ITWire

Home opinion-and-analysis Core Dump Check that authentication dialog!

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Check that authentication dialog!

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


This trick isn't merely of academic interest - Pesoli went down this track after discovering that the recent Iservice (iWork Service) malware calls on the authorisation mechanism.
"The author of OSX.Iservice.B didn't go this far in that implementation, but the fact that the program already uses Authorization Services could mean he or she is already headed down this path," he noted.

So what's Symantec's recommendation? Cynical readers may be surprised, but there's no mention of running security software and keeping it up to date.

Instead, "From now on, we advise that Mac OS X users don't rely simply on familiar icons or messages from the authentication dialog box, but take an extra little step in order to verify the execution path of the program that is asking for the password. Furthermore, if we are prompted for a password by any Apple/clean/trusted application when we're not really expecting it, checking for any suspicious running processes would certainly help."

Mac malware seems to be on the increase, but it seems to rely on social engineering rather than silently exploiting underlying vulnerabilities.

Pesoli has shown how easy it is for the bad guys to incorporate real authentication dialogs to trick the unwary into granting rights to malware, so his call for extra care seems well-founded.

Fortunately, authentication dialogs don't normally appear very often, so there's no excuse for not stopping and thinking before you click OK.

RECRUITMENT & RETENTION REPORT 2013

HIRE OR FIRE? BUY OR BUILD

2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.

If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.

GET YOUR REPORT NOW

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

More in this category: « Microsoft, Adobe apps poke holes in Mac OS X security $US99 iPhone slated for midyear »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1