Posted on 05/06/2011 4:33:50 PM PDT by Swordmaker
Well, the vermin are beginning to crawl out of the woodwork at last. As they say, it is not at all the beginning of the end, but it is the end of the beginning. Macs are now officially a target species. Hurrah! (It is a milestone of sorts, eh?)
From TFA:
> Maddern didn't say what interaction is required on the part of the victim, and he didn't immediately respond to an email seeking clarification.I'll be interested to learn if it circumvents the usual Mother-may-I prompts for administrative access password.
Now, let's see.... I use Skype all day, every day, on both Mac OS-X and Windows 7, and occasionally on my iPod Touch. I cannot function at work without Skype these days, because a few hundred people contact me on skype every week, and won't or can't use other means (email, phone).
And naturally, I'm up-to-date on Skype releases, so I'm using Version 5 everywhere.
Drat. Damned vermin.
So what gets sent, really? I read this:
> ...sending a specially manipulated attachment in an instant message...Do they mean dropping a file into the chat? I do that occasionally; people do that occasionally to me. But I never chat, much less accept files from, unknown people. I suppose someone could manage to masquerade as a user I know...
Yeeeechhhh!
Well, Skype will patch the bug, and Apple will close the hole, and all will be well until the next one...
Thanks for that explanation; I’ll do that.
Not sure that will stop this particular vulnerability, tho.
But can you confirm that the bug is only for the latest version of Skype? I’m pretty sure I never upgraded; I’ll check that if it would make a difference . . .
I logged off my Mac and powered it down for the weekend; will make the check and the changes you suggest if they will presumably be adequate.
Otherwise I could be tempted to use my netbook for a week if that will tide me over ‘til the update is released. Having dear ones abroad, taking Skype off isn’t a good option at all.
> Most likely true... and unless you have activated ROOT not too dangerous.
I wouldn't be so sure.
"Shell access" means you have access to the "shell", the level of the operating system where commands are spawned. It is NOT limited to SSh access, which is a specialized way of getting a remote shell on another machine. While it's true that SSh access on machine A is turned off by default (thus machine B cannot SSh into A), that doesn't have any effect on access within machine A to the shell layer of the OS.
The way I read this, they're saying that the malware gains the ability to execute programs on the infected machine.
No, I can't because I have seen nothing beyond this posting. I am not even sure it's legit. I can't quite see how it's being accomplished, much less how it can affect a Mac and not other Skype clients. It may be FUD for all I know at this point.
>> It remotely gives shell access.
Impressive access for a chat client. What else can it do?
Hey now.
Isn’t the point of Mac more or less, that one does (not) run as Administrator?
After all, running in Administrator, is pretty much Windows.
There are two levels of administrator in OSX... administrator and ROOT. Root is turned off by default in OSX. That is essentially the "Superuser" level that all WindowsXP users start out using. . . and the administrator level that Windows7 users have.
Thanks, Swordmaker, for the helpful information. What would we single users with no IT do without you?
> Hey now.
And they say computer geeks don't get any... HA!
We just do it by Skype, that's all....
Things have certainly changed since the floppy disk era.
Confirm: You are saying that Win7 users are superusers in the same way that XP users are? I had the impression that W7 was better in that regard??
No, they are a lot better. But their administrator level is a superuser level. They just don't have ALL their users at administrator level any more. Win7 users are standard users.
Almost everything about Skype code is stupid and unforgivable. And that was before MS bought them.
ApparentlySkype releases patch for zero-day vulnerability in Skype 5 for Mac
your information was correct about that. Turns out I, having never updated to Skype 5, needn't have worried.
But I do worry about that sort of thing. Which makes the fact that the alarms which have a realistic basis are few and far between on the Mac a significant benefit to me.
Sometimes it pays not to update!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.