Re: [Fed-Talk] Espionage in the 21st Century
Re: [Fed-Talk] Espionage in the 21st Century
- Subject: Re: [Fed-Talk] Espionage in the 21st Century
- From: Todd Heberlein <email@hidden>
- Date: Fri, 09 Dec 2011 10:46:34 -0800
On Dec 9, 2011, at 5:40 AM, William Cerniuk wrote:
> First, how did the APT on the thumb drive bypass the "are you sure you want to run this" first time check built into Mac OS X?
You are *not* prompted for that the first time you run an application from a flash drive. That is one reason the flash drive is a dangerous vector.
>From my understanding, Apple adds a quarantine bit to an application that you download from the Internet via some standard download methods, but certainly not all of them. For example, Chrome frequently downloads UNIX programs from the Internet and runs them in the background without you ever knowing about it. So in some ways, the quarantine bit is an "opt in" feature.
The quarantine bit can be a bit annoying, and I've seen quite a few complaints when regular documents get tagged with the com.apple.quarantine bit. It seems to occur when downloading ZIP files containing images or other documents. It annoys some people enough that they disable the quarantine feature altogether. It kind of reminds me of Vista's UAC problems. Here is an example discussion from Lion.
https://discussions.apple.com/thread/3193518?start=0&tstart=0
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden