Monthly Archives: April 2012

Trial of the century? It’s a young century…

The epic courtroom battle between Oracle and Google revolves around controversial patents and copyrights, alleged betrayals (by both parties) of the Open Source movement, and the inevitable spectacle resulting from a  Goliath vs Goliath courtroom collision.

The Java language at the heart of Oracle’s intellectual property claims was created by Sun Computing and put into Open Source long ago. Oracle bought Sun, many would suggest, in order to gain control of Sun’s trove of patents and other intellectual property, including patents underlying Java and MySQL, the Open Source database system that has come to be a preferred platform on the web (presumably much to the chagrin of high-end database system provider, Oracle).

Patents on techniques and features have a long tradition in the software world — but one of the most interesting aspects of this case is Oracle’s controversial assertion that copyright can be applied to the application programming interface of a language. This is seen as a potential way for Oracle to be able to reassert proprietaroy control over intellectual properties like Java and MySQL that had been put into Open Source by prior owners.

In this Forbes guest post, Oren Michels, CEO of Mashery, an app branding firm working with 150 major brands, lays out some of the most profoundly troubling considerations…

Oracle Vs. Google And A New Kind of Patent Troll

Share

New Mac trojan hot on heels of the massive Flashback Mac malware infection and botnet

A new Mac trojan is threatening Macintoshes — even before the massive Flashback-created Mac botnet and the malware that created it has been completely neutralized.

New targeted Mac OS X Trojan requires no user interaction

First, don’t panic.

But… it is cause for concern that there is yet another ‘drive-by’ malware attack on the Macintosh’s OS X operating system — fresh on the heels of the massive Flashback infestation that created a ‘botnet’ (robot network or zombie-net) of over 550,000 Macintoshes that had been taken over by that Java-related malware. Particularly troubling in that case was the fact that even though Java publishers Oracle released a fix for the vulnerability in January, it took Apple more than two months to implement the fix and patch the OS X system.

(Apple elects to handle updates to their Java engine themselves. Which, obviously, created a long window during which the malware was able to spread to over a half million Macs — the greatest penetration — as measured by percentage of a given computer platform — ever.)

Part of the problem for Apple is that they coasted on what they claimed were their laurels with regard to security for so long. OS X, they insisted, had almost never been the target of a large, succesful attack — even stretching so far as to claim that was because of ‘superior security’ on the Mac’s OS X. Sadly, that last  is simply not true, as MacWorld’s own Rich Mogull pointed out last year when he stated that Windows 7 was more secure than OS X — to the predictable howls of Mac evangelists.

Now, of course, with Flash back — the most ‘successful’ penetration (measured by percentage) of any modern OS ever — there’s little rational argument that OS X seriously needs the kind of security overhaul that Microsoft performed on Windows — in particular the ‘anonymization’ of critical OS code libraries. Windows now uses what amounts to a dynamic naming system to ‘hide’ critical OS components from malware, which has proved very successful. Mac security specialists like Mogull have been urging Apple to do the same and it appears that they have, indeed been working to bring OS X up to contemporary security standards.

Flashback removal info: http://www.macworld.com/article/1160098/macdefender.html

MacWorld doesn’t have news of this newest Mac trojan, currently known by the euphonically challenged names, Backdoor.OSX.SabPub.a and  SX/Sabpab-A — but ZDNet is on the tip with this article on the latest set of threats (same as linked at top of article)…

http://www.zdnet.com/blog/security/new-targeted-mac-os-x-trojan-requires-no-user-interaction/11545

From the article…

The remote C&C website appears to be hosted on the free dynamic DNS service onedumb.com. Interestingly, the IP address in question has been used in other targeted attacks (known as Luckycat) in the past. This particular attack may been launched through e-mails containing a URL pointing to two websites hosting the exploit, located in Germany and the U.S.

The Trojan may have been created on March 16, 2012. It was compiled with debug information, meaning analyzing it wasn’t hard, but more importantly this seems to suggest it is not the final version. You can check for infection by looking for the following files:

/Library/Preferences/com.apple.PubSabAgent.pfile
/Library/LaunchAgents/com.apple.PubSabAGent.plist

The Java exploits appear to be pretty standard, but have been obfuscated using ZelixKlassMasterto avoid detection by anti-malware products. The low number of infections and its backdoor functionality indicates that it is most likely used in targeted attacks.

UPDATE on FLASHBACK:

Despite Apple’s release of a removal tool and OS patch last month, there are still about 270,000 Macs in the Flashback botnet: http://www.zdnet.com/blog/bott/apple-releases-flashback-removal-tool-infections-drop-to-270000/4775?tag=content;siu-container

Share