The Mac Security Blog
The Macworld | iWorld Expo opens tomorrow in San Francisco, but even if you can’t make it to the show, you can get a special offer on Intego software. To help you keep your Macs secure, Intego is offering a special discount on its software to protect you from the dangers of the Internet.
Get protection from viruses, malware and network attacks, tools to back up your essential files and filter out spam, or to keep your children sheltered from inappropriate web content. Intego has the programs you need to protect you and your Macs.
Intego is offering a 40% discount on any Intego X6 or Dual Protection product, purchased exclusively from the Intego online store. This includes standard packs and family packs, but not upgrades, renewals or accessories. To benefit from this discount, use the following code in the Intego online store (https://secure.intego.com/buynow/), through February 3, 2012: MWEXP12.
This promotion applies to the following Intego programs:
- VirusBarrier X6 – Protects your Mac from malware and network threat
- Internet Security Barrier X6 – The most comprehensive Mac security suite available
- VirusBarrier X6 Dual Protection – Protects your Mac from malware and network threats (Mac OS X and Windows)
- Internet Security Barrier X6 Dual Protection – The most comprehensive Mac security suite available (Mac OS X and Windows)
- Washing Machine 2 – Cleans up files that can slow down your Mac
This promotion is valid worldwide, only in Intego’s on-line store, and does not apply to software sold in Apple’s Mac App Store or iTunes App Store. This offer cannot be combined with any other offers or promotions.
The Opera web browser has been updated to fix a high-risk cross-scripting vulnerability, as well as a low-risk JavaScript issue. Version 11.61 also improves stability. In addition, Opera has added an auto-update mechanism. When launching version 11.60, users see an upgrade notice, and a message indicates that, “You will never have to upgrade manually again, because the newest version of Opera contains an auto-update mechanism.”
Google has updated its Chrome web browser for three high-risk vulnerabilities, bringing the program to version number 16.0.912.77. Google’s release notes point out that one of the bugs, regarding Safe Browsing navigation, “was fixed in 16.0.912.75 but accidentally excluded from the release notes,” so this release actually mentions four vulnerabilities, but only actually fixes three of them.
The Chrome browser auto-updates on Mac OS X, so you don’t have to worry about downloading a new version.
The year 2011 was the most active year for Mac malware since Mac OS X was released. It notably saw an extensive outbreak of sophisticated attacks that led users from Google image searches to web pages serving malware. Users seeking banal images – pictures of cats, trees or birds – were sent to web sites that told them that their Macs were infected by malware, and tried to get them to buy a program that would “clean up” their Macs. This malware went by many names, but was initially called Mac Defender.
2011 can be split into two unequal parts: before May 2, the day that Intego discovered the MacDefender fake antivirus, and after that day, when the Mac community realized that the malware threat had suddenly become much more serious. The Mac Defender fake antivirus used sophisticated social engineering tricks that had been proven effective on the Windows platform to trick Mac users. And Mac users weren’t ready for such deception.
As the summer ended, and Mac Defender and its variants were fading away, and when everyone thought the Mac malware situation would calm down, a second malware attack, the Flashback Trojan horse, plagued Mac users. This, too, used social engineering to get Mac users to install a Trojan horse.
In addition to malware, there were plenty of privacy issues and hacking stories that affected Apple products and Mac users. Mac OS X and third-party software required a number of security updates. A new version of Mac OS X – 10.7 Lion – was released. And Steve Jobs passed away.
It was a very eventful year.
Read the full report – download a 2.6 MB PDF file.
The online shoe and apparel company Zappos, a subsidiary of Amazon.com, was recently hacked, and credentials for 24 million users were stolen. In an e-mail to the company’s employees, CEO Tony Hsieh said, “We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.” The company told customers:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
What is important to understand here is that the actual password was not recovered, but rather a “hash,” or, as Zappos says, a “cryptographically scrambled password.” Nevertheless, Zappos has reset its passwords for all of its customers, and they will see a request to create a new password the next time they try to log into the Zappos website. Also, the hackers did not obtain full credit card numbers. Nevertheless, the hackers did obtain e-mail addresses, which could be used for spamming or phishing campaign.
While passwords were not recovered in this hack (at least according to Zappos), they are sometimes obtained in this type of data breach. It’s worth pointing to an older blog post about choosing secure passwords to remind you not to use the same password on multiple sites, and how to come up with unbreakable passwords. Data breaches like this one are common; it’s a good idea to make sure your passwords are all secure, so if passwords are obtained in a data breach, hackers can’t use yours on other sites and see if it’s the same.
Apple has recently updated its Xprotect file quarantine system, used to check for malware downloaded by certain programs – notably Safari, Mail and iChat – but Intego has spotted a new variant of the Flashback Trojan horse, called OSX/FlashBack.J. This variant was released after Apple’s update, and Xprotect does not recognize it yet.
VirusBarrier X6′s generic signatures already detected this new variant, and will probably detect many future variants as well.