Tag Archive for Apple

| August 28, 2012
One comment

A History of Mac Malware: Part 1

A History of Mac Malware: Part 1Graham Cluley at Sophos recently wrote an excellent history of Apple Macintosh malware. He points out that Mac malware is a subject that raises strong emotions. There are some who believe that the problem is over-hyped and others who believe that the malware problem on Macs is underestimated by the Apple-loving community. The author writes that hopefully, this short history will go some way to present the facts and encourage sensible debate. (rb- We have just taken on a new customer which is 85% Mac and 15% PC. I have had this very conversation with my Apple certified tech who does the field support.)

Click here for part two of this series. Click here to read my recent series commemorating the 25th anniversary of the computer virus.

Apple II1982 – Apple II – The first virus to affect Apple computers wasn’t written for the Macintosh (the original Mac did appear until 1984). 15-year-old student Rich Skrenta wrote the Elk Cloner virus, capable of infecting the boot sector of Apple II computers. On every 50th boot the Elk Cloner virus would display a short poem:

It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

The blog says many Apple fans are surprised that the Elk Cloner boot sector virus predates IBM (IBM) PC viruses by some years. (I got my first paying tech job using an Apple II and PFS:File to build a database).

1987 – Macintosh – The nVIR virus began to infect Apple Macintosh computers, spreading its malware mainly by floppy disk. It was a similar story to what was happening in the world of MS-DOS malware, where viruses would typically travel from computer to computer by users sharing floppy disks.

Source code for nVIR was later made available, causing a rash of variants for the Mac platform. The author writes that the first anti-virus products for Mac, some free, some commercial, began to emerge in response th this malware. (In my first tech support Job, I got very familiar with the Mac 30/SE, since there was a computer lab full of them with a SCSI chain from the Mac to an external hard drive to a scanner. They also printed to a LaserWriter 2 with AppleTalk and Phonenet. I still have a bag of terminators.)

Mac 30/SE1988 – HyperCard – Running on early versions of Apple’s Mac OS, one HyperCard virus displayed a message about Michael Dukakis’s US presidential bid before self-destructing:

Greetings from the HyperAvenger! I am the first HyperCard virus ever. I was created by a mischievous 14-year-old, and am completely harmless. Dukakis for preseident (sic) in ’88. Peace on earth and have a nice day

1990 – The MDEF virus (aka Garfield) emerged, spreading malware on application and system files on the Mac.

1991 – HC (also known as Two Tunes or Three Tunes) was a HyperCard virus discovered in Holland and Belgium in March 1991. The writes that on German language versions of the operating system it would play German folk tunes and display messages such as “Hey, what are you doing?” and “Don’t panic.”

Microsoft Office1995 – Concept Macro Virus – Microsoft (MSFT) accidentally shipped the first-ever Word macro virus, Concept, on CD-ROM. It infected both Macs and PCs running Microsoft Word. Concept was not written with malicious intent but thousands of macro viruses were to follow, many also affecting Microsoft Office for Mac. Word macro viruses turned the world of Mac *and* Windows malware on its head overnight according to Sophos.

Macro viruses are written in an easy-to-understand macro language that Microsoft included in its Office programs making it. The blog says the macro language made it child’s play to create new malware variants. Most people at the time considered documents to be non-dangerous and were happy to receive them without thinking about the security risks. Just opening a Word .DOC file could infect your computer because the macro virus’s code was embedded within.

1996 – Laroux  Excel macro virus – The Laroux virus did not affect Mac users until Microsoft released Excel 98 for Mac and then Apple users could also become victims.

QuickTime logo1998 – Hong Kong introduced the next significant Mac malware outbreak the blog says.  It was first spotted in the wild in Hong Kong. The worm – dubbed AutoStart 9805 – spread rapidly in the desktop publishing community via removable media, using the CD-ROM AutoPlay feature of QuickTime 2.5+. (rb- An AutoPlay issue – whoda thunkit?). In the same year, Sevendust, also known as 666, infected applications on Apple Mac computers.

After 1988 Mr. Cluely writes that big changes to the Mac malware scene were just around the corner. The release of Mac OS X, a whole new operating system which would mean that much of the old malware would no longer be capable of running. Mac-specific malware would have to be written with a new OS in mind.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| August 23, 2012
One comment

Privacy on IPv6 Networks

Privacy on IPv6 Networks

Internet service providers, websites, and equipment vendors around the globe took part in the World IPv6 launch in June, Internet companies including AT&T (T), Cisco (CSCO), Comcast (CMCSA), Facebook (FB), Google (GOOG), Microsoft (MSFT), Verizon Wireless (VZ), and Yahoo (YHOO) decided to permanently turn on IPv6. A small fraction of Internet users and devices have started communicating via IPv6 networks, with more and more transitioning to the new protocol over the coming months and years. There are security and privacy implications in the switch to IPv6.

IPv6All kinds of devices will get new IPv6 numbers as the addressing format grows. The IPv6 addresses for these networked devices can be generated in a number of different ways and the choice of how they are created has potentially wide-reaching effects for security and privacy Center for Democracy & Technology explains. One of the original methods for assigning new addresses involved using a unique device identifier (known as a MAC address) as the suffix of the IPv6 address. This method creates a permanent, unique address for a device, potentially allowing any server that the device communicates with to indefinitely track the user.

IPv6 designers soon realized the potential security and privacy problems of MAC-based addresses; as a result, they created an alternate method known as “privacy extensions” or “privacy addresses” the article reports. The privacy extensions use a randomly generated number instead of a MAC address. In order to protect privacy on an IPv6 network, the random number is unrelated to any device identifier and in practice lasts no more than a week (and often much less time), ensuring that the user’s IP address cannot be used for long-term user tracking.

SmartphoneIt is up to operating system vendors to choose which IP address assignment method will be the default on their devices. The author says that some vendors have made good choices, particularly within the last year. Microsoft has long led the charge on IPv6 privacy, with privacy extensions on by default in all versions of Microsoft Windows since the release of Windows XP nearly a decade ago. Apple followed suit last year, with privacy extensions activated by default in all versions of Mac OS X since 10.7 (Lion) and with the release of iOS 4.3 for iPhone and iPad. Google did likewise in its Android 4.0 release last year.

The CDT says that as long as Internet users choose to upgrade their operating systems to the latest versions, they should be protected against perpetual security and privacy threats from IPv6 network address tracking.

rb-

mobile OS's send private information about their users to the networHowever, I wrote about reports from H.Security that mobile operating systems do not protect security or privacy on IPv6 networks. The report says mobile OSs send private information about their users to the network. The H.Security article says this is not a flaw in IPv6, rather it is lazy programming in some cases. The article points out that neither Apple’s iOS nor Android devices have the option to enable Privacy Extensions or the option to disable IPv6. apparently, the only thing smartphones need is a control option in the user interface to protect mobile OS users’ privacy and security on an IPv6 network.

Related articles
  • Romania Has the Fastest IPv6 Adoption Rate (maindevice.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| July 17, 2012
3 comments

IPv6 Compromise Smartphones Users’ Privacy

IPv6 Compromise Smartphones Users' PrivacyNow that the IPv4 address pool is depleted and the IPocalypse is at hand, wrinkles are emerging in IPv6.  One of the wrinkles is with mobile devices. Most of the cool mobiles devices have been able to handle IPv6 for a while. Apple’s (AAPL) iPhones, iPads, and iPods have been capable of handling IPv6 Since version 4 of the iOS operating system and most Google (GOOG) Android devices have been capable since version 2.1. H  Security is reporting that these mobile operating systems send information about their users to the network.

Smartphone risksA device on an IPv6 network usually determines half of their address (the “interface identifier”) themselves, but H Security says that smartphones are sloppy with this task. According to the article, smartphones simply add the same two bytes to their globally unique MAC address and use it as their identifier. As a result, they transfer a unique hardware ID whenever they communicate with an IPv6-enabled server.

The basic problem isn’t an IPv6 issue because there are other methods for generating the address. The article says that a device can generate a random interface identifier and replace it on a regular basis. This is called the Privacy Extensions method and is the factory-set option in Windows; it can also be enabled in other operating systems. The article points out that devices running Apple’s iOS or Android offer neither the option to enable Privacy Extensions nor the option to disable IPv6, anyone who uses an affected device on an IPv6-enabled wireless network will send their ID.

IPocalypseThe only thing the smartphones are lacking is a control option in the user interface, as the Privacy Extensions do come as part of their kernel. For instance, on a (jailbroken) iOS 4 device with root access, they can be enabled with the same command that enables them on a desktop device running Mac OS X:

sysctl -w net.inet6.ip6.use_tempaddr=1

The blog claims the problem is only affecting a small number of users because IPv6 is not yet in widespread use. However, more ISPs plan to offer IPv6 in addition to the old IPv4 in the future. In addition, there are routers like the Cisco (CSCO) Linksys E3000, which will automatically set up an IPv6 connection via a 6to4 conversion when their internet access is purely IPv4.

The author concludes that the issue is particularly sensitive because such devices tend to be used by one specific person. As a result, the MAC address, which is accessible to any server operator and network monitor, allows this user to be identified.

rb-

If this sounds familiar, it is I wrote about mobile apps uploading  UDID’s here.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| July 3, 2012
Comments Off on BYOD Notes

BYOD Notes

90% of Employees Use Personal Devices for Work

90% of Employees Use Personal Devices for WorkA survey by DELL Kace (DELL) found IT managers feel they lack the necessary tools to properly manage BTOD personal devices. In the study, IT managers revealed they are unable to effectively protect corporate data and intellectual property as well as ensure compliance. Help Net Security says key survey findings include:

  • 87% of companies have employees that use a personal device for work including laptops, smartphones and tablet computers.
  • 82% citing their concerns about the use of personal devices for business use
  • 64% revealed they are not confident that they know of all personal devices being used for business purposes
  • 62% specifically concerned about network security breaches
  • 60% reported a greater demand for support of Mac OS X since the introduction of the Apple (AAPL) iPad and iPhone
  • 59% reported their personal devices have created the need to support multiple operating systems (OS’s).
  • 32% revealed employees use unauthorized personal devices and applications to connect to their network

On the governance side:

  • 88% said they believe it is important to have a policy in place to support personal devices, and another 62 percent revealed their organization lacks the necessary tools to manage personal devices.

It’s absolutely essential that IT teams deploy a strategy that provides end-to-end management capabilities on a variety of operating systems to effectively protect networks and address the consumerization and personalization of IT,” said Rob Meinhardt, general manager and co-founder for Dell KACE.

Related articles

Security Monitoring for BYOD Environments

Security Monitoring for BYOD EnvironmentsUnlike other BYOD security solutions that force organizations to install software on every new device, Lancope’s StealthWatch System provides security for any device entering the network, without having to install more software on the device or deploy expensive probes. Help Net Security reports that StealthWatch performs behavioral analysis on flow data from existing infrastructure to deliver end-to-end visibility and security across an organization’s entire network.

Net flow data already exists in network infrastructure devices to monitor network and host activity. Since net flow is already in most network equipment, it provides a cost-effective tool for monitoring mobile devices. The article says flow-based monitoring can uncover external attacks like botnets, worms, viruses or APTs, as well as internal risks such as network misuse, policy violations and data leakage. It can also be leveraged for other efforts including regulatory compliance and capacity planning, and for ensuring high levels of network and mobile device performance.

Related articles

IT is Embracing BYOD

IT is Embracing BYODIT is Embracing BYODCisco says that IT is accepting, and in some cases embracing, “bring your own device” (BYOD). Help Net Security reports that the networking giant found that some of the pros and cons associated with allowing employees to use their own mobile devices on their employers’ networks has become a reality in the enterprise.

The Cisco (CSCO) study BYOD and Virtualization (PDF) found most enterprises are now enabling BYOD.

  • 95% of responding firms permit employee-owned devices in some way in the workplace.
  • The average number of connected devices per knowledge worker will grow from 2.8 in 2012 to 3.3 by 2014.
  • 76% of IT leaders surveyed categorized BYOD as a positive for their companies and challenging for IT.

The survey says employees are turning to BYOD because they want more control of their work experience:

  • 40% of respondents cited “device choice” as employees’ top BYOD priority (the ability to use their favorite device anywhere).
  • Employees’ second BYOD priority is the wish to do personal activities at work, and work activities during personal time.
  • Staff wants to bring their own applications to work: 69% of respondents said that unapproved applications, especially social networks, cloud-based email, and instant messaging, are more prevalent today than two years ago.
  • Employees are willing to invest to improve their work experience. Cisco employees pay an average of $600 out-of-pocket for devices that will give them more control over their work experience the report says.

The article says these findings underscore that BYOD is here to stay, and managers are now acknowledging the need for a more holistic approach, one that is scalable and addresses mobility, security, virtualization, and network policy management, to keep management costs in line while simultaneously providing optimal experiences where savings can be realized.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Tablet computing | Tags: , , , , , , , , , ,
| June 26, 2012
Comments Off on Credit Agency Trawls Facebook

Credit Agency Trawls Facebook

GigaOm has an article that documents the efforts by Schufa, the largest credit rating firm in Germany to mine data from the Facebook (FB), LinkedIn (LNKD), and Twitter accounts of its customers. David Meyer cites documents leaked to German media, that the firm whose slogan is “We Build Confidence” would use the information “to identify and evaluate opportunities for and threats to the company.

“It cannot be that social networks are systematically scoured for sensitive data, resulting in credit ratings of customers,” said consumer protection minister Ilse Aigner.

rb-

Get over it.

Facebook logoI wrote about firms like RapLeaf mining social networks for employers and banks back in 2010. What is surprising to me and Mr. Meyer is that this latest social network mining operation comes out of Europe and especially Germany, a country where most people are very conscious of data protection concerns.

This goes back to the internet-age-old issue of privacy. Where is the line between public and private is it different for some groups than others? Do the NSA, CIA, MI5, and whoever else is listening get different access to data than Rapleaf, Apple (AAPL), Facebook, Twitter?

Just because the info is out there, public by default do they have the right to use it?

Get over itOn the other hand users of Facebook and Foursquare happily tie their credit cards to these accounts, post status updates, and check in to places for the world to see.  

Maybe we are just getting what we deserve.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »