Dedicated to my late brave, beautiful and silly mummy, Debra Ross. I love you mumster.

Skip navigation

Category archive for security

Because archives are so much easier than having just hundreds of posts on the home page. I learned that the hard way.

A philosophical security question

2008.03.24 – 19.27

If implementing a standard leads to an unavoidable security hole, should you follow it?

By Ruben Schade | Also posted in formats | Comments (3)

Dodgy Windows virus scanner on FreeBSD!

2008.03.23 – 23.49

For some reason this evening while searching for information about how to grate cheese using only rubber bands MacGyver style (or maybe while I was searching for SQlite information for Ruby, I don’t remember) a random message box popped up:

Your Windows installation could be infected with viruses!

Given I’m on FreeBSD (they didn’t even check whether their victim was running Windows?!), just for a laugh I decided to click OK and see what they showed!

Really dodgy fake Windows virus scanner

I was expecting the usual silly looking website with affiliate links for piles of overpriced and unnecessary security software, but instead a new fake web software screen appeared, complete with animated progress bars and an evolving list of "infections" that the "software" had "detected". When it was done another fake message appeared which linked to an executable file to download, presumably containing spyware or a virus. Taking a look at the source on the page itself, each button triggered the same JavaScript download function.

ASIDE: The JavaScript code took up more space than any of the HTML. I’ve never seen that before, quite eye opening. Scams like this need more 1337 programming skills than I thought. And all the more reason to disable JavaScript except for trusted sites!

I must say, despite the fact the Windows logo is different in four different places and the grammar is terrible, the animations and fake scan results are pretty well done. For most savvy and intermediate computer users the flaws would be pretty obvious and they’d probably laugh them off, but the scary thing is I’m sure there are plenty of people who would find this whole shameless charade convincing. Just like all these hoaxes, they seem to target this group; heck if they can net one person out of a few thousand, the whole exercise has been… how does Richard Quest put it… profitable.

Malware distributor, I stick my tongue out at thee!
Malware distributor, I stick my tongue out at thee!

For what it’s worth though, and on the bright side, it was really hilarious seeing this whole thing act itself out… in KDE on a FreeBSD machine where the windows look completely different, the colours don’t match, the fonts aren’t even the same and the .exe file it tried to download to the machine wouldn’t have been able to run itself even if it did make it to the hard drive to start off with!

Sorry guys, there’s no Microsoft Windows code to exploit on this machine!

By Ruben Schade | Also posted in bsd, kde, redmond, screenshots, spam | Comments (1)

How to run Internet Explorer securely?

2007.12.06 – 11.48

To comment on any article or weblog post over on ZDNet you must register and hand over more information than I needed to open a bank account here in Singapore! That aside though, after you’ve filled in the registration form you scroll down the page and are given a list of checkboxes next to newsletters you want to subscribe to.

As you can see I unchecked every single one, yet every day now I get two Windows ZDNet tech newsletters which are especially useful to a Mac and FreeBSD user such as myself… go figure!

Anyway one of the articles which I received in my inbox was entitled How to run Internet Explorer securely which includes a string of screenshots like this one:

Evil IE

And here I was under the impression that the best way to securely use Internet Explorer was to uninstall it along with Windows and install FreeBSD or Linux with Firefox or Opera! In fact that first point is even the recommendation of US federal authorities:

The Computer Emergency Response Team or CERT which advises the US Government has warned that users should stop using Internet Explorer for surfing the web. The world’s most popular browser, it has been described as being riddled with security flaws and is vulnerable against hackers and snoopers.

A number of leading organisations have also backed the move away from Internet Explorer as a recent investigation has shown that criminals can exploit the program to record keystrokes inputted by the users, so that they may steal credit card and other personal information and use the details for their own gain.

Johannes Ulrich, CTO for Sans Internet Security stated that the recently exposed flaws were a wake up call for users to switch to another browser. He continued to say to keep on using Internet Explorer is like playing the lottery.

- adamantean.com

By Ruben Schade | Also posted in funny, redmond | Comments (0)

Scary dubious Javascript evil

2007.11.19 – 18.52

Scared!

It wasn’t until after I uploaded that picture that I realised how BIG it was. My sincerest apologies for absorbing an excessive amount of your screen real estate. But she looked scared right, and this post is about scary stuff, right? Right?

With all the talk these days about phishing and non-trustworthy websites that contain all kinds of evil, I really haven’t come across that many of them. Perhaps what I search for on the intertubes or the material that I download just doesn’t take me to shady areas. Plus given the fact I don’t use Microsoft Windows on any production machines (or any machine with a network connection!) I tend to feel fairly safe.

Today though I was given a rude reminder that I still need to be assertive when it comes to intertube nasties: I typed a URL incorrectly and after several bizarre redirects ended up at the website of Face Software Inc at Face.com (I’m not linking directly to them for obvious reasons):

Dubious Face.com

ASIDE: Does look funny having fake Windows alert dialog boxes on a clean install of Mac OS X Leopard!

So I took a look at the source code: nearly the entire page is generated with Javascript, and many other dubiously titled scripts are linked to within that code. That really is fishy, because there is really no reason for static material like headings or paragraphs to be generated by Javascript unless it was designed to either spoof something or execute code on other servers automagically when you load their page. And I didn’t even dare click on the fake dialog boxes!

Scary stuff. Gives at least some credence to Steve Gibson’s tireless argument that you should disable Javascript in your browsers and only approve sites that you trust. Any good selective blockers for Camino or Konqueror anyone?

By Ruben Schade | Also posted in internet, mac os x, redmond, screenshots, spam | Comments (0)

Security changes in Mac OS X Leopard

2007.10.29 – 19.01

New wallpaper in Leopard!

Having used Mac OS X Leopard (Singapore, Australia) for the last few days on my MacBook Pro I’ve discovered many changes in security from OS X Tiger and earlier releases including some genuine surprises that threw me off guard! I’m posting what I’ve discovered here in the hopes it may be useful to other people.

NetInfo Manager is gone
A cursory glance at the Utilities folder will show NetInfo Manager has ceased to exist, like a certain Monty Python parrot. Some of the user specific features have been relegated to a very sneakily hidden menu in the Users panel of System Preferences.

NetInfo Manager is gone

If you want to change the UID or default shell assigned to a user for example, right click or CTRL click on the name of the user and click “Advanced Options” in the popup menu.

NetInfo Manager is gone

Firewall has moved
The Firewall has been moved in System Preferences from the “Sharing” panel to the “Security” panel. Reading comments on forums a lot of people are angry about this, but to me it makes perfect sense!
Firewall has been dumbed down
Aside from a crude menu that lets you add generic “.app” programs, there is no way now to create your own custom rules, port number assignments, UDP/TCP or anything whatsoever. I guess it’s back to the command line to configure these things.
Higher SSH encryption by default
If you open the /private/etc/sshd_config configuration file, Leopard ships with level 2 SSH security and without the option of falling back to level 1 like previous versions. This is a welcome change.
Graphically impossible to change your SSH port
But therein lies a problem! If you change your SSH listening port in your aforementioned sshd_config for obfuscation reasons, in the Leopard Firewall System Preferences pane there is no way whatsoever to open that SSH port because you’re limited to only creating generic rules based on .app’s and the Services you start in the “Sharing” panel; which will turn on port 22.

So some welcome security changes in Leopard, and you’ve got to hand it to Apple for trying to make configuring security more streamlined, but I’m disappointed that in doing so so much functionality has been lost. Hopefully Apple (or perhaps even a third party) will address the legitimate need to create custom Firewall permissions soon.

My machines with Leopard MacBook Pro!

If I’ve made any mistakes or you have anything to add, please post a comment. Cheers ^^.

Related Posts

By Ruben Schade | Also posted in apple, mac os x, technology | Comments (5)

Windows Vista, Nazism, Wikipedia

2007.01.27 – 12.33

You could either take this recent change on Windows Vista’s Wikipedia page as hilarious or disturbing:

vista_vandalism_thumb.png

While I agree Windows Vista is crap and Microsoft’s business practises have been nothing short of evil and unconsititutional in many respects, I don’t think you can compare Microsoft to a regime that murdered millions of people. Still, it does make a comment about how just one company can so readily and frequently abuse it’s customers with dangerously insecure software, intentionally confusing marketing and harsh, unresonable prices.

By Ruben Schade | Also posted in formats, redmond, screenshots, technology | Comments (0)

HSBC Doesn’t Like Camino!

2006.12.08 – 15.28

So I was sitting at the Coffee Bean and Tea Leaf in KLCC enjoying an Americano and waiting for the credit card I punched in to work and give me WiFi access.

One small snag: neither HSBC Internet Banking or HSBC “Verified By VISA” work in Camino!

HSBC Camino Error

From what I can tell it isn’t actually a fault in the browser, it’s the bank selectively supporting only a few browsers and kicking out the others. For security reasons this may be a good thing: by supporting less browsers they can focus more on the security on those browsers. Still, according to Wikipedia they’re net worth is in the trillions of dollars, so you would think they could afford to do a bit more cross compatibility work!

There are two ways around this problem. The most obvious way is to just use a different browser; the only one that I have got to work on a Mac is the OS X version of Mozilla Firefox.

The alternative for the more adventurous is to spoof your User Agent by using something like CamiTools to Firefox. Whether they’re are any security implications with doing this I’m not sure; given both browsers use the same rendering engine and the only difference between the two is the way the browser is physically drawn in the OS, I would think it would be okay, but then again… damn it why can’t they just support it officially? Grrrr.

Technorati Tags  , , , , , , , , , ,

By Ruben Schade | Also posted in apple, internet, networking, software, technology | Comments (0)

Guess I Should Run Software Update More Often!

2006.12.04 – 13.56

Ruben's MacBook Pro If you have a first generation MacBook Pro and haven’t run Software Update yet (yes, that would be me too!) you should run it right now not only to get Security Update 2006-007, but also the MacBook Pro EFI Firmware Update 1.2:

This EFI Firmware Update fixes several Boot Camp, start up, and wake-from-sleep issues on MacBook Pro computers.

After the firmware update is successfully applied to your computer, your Boot ROM Version will be:
MBP11.0055.B08 (MacBook Pro 15 inch)
MBP12.0061.B03 (MacBook Pro 17 inch)

If you’d rather download directly, click on the links above to visit the download pages.

Personally I haven’t had any of the aformentioned issues with Boot Camp, startup and wake-from-sleep modes, but I’ll be applying anyway.

Technorati Tags  , , , , , , ,

By Ruben Schade | Also posted in apple, software, technology | Comments (0)