Apple is developing software that will detect and remove the Flashback malware.
Wednesday, April 11, 2012
Apple working on Flashback removal tool
Posted yesterday on an Apple Support document (via AppleInsider):
Friday, April 6, 2012
Flashback Trojan for Macs
At 600k infections, the Flashback Trojan for Macs appears to be real. Best I can tell, a vulnerability with Java lets the attacker try to install something, and if the user enters their username and password it gets in elevated privileges. According to Gruber apparently even "sophisticated" people have been fooled into it.
Us Mac users have been spoiled.
So what to do? Well, if you trust me, download this script:
http://head-lights.s3.amazonaws.com/files/FlashbackChecker_v0.1.app.zip
... double-click the .zip file to decompress the .app, then double-click the .app file. It's a simple Applescript that checks for the 5 evidences of Flashback that F-secure, Mashable, and cnet contributors have found. It'll pop-up a dialog telling you whether you need to worry or not.
If you're infected (or if you don't trust me =) ), that cnet link can help you through it yourself.
Apple already has a fix, so if you're clean, just update your system if you haven't lately.
You might be tempted to think this marks the end of virus-free Macs -- and it might be, but I doubt it.Note, you still had to enter your username and password for it to get installed, so if you open your door to a surly guy holding a pipe-wrench behind his back, it's hard to blame the people who made your door locks if he comes in. And it's already fixed. Also, Apple's new OS (Mountain Lion) enables whitelisting (sandboxing/code-signing), meaning that if you have the setting turned on, only apps that have gone through Apple's screening process will be allowed to run, and even then they're only allowed to do things they have permission to do.
* UPDATED with info from Macworld story, apparently it installs just by visiting a malicious website.
Us Mac users have been spoiled.
So what to do? Well, if you trust me, download this script:
http://head-lights.s3.amazonaws.com/files/FlashbackChecker_v0.1.app.zip
... double-click the .zip file to decompress the .app, then double-click the .app file. It's a simple Applescript that checks for the 5 evidences of Flashback that F-secure, Mashable, and cnet contributors have found. It'll pop-up a dialog telling you whether you need to worry or not.
If you're infected (or if you don't trust me =) ), that cnet link can help you through it yourself.
Apple already has a fix, so if you're clean, just update your system if you haven't lately.
You might be tempted to think this marks the end of virus-free Macs -- and it might be, but I doubt it.
* UPDATED with info from Macworld story, apparently it installs just by visiting a malicious website.
Saturday, January 21, 2012
Tuesday, January 17, 2012
Wikipedia blackout
Does anyone else worry about the wikipedia blackout? Somehow the world has come together to amass the most comprehensive respository of information anywhere, and yet it is still controlled by the hands of a select few people. If they want to shut it down, down it goes.
Something feels wrong about that. The mantra of wikipedia was that information should be free, and that wikipedia was to be the sum of the best minds in the world -- that willingly and freely improving the quality of information there was contributing to the advancement of humanity itself. But now the entire repository is being held hostage by a handful of people to protest some bill in Congress that most of us know nothing about.
What if a rogue admin at wikipedia were to plant some code that at a given day would wipe the entire database and corrupt all the backups. Is that not impossible? And how many man-millenia would be lost if it happened?
Either the US government or Google should be actively mirroring the entire website so if Jimmy Wales* or one of his people goes crazy and wipes the whole thing, all that information would not be lost.
* Incidentally, Jimmy is from Huntsville.
Something feels wrong about that. The mantra of wikipedia was that information should be free, and that wikipedia was to be the sum of the best minds in the world -- that willingly and freely improving the quality of information there was contributing to the advancement of humanity itself. But now the entire repository is being held hostage by a handful of people to protest some bill in Congress that most of us know nothing about.
What if a rogue admin at wikipedia were to plant some code that at a given day would wipe the entire database and corrupt all the backups. Is that not impossible? And how many man-millenia would be lost if it happened?
Either the US government or Google should be actively mirroring the entire website so if Jimmy Wales* or one of his people goes crazy and wipes the whole thing, all that information would not be lost.
* Incidentally, Jimmy is from Huntsville.
Sunday, January 15, 2012
How to become exceptional
From SuperFreakonomics by Steven D. Levitt and Stephen J. Dubner:"A lot of people believe there are some inherent limits they were born with," he says. "But there is surprisingly little hard evidence that anyone could attain any kind of exceptional performance without spending a lot of time perfecting it." Or, put another way, expert performers -- whether in soccer or piano playing, surgery or computer programming -- are nearly always made, not born.I'm not sure how this applies to little kids, they have no idea what they love. A wise person recently told me, "Kids tend to like things they're good at."
And yes, just as your grandmother always told you, practice does make perfect. But not just willy-nilly practice. Mastery arrives through what Ericsson calls "deliberate practice." This entails more than simply playing a C-minor scale a hundred times or hitting tennis serves until your shoulder pops out of its socket. Deliberate practice has three key components: setting specific goals; obtaining immediate feedback; and concentrating as much on technique as on outcome.
The people who become excellent at a given thing aren't necessarily the same ones who seemed to be "gifted" at a young age. This suggests that when it comes to choosing a life path, people should do what they love -- yes, your nana told you this too -- because if you don't love what you're doing, you are unlikely to work hard enough to get very good at it.
Those last two paragraphs sound contradictory, but I have a feeling they're just true at different times in people's lives.
Tuesday, January 10, 2012
What to buy
Mom, Dad, check out thewirecutter.com -- I agree with pretty much everything I've seen on there. Nice summary of the best of what to buy when it comes to electronics.
Via DF, of course.
Via DF, of course.
Wednesday, November 30, 2011
Android phones come with spyware preinstalled?
Not exactly sure what all this Carrier IQ stuff (via DF, of course) on Android and Blackberry is about yet, but the smartphone landscape right now reminds me of the middle ages when marauding bands would roam over the countrysides -- "pillage and burn". Castles were principally built for safety during this period, and I imagine they were enviable places to live.When you choose Android, you're choosing life out in the countryside, free from rules and limitations, but at risk of having 30 guys show up and dragging you out, stealing all your stuff and burning the house down (spy- and malware).
When you choose Apple, you choose life within castle walls. Doors are closely guarded, and the vast grounds are kept neat and friendly. Come and go (i.e. surf the internet) as you please, but home (your phone OS and apps) are by all measures safe. Pretty easy to be happy as long as you trust the lords of the castle.
The question a smartphone buyer has to answer is this: do I feel safe inside castle walls, or imprisoned?
Subscribe to:
Posts (Atom)
Does anyone read this thing?