Macintosh malware continues to evolve

Security experts have long warned that [Apple’s] delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms that they were right. — PC World magazine

Last week I argued that a Macintosh-based botnet currently being distributed via Word document would likely change distribution methods, perhaps to a PDF document, in order to spread itself more effectively.

That, to my knowledge, hasn’t happened, but today I learned of the above example of Mac malware doing exactly that, jumping from Java vulnerability to Java vulnerability. Read more

End of the innocence for Mac security

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

Umm, no, that’s not Commodore, and that’s not an Amiga

Some stories floating around are suggesting that Commodore is still around, and they just released a new, overpriced Amiga.

Well, there’s a company slapping “Commodore” and “Amiga” labels on PC cases that look kind of like Apple Mac Mini cases and stuffing off-the-shelf components in them, but they’re Commodore Amigas in name only. Read more

Remembering Michelangelo

Yesterday was the 20th anniversary of the Michelangelo virus. If you don’t remember, on March 6, 1992, Michelangelo was programmed to overwrite the first 100 sectors of a hard drive–not quite as destructive as formatting a drive, but to the average user, the effect is the same. It was a huge scare–John McAfee predicted five million computers would be affected–but largely was a non-event.

Those of you studying for security certifications would do well to remember that Michelangelo is a prime example of a virus and a logic bomb. Viruses replicate; logic bombs do something when an event triggers. Malware doesn’t always fit neatly into specific categories–crossovers are common.
Read more

Balancing safety and versatility

John C Dvorak has a very simple solution to the HP printing problem. Lock down the firmware so it’s not upgradeable. And while we’re at it, do the same thing to routers and other equipment.

This solves the problem of loading rogue firmware on the devices, but there are several problems with such a draconian approach.
Read more

Steve Jobs and the Commodore PET

Steve Jobs and the Commodore PET

There’s a nasty rumor floating around that in Walter Isaacson’s bestselling biography, Steve Jobs, Jobs alleges that Commodore copied the Apple II when making its first computer, 1977’s PET. Here’s the story of Steve Jobs and the Commodore PET.

The book doesn’t come right out and say it, but it insinuates it. I know how the PET came to be, and the PET would have happened whether the Apple II ever existed or not.
Read more

Happy Patch Tuesday, September 2011

Microsoft has five updates and Adobe has two for us on this fine Patch Tuesday, in addition to a patch Mozilla pushed out for Firefox last week.

Don’t get too complacent if you run something other than Windows. If you run Microsoft Office on a Mac, or Adobe Reader or Acrobat on a Mac, or Adobe Reader on Unix or Linux, you’re vulnerable. The vulnerabilities in those affected products are more serious than the vulnerabilities for Windows. So keep that in mind. Don’t be smug about security. It’ll bite you.

Read more

Time for some unexpected updates

Due to the Dutch certificate authority Diginotar being compromised, Mozilla released Firefox 6.0.2 and Microsoft released security advisory 2607712 in order to prevent those compromised SSL certificates–in layperson terms, a file that permits web servers to use https for security–from being used.

Without this step, someone could use a compromised certificate to set up a fake web site masquerading as some other web site you trust and using it for fraud.
Read more

My first really bad day in IT

Next weekend is Labor Day weekend. I can’t remember if it was one Thursday or two Thursdays before Labor Day weekend in 1997, but one of those two days happened to be the beginning of the first crisis of my career.

Whichever Thursday it was, it was getting close to midnight when my phone rang. It was Max. The print server wasn’t working. That happened a lot. That server had IBM’s Services for Macintosh on it, which never worked all that well, and, worse, tended to make the rest of the server act up a lot. That in and of itself shouldn’t have been a crisis. But I’m getting ahead of myself.
Read more

And now it’s Apple’s turn

It’s been a weird month for technology. And as always, Apple had a way to get people to stop talking about anything else, though it’s not the news Apple wanted do deliver this week. I can only think of one bit of news Apple would want to deliver less.

Steve Jobs is stepping down as CEO. He’s becoming chairman, but perception is everything. Especially with Apple. I don’t think any company in recent memory has leveraged perception the way Apple has.

Read more