Re: Gone in 2 minutes: Mac gets hacked first in contest

billy@xxxxxxx a écrit :
Paul Fuchs <paulfuchs@porkain'tkosher.oink> writes:

So bearing in mind that I fit Davoud's definition of a complete
imbecile, what else can I do to protect myself? If I happen to venture
on to one of these toxic sites, what can the perp do to me? Can he
access all the information which is stored on my hard drive, even
partitions different from my boot drive?

Yes.

Is this just a Safari security issue?

No.

As for how to protect yourself, especially when you're an average
computer without much awareness of security issues, this is a tough
question. I don't know of any software tools that can automatically
secure your computer on its own, without any interaction from you.
But there are some things that are probably within the realm of what
you can comfortably do.

Above all, you need to be aware of current events. The SANS Institute
(SysAdmin, Audit, Network, Security) publishes a newsletter named Ouch!
that is intended for non-technical readers. I highly recommend it -

http://www.sans.org/newsletters/ouch/

There are also other, more technical, newsletters available on this
page. SANS also offers in-home (via the web) training (for a fee,
the newsletters are free) which might be helpful for you.

Then, in no particular order -

Creating a separate non-privileged (non-admin) user account for web
browsing will help mitigate what an attacker can accomplish, by making
it harder for them to gain administrative privileges. Use this account
for general-purpose web browsing.

Err... You're kidding, I hope. You don't really mean that, by default, Mac OS X creates only one partition, do you? Shit, is that what Devout compares to FreeBSD? I was wondering if it created a separate /tmp partition!!!!

You should check frequently for updates to the browser you're using,
and the operating system as well. If they (Omni Group or whoever)
have a mailing list to notify users of updates, subscribe to it. If
the browser can be set to check for updates daily, do it.

Browser check for updates??? I use Mandriva and the system checks for *all* updates. As I write this, these new updates hav eto b emade:

- epiphany-2.20.0-1.4mdv2008.0.i586
- gnome-python-extras-2.19.1-4.4mdv2008.0.i586
- libmozilla-firefox2.0.0.13-2.0.0.13-1.1mdv2008.0.i586
- libtotem-plparser7-2.20.1-1.3mdv2008.0.i586
- mozilla-firefox-2.0.0.13-1.1mdv2008.0.i586
- mozilla-firefox-fr-2.0.0.13-1mdv2008.0.i586
- mozilla-firefox-gnome-support-2.0.0.13-1.1mdv2008.0.i586
- yelp-2.20.0-3.3mdv2008.0.i586

If I click on Epiphany, I see the rason for the update:

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13.

This update provides the latest Firefox to correct these issues.

Help browser for GNOME 2 which supports docbook documents, info and man.

Are you telling me that Apple doesn't advise you for updates?

Man, I'm learning things about the Mac, here. If I used a Mac, I believe I'd be screaming.

In your browser configuration, Java and javascript should be off, and
only enabled when needed. This can be a pain, because it often has to
be done manually, other than Firefox has a No-Script extension that is
pretty good for this.

It can be a pain indeed! Much less usability. Very few Mac users will accept that.

Went for a little Parisian bread and cheddar de l'Île-aux-Coudres, a few sun dried black olives and, when I come back, upgrades have been downloaded, signatures checked, everything installed. The icon with a ! now shows a checkmark. Linux ease and security.


.

Relevant Pages

  • My words
    ... There are some malwares that can destroy the internet connection ... download all the security updates - Critical updates with Express install. ... Get into Safe Mode and password protect it. ...
    (microsoft.public.windowsxp.newusers)
  • Re: best antivirus solution for a Mac.
    ... there isn't any complaints what so ever with any MAC OS ... > updates for Panther in the last year too. ... > packs and several security updates. ... Both of my computers, as well as the computers in ...
    (microsoft.public.macintosh.general)
  • Re: Question 2
    ... I am presently on dialup too, but I still get the updates, some of which are ... >>> doesn't it provide a good security system with its OS? ... >> It really depends on your Internet connection and your own abilities. ... >> not protect the system, only gives a false sense of security. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Why was 11.3.1 Pulled?
    ... posted for a while today for Office for Mac that they didn¹t see any security ... I wanted to let you know that these weren¹t security updates related to this ... The updates posted in error were pre-release binaries that had been ...
    (microsoft.public.mac.office.entourage)
  • Re: [O.T.] Computer problems
    ... It also reiterates the one basic fact of personal computing - The single weakest link in computing security is the user. ... But what I've been saying is that OS X is *more* secure than Windows. ... Mac users should be aware that if their machines have not yet been attacked, it's merely because the crackers haven't got around to them yet, it doesn't mean they won't or can't. ... "Microsoft wasn't alone in issuing security updates. ...
    (alt.smokers.pipes)