XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Thu Jun 22, 2017 8:26 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: OSX & iOS hacks
PostPosted: Sat Mar 25, 2017 9:41 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14476
Old news, wonder where they are now?

WikiLeaks releases new CIA documents describing Mac exploits...

https://eshop.macsales.com/item/NewerTech/ADP4KHEAD/


Top
 Profile  
 
 Post subject: Re: OSX & iOS hacks
PostPosted: Sat Mar 25, 2017 9:52 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14476
Speaking of that, anybody try these?

https://www.littleflocker.com/

https://objective-see.com/products/blockblock.html


Top
 Profile  
 
 Post subject: Re: OSX & iOS hacks
PostPosted: Sun Mar 26, 2017 6:44 am 
Offline
User avatar

Joined: Mon Sep 14, 2009 8:51 pm
Posts: 432
Location: Minnesota, USA
This one looks interesting: https://objective-see.com/products/ransomwhere.html I usually don't worry too much about regular nasties since it is usually possible to deal with them after the fact. The last time I recall getting one was 20 year ago which VirusScan picked up on and handled without the virus actually doing anything to my computer. Even if it had, all my data files would still have been intact and recoverable. Ransomware is more scary since there aren't any real remedies except old backups on drives that have not been connected since the infection. It also threatens the very essence of what's important on a computer which are the data files. The chances of getting ransomware are pretty small but the results are so dire I wonder if the CPU overhead of this tool (which they claim to be minor most of the time) is worth it?


Top
 Profile  
 
 Post subject: Re: OSX & iOS hacks
PostPosted: Sun Mar 26, 2017 11:53 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14476
Interesting approach, but I see what I figure is a real weakness...
Quote:
RansomWhere? explicitly trusts binaries signed by Apple proper (though not ones signed with an Apple developer ID). As such, if ransomware abuses an signed Apple binary (or process, perhaps via injection), RansomWhere? may not detect this. Moreover, the tool inherently trusts most applications that are already present on the system when it is installed.


Top
 Profile  
 
 Post subject: Re: OSX & iOS hacks
PostPosted: Sun Mar 26, 2017 3:18 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5849
Location: NYC
My overall opinion on adding any more security layers that need clicking+ research to approve: Had enough, can't deal with any more. Plus don't trust programs that rely mainly on heuristics. False positives up the wazoo.


Top
 Profile  
 
 Post subject: Re: OSX & iOS hacks
PostPosted: Sun Mar 26, 2017 3:37 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14476
Yeah, gotcha there.


Top
 Profile  
 
 Post subject: Re: OSX & iOS hacks
PostPosted: Mon Mar 27, 2017 4:36 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9268
Location: Caught between the moon and NYC
Uh. Hm. I could see where a process that monitored file system reads for files in a non-standard path (e.g. ~/Private/) could catch nefarious programs. The thinking being that normal programs shouldn't need to walk into that folder and start reading files, and standard OS X programs shouldn't even notice its there (esp. if it's hidden). Whitelist your backup software, whitelist your search program (assuming you hate Spotlight), but don't let anything else have cart-blanche access to the folder.

Unfortunately I see how people wouldn't think that's worth $20 or $40, so you gotta ladle on features until it gets to be something I'm not interested in.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group