jimmyLi's blog

Alexei Borodin, the same hacker who came up with the recent in-app purchase exploit that allowed free transactions for iOS users has struck again with a new method that allows users of Mac apps to do the same. The ‘In-Appstore for OS X’ service uses a method that’s very similar to that used on iOS devices to spoof transactions made to Apple’s servers. We won’t rehash the method too much here, as we covered it in-depth with our previous article. The way that users implement it is slightly different on OS X than it is on iOS, but the root method is basically similar. After installing two local certificates, a user points their computer’s DNS settings at Borodin’s server and it pretends to be the Mac App Store, issuing verification of the purchase. It’s not incredibly simple, but it’s not all that hard either. This time there is a companion app called ‘Grim Receiper that must be run on the local machine to facilitate the process as well. It effectively bypass...

Apple's reputation as an unattractive target for malware writers changed when the Flashback trojan hit more than 600,000 Macs. But Windows security still looks worse. Alan Paller, director of research for the SANS Institute, wrote in the group's information security newsletter Tuesday that it was time "to memorialize Apple's arrival as a prime target of cybercrime, following its recent ascent into a trusted platform for enterprise computing."  As Paller notes, Macs now have business cred, due in no small part to Apple hitting a home run with both the smartphone and tablet form factors. Market researchers said the company's success with the iPhone and the iPad has driven more demand than ever for Apple's laptops, not least by business users, even if it means "bringing your own device" (BYOD). Another selling point of Macs is that they've been almost completely unscathed by the last decade's boom in malware.  Interest...

Troianul Duqu a dat mari bătăi de cap programatorilor ce lucrează la principalele aplicații antivirus. Cei de la Kaspersky Lab au rezolvat, împreună cu programatori din întreaga lume unul “dintre cele mai mari mistere care înconjurau troianul Duqu : identificarea unui sector de cod necunoscut din structura componentei Payload DLL”. Kaspersky Lab declară într-un comunicat de presă următoarele lucruri. În urma unui feedback consistent din partea comunităţii de programatori, experţii Kaspersky Lab au concluzionat că infrastructura Duqu este compilată în limbajul de programare „C”, cu ajutorul Microsoft Visual Studio 2008 şi a unor opţiuni speciale pentru optimizarea mărimii codului şi a dimensiunii liniilor. De asemenea, codul a fost scris folosind o extensie personalizată pentru combinarea programării de tip „object-oriented” cu limbajul C, denumită adesea „OO C”. Deşi nu există o explicaţie simplă pentru care limbajul OO C a fost utilizat în locul C++ în infrastructur...