More Mac scareware is continuing to pop up which seems almost daily, with the cybercrooks following the same sort of strategy which has worked so well on Windows: regularly change the look and feel of the fake anti-virus software; use legitimate-sounding brand names (or steal genuine product names); stick to a price-point between $50 and $100; keep the fear factor high; but keep the core programming very similar so development costs are negligible.

Scareware, or fake anti-virus, is fake security software which pretends to find dangerous security threats – such as viruses – on your computer. The initial scan is free, but if you want to clean up the fraudulently-reported “threats”, you need to pay.

Once you’ve paid, the scareware stops lying to you about the non-existent threats, as though it really did clean them up. This means that many victims of this sort of fraud don’t even realise they’ve been duped. Until next time.

These latest OS X scareware variants come from the MacDefender group, though they identify themselves during startup as Mac Shield:

Mac Shield loading screen.

Once activated, the software pretends to look through your files, pretends to find malware, and invites you to clean up:

Mac Shield Virus Scan

But the cleanup isn’t free – you’re required to register:

Mac Shield registration screen.

Registration means payment. The minimum you can get away with is $59.95. But for just $40 more, you can get a lifetime software licence and lifetime support – which would be a good deal, were it not for the fact that the software is completely fraudulent, that the “lifetime” of the software ends tomorrow when the crooks move on to the next bogus brand name, and that there’s nothing to support, since there was no malware in the first place.

You even get a 30-day money back guarantee. Good luck claiming it.

Here are some top anti-scareware tips for Apple users:

* If you use Safari, turn OFF the open “safe” files after downloadingoption. This stops files such as the ZIP-based installers favoured by scareware authors from running automatically if you accidentally click their links.

* Don’t rely on Apple’s built-in XProtect malware detector. It’s better than nothing, but it only detects viruses using basic techniques, and under a limited set of conditions. For example, malware on a USB key would go unnoticed, as would malware already on your Mac. And it only updates once in 24 hours, which probably isn’t enough any more.

* Install genuine anti-virus software. Ironically, the Apple App Store is a bad place to look – any anti-virus sold via the App Store is required by Apple’s rules to exclude the kernel-based filtering component (known as a real-time or on-access scanner) needed for reliable virus prevention.

* Religiously refuse any anti-malware software which offers a free scan but forces you to pay for cleanup. Reputable brands don’t do this – an anti-virus evaluation should let you try out detection and disinfection before you buy.

If you would like to try a great free version of a REAL anti-virus software package for free, Sophos has a great free product you can try out here.

Gmail on the iPhone.

I’d wager that you’d be hard-pressed to find an iPhone user that doesn’t use Gmail on the device. And yet, it’s an awkward relationship. Why? Because Gmail run through the iPhone’s native mail client is a crippled experience. Set aside for a second that you cannot star anything (well, aside from moving an email to the “Starred” folder, which is ridiculous), more importantly, there is no push support. This means you cannot get your email in realtime. Instead, you have to ping Gmail’s servers (either in set intervals or manually). Both Yahoo Mail and MobileMe mail have full push support. It’s ridiculous. Google finally made a move to fix that today. Well, sort of.

With the latest version of their Google Mobile App, you can set up your iPhone to receive Push Notifications each time you get a new Gmail message or when you have a Google Calendar alert. No, Push Notifications on the iPhone aren’t technically the same as full push support for mail, but it will do. Essentially, you’ll now but getting a notification when a new message comes in and this will alert you to open your Mail app and retrieve it. It’s two more steps than regular push would require, but whatever.

What’s interesting is that Google is using Apple’s Push Notifications servers to enable this service. All of these Push Notifications are served up by Apple Push Notification Service (APNS). So yes, Google is using Apple to overcome their own shortcoming (which may or may not be Apple’s fault, who knows what is going on between the two at this point).

Perhaps even stranger is that you can actually set up Gmail to do proper push — but you have to use Microsoft Exchange to make that happen. Or you’ve been able to use a number of third-party apps like Boxcar for some time now that allow you to get Gmail push notifications — this new Google app simply cuts out this middle man, but works the same way.

There’s something else interesting about this Google Push Notification support as well. When it pops up the notification letting you know that there’s a new message, there’s a “View” button which will open Gmail in the iPhone’s web browser. So not only is Google bypassing Mail’s lack of Gmail push support, they’re feeding you back to their site. While they don’t do it yet on the iPhone experience, they could presumably show you ads here — something they can’t do on the Mail app on the iPhone. I’m fine with that as the iPhone-tailored version of Gmail in Safari is great.

Something else interesting in all of this is that Apple and Google have still presumably been working together to improve the Gmail/iPhone experience. With iOS 4, we finally got the ability to archive (instead of delete) in the Mail app. And you can now sync notes with your Gmail account. Why there still is no real push support is anyone’s guess. I’m sure each side will blame the other one.

Also interesting to think about: will Google start using this same Push Notification feature to make Google Voice easier to use on the iPhone? Everyone is still waiting for the App Store approval of that app.

Example of private browsing in Firefox.

Features in the four major browsers designed to cloak users’ browser history often don’t work as billed, according to a research paper that warns that users may get a false sense of security when using the built-in privacy settings.

The private-browsing modes are supposed to allow users to visit a website without leaving any trace on their computers, and yet Internet Explorer, Firefox, Chrome, and Safari frequently leave tracks, according to the research, which is scheduled to be presented at next week’s Usenix Security Symposium in Washington DC. The makers of those browsers — Microsoft, Mozilla, Google, and Apple respectively — often hail the offerings as a way to enhance privacy when using shared computers.

One failure that affects IE, Firefox, and Safari happens when users save SSL, or secure sockets layer, client certificates while browsing in private mode. The browsers store a record of those actions in a file that allows anyone who has physical access to know exactly what site the user was visiting at the time. Similarly, when IE and Safari encounter a self-signed certificate, it is stored in a certificate vault that is preserved even after the private session ends.

Similarly, Firefox users who make security certificate settings while in private mode will have a partial copy of their browsing history stored in a file called cert8.db, the researchers said.

“We discovered that all these browsers retain the generated key pair even after private browsing ends,” the researchers wrote. “Again, if the user visits a site that generates an SSL client key pair, the resulting keys will leak the site’s identity to the local attacker.”

The study (PDF here) showed each browser failing in specific settings.

The privacy mode in Firefox, for instance, is undermined when a user sets site-specific preferences or uses a variety of Mozilla-sanctioned plug-ins. The open-source browser also stores websites visited that dole out custom protocol handlers based on the HTML5 standard.

For its part, IE’s InPrivate mode can be undermined when websites make SMB queries, since the Microsoft browser shares large chunks of code with Windows Explorer.

The researchers also devised a way for webmasters to detect when someone visiting their sites is using the privacy mode. It involves placing an iframe with a unique web address and then “using JavaScript to check whether a link to that URL was displayed as purple (visited) or blue (unvisited).”

The researchers said that to the best of their knowledge they are the first to demonstrate a way to detect private browsing mode — but that may not really matter for much longer. The technique appears to use the decade-old browser history attack, which was recently fixed in Safari and will soon be fixed in Firefox. It’s only a matter of time before Microsoft and Google follow suit.

Using the technique, they confirmed what we all suspected: the feature is mainly used when surfing to porn sites. Gift and news sites, not so much.

Well this is interesting. One of the key points at Apple’s recent press conference to discuss the iPhone 4′s antenna, was that the problem (called “attenuation”) is not unique to the iPhone 4. To highlight this, Apple showed videos of the problem on smartphones by rival companies. Those videos were then posted to a special antenna page on Apple’s website. Those videos are now gone.

As you can see on this page, the videos are nowhere to be found. Instead, the page now only shows the overview of the antenna design and test labs. A search of Apple’s website brings up a few of the landing pages where the videos used to be — here’s the Droid X one, for example — but now those just redirect to the antenna design page as well. Odd.

Here’s what else is interesting: the original page with these videos still does reside on the Canadian version of Apple’s website. Here’s you’ll find the videos for the BlackBerry Bold 9700, the HTC Droid Eris, the Motorola Droid X, the Nokia N97 Mini, the Samsung Omnia II, the iPhone 3GS, and the iPhone 4. However, the Asian version of Apple’s site has the videos removed as well.

The videos are still up on Apple’s official YouTube channel, but they are no longer featured, and are a little bit trickier to find.

Several websites have reached out to Apple for an official response as to why they removed them from the website. Obviously, they caused quite a bit of controversy – with some rivals, like RIM (makers of the BlackBerry), even responding. Has the threat of lawsuits from rivals forced Apple to take them down? Or did they take them down due to some of the negative backlash they were receiving? Or perhaps Apple is simply trying to move on from the situation — but again, the antenna design and test lab page is still there (though it doesn’t call out rivals specifically).

At the bottom of this post, find what the /antenna site currently looks like in the U.S. Below, find what it used to look like — and still does for the Canadian version of the site.

Apple's Antenna Main Page.

The Canadian Version of Apple's Antenna Webpage.

Apple's Antenna Page Showing Rival Smartphones.

International management, I.T. consulting and technology firm PA Consulting Group claims that the so-called “iPhone death grip” (the method of holding the iPhone 4 to degrade antenna performance) is a problem unique to the new iPhone. After performing tests, the firm confirms that the phone’s wireless performance was generally in the same range as other smartphones except when held in the “death grip” – then, it performed significantly worse than its competitors.

According to Simon Tonks, the consultant who led the testing, “Our tests indicate that the ‘death grip’ issue is real, and is worse for the Apple iPhone 4 than for other smartphones.”

The death grip issue is aggravated by the fact that the radio performance on the iPhone 4 was already fairly poor, the firm reports. “The iPhone 4′s radio performance was also found to be generally at the lower end [of the range],” said Tonks. “This means it will tend to drop calls earlier than other phones and may suffer more in areas of weak signal. Though, overall it’s still within the normal performance range for similar products.”

In addition to testing iPhone 4 signal strength itself, the firm also compared the iPhone 4 to other leading devices, including the Blackberry 9700 and the HTC HD2. The results of the tests were recorded in a snazzy YouTube video which features an upbeat rock n’ roll track, padded test rooms and humorous clips of people attempting to use the iPhone 4 by taping it to their head or augmenting the signal strength with a wire coat hanger.

The silliness of the video (at least until the halfway point) may detract from what are actually legitimate tests from the firm, an award-winning group known recently for its work with the U.S. Environmental Protection Agency to reduce methane emissions, work with the Butan government in using biometrics in border control, its design and development of the first disposable medical injectors for automated injections and its work in saving companies millions through supply chain optimization, among other things.

The group’s experts confirm that ultimately, the iPhone 4 represents a trade-off between product design and innovative features versus ensuring a product works effectively. They also noted that a rubber band placed around the antenna provides a significant performance improvement.

While reporting on the iPhone 4 “death grip” seems a bit like beating a dead horse at this point, considering that Apple has already acknowledged the issue and announced it would offer free bumpers to iPhone 4 owners, it’s notable at least for the fact that these iPhone complaints have now gone worldwide (PA Consulting Group is UK-based). This news confirms that the issues with the antenna aren’t just a problem primarily affecting U.S. users dealing with AT&T’s poor network performance, but also affect iPhone 4 owners in other countries as well.

Steve Jobs talking at the Apple Press Conference dealing with the antenna problems.

Are antenna grip problems universal among smartphones? Even if they are, handset makers RIM, Nokia, and HTC are not happy with Apple for insinuating that the iPhone 4 isn’t alone in suffering from signal loss when gripped in a certain way.

During a press conference on Friday, Apple CEO Steve Jobs called media coverage of the iPhone 4′s antenna problems overblown. Jobs said that reception issues were something common to all smartphones, playing a video that showed smartphones from HTC, Samsung, and other manufacturers dropping signal when held in various ways.

Apple’s attempt to paint other smartphones with the same wide brush didn’t sit well with RIM, makers of the BlackBerry. Calling the whole saga “Apple’s self-made debacle,” RIM co-CEOs Mike Lazaridis and Jim Balsillie didn’t mince words. “Apple’s claims about RIM products appear to be deliberate attempts to distort the public’s understanding of an antenna design issue and to deflect attention from Apple’s difficult situation,” they said in a statement obtained by CrackBerry. “RIM has avoided designs like the one Apple used in the iPhone 4 and instead has used innovative designs which reduce the risk for dropped calls, especially in areas of lower coverage.”

The co-CEOs also slammed Apple for its free case program, pointing out that all BlackBerrys can maintain “proper connectivity” without having to resort to cases and bumpers. They concluded by criticized Apple for shirking responsibility for its design choices by accusing other hardware makers of making similar antenna tradeoffs.

HTC was more restrained, even though a Droid Eris was shown dropping from four bars to zero during Apple’s video. Instead, HTC highlighted user satisfaction and a corresponding lack of complaints about the Eris’ design. “We have had very few complaints about signal or antenna problems on the Eris,” a company spokesperson told Pocket-lint. He said that only about 0.016 percent of Eris owners have complained to the manufacturer about dropped calls and signal weakness, compared to 0.55 percent of iPhone 4 owners.

Jobs also singled out Nokia, highlighting models from the Finnish company that ship with stickers on the reverse saying “don’t touch here.” Nokia defended itself, saying on its corporate blog that it considers antenna design a “core competence… for decades.”

Nokia says it designs its phones to account for real-world usage, including a variety of grips. “In general, antenna performance of a mobile device/phone may be affected with a tight grip, depending on how the device is held,” the company said. “That’s why Nokia designs our phones to ensure acceptable performance in all real life cases, for example when the phone is held in either hand. Nokia has invested thousands of man hours in studying how people hold their phones and allows for this in designs, for example by having antennas both at the top and bottom of the phone and by careful selection of materials and their use in the mechanical design.”

In the same way that widespread user and media criticism of the iPhone 4 antenna problem touched a nerve within Apple, the iPhone maker’s saying that its latest gadget is just one of many smartphones with signal loss problems has aroused the ire of its competitors. All handset makers are faced with antenna design challenges, but only Apple has managed to bring its antenna design decisions so spectacularly into the public consciousness. That’s not something Cupertino should feel good about.

Consumer Reports confirmed yesterday what many new iPhone 4 owners already new – that the phone indeed has a reception issue when held in the now famous “iPhone 4 Death Grip” – and made news by recommending against purchasing what it says is otherwise the best smartphone on the market. Today, Mac-centric tech blog Cult of Mac is reporting that a hardware recall is inevitable and looks to be on the horizon.

With word of the iPhone’s reception woes travelling well beyond the blogosphere, it surely looks like a software fix will do little to stop the bleeding.

When Apple released its iPhone 4 late last month, users quickly began reporting reception issues when the phone was held a certain way. At first, the company played off the glitch as user error, telling owners not to hold it that way. When it realized the issue wasn’t going away, Apple admitted there was a problem, but pointed at a software rather than hardware issue. The company said that its software had been mis-reporting signal reception all along and that a retroactive patch to all iPhones would correct the issue. As we reported then, however, an independent analysis by the popular hardware news site Anandtech.com seemed to directly contradict this explanation.

Now, Consumer Reports agrees, stating that “It’s official. Consumer Reports’ engineers have just completed testing the iPhone 4, and have confirmed that there is a problem with its reception.” According to the review, testers tried several phones, bought at different locations, and compared results with other phone models. The results contradicted Apple’s claims that the reception issue was one that was “true of iPhone 4, iPhone 3GS, as well as many Droid, Nokia and RIM phones.”

While many early adopters and tech watchers were well aware of the issue, Consumer Reports’ non-recommendation brings the problem to the mainstream. It’s no longer just a topic for the tech blogs and the back pages of newspapers, but rather an oft-repeated mantra of the five o’ clock news, mainstream media and talk radio. Cult of Mac’s Leander Kahney spoke with several public relations experts who agreed that an iPhone recall was “inevitable” in order to preserve “its brand image, its crown jewels, at all cost.”

Aside from the reception issue, however, Consumer Reports says that the iPhone 4 “sports the sharpest display and best video camera we’ve seen on any phone, and even outshines its high-scoring predecessors with improved battery life and such new features as a front-facing camera for video chats and a built-in gyroscope that turns the phone into a super-responsive game controller.” But before the magazine will issue a recommendation, it says, “Apple needs to come up with a permanent–and free–fix for the antenna problem”.

When Google launches new services, they often gets a lot of hype (see: Wave, Buzz). Unfortunately, they don’t always live up to that hype (see: Wave, Buzz). But one service that Google launched last year definitely has: Google Voice. Sadly, it has only been open to those with invites. But starting today, it is open to all.

Google Voice started as GrandCentral, a startup launched in 2006 to revolutionize phone management on the web. Google quickly snapped it up in 2007 for over $50 million. For the next two years, it went through a metamorphosis. During that time, some wondered if it was yet another service that Google bought and let die. But in 2009, it emerged as the Google Voice butterfly.

The “early preview” of Google Voice that Google unveiled last year has since undergone a number of changes. Notably, SMS now works better, a Chrome extension makes it simple to keep on top of everything, and there’s a great mobile web app. Most importantly though, Google Voice now works seamlessly with all Android-based mobile phones. The solution is brilliant — and was the central figure in Google’s falling out with Apple (after they rejected the native Google Voice app).

There are also some features we’re still waiting for — such as full number portability and a desktop app (which may be scrapped now).

Google says that there are now over one million people actively using the service. You can expect that number to balloon now that anyone can go to the site and sign up.

In fact, why are you still reading this? Go sign up (well, if you’re in the U.S. –  yes, it’s still U.S.-only). After all, according to this chart, Google Voice is the pinnacle of human communication.

If you are not familiar with Google Voice, here are some of my favorite features:

• transcribed voicemails: whenever somebody leaves a voicemail, Google Voice will transcribe the message as best it can (this only works for English right now). These transcripts are then forwarded to your email account and you can also opt to receive an SMS notification.
• listening in to voicemails: whenever you receive a call and decide to let it go to voicemail, you can also choose to listen in and even pick up the call if it turns out to be an important message. This feels just like the old days when answering machines with tapes were still a novelty.
• call screening: one neat option in Google Voice is the ability to screen calls. If you activate this feature, callers will be prompted to leave their name once they call, and once you pick up the phone, Google Voice will play the name back and you can choose whether you want the call to go to voicemail or actually speak to this person. You can opt to let all unknown callers who are not in your Google address book go through this procedure or just those calls from callers who have blocked their caller ID.
• recording calls: at any time during a call, you can press 4 and the call will be recorded. This only works for calls you receive on your phone for now, and doesn’t work for outgoing calls.
• conference calls: just ask participants to call your Google Voice number and as more callers arrive, you can just conference them in – this works for up to 4 callers.
• switching phones: if you want to switch phones during a call (say you took a call on your landline and decide you want to take a walk and continue the call on your cell), just press * and all your other phones will ring again and you can continue the conversation on any othe rphone.
• SMS: you can send and receive text messages from your Google Voice account and web interface
• integration with Google Contacts
• it just works: the call quality is good, we didn’t experience any outages during the last few months, and calls aren’t dropped. Google Voice does what it says it does, and it does it well.

When Apple was just a niche maker of Mac computers and only truly popular among college students and graphic designers, hackers paid little attention to the company. Instead, they focused on Microsoft, which had more than a 90% share of the PC operating system market.

Those days are over. Recent iPad security scares are a sign that Apple’s devices are a growing target for hackers, spammers and malicious coders.

“Market share is a pretty good indicator of who hackers are going after,” said Kevin Haley, director at Symantec Security Response. “Hackers are motivated by money, so they want to get access to the most amount of people.”

Hacker group Goatse Security was able to obtain 114,000 iPad 3G users’ e-mail addresses and iPad SIM card ID numbers from AT&T’s website last week. The vulnerability was on AT&T’s site, but any hit against the iPad dings Apple as well. And in a blog post, Goatse Security said Monday that a “skilled attacker” could take advantage of a weakness in the iPad’s Safari Internet browser to launch a spam attack from a compromised iPad.

“This is a wake-up call for Apple, and it cannot afford to hit the snooze button,” said Hemanshu Nigam, founder of SSP Blue, a cybersecurity consulting firm. “The hacker community focuses on companies that are on the top of their games. Apple has gained enough market share that it has caught hackers’ attention.”

It’s not surprising that Apple is becoming a growing target — it’s simply a matter of scale. Cybercriminals try to hack the software that most people use to access the Internet, and increasingly, that software is made by Apple. While Apple’s PC market share is still in the single digits, Apple is now the second largest smart phone maker in the United States, behind only BlackBerry maker Research in Motion. It has also sold more than 2 million iPads in just two months.

“Any company’s device or platform on which lots and lots of people are exchanging or storing data is going to be susceptible to an attack,” said Fred Rica, principal security analyst at PricewaterhouseCoopers. “Hackers are beginning to change over to other platforms that hadn’t been traditional targets, particularly to mobile.”

As Apple products become higher-profile targets, its response is going to be tested. The company’s stance on security has long been “don’t worry about it.” For instance, on its website Apple says simply, “Mac OS X doesn’t get PC viruses.” The iPhone and iPad websites don’t even mention security.

Apple claims that the Unix framework that its Mac operating system is built on is inherently safer than Windows. The truth is that Mac OS has as many vulnerabilities as Windows, according to Nigam — Apple patches its products just often as Microsoft does.

In the past, Apple has responded quietly when vulnerabilities are exposed, patching products through automatic updates with no announcement. The company’s famous “Get a Mac” ads say Microsoft’s constant security updates and alerts interfere with users’ ability to do work on their computers. Ironically, Apple’s Safari browser’s lack of security alerts is one of the factors contributing to the security hole in the iPad, according to Goatse Security.

“Suggesting Apple doesn’t get viruses gives its users a completely false sense of security,” Nigam said. “It’s essentially taunting hackers. They’ll take it as a challenge, and just start exploiting Apple’s user base.” As a result, Nigam suggested it’s time for Apple to change it’s attitude. Right now, Apple prioritizes the user experience ahead of security. That can backfire. ”Apple has the capability to take charge of this situation now,” he said. “If it doesn’t, it’s risking damage to its reputation for the long haul, a la Microsoft.”

It’s been just over a week now since Apple failed to announce the cloud-based music service many hoped would replace Lala. While all remains quiet on this front, CNET’s Greg Sandoval is reporting this morning that Google, after years of rumors, is finally getting into the music business this fall.

CNET cites “multiple music industry sources” in its story, saying that Google “first stoked excitement among executives at some of the top four major labels during the Consumer Electronics Show in January”.

TechCrunch’s recent discovery of a “Google Music” logo is also offered up as solid evidence that the search engine giant is looking to soon pair its search and customization capabilities with a web-based a-la carte music service.

Google recently moved further in the direction of competing with the dominant duo in the music world, Apple’s iTunes and iPhone (or iPod), with its acquisition of Simplify Media. As the company demonstrated at its Google I/O conference, Google will use Simplify Media’s technology to allow Android users to stream music directly from their desktops to their phones. Already, some are questioning whether or not this, in addition to a Google music service, could overthrow Apple’s complete dominance in this sphere.

The one real question we have for both Google and Apple is “what’s taking you so long?” While both companies lumber along and talk about cloud-based music, companies like MOG and a slew of others already offer a plethora of online music for pennies on the dollar. MOG, for example, offers more than seven million songs on demand for $10 a month.

Of course, none of these services have the immediate market reach and influence that a service by either Google or Apple would have, so we’ll just have to wait and see which one gets there first. A first-place finish by Google could, however, lure some leery iPhone users in the direction of Android.

The FBI has launched an investigation into the exposure of email addresses of thousands of iPad customers on an AT&T website this week. Researchers with Goatse Security who this week revealed the weakness in the AT&T site — basically a business-logic flaw in AT&T’s app that was left available and accessible to the public — were able to get the email addresses of more than 100,000 iPad customers, including some high-profile people.

Escher Auernheimer, a security analyst with Goatse Security, said in an interview today that his firm “did the right thing” by going public about the hole in AT&T’s website.

UPDATE: AT&T sent a letter to Apple 3G iPad owners over the weekend that shed some light on AT&T’s position on the hack, according to a report in the New York Times. “On June 7 we learned that unauthorized computer ‘hackers’ maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service,” wrote Dorothy Attwood, a senior vice president and chief privacy officer at AT&T.

“The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity,” Atwood said.

Meanwhile, Goatse’s Auernheimer says the researchers went public with their findings via the Gawker website after AT&T fixed the flaw. They handed over the email address finds to Gawker, but stipulated that the site not publish the actual email addresses. “Our disclosure process was extremely proper and above and beyond,” Auernheimer says. “Many researchers do not wait for patches” before they disclose, he says.

“What influenced our decision was that there were so many people who were stewards of important infrastructure on the public and private list [exposed],” he says. “Someone else could have scraped this data.”

According to Auernheimer, his team got the data without a password or actual breach/intrusion. The researchers wrote a PHP script that grabbed the email addresses from the errant AT&T script. “It’s not uncommon to see this type of vulnerability,” he says.

The FBI’s involvement could be due to the high-profile iPad customers whose email addresses Goatse discovered, Auernheimer says. “We haven’t had any contact” with the FBI, however, he says. Meanwhile, the FBI issued this statement: “The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat.”

Among the email addresses Goatse was able to access were that of White House Chief of Staff Rahm Emanuel, New York City Mayor Michael Bloomberg, U.S. Air Force Col. William Eldridge, and New York Times Co. chief executive Janet Robinson, according to Gawker.

Security experts at Praetorian published the script written by Goatse. It basically grabs email addresses via the integrated circuit card identifiers that associate the iPad SIM card to a subscriber: “An e-mail address gets returned in the successful iterations (active ICCID) and parsed. There’s no hack, no infiltration, and no breach, just a really poorly designed web application that returns e-mail address when ICCID is passed to it,” Praetorian’s Daniel Kennedy blogged on Wednesday.

Meanwhile, Auernheimer has taken issue with AT&T’s claims that his firm acted maliciously. He says he released a semantic integer overflow exploit for Apple Safari in March, which was later patched on Apple’s desktop Safari but has not yet been fixed for the iPad.

“This bug we crafted allows the viewer of a webpage to become a proxy (behind corporate and government firewalls!) for spamming, exploit payloads, password bruteforce attacks and other undesirables. The kicker is that this attack cannot be detected by any current IDS/IPS system,” he blogged yesterday. “We released this in March, mind you, and Apple still hasn’t got around to patching this on the iPad! I know through personal experience that the patch time for an iPad vulnerability is over two months and counting. Given that, the number of parties which probably have active iPad exploits likely numbers in the hundreds, if not the thousands. The iPad simply is not a safe platform for those that require a secure environment.”

The number of malware and spyware programs found on smartphones has more than doubled in the past six months — and some types of malware are more prevalent on certain smartphone platforms than others.

New data gathered from users of a free smartphone security tool shows the bad guys are increasingly going after smartphone users. According to Lookout, which offers a free lightweight mobile client with cloud-based security, backup, and anti-theft features, there were about nine pieces of malware and spyware per 100 smartphones as of last month — more than twice as many as in November 2009.

Even more worrisome is how rapidly these threats are hitting smartphones in comparison to the desktop: What took 15 years to evolve with the desktop machine is happening practically overnight in mobile handsets, security experts say. “We call this the 1999 factor: It feels like about 10 years ago in terms of prevalence of threats. There was a tipping point between 2000 and 2002 [for PC threats] that was driven by broadband” and more consumers going online, according to John Hering, CEO and founder of Lookout, formerly Flexilis. “The same trends are going to hold true here [with smartphones].”

Tyler Shields, senior security researcher with Veracode, says he has seen a definite uptick in malware arriving for smartphones during the past few months. “It’s coming at a much faster rate now. It’s difficult to quantify the amount of growth,” however, he says. Shields earlier this year developed and released proof-of-concept source code for a spyware app he created that forces a BlackBerry to hand over its contacts and messages. The spyware can also can grab text messages, listen in on the victim, as well as track his physical location via the phone’s GPS.

Spyware is the main type of malware Lookout sees being created for BlackBerrys, while Windows Mobile phones suffer more from traditional malware, and Androids from a little of both, according to Lookout’s data. “We’re seeing a pretty equal spread [of the threats] across these platforms,” Lookout’s Hering says. The firm doesn’t yet support the Apple iPhone in its app, so data on the iPhone isn’t included.

Why mostly spyware on the BlackBerry? Veracode’s Shields says it might be due to the heavy corporate use of BlackBerrys, which would make any data lifted from them more easily monetized. “The type of data on a BlackBerry generally is going to be corporate-centric and could be of interest to attackers,” he says.

A recent malware attack against Windows Mobile phones basically took an existing, legitimate smartphone app and booby-trapped it with malware: The 3D Anti-Terrorist app game for Windows Mobile was rewritten with auto-dialer malware, according to Lookout’s Hering. The app basically fires up the auto-dialer malware when the user runs the game. “It sits dormant for hours or days, and then wakes up and calls numbers at a premium rate — from Somalia to the South Pole,” for instance, he says. “The victim is then incurring charges but doesn’t notice until [he] receives the phone bill.”

A Windows codec and poker app also were hijacked, copied, and repackaged with malware. The apps are being distributed via typical mobile download and app store sites, such as sharewareplaza.com, geardownload.com, myzips.com, and top4download.com. “We’re seeing the same evolution on mobile as on the desktop: It’s going from notoriety [purposes] to trying to profit,” Hering says.

The malware attack vector being used against smartphones isn’t the SMS or email spam that was all the rage in the early days of mobile attacks. Instead, it’s following smartphone user behavior trends and exploiting downloadable applications, experts say. “Users are downloading apps at a huge pace,” Hering says.

And smartphones are actually more “personal” than PCs. They include GPS location, payment information, email, text messages, and records of who a user communicates with. Hering says today’s smartphone malware is all about grabbing personal information and, now, attempting to monetize it. “On the spyware side, you can imagine an app grabbing personal data that you’re unaware of [occurring] and transmitting that to a third-party location” where it can be resold, for example, he says.

Meanwhile, enterprises should be aware of the risks of breaches via their smartphone users. “They should be worried about this,” Hering says.

But the likelihood of another Operation Aurora-scale targeted attack isn’t as likely to hit via the smartphone just yet: “At this point in time, the PC [attack] model is so much easier and faster. I don’t foresee that level of coordination to target mobile devices at this point,” Veracode’s Shields says.

Android Music Store coming soon!

All gloves are off between Google and Apple, after the search giant unveiled a host of products to compete with the Cupertino company. Following Google TV and Flash on Android, Google will also take on Apple’s iTunes through the acquisition of music streaming service Simplify Media, and a music store in the Android Market.

Google’s engineering Vice President Vic Gundotra announced at the Google I/O conference on Thursday that it will begin offering a desktop app based on technology acquired from Simplify Media about two months ago. Simplify’s software lets users stream music from their iTunes libraries from their home computers to other mobile devices, through the Internet.

Google said it will use this software to allow Android users to stream their desktops at home to their phones, via a dedicated service. Simplify Media’s software runs on Windows and Mac computers, and works not only with iTunes (non-DRM songs), but also with WinAmp and Windows Media Player.

Despite multiple operating systems supported for desktops, it seems Simplify’s mobile software will be exclusive to Android, as the company retracted its iPhone and iPod touch apps from the Apple App Store when Google acquired it.

Gundotra also briefly showed off what it would become the Android Market music store, as TechChrunch’s MG Siegler points out. Basically, Google would let users search for songs in the Android Market Music section, and download them on to their phones.

This so-called Music section in the Android Market is practically like the iTunes Store on the iPhone, but built into the App Store app. Of course, due to different naming conventions between Apple and Google’s mobile OSs, Google is able to integrate music straight into its app store, without having to promote a different app to users. However, there are no other details on partners or prices for songs sold through the Android Market so far.

Today Google announced via a blog post that it has enabled extensions support in the latest beta of its Chrome browser for Apple’s OS X. Users can expect their browsers to update in the next day or so.

Good news for users of Google’s Chrome browser on the Apple platform. Extensions and bookmarking are now fully supported (thank goodness!).

The new version means users can take advantage of more than 2,200 extensions that add features and bolster the usability of Chrome within Mac OS. Extensions can be selected and managed through the options menu.

As for bookmarks, Google explains that bookmarks can be synced between multiple computers, even between Macs, Windows and Linux machines. It also adds bookmark and cookie managers “in a way that feels completely at home on the Mac.” A new Task Manager will help power users keep better track of tabs.

For the impatient, the new version can be downloaded right away. The version number is 5.0.307. The link is here. Haven’t tried it yet? Well it seems to be catching on fast and is super fast, so you might want to give it a shot because it could just replace your current browser… it sure did for me!

Here are a couple of videos that Google through together to explain how it all works.

While still low-intensity compared to the PC platform, malware attacks against Macs are definitely becoming more prevalent. Trend Micro researcher Ivan Macalintal has found another new variant of the JAHLAV family hosted on known malicious domains. The new variant is detected as OSX_JAHLAV.I and, like other JAHLAV variants, poses as pirated versions of legitimate applications and modifies the system’s DNS settings, allowing malicious users to be victimized by phishing attacks, or surreptitiously redirecting them to sites which might harbor malicious exploits.

Unlike the earlier variants which only posed as versions of QuickTime, this one also poses as pirated versions of Foxit Reader and several antivirus applications. In addition, like the June variant of JAHLAV—OSX_JAHLAV.B—at least one website hosting OSX_JAHLAV.I could also deliver malware onto Windows systems, although the said file is no longer available from the said website.

This is bad news as it seems that lately there have been more and more attacks on the Mac community. Macs are known to not really have many types of security threats that they need to watch out for allowing a good number of users to not even worry about having antivirus software installed. If Mac users are not careful they are going to be easy targets for some of these new threats if they continue to browse around with their care free attitude.

So even for all you Mac users out there, you are not completely safe from the dangers on the internet. There are guys out there trying to compormise your system to use it for very bad things so if you do not have antivirus software installed I would highly suggest that you look into it. Even if you do not want to buy any software for this there are tons of free versions out there as well so there is really no excuse.

A Domain Naming System (DNS)-changing Trojan targeting Macs is currently making the rounds disguised as MacCinema Installer (detected by Trend Micro as OSX_JAHLAV.D. This is the latest variant of OSX_JAHLAV.C, which was identified in June.

The Trojan is supposedly a QuickTime Player update with the file name QuickTimeUpdate.dmg. As with its earlier variants, users are prompted to download the malware when trying to view certain online videos from .com domains with the IP address, 91.214.45.73 such as:

• allincorx
• bigdron
• cikaredo
• civilizxx
• comeandtryx
• deribrowns
• draxxtermania
• givendream
• hitrowzone
• jumborad
• ltdkeeper
• operationelx
• oxxadox
• paxxtiger
• rednetx
• rstdeals
• simplexdoom
• sinisteer
• tdenuwas
• tniredrum
• ufapeace

If infected, a victim’s Web traffic can then be diverted to the website of the attacker’s choosing.

The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as/tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user’s activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from.

Trend Micro Advanced Threats Researcher Feike Hacquebord notes the domain names have been set up such that when the main IP goes or is taken down, cybercriminals can easily move the backend to another IP address without the need to change code or scripts.

It would serve Mac users well to stay away from the above-mentioned domains and IP addresses or be wary of prompts to download software updates that do not come from Apple’s legitimate website. This is just another small example that proves that even Mac users aren’t

Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software (talked about HERE) and what appears to be the first Mac OS X botnet launching denial-of-service attacks. Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine.

The variants have been found inside bogus copies of iWork ’09 and Adobe Photoshop CS4 which were shared on the popular p2p torrent network. The author of the malware downloaded the original/trial versions of each program and introduced a copy of the malicious binary into the packages.  Users who then downloaded and installed the applications from the torrent download would have been infected. It is estimated that thousands of people have downloaded the infected torrent files.

They describe this as the “first real attempt to create a Mac botnet” and notes that the zombie Macs are already being used for nefarious purposes. The researchers pointed to this blog entry that describes a PHP script, running as root, launching attacks against an unknown Web site.

The article goes into detail on the botnet’s peer-to-peer engine, startup and encryption capabilities and configuration file structure and concludes that the person who wrote the malware is not the same as the person who actually ‘used’ it. “The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it – and therefore we would not be surprised to see a new, modified variant in the near future,” the researchers added.

Doing some reading about this new threat I came across a pretty simple and easy way to quickly disinfect yourself. If you think you and your Mac may have been infected by this, you can take the following steps to help clean up your system:

1. open Terminal.app
2. sudo su (enter password)
3. Type “rm -r /System/Library/StartupItems/iWorkServices”
4. Type “rm /private/tmp/.iWorkServices”
5. Type “rm /usr/bin/iWorkServices”
6. Type “rm -r /Library/Receipts/iWorkServices.pkg”
7. Type “killall -9 iWorkServices”

Hope this helps, and if anyone who thinks they have been hit by this and don’t understand how to do the above steps, feel free to leave a comment or contact me through the “Contact Us” page and I will be glad to help!

These days there is no one way to be too safe on your computer when it comes to browsing and using the internet. Everyday there are more and more scams, phishing websites, infected websites appearing that to the common user seem legit and trick them into viewing and getting infected. When this happens there no end to what damage can be caused from data loss to personal information being stolen and used without your knowledge. Keeping your PC secure isn’t as hard as people think but with most users not knowing how to do it, I feel that this is worth talking about to help more people understand what can be done.

While some of these methods are quite simple and will do most of the job, there are also some more in-depth things that can also be done for users who swim in increasingly dangerous waters and need the extra security. So without me talking for pages about what can be done, I am going to jump right into the list and let you know what can be done to help secure your system from the dangerous waters known as the internet!

1. Turn off File Sharing
2. Install a Firewall
3. Scan for Spyware
4. Use Antivirus Software
5. OS Updates
6. Security Scanner
7. Secure Instant Messengers
8. Secure Email
9. Secure your Files
10.  Safe Passwords
- Taken from source. 

While some of these steps are more complicated than others, they are all worth looking into. Most of them are pretty easy to setup and use, and even the ones that do take a bit more knowledge to use have plenty of good websites that do a great job of explaining how to use them in amazing detail! 

So check this stuff out, and if you have any questions or suggestions please feel free to leave a comment about this and I will respond as soon as I get a chance. Also the orginial article / source for this list is listed right under the steps, which also does a good job in explaining so check it out and stay safe!

Tens of thousands of users who’ve downloaded pirated versions of iWork ’09 or Photoshop CS4 may have opened their Macs to remote attacks from malicious users. Here is alittle info on both of the trojans that are getting out into the wild!

iWork ’09:

Mac security software maker Intego discovered last week what it calls “OSX.Trojan.iServices.A” in pirated copies of Apple’s iWork ’09 making the rounds on BitTorrent file sharing networks.  An additional package not found in retail copies of the iWork installer called “iWorkServices.pkg” is installed as a startup item with read/write/execute abilities with the pirated versions. According to Intego, the rogue software connects to a remote server to notify its creator that the trojan has been installed on different Macs, and he or she can “connect to them and perform various actions remotely”, including downloading additional components to the machine.

Intego considers the risk of infection to be serious, warning of “extremely serious consequences” if a user’s Mac is compromised by software. The security firm said 20,000 people had already downloaded the installer at the time of its alert.  As of now, Intego counts 1,000 more since the initial warning. In an update on the matter Monday morning, Intego said Macs infected with the trojan are being pushed new code that downloads in the background, which is then being used to facilitate a DDoS (distributed denial of service) attack on certain websites.

Photoshop CS4:

As part of its update, Intego also says it has discovered a new variant of the same Trojan horse called “OSX.Trojan.iServices.B”, which can be found in pirated versions of Adobe Photoshop CS4.  This installer has already been downloaded by 5,000 people who are now at risk, the firm says. This installer compromises the system not by installing an additional package, but through a crack application that serializes the program for use without a purchased retail key.  This app extracts an executable from its data and installs a backdoor in /var/tmp/.  If the user runs the crack app again, a new executable with a different random name is created, making it difficult to safely remove the malware.

Once the administrator password is entered, a backdoor with root privileges is launched, copying the executable to /usr/bin/DivX and a startup item in /System/Library/StartupItems/DivX.  It then makes repeated connections to two IP addresses, according to Intego. A malicious user can then connect to the affected Macs and perform various actions and downloads remotely.  Intego predicts this Trojan horse may also be used to execute similar DDoS attacks.

Warning:

As a result of these two very serious risks, Intego is warning Mac users not to download any cracking software from sites that distribute it.

“The risk of infection is serious, due to the number of infected users, and these users may face extremely serious consequences if their Macs are accessible to malicious users,” reads a notice on the security firm’s website.

Intego recommends that users never download and install software from untrusted sources or questionable websites.  It says its own VirusBarrier X4 and X5 products with virus definitions dated January 22, 2009, or later will protect against these two Trojan horses. This just goes to show that not even the almighty Macs are immune to viruses these days and as Apple’s line of computers continues to get more popular, these hackers will start to produce more viruses for them as it is starting to be worth it to infect Apple computers! So be safe out there on the internet and make sure you have a decent antivirus program protecting you always!