Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.mac.system > #23405 > unrolled thread
| Started by | Alan Browne <alan.browne@FreelunchVideotron.ca> |
|---|---|
| First post | 2012-04-07 09:43 -0400 |
| Last post | 2012-04-09 16:26 -0400 |
| Articles | 7 on this page of 47 — 12 participants |
Back to article view | Back to comp.sys.mac.system
Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 09:43 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Jolly Roger <jollyroger@pobox.com> - 2012-04-07 08:30 -0700
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 11:46 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Jolly Roger <jollyroger@pobox.com> - 2012-04-07 09:04 -0700
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 13:59 -0400
Re: Does the Flashback trojan affect Chrome? Lion? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 18:43 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-07 23:01 -0400
Re: Does the Flashback trojan affect Chrome? Lion? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 23:26 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:14 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Paul Sture <paul@sture.ch> - 2012-04-08 14:12 +0200
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 16:36 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Kurt Ullman <kurtullman@yahoo.com> - 2012-04-07 12:05 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Jolly Roger <jollyroger@pobox.com> - 2012-04-07 09:07 -0700
Re: Does the Flashback trojan affect Chrome? Lion? Leonard Blaisdell <leoblaisdell@sbcglobal.net> - 2012-04-07 22:32 -0700
Re: Does the Flashback trojan affect Chrome? Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 23:01 +1200
Re: Does the Flashback trojan affect Chrome? Lion? Michelle Steiner <michelle@michelle.org> - 2012-04-07 08:59 -0700
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 13:56 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Michelle Steiner <michelle@michelle.org> - 2012-04-07 11:18 -0700
Re: Does the Flashback trojan affect Chrome? Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 10:17 +1200
Re: Does the Flashback trojan affect Chrome? Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-07 19:53 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-07 23:04 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-07 23:40 -0400
Re: Does the Flashback trojan affect Chrome? Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 16:32 +1200
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:18 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-08 17:40 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 19:56 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-08 22:36 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 00:32 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Paul Sture <paul@sture.ch> - 2012-04-09 09:21 +0200
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 11:37 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Barry Margolin <barmar@alum.mit.edu> - 2012-04-09 14:48 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 15:33 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 21:41 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-10 17:36 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-10 23:15 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 21:42 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-09 21:37 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-10 17:35 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-10 23:19 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Paul Sture <paul@sture.ch> - 2012-04-11 10:40 +0200
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-10 17:36 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 09:07 -0400
Re: Does the Flashback trojan affect Chrome? Lion? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 19:05 -0400
Re: Does the Flashback trojan affect Chrome? Lion? Tim Streater <timstreater@greenbee.net> - 2012-04-08 00:24 +0100
Re: Does the Flashback trojan affect Chrome? Lion? dempson@actrix.gen.nz (David Empson) - 2012-04-08 16:32 +1200
Re: Does the Flashback trojan affect Chrome? Lion? Rob Friefeld <someone@verizon.net> - 2012-04-08 10:59 -0700
Re: Does the Flashback trojan affect Chrome? Lion? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-09 16:26 -0400
Page 3 of 3 — ← Prev page 1 2 [3]
| From | Alan Browne <alan.browne@FreelunchVideotron.ca> |
|---|---|
| Date | 2012-04-10 17:36 -0400 |
| Message-ID | <PPadncRi-L9uOhnSnZ2dnUVZ_vGdnZ2d@giganews.com> |
| In reply to | #23575 |
On 2012-04-09 21:37 , Wes Groleau wrote:
> On 04-09-2012 14:48, Barry Margolin wrote:
>> Alan Browne<alan.browne@FreelunchVideotron.ca> wrote:
>>> On 2012-04-08 19:56 , Wes Groleau wrote:
>>>
>>> Mac when I advised it, two of the things they do need that none of the
>>> teens did are defragmentation and malware protection. .
>>>
>>> Defrag? Puh-leaze.
>>>
>>> Never used it after Windows 95. As disks got larger defrag became more
>>> and more pointless. (Never mind diminishing returns - it was negative
>>> returns as the computer was out of service (or slow) during de-frag and
>>> it just added wear and tear to the drive).
>>
>> I think that was his point: even though there's no reason to do it, it
>> has become part of the culture, so the practice continued. The fact
>> that these teens defragged is an indication that they didn't know what
>> they were doing.
>
> No, you only read what he quoted. I've restored a little context.
> They had Windows XP, as I do at work. And at work, I have more than
> enough evidence that fragmentation gradually slows down Windows XP and
> any earlier version if you have files of any significant size.
Horsecrap. Disks are so large, and windows writes into the largest
available space for a new file (NTFS). Fragmentation does not occur
significantly enough to drag down the system enough to notice.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
[toc] | [prev] | [next] | [standalone]
| From | Alan Browne <alan.browne@FreelunchVideotron.ca> |
|---|---|
| Date | 2012-04-08 09:07 -0400 |
| Message-ID | <ifmdnRp8vv4eEBzSnZ2dnUVZ_tWdnZ2d@giganews.com> |
| In reply to | #23430 |
On 2012-04-07 14:18 , Michelle Steiner wrote:
> In article<0v6dneMB_YV54h3SnZ2dnUVZ_qmdnZ2d@giganews.com>,
> Alan Browne<alan.browne@FreelunchVideotron.ca> wrote:
>
>>> Here's a script I found on the web that checks for the Flashback
>>> trojan:
>>
>> That script checks for Safari and Firefox transport of the trojan, not
>> Chrome. I emulated the same command found variously around the web
>> (above) but I'm not absolutely sure it's a correct test.
>
> Chrome uses the same WebKit that Safari uses, so it may be that the Safari
> test also works for Chrome.
It tests in folder locations specific to the browser:
do shell script "defaults read /Applications/Safari.app
/Contents/Info LSEnvironment"
The folder Application/Safari.app ... would have nothing belonging to
Chrome whether or not they have code commonality.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
[toc] | [prev] | [next] | [standalone]
| From | *Hemidactylus* <ecphoric@hotmail.com> |
|---|---|
| Date | 2012-04-07 19:05 -0400 |
| Message-ID | <EuSdnbh7Q9--VR3SnZ2dnUVZ_rydnZ2d@giganews.com> |
| In reply to | #23405 |
On 04/07/2012 09:43 AM, Alan Browne wrote: > Does the Flashback trojan affect Chrome as well? > Does the Flashback trojan affect browsers under Lion? > > I executed this in terminal > defaults read /Applications/Chrome.app/Contents/Info LSEnvironment > > and got a file does not exist error. But I'm not sure that's a valid > test. (I just used the same test as for Safari and substituted Chrome). > I did the check just now for Firefox (substituted in command string for Safari) and was clean. I went into the Safari menu and under Preferences...Security noticed the Enable Java box was clicked although I think Java doesn't exist on my Lion system (clicking Java Preferences asks me if I want to install the JRE). I unclicked Enable Java on the Safari security preferences anyway. Was this necessary or overkill? Why would it have been checked? Is it just a preset in case I stall JRE? Should I uncheck JavaScript too? -- *Hemidactylus*
[toc] | [prev] | [next] | [standalone]
| From | Tim Streater <timstreater@greenbee.net> |
|---|---|
| Date | 2012-04-08 00:24 +0100 |
| Message-ID | <timstreater-B9B035.00242108042012@news.individual.net> |
| In reply to | #23446 |
In article <EuSdnbh7Q9--VR3SnZ2dnUVZ_rydnZ2d@giganews.com>, *Hemidactylus* <ecphoric@hotmail.com> wrote: > Should I uncheck JavaScript too? No. -- Tim "That excessive bail ought not to be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
[toc] | [prev] | [next] | [standalone]
| From | dempson@actrix.gen.nz (David Empson) |
|---|---|
| Date | 2012-04-08 16:32 +1200 |
| Message-ID | <1ki8r20.1klnd748ykv3N%dempson@actrix.gen.nz> |
| In reply to | #23446 |
*Hemidactylus* <ecphoric@hotmail.com> wrote: > On 04/07/2012 09:43 AM, Alan Browne wrote: > > Does the Flashback trojan affect Chrome as well? > > Does the Flashback trojan affect browsers under Lion? > > > > I executed this in terminal > > defaults read /Applications/Chrome.app/Contents/Info LSEnvironment > > > > and got a file does not exist error. But I'm not sure that's a valid > > test. (I just used the same test as for Safari and substituted Chrome). > > > I did the check just now for Firefox (substituted in command string for > Safari) and was clean. > > I went into the Safari menu and under Preferences...Security noticed the > Enable Java box was clicked although I think Java doesn't exist on my > Lion system (clicking Java Preferences asks me if I want to install the > JRE). I unclicked Enable Java on the Safari security preferences anyway. > Was this necessary or overkill? > > Why would it have been checked? Is it just a preset in case I stall JRE? Yes. Standard configuraiton of Safari is to have Java enabled. If you don't have Java installed (on Lion) then this checkbox is meaningless, because there is no Java plugin or runtime environment. Ideally Apple should grey out the checkbox if Java isn't installed on the system, but they didn't bother. > Should I uncheck JavaScript too? Only if you like breaking the user interface on a fair proportion of web sites. JavaScript has nothing to do with Java (the name "JavaScript" was an unfortunate choice on the part of Netscape), and JavaScript has nothing to do with this particular threat. -- David Empson dempson@actrix.gen.nz
[toc] | [prev] | [next] | [standalone]
| From | Rob Friefeld <someone@verizon.net> |
|---|---|
| Date | 2012-04-08 10:59 -0700 |
| Message-ID | <jlsjmc$9hu$1@dont-email.me> |
| In reply to | #23405 |
In article <2vCdnZ7ns8AN2R3SnZ2dnUVZ_umdnZ2d@giganews.com>, Alan Browne <alan.browne@FreelunchVideotron.ca> wrote: > Does the Flashback trojan affect Chrome as well? > Does the Flashback trojan affect browsers under Lion? > > I executed this in terminal > defaults read /Applications/Chrome.app/Contents/Info LSEnvironment > > and got a file does not exist error. But I'm not sure that's a valid > test. (I just used the same test as for Safari and substituted Chrome). Yes, it affects Chrome. The problem is Java, not the browser. The latest update from Apple is supposed to fix the vulnerability. As for testing for affliction, so far so good. Look at TidBITS: http://tidbits.com/article/12918 > That said, detection comes down to issuing the following defaults read > commands in Terminal (F-Secure suggests only the first and last; the others > extend the technique from Safari to Google Chrome, Firefox, and iCab). In > each case, if you see ³does not exist² at the end of the response from each > command, you are not infected. (The defaults read command is entirely safe ‹ > it¹s just attempting to determine whether some data exists in the Info.plist > file within each application package.) > defaults read /Applications/Safari.app/Contents/Info LSEnvironment > defaults read /Applications/Google\ Chrome.app/Contents/Info LSEnvironment > defaults read /Applications/Firefox.app/Contents/Info LSEnvironment > defaults read /Applications/iCab\ 4/iCab.app/Contents/Info LSEnvironment > defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES Rob Friefeld
[toc] | [prev] | [next] | [standalone]
| From | Alan Browne <alan.browne@FreelunchVideotron.ca> |
|---|---|
| Date | 2012-04-09 16:26 -0400 |
| Message-ID | <38CdnYBy05uO2x7SnZ2dnUVZ_gSdnZ2d@giganews.com> |
| In reply to | #23492 |
On 2012-04-08 13:59 , Rob Friefeld wrote:
> In article<2vCdnZ7ns8AN2R3SnZ2dnUVZ_umdnZ2d@giganews.com>,
> Alan Browne<alan.browne@FreelunchVideotron.ca> wrote:
>
>> Does the Flashback trojan affect Chrome as well?
>> Does the Flashback trojan affect browsers under Lion?
>>
>> I executed this in terminal
>> defaults read /Applications/Chrome.app/Contents/Info LSEnvironment
>>
>> and got a file does not exist error. But I'm not sure that's a valid
>> test. (I just used the same test as for Safari and substituted Chrome).
>
> Yes, it affects Chrome. The problem is Java, not the browser. The latest
> update from Apple is supposed to fix the vulnerability. As for testing
> for affliction, so far so good.
>
> Look at TidBITS: http://tidbits.com/article/12918
>
>> That said, detection comes down to issuing the following defaults read
>> commands in Terminal (F-Secure suggests only the first and last; the others
>> extend the technique from Safari to Google Chrome, Firefox, and iCab). In
>> each case, if you see ³does not exist² at the end of the response from each
>> command, you are not infected. (The defaults read command is entirely safe ‹
>> it¹s just attempting to determine whether some data exists in the Info.plist
>> file within each application package.)
>
>> defaults read /Applications/Safari.app/Contents/Info LSEnvironment
>> defaults read /Applications/Google\ Chrome.app/Contents/Info LSEnvironment
>> defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
>> defaults read /Applications/iCab\ 4/iCab.app/Contents/Info LSEnvironment
>> defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
Amusing. The way I edited the command would not have detected it.
Shame on my for not checking the folder structure for Chrome first.
OTOH, I don't see how they get the path above from the actual structure.
But, the way that article is written, it is just extending the test to
Chrome without confirming that any Chrome browser machines were or can
be infected. I primarily use Chrome, occasionally Firefox and rarely
Safari and Opera.
Thanks!
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
[toc] | [prev] | [standalone]
Page 3 of 3 — ← Prev page 1 2 [3]
Back to top | Article view | comp.sys.mac.system
csiph-web