• Register
  • Help
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Topic: Da

Share/Bookmark
  1. #1
    Senior Member rwayland's Avatar
    Join Date
    Jun 2004
    Location
    California Redwoods
    Posts
    2,937

    Da

    No, DA in this case does not refer to an old haircut style, or a law enforcement official, but to my role as Devil's Advocate. This is for the benefit of Apple users who seem to believe that their equipment is invulnerable to attack. I receive such notices now and then, with what seems to be increasing frequency.


    begin quote
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    National Cyber Alert System

    Technical Cyber Security Alert TA07-047A


    Apple Updates for Multiple Vulnerabilities

    Original release date: February 16, 2007
    Last revised: --
    Source: US-CERT


    Systems Affected

    * Apple Mac OS X version 10.3.x and 10.4.x
    * Apple Mac OS X Server version 10.3.x and 10.4.x
    * Apple iChat

    These vulnerabilities affect both Intel-based and PowerPC-based Apple
    systems.


    Overview

    Apple has released Security Update 2007-002 to correct multiple
    vulnerabilities affecting Apple Mac OS X, Mac OS X Server, and iChat.
    The most serious of these vulnerabilities may allow a remote attacker
    to execute arbitrary code. Attackers may take advantage of the less
    serious vulnerabilities to bypass security restrictions or cause a
    denial of service.


    I. Description

    Apple Security Update 2007-002 addresses a number of vulnerabilities
    affecting Apple Mac OS X, OS X Server, and iChat. Further details are
    available in the related vulnerability notes.

    The vulnerabilities addressed in this update were previously disclosed
    as part of the Month of Apple Bugs project.


    II. Impact

    The impacts of these vulnerabilities vary. Potential consequences
    include remote execution of arbitrary code or commands, bypass of
    security restrictions, and denial of service.


    III. Solution

    Install Updates from Apple

    Install Apple Security Update 2007-002. This and other updates are
    available via Apple Update or via Apple Downloads.


    IV. References

    * Vulnerability Notes for Apple Security Update 2007-002 -
    <http://www.kb.cert.org/vuls/byid?searchview&query=Apple-2007-002>

    * About the security content of Security Update 2007-002 -
    <http://docs.info.apple.com/article.html?artnum=305102>

    * Month of Apple Bugs -
    <http://projects.info-pull.com/moab/index.html>

    * Mac OS X: Updating your software -
    <http://docs.info.apple.com/article.html?artnum=106704>

    * Apple Downloads - <http://www.apple.com/support/downloads/>

    __________________________________________________ __________________

    The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA07-047A.html>
    __________________________________________________ __________________

    Feedback can be directed to US-CERT Technical Staff. Please send
    email to <cert@cert.org> with "TA07-047A Feedback VU#240880" in the
    subject.
    __________________________________________________ __________________

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
    __________________________________________________ __________________

    Produced 2007 by US-CERT, a government organization.

    Terms of use:

    <http://www.us-cert.gov/legal.html>
    __________________________________________________ __________________


    Revision History

    February 16, 2007: Initial release



    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBRdY/auxOF3G+ig+rAQLgFgf8DH+ATlgFSYsdfDoWpJUGUdeY+D4HwF uX
    pzfnDzQHleHCB146Ml98BapeacXv6CPQ2069/pWhP/VOq3w052f1Wltof5fcL24v
    glR1lDiGvIlZbMKNjbiSaENqWWJYKgopMEwOE0BjxWgEfdLLV6 +SDyWAKTMzTyDw
    GxAlv3GdYwIAKLZQMxKH+NupNVDaOqsAkcSd0e4+9eKdE9k7gx 6qEreULjy5FDmW
    MlgAKky31fvXYASiQKT4muB0PKKyHl2NDxgkacJiUBsyFf3Zyu SyhJW/7U4WtKlU
    t2rN5FZEydOvqeu7No4a25sSwbCb+1Amg4/YSumDnrtfTf1fW0q04w==
    =n26e
    -----END PGP SIGNATURE-----

    end quote

    Richard

  2. #2
    Senior Member Leaf's Avatar
    Join Date
    Apr 2006
    Location
    Dallas, TX
    Posts
    2,797

    Re: Da

    I don't know much about internet, but i don't see, with our tech advanced world, why this malicious hacking and spyware or viruses can't be nipped in the bud. Why can't ISP's have equipment to moniter and trace the location of ilegit behavoir on their lines and facilitate prosecution of these hoodlems? door locks may help prevent burglary but the most effective deterrant is convictions and prison time.

  3. #3
    Senior Member rwayland's Avatar
    Join Date
    Jun 2004
    Location
    California Redwoods
    Posts
    2,937

    Re: Da

    Well, I don't know how it is done, but it is fairly easy to hide the address of the originator. One way is to gain access to another's computer, and use that other person's computer to transmit virus, etc. It is a grand failure that we must devote so much time and money on protection. But we have other problems also, that we must contend with. The key to it all seems to be in inclulcating some ideas of ethics and morals into our people, starting with very young children.

    Richard

  4. #4
    Senior Member Leaf's Avatar
    Join Date
    Apr 2006
    Location
    Dallas, TX
    Posts
    2,797

    Re: Da

    Quote Originally Posted by rwayland
    The key to it all seems to be in inclulcating some ideas of ethics and morals into our people, starting with very young children.

    Richard
    I agree, i think you hit the nail right on the head.

    When reading Stephan's post, i remembered how telemarketers fought the new laws for a no-call list. They are so corrupt in their thinking they couldn't even realize how it would really help them to have a small list of people who buy what they are selling rather than a huge list of a billion people who would not. It seems like they felt if they could not continue to assault people's peace and privacy then business wouldn't be any fun.

    I was reluctant to critisize the computer OS's, because if we have a culture where is is common for psychopaths to come along and throw bricks through the windows of your home and office to set up spy cameras or traps, or to vandalize the place or rifle through your drawers and filing cabinets, it would seem the real problem is the psychos, not the manufacterers of the windows, even though an effort to make resistant glass would be applaudable.

    What a weird world where some of the pshychos leave their business cards and slick ads pasted to your walls after a break-in and some are asking for protection money. I say "was" because Stephan brings up some very good points, and the OS's probably should share some of the blame. There should have been more effort placed to restructring the OS so break-ins could not occur.

    A diode only lets current travel in one direction, so surely it's possible to make a digital equivelent for the OS (or motherbord if necessary) so that in and out internet trafic could be confined to a single room to leave the rest of the house remaining untouched and uneffected. If not that then some other solution is out there, and it's obvious at this point they are not spending much effort in offering one.

  5. #5

    Re: Da

    As every computer user knows these days:

    - stay as current as possible.

  6. #6

    Thumbs up Re: Da

    Quote Originally Posted by Leaf
    I don't know much about internet, but i don't see, with our tech advanced world, why this malicious hacking and spyware or viruses can't be nipped in the bud. Why can't ISP's have equipment to moniter and trace the location of ilegit behavoir on their lines and facilitate prosecution of these hoodlems? door locks may help prevent burglary but the most effective deterrant is convictions and prison time.
    Leaf, as with most things, it is not as simple as that. The silver lining is that the myriads of methods for hacking demonstrates the continued inginuity, tenascity and imagination of man.

    I've been active with internet technology both as an administrator and programmer (And now, sigh, sales guy. Yes, I gave in to the dark side of the force.) since 1992. I marvel at the techniques used for unethical computing practices. It is a begrudging admiration. It is the perfect case of a few bad apples spoiling the bushel and it costs all of us a great deal of money and time. As Stephen pointed out some of the worst culprits are businesses. What a crazy world we live in.

    The best mode of protection is self protection. Don't use IE, use Firefox. Purchase Spybot, Ad-Aware, Avast, whatever flavor floats your boat. I've had one trojan in the past 10 years and it was quarrantined immediately by Avast. So, you can compute safely if you take some time to protect yourself.

    -LFO
    We are the music makers, we are the dreamers of dreams …
    24" 2.4 Ghz iMac, OSX 10.4.10, MOTU 828 MKII, 2 Glyph 250 Gig external drives, Logic 9, Finale 2008 GPO, JABB, Strad, Gro, Reason 4, EWQL Storm Drum, Adrenaline, Symphonic Choirs, SO Gold,All Arturia Synths, Many NI Synths, Spectrasonics Synths, KH Strings, VEPro on a Windows 7 4x 2.8 Ghz 12 gig of RAM

  7. #7

    Smile Re: Da

    Quote Originally Posted by Stephen McMahan
    I thought this might interest you -seems appropriate to this thread.

    Before my last post to this thread I had disinfected my entire system During the time I logged on to the MSN home page then transferred to here , read a couple of threads and left the above post - my machine accumulated 49 critical adware processes. That's with add-ons disabled and pop-ups blocked and virus scanner turned on.
    (Guess I PO'd the Redmond gods or something - no - just kidding - well ...?
    Nah!)

    I decided to try an experiment - so I cleaned it all up again, powered down, rebooted and start IE - I got the MSN home page again and then tried to close IE - a pop-up came up that wouldn't shut down without intervention from the Task Manager. I powered down and then rebooted and ran the adware scanner again - and in just less than 20 seconds of MSN home page - the system had accumulated 10 new adware processes!

    So I decided to take it a bit further and changed my home page to my local ISP, cleaned the system - rebooted and started up IE to my local ISP home page. Shutdown and checked the adware scanner and NO adware detected! The add-on which was re-enabling itself also stayed disabled with this process.

    Interesting huh?

    I think the only real data to draw conclusions from here is that there is way too much of this out there for anyone to be safe. Seems as if it has gotten 100 times worse in just the past couple of months.
    I think it is time to build a separate system - that makes one for recording - one for players and libs and one more just for internet (basically a throwaway.) Or - I could just toss them all and go back to real instruments, a hardware mixer , hardware recorder and become a hermit! Get me a generator - find a cabin in the woods and just make music and a weekly trip to town for provisions - sounds kind of attractive to me right now. I was going to start an Internet business - need to rethink that one seriously.
    (Besides which - they are going to start taxing all sales on the Internet (Washington State just announced that they would be collecting on all Internet purchases made by WA residents by next year)- move over EU - the taxman spreweth his loathesome rancor. "Cause he's the taxman!")

    They say we "live in interesting times." Funny on this end it just seems like
    the Golgotham is in charge.

    Got to go clean my system again - too bad KY doesn't make something that makes this all a bit easier to take. (Can I say this on here?)
    Stephen

    Stephen, there is an easy solution to fix many of your problems. Use Firefox instead of IE. Poof! Most problems gone!

    -LFo
    We are the music makers, we are the dreamers of dreams …
    24" 2.4 Ghz iMac, OSX 10.4.10, MOTU 828 MKII, 2 Glyph 250 Gig external drives, Logic 9, Finale 2008 GPO, JABB, Strad, Gro, Reason 4, EWQL Storm Drum, Adrenaline, Symphonic Choirs, SO Gold,All Arturia Synths, Many NI Synths, Spectrasonics Synths, KH Strings, VEPro on a Windows 7 4x 2.8 Ghz 12 gig of RAM

  8. #8
    Senior Member Styxx's Avatar
    Join Date
    Mar 2004
    Location
    West Seneca, NY
    Posts
    11,075

    Thumbs up Re: Da

    Ya know, that's why I uninstalled all the Internet carp from my recording PC and decided to sell the dang thing shortly after. Rest assure the unit installed in the new studio has nothing to do with the INTERNTET! All those updates, downloads, spyware, adware, antivirus, firewalls, what ever else controlling your system! I use and old PC for the net now. Eh, what are you going to do?
    Styxx

  9. #9
    Senior Member Leaf's Avatar
    Join Date
    Apr 2006
    Location
    Dallas, TX
    Posts
    2,797

    Re: Da

    We need some people who are willing to get back inside the box.

  10. #10
    Senior Member rwayland's Avatar
    Join Date
    Jun 2004
    Location
    California Redwoods
    Posts
    2,937

    Re: Da

    Quote Originally Posted by Stephen McMahan
    Yah - I know - (sigh!)

    I'm just trying to figure out how to get rid of that one thing that got in there that I can't delete and Adaware and PCTools can't quarantine. It turns on even when I'm not on line - all sorts of pop-up spam from anti-virus sites, registry scan sites, etc... - isn't it interesting that these companies that are supposed to offer products to help us are also the worst offenders? It's like being strongarmed by the mob!

    I think once I get the thing off my drive that this computer goes completely offline and I will pick up a throw away computer for internet stuff.

    Now where was that link to Mozilla? - oh yes here it is - tata folks.
    Well, if you can restore your system to a point before that problem appeared, that would solve it. This would be a safe, easy method if your data files are not on the same as your operating system files.

    Richard

Go Back to forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •