Debate continues over whether Apple’s MacOS is inherently more safe from malware than Windows or if Macs simply aren’t targeted as often because of their smaller share of the PC market. Regardless, the fact is that MacOS isn’t immune, and new vulnerabilities arise on occasion that Mac users should keep in mind.One category of malware that has certainly affected Windows and not MacOS is the infamous Microsoft Word macro virus. That could be changing, as MacOS has now suffered its very first Word macro attack, as Ars Technica reports.While Word macros can significantly enhance the application’s value, they’ve fallen out of favor over the years because of their tendency to be abused by malicious parties. Now, people who have used Word over the years probably think twice about clicking on the “enable macros” button that pops up when they open a document with embedded macros. MacOS users now also have good reason to hit the “disable … [Read more...] about MacOS suffers its first-ever Word macro attack
The entire freaking tech industry is falling down on the job, and Apple, my favorite company in the world, is stumbling around too. What's worse is that it doesn't seem to care.Apple is the most profitable consumer tech company in the world, with billions of dollars in the bank -- so much that it's in the middle of a US$130 billion effort to return profits to shareholders. Yet the company can't seem to be bothered to imagine that iCloud user accounts could be compromised by brute force password attacks launched with a Python script offered up on GitHub?As the nude celebrity photo hacking scandal unraveled over the last few days, Apple's iCloud services initially were the target of blame. Tech experts suspected that perhaps a flaw in Apple's Find My iPhone service let hackers repeatedly try to guess a user's password in order to crack the front door to Jennifer Lawrence's iCloud account -- and the iCloud accounts of other celebrities.It turns out that particular flawdoesn't seem to have … [Read more...] about OPINION We Can Fly to the Moon, but We Can’t Secure the Cloud?
Modeling Trojan Horse attack on native lupineAt Point Reyes National Seashore in Marin County, Calif., a fierce battle is taking place under the oblivious, peeling noses of beachgoers. It's a battle between an invasive plant and a native plant, but with a new twist. The two plants, European beachgrass and Tidestrom's lupine, are not in direct competition, and yet the beachgrass is helping to drive the lupine over the cliff. European beachgrass provides cover that allows a timid deer mouse to get close enough to the lupine to snip off stalks of lupine fruits without being nabbed by overflying birds. In the August issue of Ecology, biologists at Washington University in St. Louis report on the interplay between these species in three lupine populations over a period of four years. Emily Dangremond, Eleanor Pardini and Tiffany Knight used field data to construct a mathematical model of lupine populations. The model predicts that if things go along as they have been so far, all three … [Read more...] about Trojan Horse attack on native lupine
One of the most common security challenges Linux and Unix IT administrators face is how to effectively manage the root or super-user account. In an age of regulatory compliance and data privacy laws -- and as more and more organizations elect to run mission-critical financial, CRM (customer relationship management), SCM (supply chain management) and other applications in heterogeneous Unix and Linux environments -- controlling and auditing privileged account access is more crucial than ever.Without proper controls, anyone with access to the root account -- the virtual "keys to the kingdom" -- is given complete super-user privileges without justification based on their job classification, specific duties or role within the IT department.This violates the security best-practices doctrine of least privilege, and can expose proprietary systems and information to malicious activity and sabotage that could result in catastrophic information leakage or mistakes that could bring down an entire … [Read more...] about EXPERT ADVICE Safeguarding the Keys to the Linux Kingdom
"Oracles are dumb," the great John Milton once wrote, and though it may not be the meaning he intended, that's a fair description of the prevailing sentiment in the Linux blogosphere these days.It's a single Oracle being referred to today, of course -- Oracle Corporation, that is, owner of Sun, jealous protector of Java and Solaris, and just possibly the most widely despised company in the FOSS arena of late, excepting of course Microsoft.Is it any surprise? Between its little lawsuit against Google and its decision to pull the plug on OpenSolaris, it surely must have expected at least a little Linuxy wrath.Let's just say it can't be disappointed."Is Oracle becoming an 'evil empire?'" was the headline over at ZDNet, for example."Oracle: The New Darth Vader?" was the question asked at PCWorld."Oracle is appearing to become more and more of a roadblock to Linux development," wrote helios on LXer, meanwhile. "If it can be used to make their stockholders happy, then we're in good shape, … [Read more...] about LINUX BLOG SAFARI Is Oracle Becoming the New Microsoft?
Some recent Iona Technologies announcements point up the growing practice of multiple ESBs within enterprises, often associated in a federated manner, and sometimes using ESBs tasked with specific types of integration duties.Iona is taking a "hybrid" approach to ESB offerings, with a coordinated open source and commercial strategy. [Disclosure: Iona has been a sponsor of BriefingsDirect podcasts.] Iona Technical Director Jim Strachan addresses some of the open source issues here. Iona has also upgraded its Artix ESB, and has partnered to bring a management dashboard benefit to the mix.These moves reflect how enterprises and service providers are using ESBs in innovative ways, in effect creating distributed ESBs to support SOA, SaaS and guerrilla SOA -- while building a path to holistic SOA that follows a crawl, walk, run ramp-up.Indeed, some new use traits are emerging on how ESBs are actually being used in the market. One is that multiple ESBs are often used, or come into play, rather … [Read more...] about ESBs Finding Their Place in the Mix
Google has made a name for itself by searching the Web, but securityresearchers doing their usual search for vulnerabilities have found flaws inthe company's software that could allow alterations of search results orassist in the malicious solicitations for information known as phishing.Google spent the first part of the week responding to a 2-year-old vulnerability posted to popular security site Bugtraq by JimLey, a security researcher. After Google indicated it had fixed the issue, UK firm Netcraftannounced another, similar vulnerability, which has also been addressed,according to Netcraft.The vulnerabilities, which involved the way the Google service generatedWeb pages without ensuring their legitimacy, could have allowed bogus sitesto show up in the Google search results.Those phony sites are the basis ofincreasingly serious phishing attacks, which involve tricking users intoproviding personal and financial information on official-looking sites.While they have been addressed, the … [Read more...] about Google Gaps Leave Search Susceptible
Love it or loathe it, there's no arguing that the adult entertainment industry has been at the forefront of technology throughout the growth of the Internet. The adult industry operates on a shoestring and has figured out how to deploy secure and scalable sites on the cheap. We'll take a cue from the system administrators of smut to get five easy lessons on managing uptime, security and lowering TCO (total cost of ownership) -- and all with a G rating.Why porn? Well, about 12 percent of the sites on the Web contain adult content. The online adult industry pulls in nearly US$5 billion a year worldwide. Most of the world's adult entertainment sites, a.k.a. porn sites, operate on a relatively thin budget, and almost all of them run on open source. There's plenty of adult content available online, so sites can't count on scarcity to drive business. There's money to be made, but only if a company is smart about its IT setup. Probably sounds a lot like your business, doesn't it? Aside from … [Read more...] about EXPERT ADVICE Porn’s Lessons on the Plentiful Possibilities of Perl and PHP
This is the second installment in a three-part series. Part 1 outlines the discussions that surround the evolution of the Linux kernel. Part 2 takes a look at the current state of opinions on the standardization process.When Microsoft won its bid to make Office Open XML an international standard last year, it was a pivotal moment for many in the FOSS community and beyond.The process had been a highly contentious one, with protests from nations and corporations around the globe, and the International Organization for Standardization's (ISO's) final decision was met with considerable shock, disbelief and even outrage on the part of some.Cynicism on the topic persists to this day, and debates can still be heard on the question of whether the standardization process is fundamentally broken. At the heart of it all lies one central question: Have standards become nothing more than a way to achieve vendor lock-in, or does openness still stand a fighting chance?"I stay away from standards … [Read more...] about FOSS Debates, Part 2: Standard Deviations
The Fedora Project on Tuesday announced Fedora 11, the latest version of its free open source operating system.Code named "Leonidas," Fedora 11 takes another whack at virtualization, a technology market in which its sponsor, Red Hat, is working hard to carve out a niche.It also has several features that make things easy for desktop users.Together with the operating system, the Fedora Project announced the beta test of Fedora Community, a portal that will make it easier for the volunteers working on Fedora to interact.Red Hat founded the Fedora Project in 2003 after the merger of the Red Hat Linux and Fedora Linux projects. While Red Hat employees work for the Fedora Project, it is -- in theory, at least -- operating independently.Still, he who pays the piper calls the tune, and Red Hat's return on its investment is that it benefits from the technical developments worked out in the Fedora Project."The Fedora Project's influenced somewhat by the contributions Red Hat makes to Fedora," … [Read more...] about Fedora Sets Leonidas Loose, Builds Collaboration Portal