Category: Mac

Another serious Web Browser hole

Contexis Security has found a BIG problem with WebGL implementations on Windows, Mac and Linux have numerous vulnerabilities which allow malicious web pages to capture any window on the system or crash the computer, according to research from Context Information Security. They actually demonstrate how to steal user data through web browsers using this vulnerability!

The report comes right on the heels of Microsoft’s denunciation yesterday of the security architecture of WebGL and announcement that it wouldn’t be seen in Microsoft products any time soon see here .

Sheesh! IE 9 is proving to be WAY more secure that FireFox and even Chrome! But until I can get the Firefox Extensions I use (or comparable) in IE I’m still a FireFox guy.

So let’s fix that:
To Disabe WebGL in Firefox 4

1. Type about:config in Firefox address bar and continue on through past the warning dialog.

2. Type "webgl.disabled" (no quotes) into the Filter box then Double click Webgl.disabled entry and turn its value into “True”.

3. Restart Firefox browser, WebGL is now disabled in Firefox 4.

To disable WebGL in Google Chrome you will need to:

1. Rright-click your Google Chrome shortcut or from your Windows menu on your desktop, click ‘properties’ and add “-disable-webgl” to the Target Shortcut box

2. Restart Chrome

As always please keep your systems, Web Browses and their plug-ins, Anti-virus/Antispyware software, and applications (especially Adobe products!!) up to date and fully patched.

And try and be vigilant about security and always ‘on guard’.

Latest Mac Malware news 06-04-2011

The Mac Trojan/Malware ‘MacDefender’ now calls itself ‘Mac Shield’.

The malware keeps changing names and looks but still is relatively the same as before. However it is still infecting loads of machines and is, in my opinion very dangerous; it lures users into providing sensitive financial information to thieves.

Sophos for Mac will remove it. (free) Get it here.

So will Virus Barrier Express from the Apple App Store; here. also free.

Here is my previous article too.

MacDefender Trojoan Strikes Again!

Apple and Mac folks I’d like to welcome you to the Windows world of malicious and pernicious attacks – even ‘drive bys’. For over two decades I and the rest of the security world have been trying to inform people that NO networked system is safe from attack. Because of the sheer number and percentage of Windows machines vs. Mac and Linux machines, they have been the most easily targeted and exploited target. But that is changing! With the spread of OSX on the desktop and the realization by the malicious software vendors that Mac people are VERY EASILY duped and exploited because of their false sense of security, they are coming on strong and fast!

I recently wrote about the new Mac Trojan out and how to defend against it and remove it – read here. After 25 days Apple finally did put a notice and instructions on how to remove it. BUT only after telling their technicians AND users that 1st it didn’t exist and then that they would not provide help!

Mac malware authors have released a new, much more dangerous version of MacDefender trojan variant:

"Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind."
Please read this from ZDnet

Apple is promising an update to OS X "in the coming days" that will detect the malware and its known variants, remove it, and remain in order to warn the user if they download it again. But don’t hold your breath!

I’ve spent years worth of time dealing with people who have been ‘sold’ on the false idea that "Macs don’t get viruses or hacked". Wrong wrong wrong! OS X is built on a ‘*nix’ core – one of the oldest operating system architectures in the world. How could you NOT think that there are exploits around that are just waiting to be ported to the newest derivatives? What type of systems do you think the hackers/crackers where getting into in the 70’s and 80’s?
I fault Apple a great deal for this. They have been literally selling the LIE that Macs are not susceptible to hacks for years. AND people believe them!

Again welcome to the world of Windows PC responsible computing. Be careful or get burned.

Please practice safe computing folks.

MacDefender trojan/malware is currently spreading on Mac systems – let’s kill it!

MacDefender, is the rogue antimalware trojan currently spreading on Mac systems. This malware is known by a variety of names, including "Mac Defender", "MacProtector", "Mac Security", "Apple Security", and "Apple Security Center".  It is a great example of how ‘social engineering’ can be used to trick people into harming themselves. Below are clear and easy procedures for removing it, read the quick summary or follow the links at the end for walk-throughs with loads of screen shots

I have written recently about this here, but it appears more people are being ‘snagged’.

Apple support is being of absolutely NO help either! In fact they are telling their people,"Do not attempt to remove malware.." Read about that BS here if you wish. So I thought I’d again provide some tips.

Here is the simple summary of what to do:

  1. In Safari under "Preferences", at the bottom of the "General" tab (the first tab), uncheck "Open safe files". This will prevent Safari from starting threats like MacDefender automatically after downloading them.
  2. Open up "Activity Monitor" (this is in your Utilities folder within Applications)
  3. Find "MacDefender" (or whatever the malware is being called, MacProtector, Mac Security, etc)
  4. Highlight it then click "Quit Process" which looks like a big red stop sign at the top right of the Activity Monitor screen.
  5. Next, open System Preferences, and go to "Accounts". When it appears click on the "Login Items" button, select the program, and then click the "minus" button to remove it from Login Items.
  6. Next, navigate to your Applications folder, find the program, drag it to the trashcan, and then empty the trashcan. Yes. It’s really that simple to remove.

Here are the two best links I could find for simple walk-throughs. I would rather not repeat the tutorials they have already taken the time to do.
Their work is much appreciated.

Now the super links with detailed screen shots and some additional tips:
The HowToGeek.com site has a great walk through here.

VRT-blog has some good information on this also, read that here.

Folks, if you use a Mac and you connect it to any systems – especially the internet, please realize that you are vulnerable to attacks and hacks. NO system is immune to attack! Although Mac’s and Linux systems have benefited by a more secure file system/OS structure (for the most part) than previous Windows systems AND the fact that their numbers were small – about 8% of all network connected desktop machines and presented a ‘low volume’ target they are now increasingly being attacked. This is especially true since many Apple uses have been lied to and told they are invulnerable to attacks.

BE SAFE FOLKS!

How to create a VPN Connection on MAC OS X 10.5 Leopard

How to create a VPN Connection on MAC OS X 10.5 Leopard

This is a step-by-step guide on how to create a VPN Connection on a MAC OS X 10.5 Leopard System.

I recently had to do this again for some of our remote staff, so I thought I’d post it as a reminder to me and maybe help others who have asked in the past.

1. Go to ‘Apple’ –> ‘System Preferences’

clip_image002

2. Select ‘Network‘ from system preferences

clip_image003

3. In ‘Network‘ system preferences, click the ‘+‘ icon on the bottom left cover of window to make a new VPN Conection.

clip_image005

4. As shown in the image below, a new window appears. Click on the ‘Interface’ menu and see the list of choices and select ‘VPN’.

clip_image007

5. Next, Change the ‘VPN type‘ from ‘L2TP over IPSec’ to  ‘PPTP‘. And then In the ‘Service Name’ field, type in ‘VPN Office’ or ‘Company Name VPN’ or make one up. Once you have done, Click on ‘Create’

clip_image009

6. Next, we need to make a configuration. Select the ‘Confguration’ drop menu and select ‘Add Configuration’

clip_image011

7. A window will pop up, asking to name your new configuration. Type you ‘Company Name VPN’ here and then click ‘create’

clip_image013

8. Next, enter in your company’s ‘Server Address’ example; ‘server.domain.com’ or ‘72.14.213.x’ and ‘Username’, for example ‘administrator’ or ‘LarryHolmes’ or what ever

clip_image015

9. Next, Select the ‘Authentication settings’ button

clip_image017

10. Enter in Your ‘password’ and click ‘OK’

clip_image019

11. Next, Click on the ‘Advanced’ Button

clip_image021

12. Make sure that ‘Send all traffic over VPN Connection’ is unticked. Then Click ‘OK’

clip_image023

14. Once you have done that, click ‘Apply’. And connect to your New Vpn Connection by clicking on ‘Connect’.

There you go…

New Mac Trojan horse and Security tips from the NSA

There is a new Mac Trojan horse masquerades as virus scanner – read about that here . This is another example of social engineering – tricking users into making security mistakes.
Users looking for legitimate protection against viruses on their Macs might be duped into downloading and installing this. Essentially this is ‘ransomware’. It requires payment to ‘stop’ the ‘infection’. AND the payment information is often then sold to other nefarious people.

Remember that NO operating system is immune to attack. And since every system is utilized by humans they remain the biggest weak link – humans that is.

Also in other security news the NSA has released some good advice and documents for better security practices with your home network, and Operating Systems (including Mac OSX).
Read about that here. [via PCMAG Security watch blog].

Nearly all of this contains information that I and other security people have been saying for years but is well worth reading.

Consolidating and Cleaning up iTunes library and files

After consolidating, merging and updating a bunch of separate iTunes libraries and directories I was annoyed at how messed up my iTunes library and directories had become. I tried moving and ‘consolidating’ my library as described here for PC here for Mac go here. This method should retain all your playlists and remove many duplicates. There is also an Apple script to help if you are on Mac.

If you are on a Mac you can probably get by with using the move/consolidate technique and some GREAT script/apps located here. Doug’s main site is here  and worth checking out. I can’t say enough about the value of these tools – well worth the low price!

But sadly for me and many others nearly all my music is on (and managed) via Windows machines and *nix storage. So that still left me with loads of duplicates and entries with no actual files (file not found in iTunes). I also had come across loads of other music folders and libraries on old machines – many which had music that I didn’t in my current library but of course loads of duplicates.

So I was off to create a ‘clean’ iTunes library – No duplicates and all files correctly tagged. There are some applications that may do what I need for PC (as I’ll mention at the end) but I wanted to try and do it via freeware tools. [Take note that the following will eliminate your playlist and counts! So if you really need to have your playlist or play counts preserved don’t go further and try one of the paid options!]

Now, on to my adventure….

I deleted the original library. The location of your library files can be found here.

I then installed the latest greatest version of iTunes. After install, I set my directory options [in advanced preferences] to a new clean location on my HDD. I also set the option to ‘import new music to iTunes directory’.

I copied all my various music directories (from all machines and drives – both networked and external] to a temporary location; I ended up with about 7 different folders with loads of iTunes music directories.

I would then used that location to ‘import’ back into iTunes by selecting the ‘File’>Add Folder to Library’ option.

After all the importing was done I could see LOADS of doubles and garbage. So I set off to first remove the actual EXACT file duplicates.

Remember that many songs have the same Title, Artist and description tags (musically speaking) but may actually be different versions – live, acoustic, re-mastered etc., or from different albums such as compilations or soundtracks. So in iTunes you may see many doubles (if you go to File>Show Duplicates) that are really not actual duplicates!

My goal was to first delete the actual files that were exact file duplicates.

To do this I used the freeware tool Duplicate Cleaner download here. This looks for files based on their MD5 hash signature – so the file it finds are EXACTLY the same.

Download and install it and then run it. Select the location of your iTunes music folder and Choose scan.

clip_image002

When the scan is complete you should all your duplicate files.

Then you can highlight the ones you want to mark for deletion. Click on first item then the space bar and use the arrow key to move up or down to highlight next selections and press the space bar to ‘check’ the next and keep going till you have all your doubles or others you want removed highlighted.

clip_image004

Choose your delete or ‘move’ options. You may want to just move the items if you are really concerned about deleting files you might really want or need to keep.

clip_image006

clip_image008

Then I used the tool called iTunes Library Updater from here.

Download and install it.

Then open iTunes and minimize it.

Then open the iTunes Library Updater and run it.

Locate your iTunes music directory, as I mentioned, I put mine to a different location for easy sharing/backup/cleanup.

clip_image010

Select the folder

clip_image012

Here I chose the above options. Then ‘Start’

clip_image014

Then wait till done

clip_image016

Click close, close the application and then close iTunes.

Then reopen and check iTunes.

I actually did the above a few times and it made a HUGE difference in my library!

Real duplicates seem to be gone and my music tags appear to be much more in order too!

As I’ve mentioned, there are many other articles and some tools that are supposed to do all of this.

There are two highly rated applications – TuneUp is one and the other is Rinse, which may even do this even better, but they are not free (both run $39.00 I think). And I haven’t used either of them yet.

Here is Tune Up and over Here is Rinse.

Here is one such article with another tool.

But, I still haven’t found anything that has done as well a job as my above method for FREE.

I hope this helps some. Next time I might spring for the paid apps but I did learn something and maybe you will too! Good luck!

Updating to Firefox 4

I’ve written previously of my heavy reliance on Firefox and the many add-ons I use to make my time more productive and enjoyable while using the Internet.

Read here.

Now Mozilla has release the final version of Firefox 4.

Firefox 4 provides a MUCH faster and integrated browsing experience than version 3.x. The speed improvement will be noticed more on systems that allow for ‘hardware acceleration’ (more on that later) but it is still much faster on older systems.

Here is how I went about doing the upgrade.

1st download and install the latest version of Mozbackup here:

Download location here

Information page here

This application is wonderful. It completely backs up your profile; bookmarks, settings and extensions.

Run Mozbackup and back up your profile(s) completely.

Download/install Add-on Compatibility Reporter. This requires a few Firefox restarts to be properly loaded.

This add-on will let extensions that are not explicitly ‘approved’ for version 4 to run.

And it will provide a nice interface to report those that don’t work correctly to Mozilla and/or the developer.

[If you use LogMeIn (and you should, if you need remote access to machines – Mac or PC!) here is the process to get the older add-on working in version 4:

Download by right-clicking and choosing to ‘save link as’ to your desktop or wherever this file: https://secure.logmein.com/activex/npRACtrl_ff3.xpi and then open the file with a zip extractor:  (this is zip-file, you can use Winzip, 7-Zip or Winrar. I use 7zip,)

extract the file:

install.rdf

modify it the part ‘3.6 – to read 4.6 here: <em:maxVersion>4.6.*</em:maxVersion>

Then save the file and ‘put it back into the xpi (zip file) overwriting the original.

In the xpi file (opened via 7zip or whatever) delete zigbert.rsa in /META-INF folder

Save all back to single xpi file.

Open Firefox then go to the menu bar on top and choose ‘File>Open File’ and select the xpi file and install it.]

OK so let’s get to it!

Download Firefox 4 here and install/upgrade.

I had very few issues with the upgrade on all my machines. So I’ll address them here.

Once installed there are a few things that may need adjusting. I had to do this on some machines and not others.

If your ‘Menu’ bar disappears it can be brought back very simply. Just right-click on free space in one of the toolbars and the selection of ‘Menu Bar’ switches back to the old layout. I also check the ‘Navigation Toolbar’, the ‘Add-on Bar’, and the ‘Bookmarks Toolbar’.

clip_image002

By choosing ‘Customize’ you can select more items to add to the toolbar and place them where you like.

If you have ‘blurry fonts’ you may have an issue with ‘hardware acceleration’.

Simply go to the Options section from the ‘Tools’ context menu. Then in the Advance then General tab you can ‘uncheck’ the ‘Use hardware acceleration when available’.

clip_image004

Tabs on top? The new version puts them there. I don’t like that, you may. Firefox displays tabs on top by default which is a big change for Firefox 3 users. The customize menu has an option to move tabs back down. The entry Tabs on top needs to be unselected to move them below the address bar again.

On my OS X Machines there was one peculiar thing during the installation. Once the dmg was downloaded and mounted I could not copy the install to the applications directory until I trashed the existing Firefox application. Once installed, most of the above still apply.

On Linux (at least on my Ubuntu installs) Firefox 4 is real fast too!

UPDATE:

Lifehacker.com has some great tips on ‘fixing’ some of the quirks with Firefox 4

Well I hope this help some.

Mac OS X Trojan catches Sophos’ eye

Two very recent article point out what most security people know and the rest should knowNO technology, especially computers connected to any network, are completely secure!

An article here points this out:

"It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share."

And from another one here:

"More than half of Americans believe that PCs are "very" or "extremely" vulnerable to cybercrime attacks, while only 20 percent say the same about Macs, according to this ESET survey.
(Credit: ESET)"

ESET released the results of a survey in November related to awareness of cybercrime in the U.S. The survey of more than 1,000 people found that while both PC and Mac users perceive the Mac as being safer, Mac users are victims of cybercrime just as frequently as PC users.

Meanwhile, Mac users are just as vulnerable to Web-based attacks like phishing as PC users are, and Mac users who fall prey to phishing tend to lose more money on average than PC users do, the survey found. "Viruses are a diminishing percentage of what we’re seeing," said Randy Adams, director of technical education at ESET. "A lot of attacks have to do with social engineering and that kind of attack is platform agnostic."

Please folks, practice safe computing practices. I’ve written extensively on that so I won’t go into that here, just search my blog(s) for security items.

For those of you that are interested in an antivirus product for Mac Eset makes a fantastic one. You can check it out here.

By the way Eset’s products are top notch! If I were to buy a security solution it would be theirs.

Keep safe folks.

Great Simple How To & Tech Support videos from Google

These videos are from Google’s "Send Your Parents A Tech Support Package" site.

Basically it is a site that lets the techies (usually the younger generation) send some ‘canned support’ to their parents and elders. But these are also especially useful to those that are either new to computers and technology or just a little less tech savvy.

The short videos are actually very well thought out and clearly and quickly presented so that just about anyone can learn from them.

I believe that many folks who ‘think they know it all’ should just take a look anyways. In my line of work I am amazed that people who literally work for 8+ hours on a computer do not know how to do many of these simple tasks.
The reasons, I think, are that many people are afraid to ask for help, they think they can just ‘figure it out’, or truly don’t care to learn how to more efficiently or properly use technology. Some people refuse to learn out of some warped sense of ego or pride too.
Don’t be one of those. No one’s head has every exploded from learning how to do something new or more efficiently.

I am going to link to all the videos directly so you can peruse them at your leisure. This is very large post with LOADS of great information. I really hope many of you will take the time and view these very short helpful videos. If you wish to watch them full screen you can click on the ‘arrow’ below the YouTube icon on the lower right hand corner and choose ‘full screen modes’.

So let’s start with the first category – THE BASICS:

COPY & PASTE

ADJUST THE TIME ON YOUR CLOCK

CHANGE YOUR DESKTOP BACKROUND – MAC

CHANGE YOUR DESKTOP WALLPAPER – PC

MAKE TEXT BIGGER OR SMALLER

TAKE A SCREENSHOT

CHANGE YOUR SCREEN SAVER – MAC

CHANGE YOUR SCREEN SAVER – PC

Next – WORLD WIDE WEB (INTERNET)

CREATE A STRONG PASSWORD

MAKE BOOKMARKS

MAKE A BLOG

SHORTEN A LONG URL

CHANGE YOUR DEFAULT HOME PAGE

CREATE AN ONLINE CALENDAR

BROWSE THE WEB WITH TABS

Next – COMMUNICATION

SET UP AN EMAIL AUTO-RESPONDER

TRANSLATE TEXT

MAKE CALLS FROM YOUR COMPUTER

CHECK YOUR SPELLING

http://www.youtube.com/watch?feature=player_embedded&v=En8e79YvA0Y

CHAT

VIDEO CHAT

GET A NEW PHONE NUMBER

CREATE A MAILING LIST

CREATE AN EMAIL SIGNATURE

CHECK YOUR EMAIL ON YOUR PHONE

Next – MEDIA

RESIZE A PICTURE

SHARE A BIG FILE

ATTACH A FILE TO AN EMAIL

SHARE PHOTOS

CROP PHOTOS

SHARE VIDEOS

TRANSFER FILES BETWEEN COMPUTERS

KEEP TRACK OF FREQUENT FLIER MILES

Lastly – FINDING INFORMATION

FIND A PIZZA(OR OTHER) RESTAURANT NEAR YOU

GET MOVIE SHOWTIMES

FIND THE DEFINITION OF A WORD

GET DRIVING DIRECTIONS

TRACK A FLIGHT’S STATUS

CONVERT CURRENCY

USE GOOGLE AS A CALCULATOR

GET PUBLIC TRANSPORTATION DIRECTIONS

FIND A BUSINESS’S PHONE NUMBER

GET STOCK QUOTES

FIND RESTAURANT REVIEWS

VIEW LIVE TRAFFIC