Your Experiences with being hacked, envirused, etc, How Recent, How Often

[beowulff]

ParkedHampster:

MITM

But, that’s not what you said, is it?
You said:

The problem with public wifi is that anyone at all can sit outside the shop and get everything you pass through the router with almost no effort.

Your exploit requires that you use THEIR WiFi.

[lazybratsche]

Right, but how do you know who is running the wifi network you’re connecting to? Anyone can sit outside a coffee shop and give their network a name and password that looks like it’s official. With a tiny bit more work and risk, they might be able to disable the actual network (just unplug the access point that’s sitting on a shelf next to where all the customers are). How would you distinguish a malicious fake from the real network?

[ParkedHampster]

beowulff:

But, that’s not what you said, is it?
You said:

Your exploit requires that you use THEIR WiFi.

Which you can still do from outside?
My point was that you can easily pull information without making it obvious. Maybe not via sniffinf SSL traffic but with an MITM attack, that’s not an issue. The only thing that you can really do there is a VPN

[RealityChuck]

I’ve had the occasional malware, but nothing I couldn’t deal with. Most are usually web browser malware.

Years ago, my computer was infected with the stoned virus for months. But that didn’t cause problems. All it did was put itself onto any floppy disk you used; if you booted from the floppy (usually accidentally if it was left in the drive), you’d get the message “This computer is stoned!” and then you’d infect any floppy you used. Once Windows replaced DOS, this no longer was an issue.

I do spend a lot of time cleaning malware off student computers. It’s also beginning to show up on Macs.

[Kenm]

AHunter3:

What type of device and OS (if applicable/known) was involved? Macs

Was it pre-OS X?

I’ve never had a virus, worm or spyware on wi-fi or directly connected to cable or landline, going back to 1991 and beginning with Z-Term, then dial-up then ethernet. Mac System 7 to Yosemite 10.10.4 and iOS 4.2.1 to iOS 8.4.

I run a ClamAV scan on my desktop machine once or twice a year, to trash any viruses that may have piggybacked on emails from Windows users.

[AHunter3]

Kenm:

[QUOTE=AHunter3]
What type of device and OS (if applicable/known) was involved? Macs

Was it pre-OS X?
[/quote]

Hell yeah, it was System 4! did you see the part where I said “1986, nothing since then”?

I’ve never had a virus, worm or spyware on wi-fi or directly connected to cable or landline, going back to 1991 and beginning with Z-Term, then dial-up then ethernet. Mac System 7 to Yosemite 10.10.4 and iOS 4.2.1 to iOS 8.4.

Same here. The last time I was hit by malware, it was an infection of nVir A passed to me via a floppy disk. And my operating system was itself on a floppy disk for that matter!

[AHunter3]

RealityChuck:

It’s also beginning to show up on Macs.

Can you elaborate on malware and viruses etc that are beginning to show up on Macs?

Ignoring for the moment Windows viruses that just use Macs as Typhoid Marys in hopes of jumping to a Windows PC, what’s out there that we Mac folk ought to be wary about? I used to feel like I was being kept current & up to date on such matters by being subscribed to a relevant email digest, then after that by being on the MacOSX Hints web forum, but that’s all defunct now and I’ve lost the habit of reading up on Mac news posted by other Mac users.

[Kenm]

AHunter3:

Can you elaborate on malware and viruses etc that are beginning to show up on Macs?

No virus, but there’s the computer-lab-invented Thunderstrike 2 worm (not showing up on Macs yet, if ever, though).

How worried should I be?

Not very. Attacks against EFI aren’t new and using peripherals as attack vectors aren’t new. Thunderstrike 2 circumvents protections put in place to prevent the original Thunderstrike and combines both internet and sneakernet attack vectors, but it’s in the proof-of-concept stage right now and few if any people need to to worry about it in the real world.

[lazybratsche]

Here’s one example of a very serious OS X vulnerability from just last week. ETA: This was found “in the wild”, and used to install malware so while it’s not as bad as some of the worst Flash-based browser hijacks, it is pretty bad news. I don’t follow Mac security news in general, but I have seen other reports of serious OS X security flaws from time to time.

[Kenm]

lazybratsche:

Here’s one example of a very serious OS X vulnerability from just last week.

It’s not very serious.

From the comments beneath the linked story:

Setting Apple’s gatekeeper mechanism to “Allow apps downloaded from App store and identified developers” (which is the default) would entirely prevent this problem. If I’m missing something and this is really a “drive by attack” then please clarify that in the article.

Especially please get rid of the “no good options” section which is patently untrue and which you copied almost verbatim from Malwarebytes. Standard security settings already built into OS X prevent this problem.

At the bottom of the report, Ars Technica says it deleted “drive-by” in its headline and lede paragraph. Because it isn’t.

Gatekeeper is the OS X settings control that gives users three download choices:

• Blocking all downloads except those from the Apple Store

ª Blocking all downloads except those from the Apple Store and apps that carry an Apple signed certificate

• No blocks. Download anything from anywhere. At your peril.

[lazybratsche]

Further down in the comments, one of the Malwarebytes researchers who wrote the original story said this in response to the comment you quoted:

thomasreed:

As the author of the Malwarebytes blog post that broke this story, I can qualitatively say that this is not actually the case. The systems we used in testing this issue all had Gatekeeper set to exactly that setting. This works because the installer app is actually signed with a valid Apple Developer ID.

Unfortunately, Gatekeeper is not a guarantee of safety. If a hacker can manage to make more than $99 on their scam software, they can afford to throw away the Apple ID once Apple discovers what they’re doing and revokes it.

Further, note that our testing shows that the vulnerability is even effective from the Guest account on OS X… so if you let someone borrow your Mac, and they download and run the wrong app, your Mac could end up infected.

[AHunter3]

Sounds like I, with my old-fogey luddite insistence on remaining with 10.6.8, am not at risk on this particular one. But thanks for the info, it sounds like a real & legitimate concern for folks running 10.10.x. What else is out there? (actually out there “in the wild” like this one, I mean)?

[Kenm]

lazybratsche:

Further down in the comments, one of the Malwarebytes researchers who wrote the original story said this in response to the comment you quoted:

Lovely.

[Kenm]

Further down the third page of comments is this:

Fortunately, although the Developer ID doesn’t pose a barrier for entry, as it was initially speculated to do when Gatekeeper was new, it does provide Apple with a convenient way to kill malware once it’s discovered. They just revoke the ID and all certificates registered to it, and the app won’t open anymore.

In fact, the adware installer that triggered this story no longer works… sometime between 4:30 pm Eastern time yesterday and 6:30 am this morning, Apple revoked that Developer ID.

So that particular piece of malware is blocked, but the security hole still exists.

I have a Snow Leopard install DVD. Maybe I should use it.