Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > GENERAL DISCUSSION > Technology and Internet
Register FAQ Members List Calendar Mark Forums Read

Technology and Internet Emerging and current tech related issues. Internet, DRM, IP, and other technology related discussions.

Reply
 
Thread Tools Display Modes
  #1  
Old 09-24-2021, 4:12 AM
the86d's Avatar
the86d the86d is offline
Calguns Addict
 
Join Date: Jul 2011
Location: TX, before 11/2/21
Posts: 9,372
iTrader: 5 / 100%
Default Every Mac can be hacked by this new flaw, and there's no fix yet

"Independent security researcher Park Minchan found that prefacing a link in an inetloc file with "file://" instead of "http://" or "https://" made it possible to run arbitrary code on — i.e. hack — any Mac running fully updated macOS 11.6 Big Sur. (The "file://" prefix specifies a file on the local PC.)"

""These files can be embedded inside emails which, if the user clicks on them, will execute the commands embedded inside them without providing a prompt or warning to the user," said an unsigned posting today (Sept. 21) on the SSD-Disclosure bug-reporting website."

https://www.tomsguide.com/news/macos...r-inetloc-flaw

No opening links/attachments?
__________________
Quote:
Originally Posted by the86d View Post
I sold most of our guns in a fortunate setting-sail [for TX] incident…
Reply With Quote
  #2  
Old 09-24-2021, 5:20 AM
dizzyblonde dizzyblonde is offline
Junior Member
 
Join Date: Dec 2017
Posts: 95
iTrader: 3 / 100%
Default

That's a feature of the browser (all browsers I've ever used). Being able to surreptitiously pre-stage an executable file with malicious payload into a definitely known location on the system would be the hack.
Reply With Quote
  #3  
Old 09-24-2021, 7:03 AM
ocabj's Avatar
ocabj ocabj is offline
Calguns Addict
 
Join Date: Oct 2005
Location: Riverside
Posts: 7,721
iTrader: 43 / 100%
Default

Comical how this made calguns yet the Windows print spooler related vulnerabilities over the past few months went unmentioned. I mean, those were wormable vulnerabilities, too.
__________________

Distinguished Rifleman #1924
NRA Certified Instructor (Rifle and Metallic Cartridge Reloading) and RSO
NRL22 Match Director at WEGC

https://www.ocabj.net | http://jocabphoto.com
Reply With Quote
  #4  
Old 09-24-2021, 8:27 AM
Robotron2k84's Avatar
Robotron2k84 Robotron2k84 is offline
Senior Member
 
Join Date: Sep 2017
Posts: 1,540
iTrader: 2 / 100%
Default

As stated, if file:// access runs arbitrary code, that is a browser issue, not an OS issue. Tight integration is a problem, but only if there is no way to disable parsing hyperlinks. Most mail programs have a setting to not load remote content (which would include local content, in this case), which should be the default IMHO (as well as eliminating HTML mail). And, you can use another browser on a Mac, unlike on iOS, where other browsers are still Safari under the hood.

Malicious emails hiding links with Unicode or other obfuscation is old, old news and people are trained (but rarely listen) to never click links in email. If you get an email from your bank, visit the web site manually in the browser.

I recommend against Macs at this point due to how obsessive Apple is over controlling your OS and hardware.
Reply With Quote
  #5  
Old 09-25-2021, 10:43 PM
the86d's Avatar
the86d the86d is offline
Calguns Addict
 
Join Date: Jul 2011
Location: TX, before 11/2/21
Posts: 9,372
iTrader: 5 / 100%
Default

Quote:
Originally Posted by ocabj View Post
Comical how this made calguns yet the Windows print spooler related vulnerabilities over the past few months went unmentioned. I mean, those were wormable vulnerabilities, too.
No need to mention, patches have already been applied... [Unlike the unfixed iPhtuity issue?]
Microsoft fixes Print Spooler bugs with August Patch Tuesday ...
https://www.techrepublic.com › Topic › Security
"Aug 12, 2021"
__________________
Quote:
Originally Posted by the86d View Post
I sold most of our guns in a fortunate setting-sail [for TX] incident…
Reply With Quote
  #6  
Old 09-26-2021, 9:24 AM
therealnickb's Avatar
therealnickb therealnickb is offline
Himself
CGN Contributor
 
Join Date: Oct 2011
Location: Pursuing happiness
Posts: 7,849
iTrader: 56 / 100%
Default

Oooh, the Apple. It burns us… it buuuurns!
__________________
CGN Contributor - Lifetime - Special Golden Category
Reply With Quote
  #7  
Old 09-26-2021, 4:59 PM
ocabj's Avatar
ocabj ocabj is offline
Calguns Addict
 
Join Date: Oct 2005
Location: Riverside
Posts: 7,721
iTrader: 43 / 100%
Default

Quote:
Originally Posted by the86d View Post
No need to mention, patches have already been applied... [Unlike the unfixed iPhtuity issue?]
Microsoft fixes Print Spooler bugs with August Patch Tuesday ...
https://www.techrepublic.com › Topic › Security
"Aug 12, 2021"
My point was during the 8-10 weeks prior to that and a couple of ineffective patches during that time span where every ISAC on the planet was providing mitigation recommendations to confine any possible spread, the whole print spooler fiasco which was 100% wormable was unmentioned here. Again, comical.
__________________

Distinguished Rifleman #1924
NRA Certified Instructor (Rifle and Metallic Cartridge Reloading) and RSO
NRL22 Match Director at WEGC

https://www.ocabj.net | http://jocabphoto.com
Reply With Quote
  #8  
Old 09-26-2021, 8:14 PM
SanDiego619's Avatar
SanDiego619 SanDiego619 is offline
Veteran Member
 
Join Date: Jan 2013
Location: Covidbutgunns.net
Posts: 4,470
iTrader: 6 / 100%
Default

Quote:
Originally Posted by ocabj View Post
My point was during the 8-10 weeks prior to that and a couple of ineffective patches during that time span where every ISAC on the planet was providing mitigation recommendations to confine any possible spread, the whole print spooler fiasco which was 100% wormable was unmentioned here. Again, comical.
Because Apple zealots like to claim their overpriced devices are unhackable, stylish, and elite.
__________________
Where the people fear the government you have tyranny. Where the government fears the people you have liberty.
Reply With Quote
  #9  
Old 09-27-2021, 4:43 PM
the86d's Avatar
the86d the86d is offline
Calguns Addict
 
Join Date: Jul 2011
Location: TX, before 11/2/21
Posts: 9,372
iTrader: 5 / 100%
Default

Quote:
Originally Posted by SanDiego619 View Post
Because Apple zealots like to claim their overpriced devices are unhackable, stylish, and elite.
You forgot...
"...AND THEIR OWNERS CAN'T SIGNAL AND DRIVE AT THE SAME TIME..."
__________________
Quote:
Originally Posted by the86d View Post
I sold most of our guns in a fortunate setting-sail [for TX] incident…
Reply With Quote
  #10  
Old 09-30-2021, 10:08 AM
Dan_Eastvale's Avatar
Dan_Eastvale Dan_Eastvale is offline
Veteran Member
 
Join Date: Apr 2013
Location: Salt Lake City, Utah
Posts: 4,156
iTrader: 0 / 0%
Default

Iphones aren't so elite or stylish any more.
They copied Samsung's trend to huge phones on their flagships.
And their cost is comparable to Samsung flagships these days.
Reply With Quote
  #11  
Old 09-30-2021, 11:26 AM
SactoDoug's Avatar
SactoDoug SactoDoug is offline
CGN/CGSSA Contributor - Lifetime
CGN Contributor - Lifetime
 
Join Date: Oct 2013
Location: Sacramento
Posts: 1,009
iTrader: 0 / 0%
Default

Browser issue? This does not open calculator on my PC using any browser that I tried. All it does is saves a copy of the file if I click to accept it.

file://c:/Windows/System32/calc.exe

This will open the calculator but that is a known feature and does not allow access to arbitrary files.

calculator://
Reply With Quote
  #12  
Old 09-30-2021, 9:03 PM
Robotron2k84's Avatar
Robotron2k84 Robotron2k84 is offline
Senior Member
 
Join Date: Sep 2017
Posts: 1,540
iTrader: 2 / 100%
Default

Yes, it’s a browser issue. On the Mac, and with Safari. Not Windows.

The browser on the Mac has libraries that export functions that the Finder uses for URL parsing and network transparency. The Finder is the GUI shell, not the OS, as Safari is the browser and not the OS. However they may share functions to provide abilities to one another.

The fix would be in the Safari libraries. Unfortunately, Apple doesn’t allow you to uninstall Safari, like MS doesn’t let you uninstall the core browser libraries either. Their browser is just a UI window for the libraries that are part of the OS.

On the Mac, the browser, shell and OS are distinct programs, running in separate memory with individual privilege levels, but the Mac makes extensive use of library sharing for UI consistency. Windows, where code is duplicated per module and leads to the same vulnerabilities occurring over and over, does not share this design feature.

If the vulnerability was in the OS it would implicate a lot more than the UI, and lead to trivial remote code execution, the worst kind of coding error, from a security standpoint.
Reply With Quote
  #13  
Old 10-03-2021, 5:34 PM
45-ACP 45-ACP is offline
Junior Member
 
Join Date: Aug 2021
Posts: 45
iTrader: 0 / 0%
Default

i don't much about computers, software, worms or viruses, but i bought my first mac in 2013 (i'm using it now) and I can't see myself ever going back. In my opinion, Apples tech is far better and I really like that I get a tech that speaks perfect english every time. I've only used Apple care twice since I bought this laptop.
Reply With Quote
  #14  
Old 10-06-2021, 2:27 AM
the86d's Avatar
the86d the86d is offline
Calguns Addict
 
Join Date: Jul 2011
Location: TX, before 11/2/21
Posts: 9,372
iTrader: 5 / 100%
Default

Quote:
Originally Posted by 45-ACP View Post
i don't much about computers, software, worms or viruses, but i bought my first mac in 2013 (i'm using it now) and I can't see myself ever going back. In my opinion, Apples tech is far better and I really like that I get a tech that speaks perfect english every time. I've only used Apple care twice since I bought this laptop.
Sounds like you get a lemon... with Apple.

I have never contacted Microsoft for support (aside from activation, I was going REAL grey-area on), and can Google solutions for my own problems...
I never contacted Google about Android, either...
__________________
Quote:
Originally Posted by the86d View Post
I sold most of our guns in a fortunate setting-sail [for TX] incident…
Reply With Quote
  #15  
Old 10-06-2021, 4:25 AM
Boomrick Boomrick is offline
Junior Member
 
Join Date: Jun 2021
Posts: 8
iTrader: 0 / 0%
Default

Quote:
Originally Posted by the86d View Post
"Independent security researcher Park Minchan found that prefacing a link in an inetloc file with "file://" instead of "http://" or "https://" made it possible to run arbitrary code on — i.e. hack — any Mac running fully updated macOS 11.6 Big Sur. (The "file://" prefix specifies a file on the local PC.)"

""These files can be embedded inside emails which, if the user clicks on them, will execute the commands embedded inside them without providing a prompt or warning to the user," said an unsigned posting today (Sept. 21) on the SSD-Disclosure bug-reporting website."

https://www.tomsguide.com/news/macos...r-inetloc-flaw

No opening links/attachments?
It appears to me that I need to start taking lessons on coding and computer programming. It's scary thinking you can be hacked without your own knowledge of it, before you realize it a lot of damages would have been done.
Reply With Quote
  #16  
Old 10-06-2021, 5:05 AM
wpage's Avatar
wpage wpage is offline
Calguns Addict
 
Join Date: Jan 2011
Posts: 5,901
iTrader: 8 / 100%
Default

Ohh the humanity...

Microsoft strikes back!
__________________
God so loved the world He gave His only Son... Believe in Him and have everlasting life.
John 3:16

United Air Epic Fail Video ...

https://www.youtube.com/watch?v=u99Q7pNAjvg
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 4:36 AM.




Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, vBulletin Solutions Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2021, Calguns.net an Incorporated Company All Rights Reserved.
All opinions, statements and remarks made by Calguns.net on this web site and elsewhere are solely attributable to Calguns.net.



Seams2SewBySusy

Tactical Pants Tactical Boots Military Boots 5.11 Tactical