Mac Virus

Jailbreaking with Absinthe

David Harley — Wed, 25 Jan 2012 20:26:23 +0000

It seems to have been my week for commenting on Apple jailbreaking issues:

Quoted by Kevin Townsend in two articles:
- Absinthe – jailbreaking the Apple 4S on his own blog,
- for Infosecurity Magazine on Jailbreak for iPhone 4S released.

My own take on the issue is also for Infosecurity Magazine: iOS Jailbreaking: Does Absinthe Make the Heart Grow Fonder?

David Harley CITP FBCS CISSP
Small Blue-Green World/Mac virus

Mac Virus: 2011 in review

David Harley — Fri, 20 Jan 2012 15:11:10 +0000

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog. I don’t know how interesting it is to other people, but Mac and I thought we’d mention it anyway. Apparently enough people look at it to make us feel slightly guilty that we don’t post more often… Of couse, if you really can’t get enough of my writing on Mac Matters here, I do also write on for Infosecurity Magazine on Apple-related security issues.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 44,000 times in 2011. If it were a concert at Sydney Opera House, it would take about 16 sold-out performances for that many people to see it.

Click here to see the complete report.

David Harley CITP FBCS CISSP
Mac Virus/AVIEN/Small Blue-Green World

F-Secure’s summary of 2011 Mac Malware

David Harley — Tue, 17 Jan 2012 18:37:24 +0000

F-Secure have published details of the OS X malware the company has been tracking in the last three quarters of 2011. Fifty-eight instances, according to the blog post at Mac Malware Summary 2011 (Q2/Q3/Q4).

I haven’t yet looked at the spreadsheet that contains the detail – that, you may remember, is where the Devil(robber) is – but I’ll probably comment more when I’ve had the chance to. In the meantime, this has to be worth reading if you’re at all interested in Mac malware (and why are you here if you’re not?).

David Harley CITP FBCS CISSP
Mac Virus/Small Blue-Green World/AVIEN

Flashback to 2011: another recurring Trojan…

David Harley — Tue, 17 Jan 2012 18:12:48 +0000

…not to mention more XProtect updates. While the tussle between Apple (trying to keep their minimal antivirus utility up-to-date with a current threat) and the people behind OSX/Flashback (releasing new variants – loosely speaking – of a Trojan masquerading as an Adobe Flash installer) doesn’t have quite the same drama as Apple’s tussle last year with MacDefender and its siblings in the fake AV sector, Intego has been tracking a succession of Flashback versions.

Further commentary for Infosecurity Magazine: I Keep Getting Flashbacks.

David Harley CITP FBCS CISSP
Mac Virus/Small Blue-Green World/AVIEN

New Infosecurity blog article

David Harley — Mon, 19 Dec 2011 17:00:01 +0000

Small Eruption in Peru: Not Many Infected

Or why even the sparse Mac threat landscape has changed contours since the 1990s.

David Harley CITP FBCS CISSP

Malicious Android: why the Birds are Angry

David Harley — Mon, 12 Dec 2011 18:13:56 +0000

This is actually a pointer to a blog I started here, but figured maybe it was time I started using one of my other pages for mobile security blogs that aren’t really Apple-related.

Malicious Android: why the Birds are Angry

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus

PINs and Needles

David Harley — Wed, 07 Dec 2011 07:15:44 +0000

This is barely relevant to Mac malware, but it has a lot to do with security mechanisms that use numeric passcodes and PINs (personal identification numbers), which of course includes lots of mobile devices and iGadgets. Hearing a PIN drop is an article published in Virus Bulletin in September 2011.

Most research on patterns of password use is based on the analysis of known collections of exposed passwords to see which are the most commonly used. However, there are few (if any) publicly known repositories of known account/passcode pairs, and that has restricted equivalent research on numeric passcodes. This article presents preliminary findings from analysis of a data set of passcodes ordered by frequency of use, generously provided by Daniel Amitay. (I hope to present a more detailed analysis of passcode selection strategies in 2012: the research project is ongoing.)

Copyright is held by Virus Bulletin Ltd, but is made available on Mac Virus (on the Papers page) for personal use free of charge, by permission of Virus Bulletin.

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus

Carrier IQ and the iPhone

David Harley — Tue, 06 Dec 2011 23:14:48 +0000

When I put this article up on the Infosecurity Magazine blog, it was much more topical: unfortunately, there was a bit of a time lag before it was approved, and there’s been an avalanche of debate, revelation, speculation and misinformation. Still, here it is anyway: Carrier IQ: Not Just an Android Issue.

Here are some more recent links:

David Harley CITP FBCS CISSP

We apologise for the late arrival…

oldmacbloggit — Thu, 24 Nov 2011 13:25:59 +0000

I wasn’t really expecting to write about “government Trojans” on this blog, though it’s come up several times elsewhere, as in blogs by Robert Lipovsky and David Harley at ESET, not to mention an AVAR conference paper David and Craig Johnston presented some time ago. And in fact, while the commentary on FinFisher in Brian Krebs article on Apple Took 3+ Years to Fix FinFisher Trojan Hole, it’s obviously the unusually long delay in patching the iTunes vulnerability that underpinned FinFisher that catches the eye: Krebs first wrote about the vulnerability for the Washington Post in 2008, and says that Apple were notified on July 11th of that year.

While most commentators seem to be assuming that this is probably a case of slipping attention on Apple’s part, I have seen it suggested (not by Krebs) that the company (a) might have been requested to leave the hole unplugged so that a government trojan could continue to operate (b) left it unplugged because it only affected Windows users.

Neither seems likely to me: Apple may or may not care about users of its Windows software, but it does care about its own reputation, and neither of those ideas would reflect well upon the company ethically. Sometimes, the cock-up theory just seems so much more likely than the conspiracy theory.

Old Mac

Mobile AV: another “charlatan scammer” hits back

David Harley — Mon, 21 Nov 2011 19:22:45 +0000

It seems I wasn’t the only one irritated at a post by Chris DiBona telling anyone who works for a company with a mobile security product that they should be ashamed of themselves. (Actually, I’m amazed at how little attention his astonishing outburst has received.)

It appears that Trend Micro’s Rik Ferguson isn’t impressed, either: he’s posted an excellent article on The mobile threat: FUD or MUD. Nice one, Rik.

David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus