Image via Wikipedia

I use linux. I prefer it over Windows for many reasons. It’s more resistant to viruses, less of a target, but that doesn’t mean that malware or other viruses are impossible. If someone were to trick me into running something and even worse, trick me into using my administrator password to install something system wide, it could be the same end result as a windows malware infection. To be fair Microsoft has improved their security over the years. They are still the most likely platform though to get a drive by virus just by visiting a site (with no user interaction.) That much said, Mac users and Linux users should avoid being smug. Why? They aren’t completely safe. No one is. Social engineering is the most common (and most effective) path to getting malware on a computer.

I’ve done computer service for a number of years. Mostly small groups, home users, small businesses. But sometimes at larger organizations. It has many times amazed me that people let me at their computer by explaining that I’m there to look at the computers and _________ sent me back. I many times remember Face from the A-team…. “Hi I’m billy bob and this is my assistant sparky – we had a trouble ticket filed about the _______ and need to check out your workstation.” I can’t think of any time that I ran into someone new that wanted to call and check with someone else. Not once in ~15 years.

Recently there’s news of Mac Shield a malware for the mac that resembles rogue antivirus software on windows. Apparently a popup appears claiming that your mac has an infection and your administrator password is needed to remove it. Once it receives the administrator password…. game over you NOW have malware and it’s going to serve up illicit content over a public webserver, it’s going to collect passwords, bank account logins, credit card numbers and who knows what else on your nice secure smug mac.

The key learning moment here should be that it’s the user that was vulnerable – not the system!

Smugness should step aside.

Now, if you’re a mid size company that hires outside computer help – do you have a procedure for making sure that the person showing up is who they say they are? if you are large enough for an in house it department – are there name tags and ways to know that this guy that says he’s “the new guy” in IT really IS with your company?

Unfortunately in most organizations you can’t have a quick look from an IT person everytime you have a popup claiming that you have a virus. So, it’s important to become familiar with the legitimate popups of your antivirus software so you can discern better what is authentic and what isn’t. Sorry, but even that is no silver bullet. The malware writers are clever and who knows they may find a way to mimic whatever is preinstalled on the system for antivirus.

This is for Mac or Linux. Their servers are VERY busy right now as you might imagine. But, if you’ve always wondered about crossover wine, see if you can get a copy today at Codeweavers main site. I was redirected to their DOWN page which is a lean page with the download links and a place to sign up for a license key. The license key you can register by the end of the month. Right now their server is crying since they’ve been dugg and slashdot’ted at the same time, but I’m sure it will be possible to slip in sometime today for a free copy of their polished product.

On a side note, I’ve been a paying crossover license owner for some time although on my current main laptop I’ve been using stock wine with VERY good results. If you look “up the food chain” though. Many of the good results we get in the free stock wine is thanks to the work at codeweavers. So…. in spite of todays free offer, they deserve the communities support if you believe that a working Windows compatibility layer is important to the future of operating systems such as Linux.

Good linux format review of the new features and the overall feel (if you can get to it this morning. The main openoffice.org site is down at the moment. New features include a plugin for pdf import, support for the new Microsoft XML docx style file formats (read only). Writer can show several pages at once in the zoomed out view (with editor notes in the margin). Calc can support 4 times the number of columns and has new collaboration features.

Sounds as though it’s a good all around improvement. The speed is about the same as the last version in the 2.x series in their comparison.

Windows users know chkdsk, linux users know fsck… users of each MIGHT have heard of SMART. These are different ways of TESTING hard drives. Well, there’s also a utility called TestDisk that looks promising for recovering data… Here’s the clip from their site. “free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a Partition Table). Partition table recovery using TestDisk is really easy.” It runs under a variety of OS’s and recognizes several different disk formats.

I’ve mentioned X-Plane before – it’s a flight simulator that strives to be as accurate flight modeling -wise as possible. Realism is one of their goals and it’s also unique in that it’s available for Mac/Windows and Linux (version 8 that is). (There is flightgear also, but X-Plane has still felt like better competition for Microsoft’s Flight Simulator line.) Anyway… Version 8 had linux support. Version 9 has beta’s out now for Windows and Mac, but there are rumors in the forums that version 9 may not see linux support. (Apparently the person in charge of the linux port has been hired by Google and was working on the linux port in his free time gratis…) I hope we’ll see a version 9 of X-Plane for linux. I wish I could lend help, but bash scripting is pretty much the zenith of my coding skills. (BTW – version 9 LOOKS nice from the screenshots I’ve seen. Here come a few more x-plane related thoughts….

X-Plane supports some cool plugins like this flight verification plugin that can generate a file readable by google earth for post flight analysis.

Here’s a manual for flying helicopters in x-plane

xplanefreeware.net Forums are one good resource for info and downloads for x-plane.

x-plane.org is another great resource (the main community following of x-plane seems to gather here.) Their forums especially are useful.)

And of course, the main site for X-Plane.

Oh, and The Xplane scenery blog is a good spot to watch for inside development info.

A refresher on nav-aids and instrument landings can be found here.

If you’ve been delaying on updating with the recent Apple Mac OS X updates…. don’t, there are exploits in the wild now for at least one. It’s speculated that this code may have been in the wild before Apple released the security updates.

Apple is fixing 15 security flaws with the 10.4.8 version upgrade of Mac OS X. (There is a second update as well…. Security Update 2006-006). In typical fashion there are a bundle of issues in these updates. Several address remotely exploitable vulnerabilities.

According to Incidents.org 10.4.8 addresses the following….

- connecting to wireless networks using the EAP-FAST protocol
- Apple USB modem reliability
- using OpenType fonts in Microsoft Word
- compatibility with 3rd party USB hubs
- scanner performance
- RAW camera support
- printing documents with Asian language names
- performance of the Translation widget
- broadband network performance

That didn’t sound too bad, but some of the bad issues are lumped in to the 2006-006 security update.

Some of the remotely exploitable vulnerabilities COULD be exploited merely by a user visiting a malicious website that was specially crafted to take advantage of the flaw. Patch away.

I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day… the intent here though is to use the word in this context…. “vulnerability has been released without giving the vendor an opportunity to patch…” Yes, the fun vulnerability weekend seems to be continuing – there’s a javascript zdnet has coverage it’s “impossible to patch” (?) from the individuals that have publicized it. The announcement came at Toorcon.

It affects firefox on all Operating Systems it looks like and can allow for remote code execution. The only workarounds suggested are the noscript extension and the possibility of browsing in a Virtual Machine.

(10/2/06 update)

It’s starting to look like THIS story may be falling apart….

The main purpose of our talk was to be humorous.

As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.

I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

I apologize to everyone involved, and I hope I have made everything as clear as possible.
Sincerely,
Mischa Spiegelmock

So, currently – the only flaw seems to be a remote browser crash. Still an issue, but not as bad as first claimed. Stay tuned.

–Update 10/3/06–

Now, I’m not prepared to say don’t worry about this…. as incidents.org notes DoS attacks against IE in the past have had a tendency to resurface as remote code execution vulnerabities…. so I wouldn’t be quite content with where things stand at the moment. That much said, there are many reports out now that this is a hoax.

Right now, I can say that the code presented at Toorcon apparently only leads to DoS and there have been no verifications of “30 exploits” for firefox’s javascript.

So, is firefox impervious to any and all web attacks – NO, just like any other software it has flaws, but the truth be told this does NOT appear to be the big problem we were initially led to believe. The SecurityFix has an angle on this that isn’t being covered too many other outlets. “We pretty much just wanted to have fun up there” and some other notes about their presentation and “research” on the flaw.

This leads me to conclude that they’ve pretty much succeeded in some ways towards one thing that they apparently urged people to do….

They ardently urged those in attendance to use their knowledge to “ruin things” as much as possible for Internet users.

The story of the boy that cried wolf comes to mind, ultimately crying wolf when there was none left the town defenseless when the wolf REALLY arrived. The same with computer security, we all lead busy lives and it’s important that if there’s a security problem it’s not a “crying wolf” incident. Too many incidents of JUST crying wolf over nothing and people ignore the warnings more and more. In fact, I think one reason many “average” people have such a hard time keeping their computers updated/antivirus up-to-date is the fact that there is just TOO much to keep up with. Windows, Office, Quicktime, Real player, Firefox, OpenOffice.org, AOL, Antivirus software, not to mention all the other add in toolbars and applications that people typically install. ALL these need to be kept up with updates and for many users you’ll find AT LEAST the list above installed on the system. Not to mention third party software that came with printers, digital cameras, etc. MANY times those 3rd party applications will act as a web client of sorts as well (for update notifications or who KNOWS what.) Add in to that the driver layer, like the Intel wireless drivers of recent note.

What they’ve done is muddy the waters and perhaps one more person has tuned out at this point, they found out firefox wasn’t safe and maybe it was a hoax, but many have the attitude they have nothing anyone would want to take anyway so they shouldn’t worry about computer security.

That much said, DoS vulnerabilities should be investigated and fixed, but this wasn’t quite the boogeyman it was built up to be.

Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over stating that because Apple denied being shown exploit code (slight semantic issue there…) Well… those driver vulnerabilities that must have not existed, were fixed today by Apple. Brian Krebs has the story, as well as incidents.org

What’s really interesting is that several remote code execution vulnerabilites are fixed in this update, but no credit is given to the company that presented the vulnerability, so it’s either “bad blood” over the issue or a matter of pride for Apple since they’ve not admitted the demonstrated vulnerability was actually in their driver. In fact…. according to the Security Fix post they (Apple) say…

“Basically, what happened is SecureWorks approached Apple with a potential flaw that they felt would affect the wireless drivers on Macs, but they didn’t supply us with any information to allow us to identify a specific problem. So we initiated our own internal product audit, and in the course of doing so found these flaws.”

–Update 10/1/06–

This is still an ongoing controversy. There definitely appears to be bad blood, it’ll continue to be interesting to follow this one.

As I’ve just posted to the security-update-notice category, Firefox and Thunderbird both have been released in 1.5.0.7 version…. the release fixes a number of known security issues and you should upgrade as soon as possible. Details on the issues at incidents.org Also, you can visit mozilla.com for downloads

The Security Fix has details as well and a suggestion for backing up your profile before updating.