The Hoopla around the "Widespread" Mac Trojan

So a "new" (no it's not new) Mac Flashback Trojan is the talk of the town in tech media circles right now. 600K may be infected, which tells me that there are approximately 600K Mac owners out there who need some BASIC instruction on avoiding malware (the same folks who've infected their PCs for years because they're clueless).

For what it's worth, I ran the terminal commands to check my machine and…as I believed…it's clean. The reason is that I don't install software on my machine from just anywhere. If I want to install Flash, I go to Adobe's site myself. I NEVER rely on another's hyperlink (heck, I even know how to check the hyperlink…just hover your cursor over it for a second). You wouldn't do this to go to your bank account from an email, would you? Then why do it anywhere else for ANY reason.

Social engineering is the tool these malicious developers use most often, so do yourself a favor: learn how to avoid being duped in the first place.

The malware in question is a trojan horse called Flashback (OSX/flashback.A); users may end up acquiring it by clicking a link on a malicious website to download or install Flash player. If those users also have their Safari settings to automatically open safe files (which .pkg and .mkpg files are considered to be), an installer will show up on their desktops as if they are legitimately installing Flash.

[From Mac trojan pretends to be Flash Player Installer to get in the door]

Be careful out there, Mac users

There's a way around everything. The best thing you can do is to use multiple layers of software and physical security. Make it hard on your would-be thief in every way possible.

Use an Open Firmware Password (yes, I know how that can also be defeated). Use a physical lock on your Apple laptop. Use iSight or some other security software to track your computer BEFORE its data is erased (I'd wager few thieves will understand the Mac the way they do PCs). When you're out and about, turn on every security gizmo in your Mac that you can--screensaver password, disable auto-login, enable timed logout, lock your keychains, etc., etc. Use a firewall when you're not behind a router.

In short, protect your data first and your machine second. Make your Mac a less delectable target.

Reset OS X Password Without an OS X CD | TheAppleBlog:

To reset your OS X password without an OS X CD you need to enter terminal and create a new admin account:

Reboot
Hold apple + s down after you hear the chime.
When you get text prompt enter in these terminal commands to create a brand new admin account (hitting return after each line):

• mount -uw /
• rm /var/db/.AppleSetupDone
• shutdown -h now

After rebooting you should have a brand new admin account. When you login as the new admin you can simply delete the old one and you’re good to go again!

OSX's Firewall: ipfw

Don't waste your money on other firewall products. Apple comes with two great ones built right in. One can be found in System Preferences->Security->Firewall. The other is hidden and a bit more powerful. Just grab one (or both) of these free utilities to ease your ipfw configuration (which can be a little tedious via the command line), and you'll be safer in your online activities. These firewall offerings basically control what data is allowed into your computer, so if you ever have trouble doing something online, check your firewall settings first.

You might want to add Little Snitch too (for outgoing connections), and if you connect with a router, keep in mind that you're already behind a hardware firewall. You need a software firewall for when you're at Starbucks or some such place, using a wireless hotspot.

Macworld | Mac Gems | NoobProof 1.1 and WaterRoof 2.0:

Mac OS X’s built-in firewall—an implementation of the Unix ipfw program—works well, but Apple offers very few options for configuration. Hanynet’s NoobProof 1.1 and WaterRoof 2.0 are utilities that provide just such customization.

Great idea for syncing keychains

No MobileMe or dotmac required!

Extra Pepperoni » Keychain Sync without .Mac:

I thought of a solution for manual sync last week: One keychain per Mac. Say I have 3 systems: work, home, and other. Each system has 3 Apple keychains: work.keychain, home.keychain, and other.keychain, with each host using its own as the default. Then I can rsync work.keychain to home.keychain & other.keychain, etc. This is awkward with rsync because it’s inherently unidirectional, but keychains are small so it’s quite feasible to script.

In Tiger, I know the keychain is actually stored in memory once it’s unlocked, so it’s good to lock (unload) all keychains with “security lock-keychain -a” before updating the files — this goes in the same script.

Protect your MacBook or MBP from theft

These techniques have actually been used to recover stolen MBs and MBPs and prosecute the scumbags who stole them. Video here.

How to Secure your MacBook or MacBook Pro against theft : Switching To Mac:

Do you have a MacBook or MacBook Pro? If you do then you’re in luck, give iAlertU and TheftSensor a try [also see Undercover]. These two free applications take advantage of your MacBook or MacBook Pro’s Sudden Motion Sensor as well as other input information to activate a Security Alarm-like sound notifying you of intruders on your Mac.

Mac OS X a growing target amongst hackers

I'm trying to remember how many times I've seen this same article over the past two years. It's obvious people at InfoWorld don't know much about Macs. First, the only way that hackers will exploit a Mac is if the Mac user is an idiot, and most Mac users are NOT idiots (most of the intellectual world uses a Mac). Second, IT departments that run Macs (like the U of Mich) run Radmind, which definitely ALLOWS AN IT DEPARTMENT TO UPDATE SEVERAL MACS AT ONCE.
The PC world just can't stop the Mac hatred...so they're trying to plant the myth that Macs are now at risk. Yes...they've always been at risk (like any system), but I still say that any UNIX-based system is far more secure than Windows.

read more | digg story

Ballmer, MS, and their cronies at their stupidity again

I really need to write about something else. This blog is turning into a "I hate Microsoft" column. But they're just so hateable.

The iPhone whining from Microsoft is apparently ceaseless. Too bad the iPhone WAS A SUCCESS, eh Ballmer and Allard?

MacNN | MS Zune chief: iPhone is a "lousy" iPod:

"It’s a lousy iPod," Allard explains. "You can’t skip a track without looking at it. You can’t go running with the thing."

Ballmer bawls out Apple iPhone as 'no hoper':

Microsoft's boss Steve Ballmer slammed the iPhone last week, saying it has "no hope" of gaining a foothold in the mobile phone market.

Ballmer clearly hasn't heard much about the one million AT&T customers in the US already signed-up for information on the new product when it ships.

On the security-and-utter-bull-crap front, Computerworld magazine published this gem from a hacking contest winner. Obviously, MS is trying their damnedest to reverse the PR image that their pathetic OSX-wannabe is not the malware slut it once was:

Vista more secure than Mac OS:

I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.

It wasn't all bad, though, in that he actually had some good security advice for Macites:

I recommend that Mac users make their primary user a non-admin account, use a separate keychain for important passwords, and store sensitive documents in a separate encrypted disk image. I think these are fairly straightforward steps that many users can take to better protect their sensitive information on their computer.

Mmm hmm...oh yeah, it's real secure (and energy-friendly). Later we read:

Vista Battery Problems and Microsoft Security Update:

A Domain Name System (DNS) zero-day bug had been found that could expose vulnerabilities throughout Microsoft's entire server line. There are indications that Microsoft will also include a DNS patch in the Tuesday round.

Yep, it's just plain more secure than OS X. We then read this:

How Internet Criminals Will Evade Vista's Safeguards:

Think malware will fade away with Vista? Sorry. There's about as much chance of the thriving throngs of online criminals packing up shop as there is of Microsoft doing the same.

And MS's gobble-everything-up mentality hasn't gone away, seeing that they are unable to muster any innovations of their own accord; when someone is actually competing with them, they'll just work at acquiring a service or product that they just can't seem to deliver well on their own:

Reports: Microsoft pursuing Yahoo:

Microsoft is feeling increasing pressure to compete with Google, which plans to beef up its portfolio with a $3.1 billion purchase of online advertising company DoubleClick Inc. Microsoft currently trails both Yahoo and Google in the lucrative and growing business of Web search, even as Google increases its development of Web-based software that directly competes with Microsoft's lucrative Office suite.

Technorati Tags: vista, news, opinion, osx, apple, macintosh, tip, gmail, microsoft, security, google

"Well Known" TCP and UDP ports used by Apple

"Well Known" TCP and UDP ports used by Apple software products:

It's a good idea to know what's coming in and going out of your computer. Here is a handy list of ports and protocols that Apple software uses, just to keep you from freaking out when you see all sorts of weird connections on your log. Also, if your firewall is blocking this stuff and you're missing features (like Bonjour recognizing other Macs, you need to unblock the appropriate ports for your network.

MS always just responding to Apple

MacNN | MS aims at iPhone-like browsing:

Microsoft today issued a response to the iPhone's mobile version of Safari with Deepfish, the codename for a new technology designed for Windows Mobile 5 or 6 smartphones to provide a more desktop-like web browser experience.

Here we go again. MS thinks Apple's iPhone is a mistake, but yet we see this move???

And just the other day, MS was bragging about how much safer Vista is than OS X and other UNIX-flavored OSes. Now, we see this:

Microsoft Investigating Windows Zero-Day Bug - Yahoo! News:

Microsoft Corp. has confirmed a new Windows zero-day bug that is already being targeted by attackers.

And this:

Microsoft: Attacks on Windows flaw rise - Yahoo! News:

SEATTLE - Hackers stepped up attacks Friday on computers running some versions of Windows, a day after Microsoft disclosed a hole related to the mouse cursor. Microsoft Corp. sent out a security advisory Thursday warning customers that a vulnerability in ".ani" files — used to change the cursor into an hourglass while a program works, or into a dancing animal or other animation on specially designed Web sites — was allowing hackers to break into computers and install malicious software.

The folks at MS are either really stupid or really bad liars. Or both...

How easy is it to hack into someone's Mac?

As it turns out, it's entirely possible to hack into a VERY secured Mac, even if it has an open firmware password established. However, it would take an extremely savvy thief to know about this. Best thing to do is STILL use OFPW, and be certain to secure your Mac physically too!

Tech Press » How to Hack a Tiger Admin Account:

If the person has PHYSICAL access to the machine, then an open-firmware password will do little to prevent them from gaining access — you can disable the open-firmware password by adding/removing a significant amount of RAM, then immediately zapping the PRAM upon the next boot. That procedure removes the open-firmware password.

The machine needs to be locked down physically as well as have software security measures in place in order to thwart potential malicious users.

Make auto-login somewhat secure

Here's a great security tip for those who enjoy auto-login on their Mac. Use the screen saver password feature in a new way.

Macworld: Mac OS X Hints: Make auto-login somewhat secure

Password Autocomplete Always On!

It's really quite annoying that some web sites circumvent Safari's integrated (very secure) access to encrypted keychains. What I'm specifically referring to is the tactic of preventing your browser from remembering web site login information and entering it the next time for you automatically, provided the keychain itself is unlocked.

It makes sense not to store your login information for banking and credit card sites, but even this doesn't really make much sense if you're a Mac user and enjoy the encrypted goodness of your keychain using Keychain Access--which lets you access tons of password and other critical information with ONE password.

However, certain sites, such as Yahoo, shouldn't have this ridiculous block. It's frustrating and annoying.

There is a way around it in most cases, though I have one particular site I visit that is extremely annoying (http://nextcat.com - is a social networking site) in its method of preventing one from storing login information. All the work-arounds I've looked at so far are ineffective for this site, so they must be using another method of blocking.

Autocomplete Always On! is a little Applescript application that will do some hacking for you of the Webcore engine, allowing you to store login information for MOST sites (except sites like Nextcat). You can handle this hack yourself using the instructions here, but I chose to use the AAO app above. Make sure you back up your Webcore too with the Applescript, just in case (you won't really need to, but I'm a worry-wart).

There are some other methods for doing this, using a Python script run through Pith Helmet's Machete function. One must remember to save the script as a plain text file with the ".py" extension and then make it executable, which can be done simply through the Terminal using instructions here.

But the method described earlier using the AAO Applescript seemed like a quick, global fix for my personal situation.