back to article Asian political activists whacked in Mac backdoor hack attack

A security hole in Microsoft Office for Mac OS X is being exploited to hack and spy on Asian activists at odds with the Chinese government. In the past few days, spear-phishing emails - highly targeted booby-trapped messages - were sent to Apple users in the Uyghur community, which is an ethnic group of people mostly (but not …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Another argument ..

.. to use OpenOffice/LibreOffice instead of Microsoft's idea of *cough* productivity *cough*..

1
10

Re: Another argument ..

Or another argument to patch software more frequently than once every 3 1/2 years.

9
1

Re: Another argument ..

LibreOffice isn't immune to security issues http://www.libreoffice.org/advisories/

1
1
WTF?

Re: Another argument ..

It's not about being immune, it's about being less vulnerable due to having diversity...

If there's a monoculture then you know exactly what software your targets will be running, and what vulnerabilities that software has.

Diversity is the main reason that drive by attacks against browsers have started targeting ubiquitous plugins (java, flash etc) rather than the browsers themselves.

0
0

This post has been deleted by a moderator

Anonymous Coward

Re: Another argument ..

I'm impressed with the downvotes. It suggests you're all OK with risking your platform through a Microsoft flaw that has been with us since, what, a decade or so?

I guess you deserve the risk then..

0
2
Anonymous Coward

Re: Another argument ..

Or another argument to patch software more frequently than once every 3 1/2 years.

There is a buoyant market in zero days - it makes patching important, but not the all out protection against malware. Avoiding Microsoft and Adobe products, however, appears to be a good step to take..

My apologies if that makes it appear I agree with Eadon :)

1
1
Anonymous Coward

Re: Another argument ..

@Eadon,

Joe Montana - that is incorrect because it implies that security by obscurity works. It does not.

On what planet does diversity equal security through obscurity? Joe is correct: a diverse systems base means you cannot create a domino effect, the primary reasons especially larger companies don't have them is because it requires diverse knowledge bases to maintain. So, good from a security and anti-vendor lock in point of view, complicated from an operational point of view.

The ONLY way to be safe from attacks is to have a secure system in the first place, and one that is accountable - i.e. you can check the source code - ie open source.

BS. There are plenty other ways to secure an environment, it depends on what you determine the risk to be. The problem with a complex, very secure system is that it takes a lot of work to manage. Be honest: how many people do you know yourself who adjust SE Linux as tight as it can go - actually, step back and ask first who CAN? How many people go for process precision in their firewall rules per box?

In addition, having the source cade makes it POSSIBLE to review security, it does not imply by default that a product is actually secure. "Many eyes" is a nice idea, but it's by no stretch a guarantee.

0
0

This post has been deleted by a moderator

Anonymous Coward

Inaccurate.

This article is clearly inaccurate. Mac's don't get malware.

6
5

Re: Inaccurate.

A Mac can become infected, if the user messes up and puts something from Microsoft on it. (The story proves that)

Getting close to buying my first Mac as Microsoft is rapidly becoming the McDonald's of the computer world. Trying to do so many things, they can't do a single thing right.

1
16
Silver badge
Trollface

@LoCatus. I think if you really strain your intellect old chap you may spy the.........

............possibility that the AC was being satirical - if you can manage that type of heavy lifting that is.

7
0
Anonymous Coward

Re: Inaccurate.

An OS vulnerability is different to an application vulnerability.

Most OSes tend to attempt to stop bad things being installed or executed. But if the hack is via some tool you already have installed then how on earth is the OS going to guard against it?

All software has bugs, lots of software does too.

0
0
Anonymous Coward

Re: Inaccurate.

"All software has bugs, lots of software does too."

And all bugs have software too.

2
0
Bronze badge
Coat

Re: Inaccurate.

"... how on earth is the OS going to guard against it?"

A tighter user space usually helps.

1
0

Re: Inaccurate.

"Most OSes tend to attempt to stop bad things being installed or executed. But if the hack is via some tool you already have installed then how on earth is the OS going to guard against it?"

Why would an OS allow an application like MS Office the privilege escalation necessary to install some remote control/spying software?

1
0
Windows

Re: Inaccurate.

The OP is right - Macs do not get malware, they become "indisposed".

1
0
Joke

Well after years of precedent formed by people bashing Windows due to holes & instability caused by 3rd party software I think it's only fair to bash Mac OS X for the same reason.

Quick, Robin, to the flame resistant* shelter!

*Yes, resistant, you don't get me that easily, trolls ;)

4
2
Anonymous Coward

Not really fair.

Much of the vulnerabilities in Windows were due to a culture of providing lots of features and power to software developers. But at the same time not thinking about how to restrict this power to those who would misuse it.

ActiveX in the browser, active desktops and so on.

OSX having been built on top of a Unix underpinning has had the security model escalation there from day one.

4
0

I'll give you that one. Though I have never used Mac OS X so can't speak for its security model I have spent quite a lot of time using BSD and can't argue that it was way ahead of Windows (and even Linux, at least up to a few years ago) when it came to security.

That said the Mac OS X and Unix (This was originally a Unix backdoor) security methods didn't seem to help in this instance, that may be more down to user error though.

0
0
Anonymous Coward

It may be worth pointing out that the OSX platform wasn't the issue - it was the mistake of installing Microsoft products on it. That proves conclusively that the virus problems on Windows are a Microsoft problem - the moment you port something from that environment on another platform you introduce the same risks there. I'm pretty sure that if there was an MS Office for Linux you'd have the problem there too.

In general, it's fairly easy to keep a Mac clean: no Microsoft, no Adobe and keep a lid on online Java use.

Now, try to keep a Windows box clean without taking it offline altogether..

0
1
Irk
Facepalm

"But the latest spear-phishing campaign attempts to exploit a Microsoft Office vulnerability that was fixed more than three years ago."

So no fearmongering necessary for those who've updated their systems since 2009 or so.

2
0

the community

"The community has long desired independence from Chinese rule."

Any kind of evidence to back that up?

1
2
Bronze badge
Childcatcher

Re: the community

"The community has long desired independence from Chinese rule."

Any kind of evidence to back that up?

Why yes: they are under Chinese rule. QED. (See also.)

0
0

This post has been deleted by a moderator

What are the odds that open source would make any difference to someone who isn't able enough to apply a years old patch anyway?

0
0
Bronze badge

Want to avoid the entire problem outlined in this story?

If you get an interesting sounding file unexpectedly, either from an unknown party or from someone that you know, don't open the bloody thing.

Though, a few high yield EMP devices over China would do the world a great good...

0
0
Anonymous Coward

Though, a few high yield EMP devices over China would do the world a great good...

If, of course, you can believe the predominantly US media that that is where the problem resides..

0
0
Bronze badge
Mushroom

Yeah, because Genocide fixes all the world's problems...

0
0
This topic is closed for new posts.

Forums