Tuesday, July 25, 2017

Adobe Flash Marked For Death
At The Stroke of Midnight
December 31, 2020

--

Adobe will be assassinating the pestilence that is Flash at the end of 2020. They've posted the hit contract here:

FLASH & THE FUTURE OF INTERACTIVE CONTENT
Adobe has long played a leadership role in advancing interactivity and creative content – from video, to games and more – on the web. Where we’ve seen a need to push content and interactivity forward, we’ve innovated to meet those needs. Where a format didn’t exist, we invented one – such as with Flash and Shockwave.
No actually. Adobe bought both Flash and Shockwave along with Macromedia in 2005.
And over time, as the web evolved, these new formats were adopted by the community, in some cases formed the basis for open standards, and became an essential part of the web. . . .
Given this progress, and in collaboration with several of our technology partners – including Apple, Facebook, Google, Microsoft and Mozilla – Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats. . . .
Looking ahead, Adobe will continue to . . .
...Yeah, yeah.

We now have (as of today) another 3.4 years of Flash & Shockwave insecurity to endure. And after, there shall of course be those who cling to Flash as an orphaned rat still suckles...

Remember, if you must use Flash, be certain to keep it Up-To-Date! Else peril awaits like a ravenous zombie shackled with rusting chains...

Party at my place, New Year's Eve 2021.


--
Who wants to set up a web timer?
--

Monday, June 19, 2017

Stack Clash:
A UNIX Security bug likely to affect macOS

--

I'm posting this information as a warning to those running macOS as a server. The 'Stack Clash' security bug is likely to affect macOS owing to the fact that macOS is certified BSD UNIX.

Apple has been notified and no doubt will examine the situation and provide a patch ASAP if required. (Likely required).

For now, have a read of this article by Dan Goodwin over at Ars Technica.

Serious privilege escalation bug in Unix OSes imperils servers everywhere
“Stack Clash” poses threat to Linux, FreeBSD, OpenBSD, and other OSes.
Anyone running a Unix-based OS should check with the developer immediately to find out if a patch or security advisory is available. The best bet is to install a patch if one is available or, as a temporary workaround, set the hard RLIMIT STACK and RLIMIT_AS of local users and remote services to a low value. 
The Stack Clash security bug is listed as CVE-2017-1000364.

This isn't a PaNiC situation. But it's important to be aware that this bug is likely to affect macOS.

There will be more information available shortly, no doubt. I'll post here as it is released.

:-Derek



--

Tuesday, February 28, 2017

Making My Own Trouble: Calling Out Kaspersky

--

Introduction:

It's been fairly quiet regarding Mac security. There have recently been three malware out-in-the-wild, but they've proven to be not much of anything. Therefore, I haven't bothered to FUD anyone about them. I don't like FUD.


Therefore, having a low boredom tolerance, I often make my own trouble for my own amusement. I decided to share this particular experience with those here who are interested. It's my call out to Kaspersky for distribution of BS.


The Article Of Interest:


I visit snarky The Register every day for computer security news, among several other websites. I get tired of the puerile cockney humor but they do a good job covering the subject. This was the article that inspired my trouble making today:


Apple's macOS is the safer choice – but not for the reason you think
Eugene Kaspersky looks forward to a new darker dawn
Apple's Mac operating system may be the safer choice – but only because cybercriminals can't get their hands on people who know how to exploit it.

That's according to security showman Eugene Kaspersky, who gave a keynote at the Mobile World Congress in Barcelona on Monday. In recent months, Kaspersky has made a habit of giving MacOS a kicking, and this keynote was no different.

"People still think MacOS is safe," he told attendees with some measure of incredulity. But it's not. While there is certainly less malware for the operating system than, say, Windows, it's more a case of difficulty in hacker recruitment than evidence of stronger inherent security.

Of course, this zeal may have something to do with a big push from Kaspersky for its security software for the Mac, not that you'd need it from Eugene's logic. And that may have something to do with Kaspersky's huge certificate cock-up at the start of the year that exposed millions of people to interception attacks. . . .

So what's the solution? A complete redesign of all of our systems, starting from scratch by building on top of secure platforms and software. He dreams of systems that are no longer "secure" but "immune."
Emphasis mine. Before I continue, let me point out that creating an 'immune' operating system is exactly what we want. Let's all champion that effort.

But Mr. Kaspersky's keynote comments about the Mac remind me of something from way back in 2005 when lousy (IMHO) Symantec attempted to FUD Mac users into believing their chosen computer platform was going to be inundated with malware, just like Windows. It was only a matter of time.


Symantec: Mac users deluding themselves over security

Symantec's 2005 FUD campaign, obviously an attempt to promote Norton for Mac sales, was the impetus that inspired me to study and write about Mac security. Thank you Symantec! I hate you. 


Therefore, here's what I have to say back to assertions Mr. Kaspersky made in his keynote, which is what I posted at The Register:

Maybe Aricept Can Help

"So what's the solution? A complete redesign of all of our systems, starting from scratch by building on top of secure platforms and software. He dreams of systems that are no longer "secure" but "immune.""

OS X (macOS) is an operating system started from scratch by building on top of a secure platform and software. It was built on top of BSD UNIX, which remains the single most secure (by testing and reputation) operating system available. OS X is certified BSD UNIX. 
So Mr. Kaspersky, maybe Aricept can help. Either that or do your research before you blether.

An "immune" OS is something else entirely. We have no such thing at this time apart from running a standalone computer with no input and no output, no EM radiation or sound emanations, etc.

Hint To Kaspersky: 
One reason your anti-malware isn't a hit on OS X (macOS) is that, thanks to the work of many people, both volunteer and paid, malware is discovered, described and tested with the results passed along to Apple. On a good day, Apple then responds ASAP by providing automatic OS subsystem updates blocking that malware within their XProtect anti-malware system. (Yes, Apple has plenty of bad days when they don't keep up, such as their current forgetfulness about blocking out-of-date versions of Adobe's supremely dangerous Flash Player Internet plug-in).

As a result, there's very little point in bothering to write malware for OS X seeing as it will typically be squashed by Apple within a brief period of time, thanks again to the work of many of us OUTSIDE of Apple.

Mr. Kaspersky, realism is always welcome. Pulling bonehead Symantec quality FUD manoeuvres is NEVER welcome. Make your choice.

In any case, thank you Kaspersky for your many contributions to the computer security community. Apologies that they don't result in profits from your Mac software.
If I die before I wake, you know why. ;-)



Oh and here's The Register's 4 Jan 2017 article about "Kaspersky's huge certificate cock-up" mentioned above:


Kaspersky fixing serious certificate slip
Security smashed for 400 MEEELLION users
Kaspersky is moving to fix a bug that disabled certificate validation for 400 million users. 
Discovered by Google's dogged bug-sleuth Tavis Ormandy, the flaw stems from how the company's antivirus inspects encrypted traffic. . . .
~ ~ ~ ~ ~

--

Monday, December 12, 2016

Apple Adds 'Junk' Option To iCloud Calendar:
Spam Rats Exterminated

--

Apple has kindly responded, in part, to the Calendar spam nightmare. They've now provided a couple ways to 'Junk' the spam directly inside the iCloud Calendar rather than forcing victims to 'Accept', 'Decline' or 'Maybe' the spam, none of which were acceptable options.


Apple activates iCloud.com Calendar spam reporting feature
By AppleInsider Staff 
Sunday, December 11, 2016, 09:31 pm PT (12:31 am ET)
Apple on Sunday instituted a new junk content reporting feature on its iCloud.com web portal, the first step in what appears to be an activation of countermeasures against iCloud Calendar spam invites users began to receive in volume last month.
There are two ways to attack invitation spam in the iCloud Calendar.


(Click to enlarge)

In the screenshot above, we notice the invitation spam via both a Calendar entry, marked as A, and the Notifications counter at the bottom of the window, marked as B. AppleInsider, in the article linked above, has described how to use the Notifications counter to 'Junk' the invitation spam. I'm going to describe how to perform the same function using the invitation spam Calendar entry.



(Click to enlarge)

In the screenshot above, I've double-clicked the invitation spam entry in my Calendar. The result is a detailed information sub-window. I prefer this approach for removing invitation spam specifically because of the details provided. The text in the sub-window is a bit scrambled, but we can make out some typical signs of spam. The sender is Chinese. The invitation spam was sent to victims on an alphabetical spam-it list. The invitation spam directs the victim to an unfamiliar website.


Note that Apple has added 'Report Junk' link beneath the text "This sender is not in your contacts." Click "Report Junk" and this new sub-window appears:



(Click to enlarge)

Click 'OK' and the deed is done! The invitation spam will be safely removed from both the Calendar and the Notifications counter. Extermination achieved. Perform this procedure on further invitation spam. When you're done, your Calendar will be clean and back to normal.



(Click to enlarge)

It is assumed at this time that Apple is using Calendar 'Junk' reports to create a 'Black List' that will keep future invitation spam out of the Calendar. Because of the very similar coding used for email spam, I expect Apple will eventually combine both their email spam and Calendar invitation spam filtering systems. We'll see.


WHAT'S LEFT TO FIX


1) Apple still has to provide a 'Junk' reporting method in both the macOS and iOS Calendar applications.


2) Apple still has to provide a fix for Photo Sharing invitation spam.


Little steps to solve big problems.



--

Tuesday, November 29, 2016

Permanent Solution To Calendar Spam Attacks!

--

Over the US Thanksgiving holiday weekend, I was bombarded with two further Calendar spam rat attacks foisting fraudulent flotsam from China. I happily dispatched them with the previously prescribed method, no dangerous 'decline' required.

But better yet! Yesterday (11-29) Sean Gallagher of Ars Technica posted a permanent solution to Calendar spam rat attacks that works the charm. It shoves off spam 'invitations' (infestations) into the Mail application instead, where the crapulent assaults will be forced through your spam filtration system, killing them dead. 


√ Spam rat exterminated.



How to stop the wave of Apple Calendar invite spam
Deleting them just encourages them—and confirms your address is live.
Sean Gallagher, Ars Technica, 2016-11-28

Here is my slightly simplified set of instructions. Note that this must be performed on a desktop/laptop computer. It will not work using iOS!


1) Sign in (log in) to your iCloud account at:


https://www.icloud.com




2) Click on the Calendar icon.



3) When your Calendar page is loaded, look down at the bottom left for the gear symbol. Click on it and choose 'Preferences'.




4) In the Preferences sub-window, click on the 'Advanced' tab.




5) In the bottom section of the 'Advanced' window, labeled 'Invitations', you'll see the default radio button setting is 'In-app notifications'. Click instead 'Email to ...' your iCloud email address. (Ignore 'Use this option if...).



6) Click 'Save' in the bottom right.


No more 'invitation' infestations into your Calendar. But note! Any legitimate Calendar invitations will also be sent to your email account. Therefore, be careful when perusing your email to watch for invitations you'd like to accept. In Mail you can choose to have them added to your Calendar.


When you receive spam rat 'invitations' in Mail you can simply mark them as 'Junk'. More garbage from the same spam rats should in future be flung into your 'Junk' without your having to ask.


Reporting Calendar 'Invitation' Spam:


I had a chat with tech support over at SpamCop.net about Calendar 'invitation' spam. They kindly declined to recode their spam reporting website software to accept this new spam variety and instead referred me to another organization that might take up the challenge. But the fix Sean Gallagher provided solves the problem. I can in future toss off 'invitation' spam to SpamCop directly from Mail.


Remaining problem, iCloud Photo Sharing spam:


Sadly, there is no similar preference fix to stop iCloud Photo Sharing spam. That one is Apple's burden to solve.



--

Friday, November 18, 2016

The New Spam Rat Vectors:
Calendar and Photo Sharing

--

Today, I ran into one of the new spam rat vectors. Without any approval on my part, a two day event was shoved into my Calendar for today and tomorrow. It came from a persistent source of spam that attempts to foist ads for fake Chinese Ray-Ban sunglasses before my eyes. I've received (and reported to SpamCop.net) quite a few of their spam emails. Now they're using this new vector to get attention. How they pulled off the spam is new to me! The thing was sent via my iCloud.com account.

It should be easy to Delete anything inserted into the macOS Calendar. Right? That's the intuitive thing to do. Apple of course provide that option if you use the contextual menu while clicking on the spam calendar event. Except it's NOT delete at all. We're forced to either 'Cancel' and keep the spam or 'Decline' the event. When we 'Decline' the event, this is the same as shouting to the spam rat 'HEY! I'M A LIVE BODY! SPAM ME SOME MORE!' That's the very last thing we want to do. The spam rats will spam us further as a direct result of hitting 'Decline'.

The only recourse available is to ignore the Calendar spam. It will sit there in your Calendar forever. I hate that.

Result: Apple has inadvertently allowed a spam vector we cannot avoid! That has to end. I'll be sending Apple a kindly request to end this madness immediately. I'll also be corresponding with SpamCop.net to see if they can incorporate the reporting of such spam into their system. At the moment, their interface has no idea what to do with this kind of spam, despite the URL for the spam rat being incorporated in the 'Invite' code.

Meanwhile, similar spam is reported to be infesting iCloud Photo Sharing. Another great one Apple. :-P

Thankfully, there is a solution to this stupid spam problem in Calendar. I've provided some links to articles with the solution below. Sadly, there is not yet any solution the stupid spam problem in iCloud Photo Sharing. The best you can do is turn off iCloud Photo Sharing. When a solution arrives or Apple get their act together, I'll post again.

If you can read Dutch, this is the first website to figure out how to kill off the stupid spam problem in Calendars:

appletips, 2016-11-08

Both 9TO5MAC and TechTimes have provided translations of the solution as well as discussion:

9TO5MAC, 2016-11-09
Performing the steps below will move the spam invitation to a separate calendar, and from there, that calendar can be deleted. Thus, removing the spam invitation without having to hit “Decline” on the actual notification. . . .
Anu Passary, Tech Times, 2016-11-09
Any Solution For iCloud Photo Sharing Spam?The only option is to turn off the feature completely. To do so follow these steps: . . .
~ ~ ~ ~ ~


For those interested in the code buried behind these spam abominations, here is what I received (with personal and potentially dangerous data removed, as indicated in italic brackets):
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Apple Inc.//Mac OS X 10.12.1//EN
CALSCALE:GREGORIAN
BEGIN:VEVENT
TRANSP:TRANSPARENT
DTEND;VALUE=DATE:20161120
LAST-MODIFIED:20161118T134030Z
ORGANIZER;CN="黄周朝":/aMjUwNTI0MjYwNzgyNTA1Mqtter-QwRgjzoGWqFbNhgT2wV1SrD6
 t8E_Di4m4H-sa/principal/
UID:7F700ED9-2C8B-DE19-5648-34298F6E1BD9
DTSTAMP:20161118T134034Z
DESCRIPTION:[URL of spam rat removed] $19.99 Ray-ban&Oakley Sunglasses Onli
 ne.Up To 80% Off Sunglasses.Compare And Save.
SEQUENCE:0
X-APPLE-TRAVEL-ADVISORY-BEHAVIOR:AUTOMATIC
SUMMARY:$19.99 Ray-ban&Oakley Sunglasses Online.Up To 80% Off Sunglasses
 .Compare And Save. [URL of spam rat removed]
DTSTART;VALUE=DATE:20161118
CREATED:20161118T141038Z
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at hotmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at yahoo.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CN="[Victim]";CUTYPE=INDIVIDUAL;EMAIL="[Victim at icloud.com]";PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RSVP=TRUE:/aMTEyMDgzMTQxM
 TIwODMxNG5OQKIRBVWuL0Ah_fCetZ3Z3V61ZwF1SPf_pZtFhpme/principal/
ATTENDEE;CN="黄周朝";CUTYPE=INDIVIDUAL;EMAIL="[Nonsensical email address]";PARTSTA
 T=ACCEPTED;ROLE=CHAIR:/aMjUwNTI0MjYwNzgyNTA1Mqtter-QwRgjzoGWqFbNhgT2wV1S
 rD6t8E_Di4m4H-sa/principal/
BEGIN:VALARM
X-WR-ALARMUID:BCE20FBE-0652-41A3-9224-A9C3E37720AA
UID:BCE20FBE-0652-41A3-9224-A9C3E37720AA
TRIGGER:-PT15H
X-APPLE-DEFAULT-ALARM:TRUE
ATTACH;VALUE=URI:Basso
ACTION:AUDIO
END:VALARM
END:VEVENT
END:VCALENDAR
The victim email addresses were apparently copied and pasted alphabetically from a distributed spam-it list. The victim IDs in this case all started with 'derek'-something. The victim email addresses were not exclusive to iCloud, as I've indicated above.

So Apple! What's with the sloppy attention to security lately? Wake up! You're making Google look good. And that's bad.


--

Monday, November 7, 2016

Apple's iOS App Store Faceplant:
Infiltration of Hundreds of Fake Apps

--

Faceplant:

An unintentional result of a risky or stupid activity whereby a person becomes fully inverted from the normal upright position while one or more parts of the face impact the ground simultaneously with the full weight of the body.

A faceplant (also face plant) is like doing a handstand except with no hands so all that's left is your face.

~ ~ ~

Apple is in the midst of an unprecedented faceplant whereby a reported hundreds of FAKE apps have been steadily infiltrating the iOS App Store. This of course is NEVER supposed to happen. Preventing this from happening is the single biggest point of using the iOS App Store. Consider the safety reputation of the Apple iOS App Store severely damaged. This is shameful of Apple. Consider me disgusted.

Below, I've posted links to relevant articles. I'll post further links if this situation worsens.

Fake shopping apps are invading the iPhone
New York Post
James Covert, October 30, 2016
... A slew of knockoff shopping apps have quietly infiltrated Apple’s App Store in recent months, looking to lure unsuspecting iPhone owners with bogus deals on everything from jewelry to designer duds.

The fake apps mimic the look of legit apps — and have proliferated since this summer, experts said.

It didn’t help that earlier this month, Apple introduced search ads in its App Store. The fake apps are buying search terms, it would appear, to increase their exposure to consumers.

The crooks are looking to tap into the fast-growing market for mobile sales, which last year leaped 56 percent to $49.2 billion, according to comScore. . . .

Beware, iPhone Users: Fake Retail Apps Are Surging Before Holidays
New York Times
By Vindu Goel, November. 6, 2016
Hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks — just in time to deceive holiday shoppers.

The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.

“We’re seeing a barrage of fake apps,” said Chris Mason, chief executive of Branding Brand, a Pittsburgh company that helps retailers build and maintain apps. He said his company constantly tracks new shopping apps, and this was the first time it had seen so many counterfeit iPhone apps emerge in a short period of time.

But there are serious risks to using a fake app. Entering credit card information opens a customer to potential financial fraud. Some fake apps contain malware that can steal personal information or even lock the phone until the user pays a ransom. And some fakes encourage users to log in using their Facebook credentials, potentially exposing sensitive personal information.

The rogue apps, most of which came from developers in China, slipped through Apple’s process for reviewing every app before it is published. . . .
~ ~ ~

Be safe out there kids! At the moment, Apple doesn't have your back. (-_-) zzz

--