600,000 Infected Macs 247 in Cupertino

 

Generally it is considered that only Windows computers are the ones that can get infected with backdoor trojan but the scenario has changed overtime. Recently a large number of Macs (600,000 plus Macs including 247 from Cupertino: its the Apple HQ) were found infected with a backdoor trajan Flashback (  Trojan-Downloader.OSX.Flashfake.ab ) . Its is to be noted that the trojan works on venerability of  Java ( Java 6 update 31.) and not the core Mac OS.How ever the fault which I see of Apple is that they did not patch the CVE-2012-0507 exploit even after 6 weeks.

If you are reading this on your shiny new MacBook Pro or a Mac you should be thinking by now how to remove it. Well here is a guideline on finding if you are infected with Flashback trojan.

Manually removing Flashback Trojan.

 

Manual Removal Instructions

  • 1. Run the following command in Terminal:defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  • 2. Take note of the value, DYLD_INSERT_LIBRARIES
  • 3. Proceed to step 8 if you got the following error message:”The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”
  • 4. Otherwise, run the following command in Terminal:grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%
  • 5. Take note of the value after “__ldpath__”
  • 6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironmentsudo chmod 644 /Applications/Safari.app/Contents/Info.plist
  • 7. Delete the files obtained in steps 2 and 5
  • 8. Run the following command in Terminal:defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
  • 9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:”The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
  • 10. Otherwise, run the following command in Terminal:grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%
  • 11. Take note of the value after “__ldpath__”
  • 12. Run the following commands in Terminal:defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIESlaunchctl unsetenv DYLD_INSERT_LIBRARIES
  • 13. Finally, delete the files obtained in steps 9 and 11.

Please note that I cant assure you that following these steps will remove ALL traces of the Flashback trojan, its highly recommended that you install a antivirus for Mac and run a through scan after updating it.

Steps to help protect your Mac from future attacks.

1 Create a non admin account in your Mac. And use it for daily purpose like checking emails and surfing internet.(the account that is generally created by default and you use has admin rights)

2 Download and use a secure browser. I recommend to use Google Chrome as it got a sandboxing plus it also comes with a sandboxed flash player of its own.

3 After you have downloaded and installed the new browser dont forget to make it your default browser.

4 Uninstall or update the default flash player (Apple does not update the flash player regularly) Note: As you have default Google Chrome you no longer need the default flash player as Chrome comes with the updated flash player.

5 Uninstall/Disable Java, Apple does not regularly updates the Java it generally does after months since the release of it, and its not possible to manually update it on Mac. So if you don’t want to uninstalled it because you use some java web applets it is recommended that you at least  disable it from Safari browser.

6 Update your Mac software on a regular basis, it wont cost you a dime but will save you from known vulnerabilities.

7 Install a good antivirus for Mac. And update and run the antivirus from time to time.

8 Install the Little Snitch, it is a firewall program that shows you which application is trying to use the network and offers you to allow or block that application to connect to network.

 

Apple has yet to come up with a tool to remove the Flashback Trojan but guys from Kaspersky has come up with a tool which can be downloaded from here.

“The new iPad”

The New Apple iPad
The New Apple iPad

7th March 2012 at Apple Event “the new iPad” was released, having retina display of resolution 2048 X 1536 cramped in 9.7″ that’s 3.1 million pixel, which will put HD TV to shame. Surprisingly “the new iPad” is not called iPad3 ! Phil Schiller(Apple’s Senior Vice-President of World-Wide Marketing) revels the reason as “because we don’t want to be predictable”

First there was iPad then came the iPad2 and now (new) iPad…iCall it circle of life!

The iOS 5.1 was also released on this day which brings Siri support to Japan.

Models

Wi-Fi and Wi-Fi+4G

Size and Weight1

  • Height: 9.50 inches (241.2 mm)
  • Width: 7.31 inches (185.7 mm)
  • Depth: 0.37 inch (9.4 mm)
  • Weight: 1.44 pounds (652 g)
  • Height: 9.50 inches (241.2 mm)
  • Width: 7.31 inches (185.7 mm)
  • Depth: 0.37 inch (9.4 mm)
  • Weight: 1.46 pounds (662 g)

Storage

16GB

32GB

64GB

 

Display

  • Retina display
  • 9.7-inch (diagonal) LED-backlit glossy widescreen Multi-Touch display with IPS technology
  • 2048-by-1536-pixel resolution at 264 pixels per inch (ppi)
  • Fingerprint-resistant oleophobic coating
  • Support for display of multiple languages and characters simultaneously

Chip

  • Dual-core Apple A5X custom-designed, high-performance, low-power system-on-a-chip with quad-core graphics

Wireless and Cellular

  • Wi-Fi (802.11a/b/g/n)
  • Bluetooth 4.0 technology
  • Wi-Fi (802.11a/b/g/n)
  • Bluetooth 4.0 technology
  • Wi-Fi + 4G for AT&T model: LTE (700, 2100 MHz)3; UMTS/HSPA/HSPA+/DC-HSDPA (850, 900, 1900, 2100 MHz); GSM/EDGE (850, 900, 1800, 1900 MHz)
  • Wi-Fi + 4G for Verizon model: LTE (700 MHz)3; CDMA EV-DO Rev. A (800, 1900 MHz); UMTS/HSPA/HSPA+/DC-HSDPA (850, 900, 1900, 2100 MHz); GSM/EDGE (850, 900, 1800, 1900 MHz)
  • Data only4

Carriers

at&t and Verizon

Cameras, Photos, and Video Recording

  • 5-megapixel iSight camera
  • Autofocus
  • Tap to focus
  • Face detection in still images
  • Video recording, HD (1080p) up to 30 frames per second with audio
  • Video stabilization
  • FaceTime camera with VGA-quality photos and video at up to 30 frames per second
  • Photo and video geotagging

Battery and Power5

  • Built-in 42.5-watt-hour rechargeable lithium-polymer battery
  • Up to 10 hours of surfing the web on Wi-Fi, watching video, or listening to music
  • Charging via power adapter or USB to computer system
  • Built-in 42.5-watt-hour rechargeable lithium-polymer battery
  • Up to 10 hours of surfing the web on Wi-Fi, watching video, or listening to music
  • Up to 9 hours of surfing the web using cellular data network
  • Charging via power adapter or USB to computer system

Input and Output

  • 30-pin dock connector port
  • 3.5-mm stereo headphone minijack
  • Built-in speaker
  • Microphone
  • 30-pin dock connector port
  • 3.5-mm stereo headphone minijack
  • Built-in speaker
  • Microphone
  • Micro-SIM card tray

Sensors

  • Accelerometer
  • Ambient light sensor
  • Gyroscope

Location

  • Wi-Fi
  • Digital compass
  • Wi-Fi
  • Digital compass
  • Assisted GPS
  • Cellular

Audio Playback

  • Frequency response: 20Hz to 20,000Hz
  • Audio formats supported: HE-AAC (V1 and V2), AAC (8 to 320 Kbps), Protected AAC (from iTunes Store), MP3 (8 to 320 Kbps), MP3 VBR, Audible (formats 2, 3, and 4, Audible Enhanced Audio, AAX, and AAX+), Apple Lossless, AIFF, and WAV
  • User-configurable maximum volume limit
  • Dolby Digital 5.1 surround sound pass-through with Apple Digital AV Adapter (sold separately)

TV and Video

  • AirPlay Mirroring to Apple TV (2nd and 3rd generation) at 720p
  • AirPlay video streaming to Apple TV (3rd generation) at up to 1080p and Apple TV (2nd generation) at up to 720p
  • Video mirroring and video out support: Up to 1080p with Apple Digital AV Adapter or Apple VGA Adapter (adapters sold separately)
  • Video out support at 576i and 480i with Apple Composite AV Cable (cable sold separately)
  • Video formats supported: H.264 video up to 1080p, 30 frames per second, High Profile level 4.1 with AAC-LC audio up to 160 Kbps, 48kHz, stereo audio in .m4v, .mp4, and .mov file formats; MPEG-4 video up to 2.5 Mbps, 640 by 480 pixels, 30 frames per second, Simple Profile with AAC-LC audio up to 160 Kbps per channel, 48kHz, stereo audio in .m4v, .mp4, and .mov file formats; Motion JPEG (M-JPEG) up to 35 Mbps, 1280 by 720 pixels, 30 frames per second, audio in ulaw, PCM stereo audio in .avi file format

Mail Attachment Support

Viewable document types: .jpg, .tiff, .gif (images); .doc and .docx (Microsoft Word); .htm and .html (web pages); .key (Keynote); .numbers (Numbers); .pages (Pages); .pdf (Preview and Adobe Acrobat); .ppt and .pptx (Microsoft PowerPoint); .txt (text); .rtf (rich text format); .vcf (contact information); .xls and .xlsx (Microsoft Excel)

Languages

  • Language support for English (U.S.), English (UK), Chinese (Simplified), Chinese (Traditional), French, German, Italian, Japanese, Korean, Spanish, Arabic, Catalan, Croatian, Czech, Danish, Dutch, Finnish, Greek, Hebrew, Hungarian, Indonesian, Malay, Norwegian, Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Slovak, Swedish, Thai, Turkish, Ukrainian, Vietnamese
  • Keyboard support for English (U.S.), English (UK), Chinese – Simplified (Handwriting, Pinyin, Stroke), Chinese – Traditional (Handwriting, Pinyin, Zhuyin, Cangjie, Stroke), French, French (Canadian), French (Switzerland), German (Germany), German (Switzerland), Italian, Japanese (Romaji, Kana), Korean, Spanish, Arabic, Bulgarian, Catalan, Cherokee, Croatian, Czech, Danish, Dutch, Emoji, Estonian, Finnish, Flemish, Greek, Hawaiian, Hebrew, Hindi, Hungarian, Icelandic, Indonesian, Latvian, Lithuanian, Macedonian, Malay, Norwegian, Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian (Cyrillic/Latin), Slovak, Swedish, Thai, Tibetan, Turkish, Ukrainian, Vietnamese
  • Dictionary support (enables predictive text and autocorrect) for English (U.S.), English (UK), Chinese (Simplified), Chinese (Traditional), French, French (Canadian), French (Switzerland), German, Italian, Japanese (Romaji, Kana), Korean, Spanish, Arabic, Catalan, Cherokee, Croatian, Czech, Danish, Dutch, Estonian, Finnish, Flemish, Greek, Hawaiian, Hebrew, Hindi, Hungarian, Indonesian, Latvian, Lithuanian, Malay, Norwegian, Polish, Portuguese, Portuguese (Brazil), Romanian, Russian, Slovak, Swedish, Thai, Turkish, Ukrainian, Vietnamese
  • Dictation support for English (U.S., UK, and Australian), French, German, Japanese

Accessibility

  • VoiceOver screen reader
  • Support for playback of closed-captioned content
  • AssistiveTouch interface for adaptive accessories
  • Full-screen zoom magnification
  • Large fonts
  • White on black display
  • Left/right volume adjustment

Environmental Requirements

  • Operating temperature: 32° to 95° F (0° to 35° C)
  • Nonoperating temperature: -4° to 113° F (-20° to 45° C)
  • Relative humidity: 5% to 95% noncondensing
  • Maximum operating altitude: 10,000 feet (3000 m)

System Requirements

  • Apple ID (required for some features)
  • Internet access6
  • Syncing with iTunes on a Mac or PC requires:
    • Mac: OS X v10.5.8 or later
    • PC: Windows 7; Windows Vista; or Windows XP Home or Professional with Service Pack 3 or later
    • iTunes 10.6 or later (free download from www.itunes.com/download)

In the Box

  • iPad
  • Dock Connector to USB Cable
  • 10W USB Power Adapter
  • Documentation

Built-in Apps

  • Safari
  • Photos
  • App Store
  • Maps
  • Photo Booth
  • Reminders
  • Camera

Ethical Hacker of Facebook gets Jailed.

Glenn Mangham
Glenn Mangham

 

A 26 years old British student,Glenn Mangham, landed up behind the bars(duration of 8 months) for bypassing the security at Facebook. He breached the webserver at Facebook that maintained the Puzzles to software engineers who are willing to work for the company. Glenn gained the access of Facebook employee Stefan Parker, and then later used it to access Mailman server that is used to run internal and external email lists, and the Facebook Phabricator server used by internal developers.

Facebook had to spent US $200,000 (£126,400) for the outcome of the hack on  “concerted, time-consuming and costly investigation” by the FBI and British law enforcement.

Glenn’s response to the hack was

“It was to identify vulnerabilities in the system so I could compile a report for lack of a better word that I could then bundle off to Facebook and show them what was wrong with their systems.”

To which Judge Alistair McCreath said the following

“This was not just a bit of harmless experimentation – you accessed the very heart of the system of an international business of massive size.”

“This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled… Potentially what you did could have been utterly disastrous to Facebook.”

It is to be noted that previously Glenn was awarded by Yahoo for finding out the security loop holes of the company.

As mentioned by one of the Daily Mail report Glenn is believed to have  Asperger’s Sydrome,  which is very common to most of the famous hackers who have fought with the law enforcement.

 

 

Carrier IQ – Your mobile operator secretly collects your personal data.

Recently it has been found that mobile operators(mostly US operators) are installing an app  called Carrier IQ that collects user data without any sort of approval and there is no way to force quit the application. Its been found in Android platforms mainly although its being told that BlackBerry and iPhones also have this app pre installed. The app that is installed htmlTo help you select a driving school that is suited for you, we have prepared some questions you may use to help you in your selection. in the Android platform was found out by a security researcher which he showed in this YouTube video.It clearly shows what it collects, the key press, sms,URLs that you visit from the cell phone browser (even when you are using it in wifi only mode)

 

RIM giving away free apps for BlackBerry in App World

A Thank You Gift from BlackBerry
A Thank You Gift from BlackBerry

RIM, is giving away free apps on its App World for BlackBerry and PlayBook to its customers as a Thank You gift for the recent service outrage. This is a very good approach from the RIM. At least they did not say that I am not holding it right when their devices were not working properly .

It started from 19th October (for some customers 20th November) and will be available till 31st December.

The free apps are worth more than $100. Here is the list.

  • SIMS 3 – Electronic Arts
  • Bejeweled – Electronic Arts
  • N.O.V.A. – Gameloft
  • Texas Hold’em Poker 2 – Gameloft
  • Bubble Bash 2 – Gameloft
  • Photo Editor Ultimate – Ice Cold Apps
  • DriveSafe.ly Pro – iSpeech.org
  • iSpeech Translator Pro – iSpeech.org
  • Drive Safe.ly Enterprise – iSpeech.org
  • Nobex Radio™ Premium – Nobex
  • Documents To Go Premium Edition – RIM/DataViz
  • Shazam Encore – Shazam
  • Vlingo Plus: Virtual Assistant – Vlingo

Full press release by RIM

Android 4.0 Ice Cream Sandwich

Google released its latest version of mobile operating system, Android 4.0 named “Ice Cream Sandwich” along with its new Google branded phone Galaxy Nexus  in association with Samsung. It got many new features and updates from the previous online casinos versions like:

Face Unlock

Robot Font

Magazine style views

New Picture sharing style

Better Multitasking

Control over data usages.

and more…

check the video by Google to know more will post the walkthrough video later.

[youtube=http://www.youtube.com/watch?feature=player_embedded&v=JpLjvrKtOT4]

Job less World

Young Steve Jobs

5th October 2011 world lost Steve Jobs, the magician of technology. We all knew that this day will come but no one expected it to come so soon. The death of Steve Jobs is not only a loss for Apple Inc but to all the Apple fans, and to the whole world. I myself has been a big fan of Steve Jobs, not only a fan but he is my role model. Steve Jobs was born in San Francisco, California on February 24th , 1955. Steve’s biological parents were unwed college graduates Joanne Simpson and Abdulfattah Jandali. Steve was adopted by Paul Jobs and Clara Jobs. Steve’s biological mother said that she would only allow to adopt their child if only Steve was sent to college when he grows up.  But years later when Steve grew up and went to Reed College in 1972 he found that he was wasting his parents heard earned money by going to college. He found that the things which are taught in the college wont help him to achieve things that he wants from his life, and he dropped out from college. No one expected a guy who drops out of college, goes on to experiment with LSD, collected coke bottles to earn money will one day make a company like Apple, with so many innovation in his name.

I salute you Mr. Steve Jobs for the things that you have done to computing without you there would not have been so many innovations and we would not have think differently, may your soul rest in peace. Wish to meet you in heaven, after many decades from now.

Google+ had memory issue and it spammed its users.

Google+ spammed its users.

Recently Google Inc launched a new service known as Google+ As most of Google’s products it started with invitation only service. But that did not stopped  the server space to run out within two weeks or so. This made the server repeatedly send notifications and i spammed the Google+ users.

The Google+ senior vice president Vic Gundotra admitted “Please accept our apologies for the spam we caused this afternoon,” he wrote on his Google+ page. “For about 80 minutes we ran out of disk space on the service that keeps track of notifications. Hence our system continued to try sending notifications. Over, and over again. Yikes.”

It was a bit surprising to see a company like Google facing a issue like this. And this is not the first time Google messed up. It deleted some mails of some poor Gmail users, the whole Google Buzz privacy issue. I really hope that in future Google wont make such careless mistakes with its upcoming online services.