Free Republic

On Friday, I wrote about how Gizmodo's Twitter account was hacked. It turns out that this was Apple's fault. Let's take a step back. Over the weekend, it quickly became clear that the bigger story was how the whole thing started. First, former Gizmodo employee Mat Honan's iCloud account was hacked. The hacker then remotely wiped his iPhone, iPad, and MacBook Air, got into his Gmail account, his Twitter account, and finally Gizmodo's Twitter account. When this came to light, I updated my article with a link to Honan's blog: Emptyage. Once Honan regained access to his iCloud account, he...

DENVER — It’s a “rude awakening” for millions of Mac users around the world. For the first time ever, a widespread computer virus is infecting machines thought to be immune. Apple is scrambling, amid criticism, to fix the problems. This is what you want to avoid, a red perfectly legit looking Adobe pop up screen telling you to update your flash player. It could allow attackers to get all of your personal information. It is a real wake up call for so many of us who assumed our Mac’s are virus proof. Many are criticizing apple for being slow to...

Despite what you may have heard, Apple products are not immune to viruses and other computer attacks. In 2007 an annual computer security conference called CanSecWest sought to prove this point by hosting a hacking contest called Pwn2Own. They offered $10,000 plus the MacBook being used to anyone who could successfully break into the brand new, fully patched MacBook running Tiger. (The name Pwn2Own comes from the hacker word "Pwn" which means to take over a computer, so you Pwn the computer to own the computer). Any vulnerabilities used in the contest would have to be given to the organizers...

Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the wireless-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

New hires are being given the choice of using Macs or LinuxGoogle is one of the most creative and powerful tech companies in the world, thus its actions are scrutinized at times.  However, it's hard not to see a bit of significance in this one -- Google is reportedly phasing out Windows due to security concerns. News of the plan broke as Google remains reeling from a major intrusion by Chinese hackers which occurred using an unprotected flaw in Internet Explorer 6.  Back in early February, Google announced that it would be dropping dedicated support for Internet Explorer 6, leaving a fifth of...

About the content of Security Update 2010-003 Last Modified: April 14, 2010 Article: HT4131 Products Affected Product Security, Mac OS X Server 10.5, Mac OS X 10.5, Mac OS X 10.6, Mac OS X Server 10.6Security Update 2010-003 ATS CVE-ID: CVE-2010-1120 Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. Description: An unchecked index issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a...

Usually on a Patch Tuesday, the discussion turns to Microsoft; but amid a very light round of Windows fixes, it's Adobe in the spotlight today. Last month, a serious and potentially easily exploitable vulnerability was found in a JavaScript API call, DocMedia.NewPlayer -- a situation where an intentionally crafted PDF file could invoke the call, deallocate the memory allocated when the media player is generated, and then execute the code in that de-allocated memory, without need for privilege. Adobe Reader 9.3 was released today, right on schedule, to address this issue. In the meantime, the company is realizing the changing...

Apple’s sleek $49 Mac keyboards can be hacked and infected with keystroke loggers and impossible-to-detect rootkits, according to a security researcher presenting at this year’s Black Hat/DEFCON conferences. The researcher, known only as “K. Chen,” found a way to reverse engineer and tamper with the keyboard’s firmware upgrade. With the firmware under control, an attacker can subvert the keyboard by embedding malicious code that allows a rootkit to survive a clean re-installation of the host operating system. Chen, from the Georgia Institute of Technology, said malicious code embedded into the firmware would be immune to the typical rootkit detection methods...

Symantec says a new worm targeting Mac OS X spreads via email and network shares. But is it really a threat?According to Symantec, the Tored worm spreads through network shares and by emailing itself to addresses gathered from the infected computer's Address Book. It opens a back door to the computer, allowing it to be conscripted into distributed denial of service attacks as well as logging keystrokes (which could be used to steal passwords and other confidential information). There is no indication that Tored can execute without user intervention. For example, Symantec does not seem to suggest that there are...

Mac owners have been urged to be wary of a new threat that targets the Apple computer as well as Windows-based PCs. Researchers at security firm Sophos have discovered the OSX/RSPlug Trojan horse, which is being distributed on websites offering fake HDTV software. "Mac users are no different to Windows users when it comes to falling for social-engineering tricks like this - they are just as likely to install and run this program on their computer if they believe it will help them watch high-definition TV," said Graham Cluley of Sophos. Apple Mac malware: Caught on camera from Sophos Labs...

QuickTime JavaScript worm spreads via MySpace Monday, December 04, 2006 - 01:39 PM EST Websense Security Labs has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple's embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list. The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site. Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified...

Source code for a Mac virus has gone public, a security company warned Friday, and although the original doesn't carry a malicious payload, more dangerous variants can be expected. The virus, dubbed "OSX.Macarena" by Symantec, targets some, but not all, Mac OS X Mach-O executables. Mach-O is the format used by Apple Computer Inc.'s operating system for native executables, libraries, and object code. According to Symantec, OSX.Macarena, isn't designed to infect PowerPC Mach-O binaries, nor Universal binaries, those meant to run on both the PowerPC and Intel Mac platforms. "Although methods of infecting Mach-O binaries have been publicly available for...

Weird things are happening these days. The Red Sox win the World Series (in four games, yet!)—and hackers hit the Macintosh. It’s hard to say which is the stranger event. The Apple community has—since its inception—been largely immune to nefarious hackers bent on spreading harm. If you are a Windows user, as I am, you know the routine. You complain about the latest spyware or virus attack, and Apple devotees respond with good-natured teasing—they don’t have worry about such nonsense. Well, now they do. That’s not true anymore. Predictably, posts on various Apple-related message boards have been offering varying levels...