|Home » Industry Watch » The Technological
There are evidently several viruses going around. Some evidently produce delirium and nonsensical babbling.
He's a well known name amongst the Landed Gentry of Security - and not just as a 'partner in crime' either but as a bona fide good researcher. Which makes the following outburst all the more surprising. Ladies and gentlemen: Gadi Evron.
For whoever didn't hear, there is a Macintosh trojan in-the-wild being dropped, infecting mac users.
Yes, it is being done by a regular online gang--itw--it is not yet another proof of concept. The same gang infects Windows machines as well, just that now they also target macs.
This means one thing: Apple's day has finally come and Apple users are going to get hit hard. All those unpatched vulnerabilities from years past are going to bite them in the behind.
I can sum it up in one sentence: OS X is the new Windows 98. Investing in security ONLY as a last resort losses [sic] money, but everyone has to learn it for themselves.
The first item on the agenda is to teach Gadi to distinguish between what in his eyes appear to be identical objects. The objects depicted in the images below are in fact different. Can Gadi tell them apart?
Despite their striking similarities these images actually depict different objects. Can Gadi tell them apart?
Gadi's Postgraduate Course
Now that Gadi's finished his undergraduate curriculum it's time to move on to bigger and better and more important things.
Like what the Landed Gentry of Security chat about all the time over Veuve Cliquot.
For the codec exploit written about so hysterically at Tom Cruise's website wasn't an exploit at all - it was a scam.
It in no way circumvented system security. It didn't find a zero day hole. There is no chink in the armour. There was no breach.
What you see here for example - turn on your SWF - as enacted by the Real Hustle team - is also a scam but it's more: it's an exploit. It breaks a weak security system.
In this case WEP.
It relies not only on tricking the mark but on breaking through security. WEP security.
And that makes it a security concern.
If the Real Hustle team had knocked on Andrew Smith's door and said they were from HM Revenue & Customs come to seize his computer and had in fact carried it off - then it would no longer have been an exploit.
It would have been a scam. Only a scam. It would have been no more an exploit than tricking someone into thinking they're installing a codec.
Let's hope Giddy Gadi can now learn for himself.
The Technological — The Real Hustle™