To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hi Gadi,
I think you've gone a bit over the top here. I use Macs in preference to
Windows because it reduces my system administration demands to tiny levels.
I can focus on my business, not a blizzard of meaningless messages, a welter
of updates requiring reboots, and bizarre, partially documented application
crashes, reboots, infections, reinstallations, Windows Genuine Annoyance,
etc.
InfoSec is there to make sure that I can run my business, not as an end in
itself. It *prevents* profit making activity by having effort expended on
internal needs. So if the Mac hasn't *needed* higher level of security
hoops, previously, that's good. So long as weaknesses are fixed *when
needed*, I'm a happy bunny. If there's a Day Zero attack that hits a Mac,
I'll be disappointed, but it's not a uniquely Mac situation to be in... If
the failure was an obvious weakness, I'm actually still pretty sanguine,
because it hasn't yet been exploited, despite being "well known".
However, *this* codec installation tease is a social engineering attack. It
isn't exploiting a Mac vulnerability. It doesn't do privilige escalation,
but relies on an authorised user to do something foolish. That can happen on
any OS. The main defence against this kind of attack on a secure OS, is that
the user is aware of the problems involved in changing security levels.
Practically, what defence *could* have been offered on Macs to defend
against *this* attack? An active AV system with a signature file? I think
that's about it. Certainly not any scary story of DNS or other as yet
unexpolited vulnerabilities.
This isn't a virally propagated, privilege escalating infection. I remain an
unflustered Mac user, but I will be reminding my colleagues that they
shouldn't install software that they don't trust. In a couple of cases, I
may revoke system admin privileges, where I think that certain users don't
have enough technical knowledge to assess the threat. So... important, but
not yet scary and not yet enough to make me concerned that I should be
switching to another OS, or seriously concerned by Mac vulnerabilities.
And this has, so far, little to do with botnets... Unless this SE attack is
installing a bot. Is it? What does the bot do? Is there a signature? That'd
be interesting :)
Cheers, JeremyC.
--
Jeremy Chatfield
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
