Re: [botnets] re MAC trojan (fwd)

[reepex <reepex () gmail com>]

seriously dude wtf ... have you even put any research or thought into this
topic? All you have done is paste other peoples sayings, links, and research
and spam them to mailing lists to get your name on this topic just like the
sendmail, solaris ftp, vnc, and every other bug that comes out.

Get a fucking life and learn how to do your own research. Why do you even
partake in the lists - we could easily replace you with a bot that forwards
mails between lists and then we would have to read your (stolen) crap all
the time.

On Nov 1, 2007 7:55 PM, Gadi Evron <ge () linuxbox org> wrote:

> There have been many threads on this subject, but I believe this post
> below covers what some of us are trying to say on why this issue is
> significant.
>
> Obviously some people are far more articulate than me.
>
>
> ---------- Forwarded message ----------
> Date: Thu, 1 Nov 2007 16:47:17 -0400
> From: PinkFreud <pf-botnets () mirkwood net>
> To: Gary Flynn <flynngn () jmu edu>
> Cc: botnets () whitestar linuxbox org
> Subject: Re: [botnets] re MAC trojan
>
> To report a botnet PRIVATELY please email: c2report () isotf org
> ----------
> [My apologies if this has already been covered - I started this email a
> few hours ago, and haven't had a chance to finish it until now.]
>
>
> I think the point Gadi (and Alex of Sunbelt Software, in his original
> blog entry) is trying to make is that professional malware authors have
> begun to take notice of Apple.  As a piece of malware goes, this trojan
> is nothing remarkable in itself, other than the fact that it's aimed at
> Mac users.
>
> As Gadi mentioned, there are a number of known issues that Apple has
> yet to address.  If the professional malware authors are now taking aim
> at Mac users, Apple appears to be making it easy for them.
>
> There are a few comments that I've seen in this thread that are rather
> worrisome:
>
> ::: Interspace System Department
> > Relax. MAC users are not that stupid as MS users...
>
> Are you a Mac user?  If so, you just proved yourself wrong with that
> statement.  :)</flame>
>
> Users are users, and their knowledge of computers varies greatly from
> one to the next.  I've supported a number of Mac users who tend to be
> clueless when it comes to computers, and I've supported Mac users who
> know quite a bit about the machines they use.  Like any Windows or *nix
> user, Mac users can - and will - fall prey to this kind of scheme.
>
> Again, the trojan is not what's important here.  The fact that it was
> written for Macs is particularly noteworthy, however.
>
>
> ::: Jeremy Chatfield
> > InfoSec is there to make sure that I can run my business, not as an end
> in
> > itself. It *prevents* profit making activity by having effort expended
> on
> > internal needs. So if the Mac hasn't *needed* higher level of security
> > hoops, previously, that's good. So long as weaknesses are fixed *when
> > needed*, I'm a happy bunny. If there's a Day Zero attack that hits a
> Mac,
> > I'll be disappointed, but it's not a uniquely Mac situation to be in...
> If
> > the failure was an obvious weakness, I'm actually still pretty sanguine,
> > because it hasn't yet been exploited, despite being "well known".
>
> Security issues should be fixed as soon as feasable, not 'when needed'.
> If all security vulnerabilities were fixed 'when needed', the malware
> authors would be having a field day (which, of course, implies they're
> not already... hmmmm.).
>
> Apple has a history of badly-written software.  As far as recent
> examples go, take a look at tar and rsync on Tiger (10.4) - they've
> been modified to support extended attributes like ACLs and resource
> forks, and they're quite broken - extended attribute support introduces
> a serious memory leak.
>
> If that doesn't quite hit home, you can get a further idea of how their
> software is written by taking a look at the man page for sharing(1), on
> OS X Server (for those of you without access to OS X Server, take a
> look at
>
> http://developer.apple.com/DOCUMENTATION/Darwin/Reference/ManPages/man1/sharing.1.html
> ).  Pay particular attention to the description for the -s, -g, and -i
> options - do their developers (or tech writers) know the difference
> between AND and OR?  :)
>
>
>
> On Thu, Nov 01, 2007 at 08:56:22AM -0400, Gary Flynn babbled thus:
> > This is nothing more than simple downloadable malware exacerbated
> > somewhat by permissive configuration settings. It exploits no
> > security defects.
> >
> > As I understand it, the operator is given multiple opportunities
> > to refuse the program:
> >
> > http://www.jmu.edu/computing/security/#macmalware
> >
> > (I'm only subscribed to the archive so I apologize if this
> >   has been already pointed out or already proven incorrect
> >   today)
> >
> > --
> > Gary Flynn
> > Security Engineer
> > James Madison University
> > www.jmu.edu/computing/security
>
> --
> PinkFreud
> Chief of Security, Nightstar IRC network
> irc.nightstar.net | www.nightstar.net
> Server Administrator - Blargh.CA.US.Nightstar.Net
> Unsolicited advertisements sent to this address are NOT welcome.
> _______________________________________________
> To report a botnet PRIVATELY please email: c2report () isotf org
> All list and server information are public and available to law
> enforcement upon request.
> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/