Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 19, 2013, 06:23 PM   #26
Fatalbert
Banned
 
Join Date: Feb 2013
Quote:
Originally Posted by macsrcool1234 View Post
Couldn't agree more. After banning all ips originating from that area, our hacking attempts were reduced by more than 50%.

As far as the internet is concerned, nothing good comes out of China.
China as well as other countries are blocked by the htaccess file for my web server, but I haven't bothered trying to figure out how to block the China IP range from all ports since it's a semi-personal computer.

----------

Quote:
Originally Posted by coolfactor View Post
This is an example of the prevalence of cheap hosting and open web frameworks. Overconfidence by do-it-yourself website creators that think that they've got it good, but fail to take all of the proper measures to secure their sites.
Hmm, I wonder how secure my site is. It's basically set up by the Mac OS X Server wizard.
Fatalbert is offline   0 Reply With Quote
Old Feb 19, 2013, 06:23 PM   #27
Peace
macrumors P6
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by coolfactor View Post
This is an example of the prevalence of cheap hosting and open web frameworks. Overconfidence by do-it-yourself website creators that think that they've got it good, but fail to take all of the proper measures to secure their sites.
It's also an example of Apple's need to reign in both employees and access to beta builds.
Peace is offline   0 Reply With Quote
Old Feb 19, 2013, 06:26 PM   #28
Fatalbert
Banned
 
Join Date: Feb 2013
Quote:
Originally Posted by Renzatic View Post
If that's true, how is this any worse than all the other millions of hacks, keyloggers, virii, and malware exploits we've been facing down for the past 20 odd years?
The plural form of "virus" when using Latin declension is "viri", but since you're comparing it to "this", it should be the ablative plural "viribus". Or just say viruses

On topic, you are totally right. In fact, the only connections I have ever gotten from China have been malicious. But I'm sure conspiracy theorists will jump on this now. It should be a feature in all American routers that you can enable: ban all of eastern Asia except Japan.
Fatalbert is offline   1 Reply With Quote
Old Feb 19, 2013, 06:28 PM   #29
Rudy69
macrumors 6502
 
Join Date: Mar 2009
Quote:
Originally Posted by Tankmaze View Post
Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.
I think what brings developers to the site is:
1. Community of mostly developers or people involved in selling apps
2. Away from the general public (mostly, the site is not private or anything but very few ventures there)
Rudy69 is offline   0 Reply With Quote
Old Feb 19, 2013, 06:41 PM   #30
Renzatic
In Time-Out
 
Join Date: Aug 2011
Location: Who puts the washers in the woods?
Quote:
Originally Posted by Fatalbert View Post
The plural form of "virus" when using Latin declension is "viri", but since you're comparing it to "this", it should be the ablative plural "viribus". Or just say viruses
...viriur..variiur...vuhrus...bugs.

Quote:
On topic, you are totally right. In fact, the only connections I have ever gotten from China have been malicious. But I'm sure conspiracy theorists will jump on this now. It should be a feature in all American routers that you can enable: ban all of eastern Asia except Japan.
The problem with that is it's only a temporary solution. If we all started blocking every unknown Chinese IP address, there'd be about a week or two respite before all the big hackers start using proxies to do the exact same thing.

Really, there's no way around it except constant vigilance. Sucks, but that's the only surefire method you've got.
Renzatic is offline   2 Reply With Quote
Old Feb 19, 2013, 06:47 PM   #31
Robert.Walter
macrumors regular
 
Join Date: Jul 2012
I removed java from my Macs some time ago.

I checked for updates via the Mac App Store button, and the system said that no updates were available.

Question: Does this latest update require Java to be installed to run the associated anti-malware patch? And if Java is not installed, will the update fail to be required such that the patch will also not be run?

Question 2: Is it possible that I have enabled some setting that allowed the anti-malware patch to be run but without notification?

Thanks to the community for any answers.
Robert.Walter is offline   0 Reply With Quote
Old Feb 19, 2013, 06:49 PM   #32
haruhiko
macrumors 68030
 
haruhiko's Avatar
 
Join Date: Sep 2009
Of course there have been a lot of hacking from Chinese IPs but I think the media exaggerated a bit. I don't think they have military origin. If it's military grade, first it may not have left a trace, and also they can route through infected computers in other countries to achieve the same effect. So banning Chinese IPs doesn't really help if you think your computer has sensitive data that's valuable to the Chinese military.

Anyway, the culprit here is Java. Disabling it (and Flash) from your browser helps reduce most potential malware problems.
__________________
Mac: rMBP'12, iMac'08/24", Mini'09, MBP'10/15", MBA'11/13". iPhone: 5s/64S 5/64B, 4S/64W, 4/32B, 3GS/16. iPT: 3G,1G. iPad: Air,Mini2,4,3/LTE/64 2/3G/32, 1/WiFi/16. ATV'12,'11, AEBS'09, TC'13/2TB

Last edited by haruhiko; Feb 19, 2013 at 06:55 PM.
haruhiko is online now   1 Reply With Quote
Old Feb 19, 2013, 06:52 PM   #33
GoldenJoe
macrumors regular
 
Join Date: Apr 2011
The malware warning has always kept me away from that site. Stackoverflow works just fine.
GoldenJoe is offline   3 Reply With Quote
Old Feb 19, 2013, 06:55 PM   #34
Renzatic
In Time-Out
 
Join Date: Aug 2011
Location: Who puts the washers in the woods?
Quote:
Originally Posted by haruhiko View Post
Of course there have been a lot of hacking from Chinese IPs but I think the media exaggerated a bit. I don't think they have military origin. If it's military grade, first it may not have left a trace, and also they can route through infected computers in other countries to achieve the same effect. So banning Chinese IPs doesn't really help if you think your computer has sensitive data that's valuable to the Chinese military.
In this situation, no. The People's Army probably has a decent enough porn...er poetry stash of their own, so I doubt they'll have any reason to go rooting through yours. It's likely a bunch of East Asian kids having fun at your expense.

But considering the story that broke earlier today, the Chinese military has been involved with some fairly heavy hacking and espionage recently. It's hardly overblown.
Renzatic is offline   0 Reply With Quote
Old Feb 19, 2013, 06:59 PM   #35
ilmman
macrumors member
 
Join Date: Sep 2012
Oh man I visit that site regularly, Don't know if I should be concerned at all, or whether I should be concerned about my developer accounts being at risk (as these accounts are responsible for making me never to work at a 9-5 job again).

So it seems apple employees visited that site as well..
ilmman is offline   0 Reply With Quote
Old Feb 19, 2013, 07:02 PM   #36
Four oF NINE
macrumors 65816
 
Four oF NINE's Avatar
 
Join Date: Sep 2011
Location: Soviet Union
And yet again, Java appears to be the weak point, security wise.

What is WRONG with these people? Does anyone there know how to play this game?
Four oF NINE is offline   3 Reply With Quote
Old Feb 19, 2013, 07:07 PM   #37
Fatalbert
Banned
 
Join Date: Feb 2013
Quote:
Originally Posted by Renzatic View Post
The problem with that is it's only a temporary solution. If we all started blocking every unknown Chinese IP address, there'd be about a week or two respite before all the big hackers start using proxies to do the exact same thing.

Really, there's no way around it except constant vigilance. Sucks, but that's the only surefire method you've got.
Sure they can use proxies, but at least it would be more difficult for them to get away with it. Of course, this would be much better if only a few of us had it.
Fatalbert is offline   0 Reply With Quote
Old Feb 19, 2013, 08:44 PM   #38
york2600
macrumors regular
 
Join Date: Jul 2002
Location: Portland, OR
The site runs on Vanilla Forums so it was probably this last vulnerability here unless they managed to get someones credentials by other means

http://www.cvedetails.com/vulnerabil...la-Forums.html
york2600 is offline   0 Reply With Quote
Old Feb 19, 2013, 09:37 PM   #39
Tech198
macrumors 68040
 
Join Date: Mar 2011
Location: Australia, Perth
i dare anyone on this forum to go there ,, and don't cheat with a Windows PC.

Quote:
Originally Posted by Four oF NINE View Post
And yet again, Java appears to be the weak point, security wise.

What is WRONG with these people? Does anyone there know how to play this game?
I guess not.. Maybe a new game should be in order.. One they CAN play
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."
Tech198 is offline   0 Reply With Quote
Old Feb 19, 2013, 09:48 PM   #40
nagromme
macrumors G4
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by fins831 View Post
Call me crazy, but this along with the chinese 'supposed' hackings, all while the government is getting ready to make another cyber legislation push....this is all TOO PERFECT.

the timing of everything is so suspect. Maybe I am trying to read between the lines but if they want to take away our rights on the internet, the first thing they have to do is scare us enough to allow us to waive them, raise the white flag.
If the Chinese hacks are "supposed" and not real, and the US government is behind a massive hoax, then they got Facebook, Apple, the New York Times and many others to cooperate in the hoax. All for an effect that has nothing to do with taking away privacy, and affects very few users. How would all those parties get together to create such AMAZING technical detail, and why would the bother and then have the threat be so trivial it goes right over most peoples' heads? How would this Chinese hack news derail all the opposition to bad Internet legislation? It wouldn't.

Rule of thumb for conspiracies: if it requires HUGE numbers of people to keep a secret, it's probably just your paranoia.
nagromme is offline   2 Reply With Quote
Old Feb 19, 2013, 09:51 PM   #41
Kashsystems
macrumors 6502
 
Join Date: Jul 2012
Quote:
Originally Posted by Peace View Post
Oh. I agree. I was commenting on the state of relationships between Apple and developers.

It's sad that developers have to go to a 3rd party website for collaboration instead of Apple's official Dev portal.

[edit]

I might add this is going to cause some bad blood between Apple and the devs that go to the other website. Perhaps it will shake things up a bit.

[/edit]
It is not even about that. I do not know about now, but starting out, iphonedev website was one of the biggest resources of learning iPhone programming. Especially before they even started calling it IOS.

There are a few forums including this one that has a developer discussion center. To tell you the truth I like the approach of this one better because a lot of developers push away from hand holding.

Also personally I think the Apple discussion board is just one hot sick mess of ugliness.
Kashsystems is offline   0 Reply With Quote
Old Feb 19, 2013, 10:05 PM   #42
WestonHarvey1
macrumors 68000
 
Join Date: Jan 2007
Something sinister is going on at iPhoneDevSDK. That or total incompetence. The last time they shut it down for malware and came back with the new system, the sysop claimed it was vBulletin's fault and that vBulletin is impossible to secure. Then why doesn't MacRumors have these problems? Well we know that's a load of BS now anyway.
WestonHarvey1 is offline   0 Reply With Quote
Old Feb 19, 2013, 10:14 PM   #43
Peace
macrumors P6
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by Kashsystems View Post
It is not even about that. I do not know about now, but starting out, iphonedev website was one of the biggest resources of learning iPhone programming. Especially before they even started calling it IOS.

There are a few forums including this one that has a developer discussion center. To tell you the truth I like the approach of this one better because a lot of developers push away from hand holding.

Also personally I think the Apple discussion board is just one hot sick mess of ugliness.
Your statement proves my point. Not that I disagree or anything.

Developers should be able to go to a discussion forum and interact with Apple engineers. Unfortunately it's obviously not any forum run by Apple.

This is Apples fault. Hopefully they will get a clue soon.
Peace is offline   0 Reply With Quote
Old Feb 19, 2013, 10:42 PM   #44
charlituna
macrumors 604
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by sparkso View Post
What were the impact of the hackings though? What did the hackers do to those employees computers?
Little to nothing it seems. According to Apple no sensitive info got out. The machines could have been personal machines that happens to be owned by employees. Who knows. Other than it requires Java so its not really all that of a Mac hack and its already been fixed
charlituna is offline   0 Reply With Quote
Old Feb 20, 2013, 12:33 AM   #45
Amazing Iceman
macrumors 68030
 
Amazing Iceman's Avatar
 
Join Date: Nov 2008
Location: Florida, U.S.A.
Quote:
Originally Posted by charlituna View Post
Little to nothing it seems. According to Apple no sensitive info got out. The machines could have been personal machines that happens to be owned by employees. Who knows. Other than it requires Java so its not really all that of a Mac hack and its already been fixed
Yeah, but lately, the weak point has been either Java or Flash, being the first one the most common nowadays. It may be time to ditch JAVA, and get over with this nonsense. It has had too many security flaws, and nothing can assure us there are no more to be discovered.
__________________
17" MacBook Pro (2007) iPad Air WiFi+Cell 128 GB iPhone 5s 64 GB T-Mobile AppleTV 2
Follow @AmazingIceman for useful tech info and more (mention MacRumors).
Amazing Iceman is offline   1 Reply With Quote
Old Feb 20, 2013, 02:16 AM   #46
TouchMint.com
macrumors 65816
 
TouchMint.com's Avatar
 
Join Date: May 2012
Location: Phoenix
Quote:
Originally Posted by Tech198 View Post
i dare anyone on this forum to go there ,, and don't cheat with a Windows PC.



I guess not.. Maybe a new game should be in order.. One they CAN play


I go to that site everyday im surprised one of my topics wasn't on the screenshots lol.

I take it this malware does not effect windows? a win for 7 and ie 9? lol
__________________
TouchMint.com iOS App Site
Adventure To Fate iOS RPG Game Site
Indie iOS Game: Adventure To Fate : A Quest To The Core JRPG

TouchMint.com is offline   0 Reply With Quote
Old Feb 20, 2013, 03:27 AM   #47
SockRolid
macrumors 65816
 
SockRolid's Avatar
 
Join Date: Jan 2010
Location: Almost Rock Solid
Quote:
Originally Posted by MacRumors View Post
The compromised site, iPhoneDevSDK, is an online forum designed for software developers. The site is still infected, and visiting it is not recommended.
Oops. I've visited that site more than once in the past year or so.
So I launched Utilities -> Java Preferences, and saw an alert saying "To open Java Preferences, you need a Java Runtime. Would you like to install one now?"

Um, no. Done. With. Java.
__________________
Sent from my iPad Simulator
SockRolid is offline   0 Reply With Quote
Old Feb 20, 2013, 04:43 AM   #48
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
Quote:
Originally Posted by maxosx View Post
The amount of breaches no matter the platform is truly getting out of control. It's time for increased focus by all in the tech sector to improve security.
The problem is complexity. As complexity grows, the difficulty in securing a system grows. Then you have to factor every app/plugin/extension you install could introduce a security flaw, or even an individual version of an app could introduce a flaw and you can't possibly test every single one.

Fixing security is a colossal task.

----------

Quote:
Originally Posted by SockRolid View Post
Oops. I've visited that site more than once in the past year or so.
So I launched Utilities -> Java Preferences, and saw an alert saying "To open Java Preferences, you need a Java Runtime. Would you like to install one now?"

Um, no. Done. With. Java.
Safari has had 'drive by' vulnerabilities too which have been fixed; do you still occasionally use Safari?

My point is - people are more willing to forgive security vulnerabilities in software they use/like than in software they don't. People who have forgotten about Safari's flaws will slam Java, not because it's insecure but because they didn't use/like it in the first place.
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0 Reply With Quote
Old Feb 20, 2013, 04:58 AM   #49
Reason077
macrumors 65816
 
Join Date: Aug 2007
Quote:
Originally Posted by coolfactor View Post
This is an example of the prevalence of cheap hosting and open web frameworks. Overconfidence by do-it-yourself website creators that think that they've got it good, but fail to take all of the proper measures to secure their sites.
Actually, iphonedevsdk.com is hosted by Vanilla forums, a "cloud" provider of community forums which ought to be pretty secure and well-maintained.

Apparantely the hackers somehow obtained an admin password to iphonedevsdk's account on Vanilla, and used that to add malicious code to the site.
Reason077 is offline   0 Reply With Quote
Old Feb 20, 2013, 05:38 AM   #50
Mr.damien
Guest
 
Java: Implement once, bug everywhere.

----------

Quote:
Originally Posted by whooleytoo View Post
My point is - people are more willing to forgive security vulnerabilities in software they use/like than in software they don't. People who have forgotten about Safari's flaws will slam Java, not because it's insecure but because they didn't use/like it in the first place.
And your point is wrong. Java is a world record security hole ****.

No one can beat them lately as it's so full of it. Even Oracle said it would took 2 years to secure it.

The only worst thing in computer history was Microsoft ActiveX. Flash, is just behind them.
  0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Tim Cook to Apple Employees in New Video: 'At Apple, We Do the Right Thing' MacRumors MacRumors.com News Discussion 173 Jul 14, 2014 02:56 PM
Commemorative Posters at Apple Campus List All Former and Current Apple Employees MacRumors MacRumors.com News Discussion 113 Feb 28, 2014 02:00 PM
Apple CEO Tim Cook Joins Twitter, First Tweet About Visiting Palo Alto Apple Retail Stores MacRumors MacRumors.com News Discussion 134 Sep 22, 2013 01:35 AM
iPhoneDevSDK Details What Led to Apple, Facebook Hacking MacRumors MacRumors.com News Discussion 37 Feb 21, 2013 11:57 PM
iPhoneDevSDK gone? KarlJay App Store Business, Legal and Marketıng 51 Jul 19, 2012 05:48 AM

Forum Jump

All times are GMT -5. The time now is 07:12 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC