Misha Glenny: Hire the hackers

[rhody]

Interesting http://ted.us1.list-manage.com/track/click?u=07487d1456302a286cf9c4ccc&id=ad6cfbe1d0&e=3019be3615", Misha is very well spoken and articulate, see if you agree...

He sums up by saying there is a high incidence of people who become hackers and those who have aspberger's syndrome (15:58 in the video).

That should raise a few eyebrows of stereotyping for sure.

Rhody... :uhh:

 

[Greg Bernhardt]

Thanks rhody! I would like to see if there is any data linking hackers with other forms of crime. Is a hacker more likely to commit a different type of crime.

 

[rhody]

Now, this is really sobering...

U.S. Outgunned in Hacker War

Testimony Monday before a government commission assessing Chinese computer capabilities underscored the dangers. Richard Bejtlich, chief security officer at Mandiant, a computer-security company, said that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn't realize they had been breached until someone else told them. The median number of days between the start of an intrusion and its detection was 416, or more than a year, he added

and... (my words in the next paragraph)
to address what is stated above... imagine having your credit card, medical history, credit history, etc... info compromised for over a year and no one knew about it.

He added that companies need to do more than just react to intrusions. "In many cases, the skills of the adversaries are so substantial that they just leap right over the fence, and you don't ever hear an alarm go off,'' he said. Companies "need to be hunting inside the perimeter of their network," he added.

Rhody...

 

[rhody]

As if I needed to underscore undiscovered breeches, http://www.reuters.com/article/2012/03/30/us-mastercard-breach-idUSBRE82T0VD20120330

MasterCard's announcement comes after a report on a blog called Krebs on Security said that both MasterCard and Visa Inc have been alerting banks across the U.S. about a "massive" breach that may affect more than 10 million cardholders.

Interesting that the Krebs on Security Blog released this information, which needs to be verified as true or a hoax. The scary part is the length of time these breeches can take before being discovered. One would logically think that most credit card hanky panky would be detected right away though.

Rhody...

P.S.. Background on Brain Krebs, founder of the Blog.

 

[rhody]

Interesting commentary, by Dr. Regina Dugan, DARPA Cyber Colloquium, eye opening, and startling. January 2012.

She believes we are losing ground because we are "divergent" (14:30 and on) from the emerging threat. This divergence are the seeds of strategic surprise.

Rhody...

 

[rhody]

Hah, I just checked someone's twitter account, and it was down, that is a first...

Are the bad guys up to new tricks ? Have to check the news tomorrow.

Rhody... :grumpy:

 

[rhody]

All you Mac users who used to think Apple's OS was safe from infection, not so, this http://blogs.computerworld.com/19989/biggest_apple_botnet_discovered_600k_macs_infected?af takes advantage of Java, specifically:

...of a weakness in Java SE6...CVE-2012-0507

I can’t stress this point strongly enough: If you don’t need Java, remove it from your system. ... Apple maintains its own version of Java, and [is] unacceptably far behind Oracle in patching critical flaws. ... [Its] lackadaisical...response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware.

and...

Despite what Apple...would have you believe, Macs are not invulnerable...malware targeting OS X does exist. ... [The] operating system isn't a panacea when it comes to security - only less targeted. Until now.
...
[If] accurate, such a large infection rate on Macs may change common perception of OS X as "virus-proof."

The insidious nature of this infection is that it can go for quite some time before being detected. Nice... Is your Apple system an unwitting "Zombie", waiting to be used as an unwitting source to be used in an attack on other computers or websites ? See: botnet.

Rhody...

 

[rollcast]

All you Mac users who used to think Apple's OS was safe from infection, not so, this http://blogs.computerworld.com/19989/biggest_apple_botnet_discovered_600k_macs_infected?af takes advantage of Java, specifically:


The insidious nature of this infection is that it can go for quite some time before being detected. Nice... Is your Apple system an unwitting "Zombie", waiting to be used as an unwitting source to be used in an attack on other computers or websites ? See: botnet.

Rhody...

Does it obviously work for Linux as well if its solely Java based?

 

[rhody]

Does it obviously work for Linux as well if its solely Java based?

roll,

Just a guess on my part, but I think if Java from the same vendor is used regardless of platform, it could be an issue.

Rhody... botnets searching...

 

[rhody]

Here are instructions to see if you have it, and then how to remove it.

Also, download and install the most recent Java update from Apple and you should be set.

Manual Removal Instructions

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:

“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

4. Otherwise, run the following command in Terminal:

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%

5. Take note of the value after “__ldpath__”
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):

sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment

sudo chmod 644 /Applications/Safari.app/Contents/Info.plist

7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

“The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”

10. Otherwise, run the following command in Terminal:

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%

11. Take note of the value after “__ldpath__”
12. Run the following commands in Terminal:

defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

launchctl unsetenv DYLD_INSERT_LIBRARIES

13. Finally, delete the files obtained in steps 9 and 11.

Rhody...

 

[jhae2.718]

Better solution: uninstall Java.

 

[rhody]

Better solution: uninstall Java.

Haha, yes, here is a link to the patch BTW.

Apple released the patch a day after reports spread about a Java-based Trojan horse that could install itself on your Mac without requiring that you enter a password. Apple released Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, and if you haven't yet installed it, you should.

Flashback is a Mac Trojan horse that's been in the public eye since it was uncovered by security firm Intego last year. The recent update saw it gain the ability to infect your computer from little more than a visit to a website.

Originally, Flashback masqueraded as an installer for Adobe's Flash Player - hence the name - but the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.

A personal note, I never ever ever install any updates unsolicited for Adobe Flash Player, that is the kiss of death IMHO.

Rhody...

 

[Ivan92]

Wow! Thanks rhody for the news!

 

[jhae2.718]

Adobe has taken over from Microsoft as the company whose software is most exploited.

 

[rhody]

Adobe has taken over from Microsoft as the company whose software is most exploited.

Haha... :rofl:

Rhody...

 

[rhody]

I can't make this up, really, I can't for those who installed the first patch, or used a manual method to update, Apple recommends a second patch by applied to be found here.

The update, dubbed Java for OS X 2012-002, does not appear to add anything substantial to the first update, according to security firm Intego, which spotted the new patch.

"It is possible that Apple discovered a minor glitch in the first update, necessitating a new release," Intego said in a blog post.

The second update, however, appears to only apply to OS X Lion, whereas the first one worked with Snow Leopard and Lion, Intego said.

"In any case, it is essential that all Mac users apply this update," the firm concluded. "The Flashback malware has been very active in the wild, and can install with no user interaction, if Java is not patched."

Rhody...