Thursday, March 23, 2017
Amit Serper's "OSX Pirrit: Why You Should Care about Malicious Mac Adware" presentation from RSA Conference USA 2017 (recorded with permission)
You can follow along with the slides (PDF) while you listen.
Follow @0xAmit (Amit Serper, the presenter) on Twitter
Follow @theJoshMeister for more Mac security content
Monday, March 20, 2017
Patrick Wardle's "Meet and Greet with the macOS Malware Class of 2016" presentation from RSA Conference USA 2017 (recorded with permission)
Read the slides while you listen; see also Patrick's blog post that aligns with this talk
Follow @patrickwardle (the presenter) on Twitter
Follow @theJoshMeister for more Mac security content
Wednesday, October 27, 2010
Hey, Tech Pulse podcast listeners! Wow, it's so cool that you're still subscribed after almost three years without any new episodes. Just wanted to give you a brief update about the status of the podcast and a few other things.
First, as I recently blogged about here, there are two episodes from early 2008 that never got edited, but I've posted links to the unedited versions if you want to hear them. Basically what happened with Tech Pulse is that Big-O and I started MacMod:LIVE, the official podcast of MacMod.com, which was Anthony's old site for Mac modders. After that, Tech Pulse (which was a hobby, not a job) got put on the back burner. At the end of 2009, MacTech Magazine acquired MacMod. Big-O chose to focus his time and efforts on iPhone development, and I stayed on as the sole host and producer of the new show, MacTech Live.
I don't know when or if I'll get around to updating Tech Pulse, but you're more than welcome to stay subscribed to this podcast feed. I may eventually post some other stuff here as well (for example, I have some audio recordings of sessions at PodCamp AZ 2008 that I might post someday, or I may eventually do an interview that isn't relevant to MacTech but might have a more general tech appeal). For now, though, I'm focusing my podcasting energy on MacTech Live.
Also, I wanted to let you guys know that I'll be attending MacTech Conference next week, November 3rd through 5th, 2010, in Los Angeles. It's a technology conference for both IT professionals and developers with a focus on Apple's Mac OS X and iPhone/iPad platforms. If you're into Macs or other Apple technologies, you should definitely check out the details that I've posted on my personal blog, along with a link that will get you a free Apple certification or $100 off the conference registration price. All that is at http://bit.ly/MacTechConf – If you're interested in Apple technology and can make it to the conference, I'd love to meet you there.
That's it for now! Stay subscribed to the podcast, and check out my other podcasts at http://podcasts.thejoshmeister.com
You can follow me on Twitter @theJoshMeister or follow the MacTech Live podcast @MacTechLive.
Monday, August 16, 2010
UNEDITED Tech Pulse 20080211: CES and Macworld Expo - MP3, 88 minutes
UNEDITED Tech Pulse 20080209: Microsoft's Bid for Yahoo! - MP3, 35 minutes
For current tech news and much more, check out the JoshMeister's other great podcasts:
Tuesday, December 11, 2007
Josh and Big-O discuss Google's Android phone platform announcement and the new Mac OS X Trojan spreading through porn sites, and talk at length about the pros and cons of Mac OS X vs. Windows security.
Notes and links related to this episode:
- The iBride and iGroom have posted details about how they met and how they planned crashing the Apple Store
- Google's mobile phone platform announcement: the Open Handset Alliance and "Android"
- Google is not (yet) building its own cell phone hardware
- Microsoft CEO Steve Ballmer pooh-poohed Google's efforts, calling the Open Handset Alliance "just some words on paper right now" and boasting that Microsoft has "many, many millions of customers" who use Windows Mobile on their phones
- The open, Linux-based nature of Android contrasts sharply with the closed software platform of the iPhone (at least until February when Apple plans to release an iPhone SDK)
- If Google chooses to make it an ad-supported platform, how invasive will it be to the user's privacy?
- New Mac Trojan horse (eloquently dubbed "OSX.RSPlug.A") is in the wild and being distributed through porn sites
- Trojan horses do not self-propagate or spread themselves automatically over a network
- How to prevent infection: Don't download "codecs" from porn sites (and in general, make sure you thoroughly trust any source before giving it permission to install software on your computer)
- How to check for the existence of the Trojan on a system and remove it
- Similarities between Leopard and Vista security:
- Leopard finally includes digital signatures for applications (and all Apple apps included with the OS are now signed)
- Leopard includes application sandboxing, which offers some level of protection against buffer overflow exploits to affect other parts of the system, etc.; somewhat similar to Windows XP SP2 and Vista's Data Execution Prevention (DEP)
- Leopard and Vista both have memory randomization (Apple calls it Library Randomization), a feature that makes it harder for malicious software to find a memory address to exploit it
- Cons of Mac Security:
- the Leopard firewall is off by default vs. Windows XP SP2 and Vista's firewalls being on by default
- being off by default makes Macs running any kind of networking services much more vulnerable to remote attacks and exploits
- plus, the Leopard firewall has been criticized as allegedly not working as well as it should
- lack of anti-phishing in Safari and Apple Mail vs. anti-phishing built into IE7 and Windows Mail
- the Status Bar is still turned off by default in Safari 3 in Leopard; this leaves users completely unaware of where any link will take them, which can make it easier for people to fall into traps such as phishing scams
- Pros of Mac Security:
- Leopard uses a proven BSD-based networking stack vs. Vista's virgin stack
- real-world numbers of viruses and spyware for Mac compared to Windows: Sophos reports that by the end of 2006 there were over 207,000 known malware threats (PDF link), and so far there have been fewer than 5 known Mac OS X Trojans in the wild; Windows is still by far the biggest target
- Mac OS X comes with a Web filter (as part of its Parental Controls, for non-admin accounts only) vs. Vista includes no Web filter
- Mac OS X knows when to (and more importantly, when NOT to) prompt the user for administrator approval, "without bugging the crap out of you" and "going overboard" like Vista does; Vista users can get so desensitized to these prompts that they simply dismiss them out of habit without paying attention to what's going on
Tuesday, October 30, 2007
Josh covers the launch of Mac OS X v10.5 Leopard, talking to several people in the line (including Victor Cajiao of the Typical Mac User podcast), giving his first hands-on impressions of Leopard, and doing exclusive coverage of the wedding-day Apple Store crashers!
Notes and links related to this episode:
- Josh attended the Leopard Launch at the Apple Store, Victoria Gardens in Rancho Cucamonga, California
- Standing in the line:
- Josh met Victor Cajiao of the Typical Mac User podcast, who commented that Steve Webb from the Lifespring! podcast was also standing in line
- Victor gave his initial impressions of Leopard (which he installed that morning) and usage tips
- Josh spoke with several other people standing in line
- Inside the store:
- It was very loud (hence the distorted audio on the podcast, which I cleaned up the best I could, and hence the extensive notes here for those who can't figure out what I was saying)
- Leopard (Mac OS X v10.5 Build 9A581) was installed on all the Macs in the store
- Josh tried out Leopard on a new 24-inch iMac
- On the iMac, the Dock was on the left side of the screen, and Josh noted that the Dock's backdrop wasn't shiny like when placed at the bottom of the screen; it looks more like the Tiger Dock, but with a black tint rather than a white one. This was changed in a near-final build of Leopard after users suggested that it just didn't look right, partly because it looked like the icons should slide right off the 3D Dock
- Safari 3.0.4 is included with Leopard. Josh noted that this version apparently still doesn't have the Status Bar turned on by default. The much bigger disappointment, however, is that Apple apparently never finished developing the anti-phishing features that were included in developer builds as little as a year ago, thus making Safari the ONLY major Web browser that doesn't have phishing protection built in. So much for Apple providing the safest online user experience! (Users can always add their own anti-phishing, e.g. through OpenDNS, but the users who are most likely to fall for phishing scams are most likely to use the default configuration of the default browser)
- In Leopard, Safari includes a Web Clip button, which makes it super easy to take any part of any Web page and make it into a Dashboard widget
- Just click the button, select the part of the Web page you want on your Dashboard, and it will open your new widget in the Dashboard instantly
- When you double-click on Macintosh HD, you'll have a list of shared computers in the sidebar, under which several of the Macs and PCs on your LAN appear. All the Macs in this particular Apple Retail Store were named ars094.01 and up. Of course there were no PCs on the LAN so I was unable to confirm whether they show up with a Blue Screen of Death icon as had been the case in pre-release builds of Leopard, nor were there any old Macs on the LAN to see, for example, whether a Blue & White G3 or a Mirrored Drive Door G4 would appear with its own unique icon.
- As an aside, Josh noted that the wired model of new Apple keyboards has 19 function keys at the top (whereas the MacBook Pro, the new Apple wireless keyboard, and many others only have F1-F12, this new USB keyboard includes F13 all the way up through F19). The extra keys isn't quite as good as it sounds because several of the keys do NOT act as a function key by default, but instead perform operations such as invoking Dashboard or controlling the volume; you have to hold the "fn" key in order to use many of the F-keys as actual F-keys.
- Spotlight searches now include results from the contents of Web pages you've visited recently in Safari. For example, I had pulled up techpulsepodcast.com and closed it, and a few minutes later when I did a search for Leopard the site came up in the Spotlight menu! Dictionary definitions also show up in the Spotlight menu if the search keyword is a word in the dictionary.
- The buttons in the top-left corner of each window (red, yellow, and green) look a little different in Leopard, perhaps a bit brighter
- Cover Flow in the Finder is pretty cool, especially for those accustomed to it in iTunes or on the iPhone or iPod touch. A couple caveats: even on the fast, brand new iMac demo unit, the Finder had to quickly cache the icons of files inside the Documents folder... twice. The first time it happened, it really didn't surprise me, but when it happened again after returning to the same folder just a few minutes later, I was a bit perplexed to find that the icon previews hadn't been saved in the cache for even that very brief amount of time. Until the icons are cached (or re-cached), a generic icon shows up in their place, which seems a bit tacky
- Cover Flow even shows previews of Microsoft Office 2007 files (e.g. xlsx, docx, etc.). Microsoft hasn't released yet released Office 2008 for Mac with support for these formats, but Apple already supports those formats in iWork and apparently in Cover Flow and Quick Look (although it was unclear whether the latter is true only when iWork '08 is installed)
- The first time that you run an application that was downloaded from the Internet (or at least with Safari), it says, for example "[Invisibility Toggler] is an application which was downloaded from the Internet. Are you sure you want to open it? Safari downloaded this file [today at 6:42 PM]." Safari 2 would warn you when you attempted to download a file that could contain an application, while in Leopard the Finder warns you when you first try to run an application that was downloaded using Safari 3. The new Leopard way of doing things is similar to the way Windows warns users about running applications for the first time
- When you run an application from an disk image, it gives the aforementioned "was downloaded from the Internet warning" and then says, for example "[EasyFind] is on the disk image [EasyFind.dmg]. Safari downloaded this disk image [today...]" and then there's a checkbox "Don't warn me when opening applications on this disk image".
- Josh's freeware utility Invisibility Toggler works with Leopard, as expected
- The new purple Aurora desktop is located at "Macintosh HD/Library/Desktop Pictures/Nature/Aurora.jpg"
- Another new Safari feature: When you go to the Safari menu and select Reset Safari, the new dialog box says "Are you sure you want to reset Safari? Select the items you want to reset, then click Reset. You cannot undo this operation." It then gives a full list of each item that can be reset, and each item can be toggled off or on by a checkbox. The items (which are all checked by default, but can be unchecked) as desired are as follows: Clear history, Empty the cache, Clear the Downloads window, Remove all cookies, Remove all website icons, Remove saved names and passwords, Remove other AutoFill form text, Clear Google searches, and Close all Safari windows
- Safari for Leopard doesn't include the option to switch from Google to Yahoo! for the search bar, even though this feature is available in Safari for Windows. However, the second link in the Bookmarks Bar is to Yahoo!
- Quick Look lets you click on a document in the Finder and press the space bar to preview it instantly in a large window, which you can make full-screen (opening high-res photos this way looks awesome on the 24-inch iMac display!)
- If you open Time Machine without having configured it yet, you'll get a dialog box that says "The storage location for Time Machine backups can't be found" and gives the options Cancel or Set up Time Machine (the latter requires authentication)
- Time Machine apparently does NOT work with network attached storage according to this MacRumors forum thread
- (Now the part you've all been waiting for!) A little after 7:00, a couple who had just gotten married came running through the middle of the Apple Store wearing their full wedding attire (and also a pair of black caps with white Apple logos) followed by a crew of professional photographers! The couple apparently didn't want to miss the Leopard launch even on their Big Day, so they came to grab a copy of Leopard and a pair of t-shirts and have pictures taken in front of the Genius Bar
- If I heard correctly, the groom told one of the Apple Store employees that he met his bride while working at the Apple Store, Manhattan Village in Manhattan Beach, California. The Rancho Cucamonga store employee said he knew someone who worked at the Manhattan Beach store around the same time they worked there
- UPDATE: The bride has posted details of how they met in the comments section of this post!
- UPDATE: The groom has also posted in the comments section with details about how the event was planned.
- Josh snapped some photos of the couple with his Treo—hence the paparazzi/Bigfoot style photographs. (Boy, the darn Treo couldn't get the audio OR the photos right! Darn you, Palm!!! [Or, said in the voice of Captain Kirk (skip to 3:04): "PAAALM!!!"]) The groom gave Josh permission to post these photographs on Tech Pulse:
- Within an hour and a half, the store had given away almost all of their 500 free Leopard t-shirts—meaning that by the time the end of the night, well over 500 people had come to that particular Apple Store for the Leopard launch!
Saturday, October 27, 2007
Friday, October 26, 2007
Lots of news including the Amazon.com DRM-free MP3 store, eBay was recently hacked leading to stolen credit card information, iPhones were unlocked then bricked then unlocked again, Zune adds podcast support, Bungie might split from Microsoft, Mac OS X Leopard is coming, and more!
Notes and links related to this episode:
- iUnlock released: the first free, open source iPhone SIM unlock software
- But then Apple announced that iPhone hacks (including SIM unlocking) void your warranty (further reading)
- Firmware 1.1.1 turned a lot of hacked iPhones into shiny, expensive bricks
- New hacks have resurfaced for 1.1.1 - see iphoneSimFree.com (and thus the cat-and-mouse game continues...)
- In related news, Steve Jobs announced via Apple's Hot News page that native third-party applications (i.e. not merely Web-based apps) will be coming to the iPhone (and iPod touch) in due time, and a software development kit (SDK) is planned for a February 2008 release
- Google Docs added support for slideshow presentation documents (including the ability to import PowerPoint files)
- Zune adds podcast support
- Bungie might split from Microsoft... which could potentially mean the return of a strong Bungie presence on the Mac
- eBay Hacked, personal credit card and contact information of at least 1,200 users stolen
- Amazon.com releases its own DRM-free, multi-OS compatible MP3 music download service
- Individual track purchasing is platform-independent (i.e. Linux compatible), but so far album purchasing is only available on Windows XP, Vista, and Mac OS X
- Apple seems to have responded to market pressure by dropping the price of iTunes Plus tracks (which are also DRM-free but come in the less ubiquitous AAC format) to 99 cents, the same price as DRM-encumbered iTunes tracks, and down from $1.29
- Mac OS X v10.5 "Leopard" is nearing release: Friday, October 26th (get $20 off for a limited time through this link!)
- Task Manager tricks for Windows
- What happened to my Task Manager?? If your task manager's tabs and buttons seem to have mysteriously vanished, don't worry—you probably just accidentally double-clicked somewhere in the window. This is a feature, not a bug. Double-click in a blank area of the window to restore the default view.
- Can I go straight to the Task Manager in Vista? Yep; the keystroke Ctrl+Shift+Esc instantly brings up the Task Manager in Windows Vista, without going to a list of options first. The same command also works for Windows XP/2000 PCs, which bypasses the option list screen if the PC is on a domain (of course, if your Windows XP or 2000 PC is not on a domain, then the command does the same thing as Ctrl+Alt+Del).
- On newer Macs, if you have the volume muted and then plug in headphones, the Mac will automatically unmute so you can hear through the headphones. Then if you unplug your headphones, the Mac will mute again instantly!
- On Macs with volume keys on the keyboard: Hold Shift while pressing a volume key to temporarily disable the volume-change sound effect)
Wednesday, October 17, 2007
A guest review of Drobo, plus tons of iPhone- and iPod-related news, details about recent Monster.com and Mobipocket server hacks, Josh offers security tips, Josh picks the multi-OS free DVD ripper HandBrake, Kyle discusses iWork and iLife 08, and more!
Notes and links related to this episode:
- New Apple stuff:
- iPod Touch, 160 GB iPod Classic, new iPod nano with video, new colors (no more white iPods of any kind, which along with the no-longer-white iMac makes Kyle wonder if Apple will drop the white MacBook design soon)
- $200 iPhone price cut, which led to Steve Jobs' open letter to all iPhone customers and a $100 store credit for early purchasers
- You can now purchase iPhone ringtones via the iTunes Music Store for 99 cents—but only after you purchase the full-length song for another 99 cents first
- While it's annoying to have to pay for it twice, it's still cheaper than most ringtones for other phones, plus iTMS allows you to select the specific part of the song that you want to use as your ringtone
- iTunes Wi-Fi Music Store for iPod Touch and iPhone
- Apple and Starbucks are beginning to roll out a system to allow consumers to purchase the currently-playing song in Starbucks from their iPod Touch or iPhone
- Anthony suggests that the new Starbucks system might be similar or related to the Apple-Polk iTunes Tagging system
- Follow-up on last episode's "Monster.com Hacked" story
- From an e-mail sent to Monster users: "As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records. The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a "phishing" email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites"
- Apparently, no passwords were stolen in this heist, although this is not specifically stated one way or another
- More related problems have cropped up since, including Monster.com servers hosting malware
- Mobipocket Account Passwords Possibly Stolen
- Mobipocket is a very popular document reader application for Palm and Windows Mobile PDAs
- From an e-mail send to Mobipocket.com customers: "We reset your password because we recently learned of an attempt to gain access to a Mobipocket server. Files containing name, account name, password, address and e-mail address for some Mobipocket customers were kept on this server. Although we have no evidence that these files were accessed, we changed your password and are notifying you out of abundance of caution."
- This is a very good reason to use unique passwords for each of your Web site accounts! Ideally, use an encrypted password database unless you're skilled enough to memorize all your passwords
- Palm OS: Strip (freeware, open-source) is an excellent encrypted password vault
- Mac OS X: you can create an encrypted disk image using Disk Utility and store passwords in a file on that disk image, or use 1Passwd (shareware, U.S. $29.95)
- Windows XP Professional: if you're using a secure password for your Windows account and you don't share the account with others, and if your file system is NTFS, you can encrypt a file containing passwords from the file's Properties screen (Windows Vista users must have the Business, Enterprise, or Ultimate edition to encrypt files)
- Impressive new technology: content-aware image resizing using "seam carving" technology
- stretch out or compact an image on-the-fly while preserving important parts of the photograph
- it can be used to edit people out of photographs!
- watch a video demonstration on YouTube
- Review of Drobo by Ken Leslie
- Drobo is a "data storage robot," basically a very intelligent, incredibly easy alternative to RAID
- Overall Ken had very positive experience; Data Robotics provided great tech support, and the Drobo product works great as long as long as you make sure to test your hard drives before initially setting it up
- (Listen to the podcast for the full review, including an explanation of what Drobo is, what it does, why it's useful, and more)
- Show all file extensions, even for known file types
- Glaring security hole in Mac OS and Windows: you can give anything a custom icon, and by default "known" file types do not show their filename extensions. Example of why this is a problem: a file that appears to be an innocuous plain-text file may actually be a Trojan horse application with a custom icon
- You can know what type of file it really is by manually enabling a feature in Mac OS X or Windows
- Mac OS X: Click on the desktop, click on the Finder menu, click on Preferences..., click on Advanced, put a check next to "Show all file extensions"
- Windows: Click on Start, Control Panel (or in some cases Start, Settings, Control Panel), then open the Folder Options panel, remove the check next to "Hide file extensions for known file types" (or "Hide MS-DOS file extensions for file types that are registered"), then click OK
- Mac OS 9.2.2 and earlier doesn't necessarily use filename extensions, and instead uses four-character "type" and "creator" codes to determine what kind of file it is and how to open it. Thus, leaving a file without a filename extension (or by adding a false extension), it's even easier for malicious users to spoof file types. I'm unaware of any workaround that prevents file type spoofing in Mac OS 9.2.2 or earlier
- HandBrake - Simple yet powerful DVD ripping software for Mac, Windows, and Linux, with presets for iPod, iPhone, Apple TV, PSP, etc.
- Oh, and did I mention it's free (as in both money and source code)?
- It does NOT convert files from one video format to another. iTunes can do this for some file types, but not all. If you, dear reader, know of any good video converter apps for Mac or Windows, please e-mail us at josh at techpulsepodcast dot com, or bookmark the application's homepage on del.icio.us with the tag "techpulseideas"
- iWork '08
- Keynote is pretty much the same
- Numbers rocks by being an attractive alternative to Excel
- Pages got some much-needed upgrades
- iLife '08
- GarageBand - seems like the wave of coolness is over for it; the new features didn't impress me
- iDVD - is it really needed anymore?
- iMovie - bleh... I wasn't impressed by the overhauled design and loss of certain functionality, but certain new things like the cursor-rollover previews are cool
- iPhoto - finally decent Web albums (requires .Mac, though - thumbs down)
- iWeb - Google AdSense and maps, Web snippet widget thingys, usable with my own domain name! (FINALLY!)
- Josh discusses the possibility of unethical people creating illegitimate Apple Web Widgets for use in phishing scams
- New Apple keyboard
- Zune!!! (just kidding)
Thursday, August 30, 2007
Josh talks about Monster.com user data being stolen, Google preparing to bid on the 700 MHz spectrum, Engadget's open letter to Palm: get with the times, full screen mode in QuickTime Player without 7.2 or Pro, and the Mac browser Camino!
Notes and links related to this episode:
- Monster.com Hacked through Spear Phishing, User Data Stolen
- Google May Bid on 700 MHz Spectrum
- "In the United States, TV stations are changing to digital broadcasting and giving up 700 MHz airwave spectrum by 2009." (source: Wikipedia)
- the frequency can travel long distances and penetrate through walls (source: Engadget)
- some speculate that it could be used for a unique version of WiMAX—basically a very long-distance alternative to Wi-Fi
- Wal-Mart now offers 94¢ DRM-free tracks, with many advantages over iTunes Music Store:
- 256 kbps MP3 format, which is compatible with lots more devices than iTMS's 256 kbps AAC
- 94¢ instead of $1.29
- Tracks from both EMI and Universal (so far only EMI sells DRM-free tracks on iTMS)
- Wal-Mart's downloads are "clean" versions of tracks (e.g. "radio edited" versions)
- Engadget's open letter to Palm: Get with the times already!
- How to get QuickTime to display movies in full-screen without QuickTime 7.2 (or buying the Pro version)
- tell application "QuickTime Player"
present front movie scale screen
Save the above script as an application (you can do this with either Script Editor or Automator). The next time you open a video file in QuickTime Player, just run the AppleScript, and violà! Full-screen mode.
- useful for systems that can't upgrade to 7.2, or when using restricted accounts without installation privileges
- Camino browser for Mac OS X
- uses the same engine as Firefox (Gecko)
- built-in ad blocking and Flash blocking options (which are two of my favorite Add-ons for Firefox anyway)
- built using Apple's Cocoa API rather than Carbon (i.e. it's a more modern-style Mac app under the hood)
- seems to be more stable than Firefox in my very limited testing (more stable, at least, than Firefox with a few third-party Add-ons installed such as Adblock and Flashblock)
- cons: not as extensible as Firefox, and fewer choices in Preferences