http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/ Miscellaneous ramblings on miscellaneous topics Mon, 06 Feb 2012 22:18:11 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/comment-page-1/#comment-1829 Head Geek Thu, 31 Jul 2008 02:41:00 +0000 http://geekblog.oakcircle.com/?p=609#comment-1829 <p>Ah. Yes, other programs are still vulnerable, until their authors provide secure (signed) updates.</p> Ah. Yes, other programs are still vulnerable, until their authors provide secure (signed) updates.

]]> http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/comment-page-1/#comment-1827 Ploni Almoni Wed, 30 Jul 2008 21:21:49 +0000 http://geekblog.oakcircle.com/?p=609#comment-1827 <p>Not for plug-ins and other updates. I wasn't thinking of Windows Update.</p> Not for plug-ins and other updates. I wasn’t thinking of Windows Update.

]]> http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/comment-page-1/#comment-1826 Head Geek Wed, 30 Jul 2008 15:06:17 +0000 http://geekblog.oakcircle.com/?p=609#comment-1826 <p>If he's running Windows, he's probably safe -- as mentioned above, Microsoft is almost certain to be using code-signing already.</p> If he’s running Windows, he’s probably safe — as mentioned above, Microsoft is almost certain to be using code-signing already.

]]> http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/comment-page-1/#comment-1825 Ploni Almoni Wed, 30 Jul 2008 12:13:33 +0000 http://geekblog.oakcircle.com/?p=609#comment-1825 <p>What is really bad about this is that I'd been trying to encourage a friend who's system keeps getting infected to pay attention to update messages and not worry if they are going to "mess up his computer", now I have to worry about this and am not sure if I feel confident in telling him that the benefits outweigh the risks. (Forget about getting him to update manually - like most computer users he prefers to take the path of least resistance, a bad course to take if you use Windows.)</p> What is really bad about this is that I’d been trying to encourage a friend who’s system keeps getting infected to pay attention to update messages and not worry if they are going to “mess up his computer”, now I have to worry about this and am not sure if I feel confident in telling him that the benefits outweigh the risks. (Forget about getting him to update manually – like most computer users he prefers to take the path of least resistance, a bad course to take if you use Windows.)

]]> http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/comment-page-1/#comment-1824 Ploni Almoni Wed, 30 Jul 2008 12:11:01 +0000 http://geekblog.oakcircle.com/?p=609#comment-1824 <p>Yeah, I also note Open Office is in the list - so try to apply updates only from the website I guess, and hope it too hasn't been forged.</p> Yeah, I also note Open Office is in the list – so try to apply updates only from the website I guess, and hope it too hasn’t been forged.

]]> http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/comment-page-1/#comment-1823 Head Geek Tue, 29 Jul 2008 21:29:44 +0000 http://geekblog.oakcircle.com/?p=609#comment-1823 <p>As the article says, DNS cache poisoning is only the latest way to set up the man-in-the-middle attack. I know of at least a couple others, and I just watch this stuff out of curiosity -- you can bet that anyone actually doing something with it knows a lot more.</p> As the article says, DNS cache poisoning is only the latest way to set up the man-in-the-middle attack. I know of at least a couple others, and I just watch this stuff out of curiosity — you can bet that anyone actually doing something with it knows a lot more.

]]> http://geekblog.oakcircle.com/2008/07/28/exploit-code-targets-mac-os-x-itunes-java-winzip/comment-page-1/#comment-1822 Ploni Almoni Tue, 29 Jul 2008 15:03:56 +0000 http://geekblog.oakcircle.com/?p=609#comment-1822 <p>OS X Leopard has code-signing features. Trust Apple to have a security feature but not use it, assuming this is a Leopard exploit and not just Tiger and earlier. Of course, one's susceptibility is much reduced if one uses OpenDNS - the man in the middle attack usually relies on cache poisoning. Speaking of which, APPLE? PATCH BIND ON OS X! (Assuming anyone uses OS X as a DNS server... :-) )</p> OS X Leopard has code-signing features. Trust Apple to have a security feature but not use it, assuming this is a Leopard exploit and not just Tiger and earlier. Of course, one’s susceptibility is much reduced if one uses OpenDNS – the man in the middle attack usually relies on cache poisoning. Speaking of which, APPLE? PATCH BIND ON OS X! (Assuming anyone uses OS X as a DNS server… )

]]>