMT)
    * Published -20 January 2007 00:38:16 (GMT)


Sophos works, Simplicita and Sandvine were a good investment about 6 month ago. wink.gif