Dwn Of Pwn For Mac

1. Charlie Miller, also known for his iPhone hack, managed to walk away from CanSecWestis PWN 2 OWN contest with US$10,000 and a MacBook Air after successfully hacking into the portable computer.
2. Download Syncovery for Mac – backup and sync software for Macintosh (English) Latest version (Syncovery 8) Download Syncovery 8.12a for Mac Fully compatible with macOS 10.14 (Mojave). This version works on all Intel Macs and it is compatible with all macOS versions since 10.4. A 64 bit version will be ready when needed.

1. Dwn Of Pwn For Macpwn

Congrats to @RZ_fluorescence on being named Master of Pwn for #Pwn2Own 2018! His exploits for Edge and Firefox earned him $120,000, this sweet jacket, and the trophy. His exploits for Edge and Firefox earned him $120,000, this sweet jacket, and the trophy.

. When we write Naked Security articles about Mac malware, we often end up creating a bit of a stir.

Usually that’s not on account of the malware itself, but on account of us writing about it in the first place. Here’s how it goes down. We write the article. The politically-sensitive Apple fanbuoys come out swinging, saying we only write about Apple malware because we’re down on Cupertino. The artistic fanbuoys (Apple users who are in a band, for example) chime in even more fiercely, saying Mac malware is a figment of everyone else’s unimaginative delusion.

Dwn Of Pwn For Macpwn

The geeky fanbuoys (the ones who know where bash is, and what it’s for) come out firmly to remind us – utterly without any accuracy – that if it doesn’t ask for the Admin password, it can’t be malware. And then the long-suffering but battle-hardened Windows users pop up and say, “Back in 1991, we felt the same way.

It didn’t end well.” Those of a philosophical bent repeat, with sincerity and concern, the words of. “Those who cannot remember the past are condemned to repeat it.” So, with a deep breath, here’s some Mac malware news.

There’s been a touch of fuss in the media about it, which is the first reason we thought that we ought to tell you about it; the second reason is that it has an engagingly curious name: NetWeird. (No, I don’t know why, either.) NetWeird is interesting primarily because it is uninteresting. It’s not very well written; it’s not very well tested; it’s probably not going to catch you unawares (but watch out if you’re in a band!); and so far as we can tell, it’s not in the wild.

But someone has gone to the trouble of creating it and, at French Mac anti-virus outfit Intego, is actually trying to sell it on the underground market for the ambitious price of $60. And that makes it interesting: it seems that the crooks really are getting into the habit of churning out new Mac malware, not to show how clever they are, but merely to see if they can repeat the trick that’s worked on Windows for years: making money out of next to nothing. Those who remember the past often choose to repeat it, especially if there’s money to be made. And now about the malware. NetWeird installs itself into your home directory as an application bundle called WIFIADAPT.app.app.

That makes it rather obvious. It adds itself to your login items, presumably with the intention of loading up every time you reboot your Mac. But a bug means that it adds itself as a folder, not an application.

All that happens when you log back in is that Finder pops up and displays your home directory. NetWeird also calls home to a hosted server located in The Netherlands. This makes it a bot, or zombie. Bots use an outbound connection to listen for command-and-control signals from a cybercrook known as a botmaster.

This works because a TCP connection, once established, is fully bidirectional, so the client side can behave as a server, and vice versa. The commands that the bot can process allow it to run arbitrary programs via the shell, monitor running processes, take screenshots, exfiltrate files, and to rummage through the password files of well-known third-party browsers and email clients Opera, Firefox, SeaMonkey and Thunderbird.

You’re not likely to see this thing, but if you do, will mop it up for you under the name. If you do get infected, deleting the above-mentioned application bundle and rebooting should get it off disk and out of memory. And if you’re running Mountain Lion in its default security settings, you won’t be able to run it anyway, because it’s not from the App Store and isn’t digitally signed by an Apple-endorsed developer. That’s about all you need to know about it. “the second reason is that it has an engagingly curious name: NetWeird. (No, I don't know why, either.)” You can blame our analyst, Brod, for that he was the first to add detection for NetWeird (a month ago) and he gave it that name. The app calls itself “NetWire Remote Control” but we often opt not to “promote” (for lack of a better word) the author's work.

So Brod just shuffled the letters a bit. “NetWeird is interesting primarily because it is uninteresting.” The fact that Brod didn't bother to blog about it one month ago when he discovered it yeah, it's uninteresting.

I remember that MacAddict CD December 1998, and contained the AutoStart worm. At that point, I had already disabled AutoStart on my Mac, as it seemed like a really insecure and annoying feature. I didn't use Office on my Mac (Claris/AppleWorks and the translators worked just fine), and Disinfectant and GateKeeper handled all the 68k Mac malware just fine, so I was happy to see that I had inadvertantly protected myself from this undetected beast too 🙂 Now fourteen years later, I find myself in the same place by keeping Flash, Java and PDF plugins out of my default web browser (and running SAV instead of Disinfectant+GateKeeper). The MacAddict thing really drove home to me though that I had to treat all external content as untrustworthy though, and that being protected against what had been done in the past wasn't enough to protect me against attacks in the future. It just kills me when these totally clueless Mac fanboys ( I am one, but I am not clueless on security) give the admin password scenario.

Then I go, have you heard the descriptive words ” authentication bypass malware”? Have you heard the words “vulnerability” install? NOW combine the two. Then add the fact that there is probably 20-30 of these unintentionally build right into OS X because the Apple coders are human. It just takes time to find them. Just hope it is a white hat. Some of these fanboys are so smart too.

But in this case, they are smart by a half. The notion that 'if there's no distribution mechanism built in, it's a joke' is a bit of a myth, I'm afraid. The Flashback malware, for example, which hit some 600,000 Macs earlier this year, was injected onto infected Macs by a so-called 'drive-by install' that used a Java exploit. The drive-by installer piece needn't be part of the malware that is ultimately delivered and left behind. Indeed, the installer and the malware are very often quite separate, so that the crooks can use the same exploit to deliver multiple items of malware, and can deliver the same malware via multiple exploits. And the notion that 'if you choose to install something that turns out to be malware you deserve to suffer for it' is just holier-than-thou claptrap, if you don't mind me saying so. It's a bit like saying that people who get mugged because they wander into the wrong part of town were somehow asking for it.

Sure – they could have taken better precautions. But they're victims nevertheless. I prefer 'botmaster', if that's OK. I think that the meaning is pretty clear, and it's in widespread mainstream use in technical articles. 'Bot herder' sounds a bit too respectable to me. It's evocative of the noble profession of shepherd – I end up imagining bot herders all seated on the ground, watching their flocks by night with glory shining around &c. 'Botmaster', on the other hand, reinforces the degree of authority and control the crook enjoys over your computer.

Written as one word, I imagine a quartermaster, not a shepherd. I imagine the flock not lovingly guarded out in the fields by night by outdoorsmen with biblically-proportioned beards, but penned up ready for the slaughter, intimidatingly attended by a strident Sergeant Major with well-polished boots and a precisely-waxed moustache. In short: a botmaster is a bot herder with a swagger stick and a Browning HiPower. Perhaps the most interesting (and justly tragic) thing about NetWeird is that Mac fanboys who blindly deny the Mac's vulnerability are those most likely to fall prey to something that could so easily be prevented if they would only remove their heads from their nether throats. For the record, I'm a confirmed Macaholic (although I do use Windows occasionally), an artist (a composer, multi-instrumentalist, and producer), and I know what the Bourne-Again SHell is (although I don't use it).

I'm not a coder (well, except for some rudimentary AppleScript, HTML, and CSS), and I know that I DON'T know enough to about malware to be complacent about it. I use Little Snitch, Sophos AV for Mac, NoScript with SeaMonkey, and (hopefully) a bit of common sense in the things I click on in email and online. I keep my software updated, and I read NakedSecurity. Sometimes the folks in Cupertino do things that piss me off royally.

If I'm an Apple fanboy, I suspect I'm not a typical one. Thanks for a great article, Paul. Don't get too cheesed off, because I'm about to offer some criticism here, but 'trollish' is rather what I thought of your blog. For example, when you say 'for the next eight (8) years, the China government-assisted Red Hacker Alliance succeeded in 'PWNing' (OWNing) or botting every single US government Windows-based computer exposed to the Internet,' my inclination was to think that this might be a slight overstatement. Where you comment on the Flame malware, asserting that 'it could infect and PWN any Windows-based computer by a mere drive-by Internet infection,' I thought you might be disparaging the more security-savvy Windows user just a little. Where you used – and capitalised – the word LUSER to describe the person at the keyboard, I felt that you might have picked a less insulting word. And when you recommended that the aforemention LUSERS ought to 'ONLY download software from trusted sites like.

CNET,' I found myself wishing you'd balanced that advice with mention of 'the nmap incident', where CNET did something very naughty: I trust you will take these remarks in the spirit they are intended: critical, to be sure, but not inane. Derek, is the classic fanboy, but he has a soapbox blog that disallows posting comments of rebuttal on his blog so his “purple sky” view of security and his love for the word “” FUD”” can be used to excess. Back a bit on his blog he was the “sorry macs don’t get infected because WE/OS X have the admin password that pops up to warn use of the install. 2012 coming onto 2013, look what we have seen. I have had many posting back and fourths with him on that the Mac has not seen “the pros” attack the Mac. Then 3 months later up to 900,000 Mac get pwnd. Almost equal to Conficker infection rates on the PC.

Nothing, even the truth about the vulnerabilities/exploits and lack of truly pro hackers hitting OS X or organizations like China’s Red Dawn or The Russian Business Network that have not put their sites on OS X yet will ever change his mind. Derek is a true zealot. Derek, open up your blog, or is the fear of another opinion other then yours scaring you?

You have let a few comments in,but ONLY when they “back up” your very narrow view on Mac security.

Charlie Miller's Safari web browser exploit, which won him a new Mac laptop at last week's Pwn2Own competition, once again ignited the discussion about Mac OS X security., Mr. Miller, who uses a MacBook on a daily basis and who used to work at the National Security Agency, said: 'Any security expert knows that Mac OS X is less secure than Windows.' He continued: 'The question is which is SAFER. Because Mac OS X is still relatively rare, it is actually a little safer. But it has nothing to do with it being more secure, but rather, that bad guys are entirely focused on Windows at the moment due to the overwhelming market share Windows has.

At this time, I still don't recommend anti-virus for Mac OS X users, because there simply isn't much malware for that platform. However, if Mac OS X market share ever goes up, there will be a landslide of exploits and malware.'

When asked if Mac users should be worried, he responded: 'They should definitely be a little worried.' However, there's a perception among many computer users that Mac OS X is inherently secure while Windows isn't, which Mr. Miller said is wrong: 'Everything you could do on a Windows machine: turn it into a 'bot,' send spam, perform DDOS distributed denial of service, etc. Can be done from a compromised Mac.

'I have been talking about this issue for a while because I don't want it to come to some large worm or other security issue to force Apple into action,although I'm afraid that is what it will probably take. I want to see Apple become more secure.

Until the bottom line is affected, I don't see major changes coming from them. Ironically, Microsoft spends a ton on security, is more secure, but is perceived as less secure!' Miller also delved into the reasons why he thinks OS X is less secure, which he said boil down to 'two technologies that Windows has that Mac OS X lacks, specifically, are Address Space Layout Randomization (ASLR) and a non-executable heap. These two things make it very hard to write exploits (the code that gains control of your computer) in Windows.' He noted that the iPhone has a non-executable heap, which is part of the reason why the smartphone wasn't cracked during last week's competition, and he said that he 'heard a rumor that Snow Leopard Mac OS X version 10.6 will have ASLR.'