Security companies estimate that Flashback infection rate is remaining steady, advise users to run update/malware removal tools

Posted by:
Date: Wednesday, May 9th, 2012, 06:18
Category: News, security, Software

Ok, guys, it’s time to update your Mac and help bring down the Flashback trojan malware infection rate.

Per CNET, following an effort to estimate how many Macs remain infected with the Flashback malware, the data from these monitoring efforts have suggested that despite early reports of the malware levels sinking rapidly from efforts by Apple, news organizations, and anti-malware companies, the levels of infections appears to be remaining constant.

The spread Flashback malware was facilitated by a neglected security hole in Apple’s Java runtime for OS X, and at its peak had infected around one percent of Mac systems. To tackle the spread of the malware, initially news organizations covered methods for manually removing the malware, followed by security companies issuing malware removal tools to facilitate this process. Apple then released a series of Java updates to close the vulnerability and also scan for and remove known instances of the malware.

During the time of these infections, security companies set up sinkhole servers and other techniques to monitor the network traffic from the Flashback infections, and determine how many unique computers had been infected with the malware. Following the peak of the malware infection on August 6, initial reports from the anti-malware efforts suggested the infection rates had dropped significantly, with the number of infected Macs decreasing to a reported low of 30,000 in 10 days. However, despite these claims the malware has remained active, and adjustments have had to be made to these numbers.

Following the reports of success at tackling the malware, security company Dr. Web revealed errors in the malware estimation calculations and suggested that the number of infected systems was in fact much higher. Security companies followed this news with more conservative estimates that suggested a more shallow fall in the malware, to an estimated 140,000 systems in late April.

Despite the higher numbers, the number of malware infections did fall from its peak, though while some have hoped the number to fall far lower, the malware appears to have fallen to a revolving infection rate of just over 100,000 Mac systems. In a new report by Intego, the company claims that in the past week it has observed the following numbers from its sinkhole operation:

04/30/2012 – 102,769 infected Macs

05/01/2012 – 96,948 infected Macs

05/02/2012 – 103,779 infected Macs

05/03/2012 – 121,826 infected Macs

05/04/2012 – 102,375 infected Macs

05/05/2012 – 118,593 infected Macs

05/06/2012 – 113,909 infected Macs

Intego notes that these numbers are only the active infections it monitors on a day-to-day basis, and is not the total number of Macs infected. The malware is only active when a user logs in and thereby suggests that this activity difference reflects a steady state variance in when people are using their Macs, which will revolve as Macs are used more in some parts of the world than at others. Therefore the total number of infected systems will likely be much higher at around the 140,000 of previous recent estimates.

Intego has further noted that despite the initial impact in the malware’s activity by community efforts, the numbers appear to no longer be declining and show indications that they may even be increasing. Intego speculates the reason for this is that a small percentage of users have not taken any effort to either update their systems, but it may be more than just updating. Apple has only offered updates and malware removal options for OS X 10.6 and above (its supported versions). However, this malware will infect systems with older versions of OS X, so even if the older versions have been kept up to date, they will be left vulnerable without Apple issuing a proper Java fix. Not only can they still contain the malware, but they also will be subject to new infections by any of its variants.

In short, if you have a Mac running Mac OS X 10.6 or later, please update the Java updates via Mac OS X’s built-in Software Update feature. And for Apple, well, a Flashback removal update for Mac OS X versions previous to Mac OS X 10.6 or later wouldn’t hurt…

Rumor: AppleCare training schedule now pointing towards June launch of Mac OS X 10.8 (Mountain Lion)

Posted by:
Date: Wednesday, May 9th, 2012, 05:30
Category: Rumor, Software

No one ever said it was easy to keep a secret.

Per AppleInsider, the EMEA (Europe, Middle East and Africa) division of AppleCare is allegedly hiring and training new staff on certain aspects of Apple’s upcoming OS X 10.8 Mountain Lion, possibly hinting that a release date is soon to arrive.

According to an unnamed source familiar with the matter, AppleCare EMEA is hiring a number of new employees who will serve as customer support for the new operating system that has yet to receive an official launch date.

The source went on to say that Mountain Lion may be just a few weeks from launch as internal training recently commenced regarding certain facets of the operating system. Apple usually restricts the operating window of support staff training to a minimum before large product release presumably to avoid leaks.

Though purely speculation, the training could point to a OS X 10.8 debut at WWDC 2012 which is scheduled to take place from June 11 to June 15.

OS X 10.8 Mountain Lion was announced on Feb. 16 with an expected release date of summer 2012. Beyond the basic information provided on Apple’s website, developer previews have revealed that the new OS will offer a bevy of new features like Messages and more comprehensive integration with iCloud that will further blur the line between OS X and iOS.

Stay tuned for additional details as they become available.

Security hole found in FileVault under Mac OS X 10.7.3

Posted by:
Date: Tuesday, May 8th, 2012, 06:04
Category: News, security, Software

Ok, this isn’t the best news in the world…

Per Crytome, Apple’s legacy FileVault Mac encryption system in OS X 10.7.3 has a security flaw that could allow malicious users to access stored passwords. According to the post, the issue only applies in specific configurations to users who have updated to OS X 10.7.3, in which a system-wide debug file that displays login passwords in plain text is created.

“Thus anyone who can read files accessible to group admin can discover the login passwords of any users of legacy (pre LION) Filevault home directories who have logged in since the upgrade to 10.7.3 in early February 2012,” Emery explained.

The login data can also be viewed by booting a Mac into FireWire disk mode and reading it by opening the drive as a disk. The information can also be accessed by booting the Lion recovery partition and using the available superuser shell to mount the main file system partition.

Users can protect themselves from these methods by using the whole disk encryption capabilities of FileVault 2. Emery explained that this requires that a user know at least one login password before they can access the main partition of the disk.

Further protection can be achieved by setting a firmware password that must be supplied before a user can boot the recover partition or external media, or enter firewire disk mode.

“Having the password logged in the clear in an admin readable file *COMPLETELY* breaks a security model — not uncommon in families — where different users of a particular machine are isolated from each other and cannot access each others’ files or login as each other with some degree of assurance of security,” Emery wrote.

The bug was introduced with Apple’s OS X 10.7.3 update, which was issued in early February. The latest version of Lion came with Wi-Fi connectivity fixes and Windows file sharing compatibility.

Stay tuned for additional details as they become available.

Delicious Library updated to 2.7.8

Posted by:
Date: Tuesday, May 8th, 2012, 06:24
Category: News, Software

deliciouslogo

On Wednesday, software company Delicious Monster released version 2.7.8 of the shareware favorite, Delicious Library. Delicious Monster allows Macs with webcams to scan the bar codes of any book, movie, music CD or video game, then creates an archive based on background information from the Internet. Additional features help keep the library organized and reseller’s tools allow for items to be quickly posted for sale online.

The new version, a 16.6 megabyte download, adds the following fixes and changes:

- Fixed memory use on iTunes shelves (which could occasionally exhaust memory, slow machine, and then crash).

- Fixed incorrect shortcut keys shown in item action menu.

- Added extra mappings between Delicious Library’s item types and Amazon’s product types. For example, manually adding “Tools” in Germany now works.

Delicious Library 2.7.8 retails for US$40 and requires Mac OS X 10.5 or later to install and run.

Apple extends MobileMe users’ complimentary 20GB of online storage space deadline to September 30th

Posted by:
Date: Monday, May 7th, 2012, 06:21
Category: iCloud, News, Software

You can’t knock both a deadline extension as well as additional storage space.

Per Mac Otakara, Apple has extended the additional 20 gigabytes of MobileMe storage from its original June 30 expiration to Sept. 30. A Frequently Asked Questions page on Apple’s website was recently updated to reflect the extension.

“MobileMe members with 20GB of purchased storage receive a complimentary iCloud storage upgrade of 20GB, and accounts with additional purchased storage (40GB to 60GB) receive a complimentary upgrade of 50GB after moving to iCloud. These free upgrades are good through September 30th, 2012,” the site read.

After September, former MobileMe customers can either pay to keep the storage or downgrade to the free 5GB iCloud plan. Though it’s not exactly clear when Apple revealed the extension, a cache of the FAQ page by Google from April 30 does not include the above paragraph.

Last month, it was discovered that Apple had begun offering free copies of OS X Snow Leopard to MobileMe users still on OS X Leopard. Subscribers could then pay for an upgrade to OS X Lion themselves in order to make the move to iCloud.

Late Apple co-founder Steve Jobs took the wraps off iCloud last June and promised that it would be a step up from MobileMe, which he said was not Apple’s “finest hour.” Since the company launched iCloud last fall, it has attracted more than 125 million users.

Chief Financial Officer Peter Oppenheimer revealed last month during a quarterly earnings call that the company considers revenue from iCloud storage plans to be incidental. “Our real desire here was not about selling more storage… We just really wanted to increase the customer delight,” he said.

Stay tuned for additional details as they become available.

Cocktail 5.2 (Lion Edition) released

Posted by:
Date: Thursday, May 3rd, 2012, 07:42
Category: News, Software

cocktaillogo.jpg

On Thursday, shareware developer Maintain released version 5.2 of CocktailCocktail (Lion Edition), the popular shareware utility program that allows for additional Mac OS X system tests. The new version, a 3 megabyte download, adds the following fixes and features:

- Major improvements to the scheduler.

- Added ability to automatically purge inactive memory.

- Fixed compatibility issues with Microsoft Office 2011 14.2.

- Fixed compatibility issues Firefox 12.

- Improvements on the clear potentially harmful files procedure.

- Updated Automator actions.

Cocktail 5.2 retails for a US$19.00 shareware registration fee and requires Mac OS X 10.7 or later to install and run.

AOC releases 22-inch, USB-powered LED monitor

Posted by:
Date: Wednesday, May 2nd, 2012, 09:59
Category: Hardware, News

This could prove both nifty and useful.

Per Electronista, display maker Display maker AOC has begun shipping its USB-powered e2251Fwu monitor that was introduced last June. The 21.5-inch, 1080p LED monitor gets both signal and power through a USB 2.0 connection, making it ideal for use as a secondary display. The monitor is just 10.6mm thick, sports a detachable stand, has a 5ms response time, a 250cd/m2 brightness, a 1,000:1 dynamic contrast ratio, and supports Windows and Max OS X operating systems.



The unit is priced at US$200 and is immediately available.

Dropbox updated to 1.4.2

Posted by:
Date: Wednesday, May 2nd, 2012, 09:26
Category: News

Updates: they’re a good thing.

Late Tuesday, Dropbox released version 1.4.2 of its cloud-based storage client for Mac OS X. The new version, a 20.8 megabyte download, adds the following fixes and changes:

- Fixed performance problem when syncing a lot of files.

Dropbox 1.4.2 requires Mac OS X 10.4 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple releases fourth Mac OS X 10.7.4 build to developer community

Posted by:
Date: Wednesday, May 2nd, 2012, 07:32
Category: News, Software

This might not be a bad sign.

Per AppleInsider, Apple seeded the latest 11E53 builds of OS X Lion and Lion Server with no known issues on Tuesday.

The update comes one week after Apple seeded build 11E52 which itself rolled out less than two weeks after build 11E46. Because of the shrinking time between dev updates, it is thought that a final version may be pushed out to the public in the near future.

Developers have been asked to concentrate on graphics, iCal, Mail, printing and Time Machine for OS X Lion, while Calendar & Contacts Server, Profile Manager, Server App, Web Server, WebDAV Sharing and ServerAdmin DNS are focuses of the Lion Server seed.

Registered Mac developers can access the update from Apple’s Developer Center website.

The 11E53 Delta updates for OS X Lion and Lion Server weigh in at 716.91MB and 202.59MB, respectively, while the Combo updates come in at 1.43GB and 1.51GB, respectively.

Stay tuned for additional details as they become available.

Google Chrome updated to 18.0.1025.168

Posted by:
Date: Tuesday, May 1st, 2012, 06:04
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 18.0.1025.168 for the Mac. The new version, a 35.4 megabyte download, offers the following changes:

- Security and bug fixes.

Google Chrome 18.0.1025.168 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.