Thursday
Apr052012

A Mac virus?

DateThursday, April 5, 2012 at 08:16PM
The recent discovery of the Flashback Trojan on Mac computers sparked a wonderful, colourful, excited debate about Mac security.
The first thing to remember is that yes, we do have Mac viruses, there are about 3 of them in the wild. Compared to Windows (last count I heard was 65,000) that's still extremely safe. I for one certainly won't be rushing to install anti-virus on my beloved Mac. Installing anti-virus is still the biggest way TO GET infected.
Apple has released a patch and if you do Software Update you're safe!
I think I saw this trojan the other day. I was on a questionable site (might have been researching how one would theoretically download TV shows...) and I got a pop-up asking for my password. Now let me think for a moment, I'm on a web site and it asks for my password...I think I'll pass. Up until now that has been the norm with Mac viruses, they needed to ask for your password to install properly. A bit obvious. Flashback apparently can bypass this and install silently.
There's a simple test to see if your Mac is infected. See http://bit.ly/Ia2J0X
Basically, you start Terminal and type two commands. You can cut an paste from the web site above. Oh gosh, I'm not infected.
So people, calm please. I never said there were NO Mac viruses, of course there are. Not counting variants, its a single digit number. Most of which you can only catch by downloading dodgy software. Yes there is one you can catch from dodgy web sites. Yes, being only 10% of the global market makes Apple slightly less of a target, but the underlying architecture of OSX makes it more secure.
Update: 11/4/2012 The number of infected Macs has dropped by half after Apple released a patch and took active steps to shut down the command and control servers running this trojan.
AuthorJohn Stephenson | CommentPost a Comment |
tagged in
Friday
Jan202012

7 IT New Years Resolutions

DateFriday, January 20, 2012 at 04:02PM
I'm writing a long piece on computer security. It might be a book or it might just be an incredibly long blog post, I don't know yet. But the core message can be summarised thusly;
1. Passwords. Get better with passwords, change them and don't use the same one on all your web sites.
2. Anti virus. Remove obsolete products, get current ones. Microsoft free being my pick for Windows and nothing at all being my pick for Mac. You are still more likely to GET a virus by trying anything on your Mac than if you leave it alone. A lot of the anti-this-and-that software on Mac is actually a virus in disguise.
3. Backup. Make an off site backup. 321. 3 copies, 2 different types of media and 1 off site. eg. External hard drive, DVD, Carbonite (or Dropbox or Crashplan).
4. Clean up your hard drive. Remove obsolete programs. Use Windows control panel add/remove programs. Mac users just delete the icon from your Applications folder.
5. Clean your keyboard, mouse and screen. Destroy a few billion germs. Turn it off, use an Iso-wipe or one of those hospital wipes in the little packet. You could consider stealing one next time you visit a friend in hospital. I am sure you can buy them somewhere...
6. Realistically evaluate if you need a new computer. The answer is probably No.
7. Be more productive and spend less time doing IT stuff. You bought your computer to get work done didn't you?

 

8. Write more blog articles, or at least publish more of the stuff you wrote. (oh, that one was for me) 

AuthorJohn Stephenson | CommentPost a Comment |
Thursday
Oct202011

Did RSA do something wrong?

DateThursday, October 20, 2011 at 04:37AM
RSA is a security company. They make those cute little tokens with the LCD window that displays a random number every 60 seconds, ever changing. Your bank (or similar) uses RSA tokens to provide a second factor to your login. You need your username and password (something you know) and the token (something you have) in order to login. This two factor authentication is much more secure than passwords alone. Even if someone guesses your password, they can't login without the token.
The most sacred information RSA holds is the database of cryptographic keys to every token they have ever made. The keys are the only way to know what magic number will appear on your token at any given time. That's the keys to the kingdom.
Well RSA got hacked. Apparently a secretary opened a malicious PDF in an email and her PC got infected. Nothing new there, happens every day. What happened next is her PC had access to this super secure database and the bad guys got the database.
What the bloody hell was the database doing on a network that can even spell Internet, let alone be connected to it? That is what RSA did wrong, very, very badly, wrong.
There are other brands of tokens out there and they are not affected, only RSA branded ones.
So if you have an RSA token, time to get it replaced. The keys are out there. If a thief knows the serial number of your token, they can calculate the magic numbers at any time. Serious.

 

AuthorJohn Stephenson | CommentPost a Comment |
Thursday
Oct202011

RIP Peter Neilsen

DateThursday, October 20, 2011 at 04:33AM

I first met Peter in the late 80's when he signed up as a customer for my bulletin board system (BBS). This was part of a full featured global network with email, files, forums and social networking, all years before the Internet became a public thing. It all ran on dial up modems and at 33k (modern broadband is 256-5000k typically) it ran well and rarely seemed slow. The cost of telephone lines, phone calls and the computers meant most BBS operators begged a subscription from their customers. Peter was my first subscriber and the most generous, taking the "premium package" without question.

We chatted online for hours before we ever spoke on a phone or met in person. We became the most unlikely of friends. Peter was a devoted Christian and of course I'm a Pagan. But religion never got in the way, in fact later on his church were most accepting and never made me feel unwelcome or uncomfortable. I continue to support them to this day through donations of computers.

Peter was practically house bound. There were a number of heart attacks and increasing "turns" where he blacked out, sometimes for hours, sometimes for a day or more. Apart from his insistence that chain smoking was the only thing that kept his synapse firing, Peter never complained and soldiered on. He often told me The Lord wasn't ready for him. Despite the differences in our beliefs, I have to admit this one made a lot of sense.

Later we started a business together around '94. I had a pile of used computers thrown out by my IT customers. They needed them removed, wiped and disposed of appropriately. This was years before anyone talked of e-waste or recycling. Peter suggested we re-furbish them and sell them to those that couldn't afford the latest and greatest. Peter was heavily involved with the Uniting Church and the Wesley Mission. He knew poor people. But rather than prey on them for a few bucks, Peter wanted to offer computers to those that couldn't buy one, but at a price they could afford. The sale price always reflected what they could afford. Many computers were "sold" for no money at. This was never a problem. Although we did trade a Mac which I wanted to blow up and Peter talked me out of it. (funny how my attitude to Macs has changed!)

Being the generous Christian he was, Peter helped out many less fortunate than himself. His wife Beryl became a minister and when she was posted to Queensland, Peter stayed, preferring the cold climate which better agreed with his medical condition and their husky dog.

A neighbour experiencing some kind of psychotic break attacked Peter with a knife, nearly killing him. Peter insisted on turning the other cheek and I believe no charges were ever laid. Beryl did step in and Peter joined her in Queensland.

Given his poor health and the years that followed, awful as it is to admit, I had assumed The Lord had Peter some years ago. News of his passing reached me a few weeks ago. So Jonathan and I will take a lunch in Peter's honour and remember our friend, the generous, the undefeated Peter the Great.

AuthorJohn Stephenson | CommentPost a Comment |
Thursday
Oct202011

RIP Steve Jobs

DateThursday, October 20, 2011 at 04:32AM

At the risk of Google deciding my blog is all about obituaries, I can not let the passing of Steve Jobs go un-blogged. Others have eulogised the man, his work and done a better job than I can hope for. But it is Steve Jobs the presenter that was my hero.

The presentation style of Steve Jobs is something for all (those that ever have to speak to another human being) to study and learn from. He was in my opinion the best orator, showman and speaker of our time. In an era dominated by (woeful) PowerPoint, Steve showed us a better way. His annual MacWorld keynote address was the highlight of the IT calendar for many years. He took the stage with the trademark black turtleneck and blue jeans, with no bullet points, a few simple images and stories that captured the world's imagination.

He put 1000 songs in our pocket. He promised to sell 10 million iPhones (in the first year) and went on to sell 13 million. He made technology sexy and changed the fortunes of geeks.

The presentation techniques that I teach are pure Steve. His style and methods translate to any subject. Effective communication will do that.

So long Steve, love your work.

AuthorJohn Stephenson | CommentPost a Comment |
Page 1 2 3 4 5 ... 6 Next 5 Entries ยป