Flickr Malware Problem?

NSXTypeRNSXTypeR Posts: 2,286Member
edited January 2014 in Other Manufacturers
For those who do use Flickr, I'm pretty sure you guys know that Flickr is run by Yahoo. Well Yahoo apparently had a malware problem.

http://www.gizmodo.com.au/2014/01/if-you-used-yahoo-this-week-you-might-have-malware/

So my question is, how the heck do we know if we were affected by it? I mean, I use a Mac, but that doesn't mean I'm immune, although I like to think I am. :D
Nikon D7000/ Nikon D40/ Nikon FM2/ 18-135 AF-S/ 35mm 1.8 AF-S/ 105mm Macro AF-S/ 50mm 1.2 AI-S

Comments

  • PB_PMPB_PM Posts: 4,494Member
    edited January 2014
    Yahoo reports that this exploit is only effecting European users.

    The exploit itself effects anyone who has Java enabled in their browser. Beyond that little is known at this point.
    Post edited by PB_PM on
    If I take a good photo it's not my camera's fault.
  • spraynprayspraynpray Posts: 6,545Moderator
    All the news is very vague: How does one know if one is affected? I have up to date anti-virus, presumably that doesn't matter? I haven't had any warnings from it.
    Always learning.
  • PB_PMPB_PM Posts: 4,494Member
    It would depend on whether or not the exploit used an a known type of malware or not. If it was a known variety than your software should pick it up. If it is new, it could take a few days before the AV software picks it up.
    If I take a good photo it's not my camera's fault.
  • adamzadamz Posts: 842Moderator
    first Sony, then Adobe, now Yahoo... who's next Facebook? Google?
  • spraynprayspraynpray Posts: 6,545Moderator
    Just did a manual update following @PB_PM's point about it taking a few days and now doing a full scan...malware found and sent to virus vault.

    Another 2 PC's to do after this laptop. Thanks PB.
    Always learning.
  • MsmotoMsmoto Posts: 5,398Moderator
    As I understand it this does not affect USA folks, and apparently Mac OS is not affected.

    http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/05/worried-about-the-yahoo-malware-outbreak-if-youre-in-u-s-youre-probably-safe/

    I mean, the Washington Post would never lie would it?
    Msmoto, mod
  • AdeAde Posts: 1,071Member
    That's really the Washington Post blog, which has different standards than the news division. They're written by professional "bloggers" who often publish the same or similar content on Ars Technica, CNET, TechCrunch, etc.

    Bloggers often rely on thirdhand information from other blogs, (or hastily made denials made by companies). Usually the blogs are very well written, just not up to the same rigorous journalistic standards as the rest of the Post.

    I know because they've blogged about security issues found by me in the past (about Google not Yahoo):

    http://www.washingtonpost.com/wp-dyn/content/article/2009/03/26/AR2009032601120.html

    The entire article basically just paraphrased my own blog entry, plus a comment from Google. After much investigation the issue turned up to be much more complex than the Google initial comment implied.

    For this Yahoo breach, most reports are similarly just paraphrasing the original security analyst's blog, plus a comment from Yahoo:

    http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/
  • ChasCSChasCS Posts: 309Member
    Do Macs actually ever get affected by malware of viral offenders?
    They seem to be immune for the most part.

    Why I do most of my WEB surfing on an iPad 3, and saving thee 'puter for more serious business, like my
    RF 6.5 flight SIM. ;-)
    D800, AF-S NIKKOR 80-400mm f/4.5-5.6G ED VR, B+W Clear MRC 77mm, AF-S NIKKOR 24-120mm f/4G ED VR, Sigma DG UV 77mm,
    SB-910~WG-AS3, SB-50, ME-1, Lexar Professional 600x 64GB SDXC UHS-I 90MB/s* x2, 400x 32GB SDHC UHS-I 60MB/s* x1
    Vanguard ALTA PRO 263AT, GH-300T, SBH-250, SBH-100, PH-22 Panhead
    Lowepro S&F Deluxe Technical Belt and Harness ~ Pouch 60 AW 50 AW & 10, S&F Toploader 70 AW, Lens Case 11 x 26cm
    FE, NIKKOR 2-20mm f/1.8, OPTEX UV 52mm, Vivitar Zoom 285, Kodacolor VR 1000 CF 135-24 EXP DX 35mm, rePlay XD1080

  • AdeAde Posts: 1,071Member
    Sure, the "Flashback" malware was a good example. It affected only Macs, primarily in the US and Canada. More than half a million Macs were infected:

    http://www.intego.com/mac-security-blog/hundreds-of-thousands-of-macs-infected-by-flashback-malware/

    Intego sells anti-virus for Macs (which I use), but you can also get free ones from Sophos, etc.
  • YugaYuga Posts: 1Member
    Sam plenty of malware for Mac is appearing, short list and articles here: http://macsecurity.net/view/70/
  • haroldpharoldp Posts: 984Member
    On OSX (mac), (which is actually berkelly UNIX) I operate with 3 levels of users, I do most of my work from an ID that does not have admin privileges, and is therefore limited in the damage that even accidentally authorized malware (usually javascript) can do, It cannot change appllication or system libraries.

    I install application software (or authenticate) from an ID that has admin privileges and can therefore update application libraries, but is locked out of the system library. The most common method of introducing real malware into macs is to spoof legitimate software so that the user authorizes something that seems harmless, but is actually installing something different. This approach prevents such spoofing from infecting real system libraries which is where real damage is done. If installing n application (anything not from Apple) requires further aithentication from such an ID, say NO, it is not doing what it claims.

    I have one 'superuser' ID who can do anything, but is only logged on when installing an OSX update sourced directly from apple. (never from a link).

    It is also useful to disable javascript in your browser, but may have side effects on some websites.

    .... H
    D810, D3x, 14-24/2.8, 50/1.4D, 24-70/2.8, 24-120/4 VR, 70-200/2.8 VR1, 80-400 G, 200-400/4 VR1, 400/2.8 ED VR G, 105/2 DC, 17-55/2.8.
    Nikon N90s, F100, F, lots of Leica M digital and film stuff.

  • manhattanboymanhattanboy Posts: 1,003Member
    On OSX (mac), (which is actually berkelly UNIX) I operate with 3 levels of users, I do most of my work from an ID that does not have admin privileges, and is therefore limited in the damage that even accidentally authorized malware (usually javascript) can do, It cannot change appllication or system libraries.
    For the most part this used to be true prior to say 2010. The hacking now has gotten so sophisticated that even free BSD derivatives like OSX are no longer safe. Packets can easily be intercepted and all sorts of goodies can land on your computer regardless of javascript being turned off...

    Its pretty freakin scary now. Ignorance is bliss so let's move along and live happy...

    If you have a mac and are spooked by all of this, I would recommend the Sophos that Ade mentioned above. Their malware detection is not the greatest but overall their methods of detection are fairly Sophistocated ;)
  • haroldpharoldp Posts: 984Member
    manhatttanboy is correct, there is no absolute security, but it is always helpful to be a harder target, and multiple layers of protection will fend off many attacks and threats. Defense in depth.

    In addition to the measures I described, a good backup strategy for both data and system (boot) drives is essential, and should include generations of backup that are not continuously connected to a computer or network. Alternate drive copies to a friends house or closet (I do both).

    OSX is still much easier to secure than consumer versions of windows. windows allows applications to directly address hardware, if the perimeter is breached, there are no other levels of protection.

    Thanks for the suggestion of sophos, I am looking into it.

    ... H

    D810, D3x, 14-24/2.8, 50/1.4D, 24-70/2.8, 24-120/4 VR, 70-200/2.8 VR1, 80-400 G, 200-400/4 VR1, 400/2.8 ED VR G, 105/2 DC, 17-55/2.8.
    Nikon N90s, F100, F, lots of Leica M digital and film stuff.

Sign In or Register to comment.