A computer programmer from Ohio was indicted for spying Mac users for 13 years

[captain_to_fire]

17 minutes ago, Drak3 said:

Asides for the last part, basically what happened in my company last year. Thankfully, the system we use for resumes is isolated from anything important.

You got a computer infected from a fake job application? That must've sucked.

[Drak3]

Just now, hey_yo_ said:

You got a computer infected from a fake job application? That must've sucked.

It was an easy fix, the malware wasn't even that bad.

[captain_to_fire]

59 minutes ago, tjcater said:

I guess I'm not the target of decently made emails Most of mine usually are fake student aid/loans, medicine/insurance, or some crappy I love you or want to get laid.

I remember that my Yahoo! Mail account that I no longer use typically gets spam emails from Canadian pharmacies selling Viagra and Rolex. Now my Outlook email's junk folder contains either promo messages from the mall or people wanting me to strip naked in a camera which I will never, ever do. 

 

[leadeater]

1 hour ago, hey_yo_ said:

Spam emails nowadays are much more clever unlike ILOVEYOU which will just annoy you. Let's say you own a company and you're currently hiring new employees. Me as an attacker can craft a job application that looks legit attached with either a word document containing a macro or a PDF file that contains a .exe inside which serves as the fake CV. Then I make a burner email from protonmail and send it to your human resources. Once the HR opens my fake job application including the attachment, the malware I made could either deliver a ransomware payload which will spread through the entire corporate network or an espionage malware to sniff login credentials and personal information just like in the OP or exploit CVEs such as SMB or Kerberos and later sell what I collected to the highest bidder or send your company to bankruptcy.

We had a PDF that exploited the custom font feature where the PDF reader will automatically ask to download it by using the given URL in that custom font, luckily the person that got it suspected it was dodgy AF and got us to check it. No AV scanner/spam filter can pick that sort of thing up and it's on the PDF readers to just remove that feature completely.

[zombienerd]

1 hour ago, hey_yo_ said:

then it's an oversight from Apple for having an unpatched vulnerability persist for 13 years.

How does a company patch their own users?   

[captain_to_fire]

18 minutes ago, leadeater said:

No AV scanner/spam filter can pick that sort of thing up and it's on the PDF readers to just remove that feature completely.

Maybe it’s tine for Microsoft to get rid of vulnerable legacy Macros permanently in Office 365. I think there are other ways to automate spreadsheets in Excel without relying on Macros. 

[Beskamir]

Not sure if this is a job application or the guy's regretting not getting a job at the NSA 13 years ago. Cause obviously it's perfectly okay if the government does it but as soon as a single individual does the same thing everyone loses their minds.

[captain_to_fire]

1 hour ago, ElfFriend said:

Not sure if this is a job application or the guy's regretting not getting a job at the NSA 13 years ago. Cause obviously it's perfectly okay if the government does it but as soon as a single individual does the same thing everyone loses their minds.

Despite the Patriot Act enacted during the Bush Administration, do you really think the likes of Pentagon and NSA would hire a 15 y/o hacker?

[vorticalbox]

1 hour ago, hey_yo_ said:

Despite the Patriot Act enacted during the Bush Administration, do you really think the likes of Pentagon and NSA would hire a 15 y/o hacker?

If they showed significant skill for their age why wouldn't they? 

[Sauron]

Wait, if he's 28 now does that mean he developed the malware when he was 15...?

23 hours ago, leadeater said:

when you think about it but the DNA of Linux and Mac OS is even older mind you.

Unlike windows, unix-like kernels don't follow the policy of "just pile stuff on" to fix issues or add features... let's just say they don't feel their age nearly as much.

[captain_to_fire]

2 minutes ago, Sauron said:

Wait, if he's 28 now does that mean he developed the malware when he was 15...?

Yep. 

 

Looking back I probably should've studied code and metasploit in Kali Linux back when I was 15 so that instead of being incarcerated, I could've either got a career for the government or get paid even higher by tech companies in their bug bounty programs. 

[jagdtigger]

10 hours ago, hey_yo_ said:

Maybe it’s tine for Microsoft to get rid of vulnerable legacy Macros permanently in Office 365. I think there are other ways to automate spreadsheets in Excel without relying on Macros. 

It doesnt seem they will, at my uni we have to learn Excel VBA and its a PITA...

Edited January 13, 2018 by jagdtigger

[A_Mediocre_Kangaroo_Farmer]

16 hours ago, DrMacintosh said:

So much effort to report on such a small topic.....

Hahaha would you like some fries with that salt?

[leadeater]

1 hour ago, Sauron said:

Unlike windows, unix-like kernels don't follow the policy of "just pile stuff on" to fix issues or add features... let's just say they don't feel their age nearly as much.

Actually the NT kernel isn't that bad, most things have been moved out of the kernel especially drivers. Most of the BSOD in the past were due to drivers and hardware faults crashing the system. Most things you'd expect to be in the kernel actually are not, like Storage Spaces which is partly why you can't boot from it.

 

Linux kernel isn't that light weight either but at least you can customize it. It's for this reason it's hard to comment on which is bigger or more bloated etc, one you can see and change and the other you cannot.

[leadeater]

1 hour ago, jagdtigger said:

It doesnt seem they will, at my uni we have to learn Excel VBA and its a PITA...

What? Learning VBA now days? Why don't you just hit your hand with a hammer, just as useful.

[jagdtigger]

5 minutes ago, leadeater said:

What? Learning VBA now days? Why don't you just hit your hand with a hammer, just as useful.

Unfortunately yes... And on paper matlab too but we have to use octave instead.

 

/EDIT

To top it off sometimes i get stuff that i need to fill out from my workplace, and guess what? I cant do it in LO because its full of macros! Im basically a black sheep in the eyes of the personal department since told them either send something i can open normally or dont even send it .

Edited January 13, 2018 by jagdtigger

[vanished]

17 hours ago, Drak3 said:

Asides for the last part, basically what happened in my company last year. Thankfully, the system we use for resumes is isolated from anything important.

Smart.  Why do I get the feeling this is very uncommon

[Jito463]

On 1/12/2018 at 6:48 PM, hey_yo_ said:

wanting me to strip naked in a camera which I will never, ever do. 

I feel that if I ever did that, my computer would burn out its USB port in self-preservation, much like an animal chewing its own leg off. 

On 1/12/2018 at 7:12 PM, hey_yo_ said:

Maybe it’s tine for Microsoft to get rid of vulnerable legacy Macros permanently in Office 365. I think there are other ways to automate spreadsheets in Excel without relying on Macros. 

Macros aren't really the problem, it's the lack of a proper sandbox for the macros that makes them an issue.

[wasab]

Yeah... another reason for me to use Linux and use Symantec endpoint protection for Linux. You can never be too secure these days 

[captain_to_fire]

49 minutes ago, wasab said:

Yeah... another reason for me to use Linux and use Symantec endpoint protection for Linux. You can never be too secure these days 

It’s good that you use an enterprise grade endpoint protection but just so you know, the persistent malware’s code is Linux compatible so it’s a message that users of Linux and macOS shouldn’t get too cocky when it comes to security and since Linux is almost everywhere in the internet and macOS user base is growing significantly, targeted attacks on these platforms will just keep growing. 

Edited January 15, 2018 by hey_yo_

[captain_to_fire]

10 hours ago, Jito463 said:

Macros aren't really the problem, it's the lack of a proper sandbox for the macros

Isn’t Microsoft Office since version 2010 already have a sandbox feature called “Protected Mode”? 

[Jito463]

2 minutes ago, hey_yo_ said:

Isn’t Microsoft Office since version 2010 already have a sandbox feature called “Protected Mode”? 

As I understand it (based on my limited knowledge), the sandbox mode doesn't  work as well as it should.  I remember reading something about it, but I can't recall where.

[captain_to_fire]

16 minutes ago, Jito463 said:

As I understand it (based on my limited knowledge), the sandbox mode doesn't  work as well as it should.  I remember reading something about it, but I can't recall where.

I don’t know if it’s possible to sandbox macros in Office 365. Maybe @Windspeed36 or @leadeater can answer. 

[wasab]

2 hours ago, hey_yo_ said:

It’s good that you use an enterprise grade endpoint protection but just so you know, the persistent malware’s code is Linux compatible so it’s a message that users of Linux and macOS shouldn’t get too cocky when it comes to security and since Linux is almost everywhere in the internet and macOS user base is growing significantly, targeted attacks on these platforms will just keep growing. 

We linux users do not hand out root access to everything we downloaded from the web unlike the windows users who grant administrator privilege left and right. , Everything on the repo, the main source of our softwares, is very clean. Third party softwares are either .deb packages, those from third party PPAs, those in the form of .sh, or sourced codes we compile ourselves. Not many malware coders will bother writing codes for linux when so many linux users are more often than not be installing their software from the distro repo. Windows users are usually what they target.

 

I use end point just in case I get rare instances of windows malware that have cross platform capability and because my university provide it free of charge so why the hell not. 

[leadeater]

21 minutes ago, wasab said:

We linux users do not hand out root access to everything we downloaded from the web unlike the windows users who grant administrator privilege left and right. , Everything on the repo, the main source of our softwares, is very clean. Third party softwares are either .deb packages, those from third party PPAs, those in the form of .sh, or sourced codes we compile ourselves. Not many malware coders will bother writing codes for linux when so many linux users are more often than not be installing their software from the distro repo. Windows users are usually what they target.

 

I use end point just in case I get rare instances of windows malware that have cross platform capability and because my university provide it free of charge so why the hell not. 

Default admin privileges isn't a thing now. You have to turn down UAC settings, meaning you have to be intentionally stupid now days on Windows . Granted a lot of people turn UAC down to min/off resulting them right back at the issue of why it was implemented in the first place, which is the intentionally stupid part as mentioned.