More information – or at any rate some of the backstory – from Intego, relating to the origins of the OSX/Crisis malware they found on VirusTotal: OSX/Crisis Has Been Used as Part of a Targeted Attack.
In other news:
- Peter James (also at Intego) looked at New Security Features in OS X Mountain Lion
- Paul Ducklin (Sophos) highlighted Apple’s unreasonable expectation that users of Mountain Lion’s dictation software should be happy to let it send Apple their contact information: Apple to Mountain Lion users: “Tell us who your friends are if you want to talk to us.”
- Joshua Long (also Sophos) notes that only Lion and Mountain Lion users benefit from the upgrade to Safari, including fixes for 121 vulnerabilities: Where are the Safari security updates for Windows and Snow Leopard? Users left exposed
- And I had a sudden attack of nostalgia when asked about Jonathan Brossard’s ‘permanent, undetectable, unrecoverable’ PoC attack, which is apparently meant to prove the feasibility of ‘hardware backdooring’, launching an attack using trojanned firmware modified early in the supply chain. Bizarrely, I was reminded of the Welcome Datacomp ‘virus’ that afflicted some pre-OS X Mac users in the early 90s: actually, the attack – or joke – was a modification to the BIOS chip in a third-party keyboard that resulted in the words Welcome Datacomp being inserted into documents without any action on the part of the user. Rakshasa hardware backdooring: the demon that can’t be exorcized?
David Harley
