Posted on 12/14/2015 12:27:07 PM PST by Swordmaker
As if conning people out of money for a piece of scam ware that does nothing useful weren’t bad enough, a security researcher claims that extremely poor security has allowed him to access sensitive data for more than 13M MacKeeper accounts.
I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech […] stuff like names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware (ex: “macbook pro”), type of subscriptions, phone numbers and computer serial numbers.
The data was accessed by white-hat researcher Chris Vickery, who previously exposed data breaches at MLB, ATP, Slipknot and a network of charter K-12 schools in California …
Vickery, who posted a screenshot of the folder structure (below), said on Reddit that the server was completely unprotected.
Six hours after making this post (and it being at the top of the Apple subreddit), the database is still completely unprotected […] No log in required at all.
The researcher also noted that while passwords were encrypted, the system used was extremely weak.
MD5 with no salt… so very weak hashing
Vickery says that he will reveal more details about how he was able to access the data after the company has secured it.
If you’re looking for genuine software to clean and speed up your Mac, check out our roundup. (Or just do what Apple recommends and leave your OS X Mac on over night and allow the operating system's built-in utilities take care of it for you. -- Swordmaker)
I’ve always believed that the most dangerous software is security software.
Who watches the watchers?
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Why is MacKeeper collecting these data in the first place???? What are THEY doing with it?
I predict another well deserved class action law suit in their future.
MacKeeper is the dangerous pest that you can’t get to stop bothering you. And no, Apple has no part of this annoying product nor the annoying company that makes and “promotes” it.
Mackeeper=Malware
Oh how many times I have heard this cry from mac users. Of course, the defenders will try to say how MacKeeper isn't technically a virus or malware, but the same problem that plagues the majority of PCs is the same problem for Macs. You can't create a system that prevents a stupid user from installing a program they shouldn't. The biggest security hole in any computer network is its users. Their lousy passwords and "clicky" habits will punch holes in a computer network every time.
one night mackepper ran unbiden and shut down my mac on a whim evidently
I removed it the first thing the next morning.
I can’t believe that 13M idiots would pay for that crap.
I have spent countless hours with customers showing them how to remove MacKeeper malware from their computer. I have as much hatred of the websites that accept advertising from Zeobit as for Zeobit itself. American Thinker editor Thomas Lifson told me I was a Mac zealot and that his tech guy thought it was legitimate product. Shows how many fall for this garbage..... 13 million. Dang.
I’ve met Lifson, I wasn’t impressed. He struck me as GOPe.
Everything I have read on MacKeeper has convinced me to avoid that thing like the plague. The ads are intentionally tricky. It’s scary stuff. What’s more, I’ve heard from people who were dumb enough to try it that it is almost impossible to remove once installed.
Everything I have read on MacKeeper has convinced me to avoid that thing like the plague. The ads are intentionally tricky. It’s scary stuff. What’s more, I’ve heard from people who were dumb enough to try it that it is almost impossible to remove once installed.
MacKeeper is malware that played on the fears of Windows users who had switched the Macs and were used to running anti-Virus/anti-Malware and third-party utilities to keep their Windows machines clean and in tip-top running condition. So they were prime candidates for a heavily advertised Faux application that promised to do all of that. . . even though ALL of that is totally unnecessary on an OS X Mac. . . because they did not believe it wasn't necessary. Macs ARE superior in that way. They do not need any of those apps. They do not NEED anti-virus apps. Macs don't NEED anti-Malware apps. Mac certainly don't NEED third-party utilities to keep them clean and running in tip-top shape because the OS automatically does all that. In fact, MacKeeper turns OFF most of the built-in protections and utilities that do those those routine house keep tasks, including some that MacKeeper doesn't do itself!
These new Windows ex-patriot Mac users bought MacKeeper in droves, opening their machines to the Malware that is and was MacKeeper.
You will NOT hear me, a Mac defender, saying that MacKeeper isn't Malware. . . because I have been warning people against MacKeeper AS malware for years!
I will not defend stupid users either, but OS X Mac will generally keep even them from doing stupid things. It even WARNS them about MacKeeper.
You can say that again.
Oh, you did.
OK.
I’ve been having trouble with my mouse recently. Or, at least, I think it’s my mouse. It seems to double-click when I click it once. I’m not sure what’s going on. I’ll get a new mouse this afternoon and see if that solves the problem.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.