info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Fwd: Never-before-seen malware has infected hundreds of Linux and Windows devices
6 views
Skip to first unread message
David Brooks
Sep 30, 2022, 4:01:00 PM9/30/22
to
On 30/09/2022 20:29, Snit wrote:
> On Sep 30, 2022 at 9:40:14 AM MST, "David Brooks" wrote
> <OZEZK.549763$wkZ5....@fx11.ams1>:
>
>> On 30/09/2022 17:09, Steve Carroll wrote:
>>> On 2022-09-30, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>> On 30/09/2022 16:20, Steve Carroll wrote:
>>>>> On 2022-09-29, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>>>> REPOSTED!
>>>>>>
>>>>>> On 29/09/2022 23:13, Snit wrote:
>>>>>>> On Sep 29, 2022 at 2:42:40 PM MST, "David Brooks" wrote
>>>>>>> <kjoZK.343820$9f26....@fx09.ams1>:
>>>>>>>
>>>>>>>> On 29/09/2022 21:35, Snit wrote:
>>>>>>>>> On Sep 29, 2022 at 12:22:09 PM MST, "David Brooks" wrote
>>>>>>>>> <BfmZK.548310$wkZ5....@fx11.ams1>:
>>>>>>>>>
>>>>>>>>>> On 29/09/2022 19:36, Snit wrote:
>>>>>>>>>>> https://arstechnica.com/information-technology/2022/09/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices/
>>>>>>>>>>>
>>>>>>>>>>> Researchers have revealed a never-before-seen piece of cross-platform
>>>>>>>>>>> malware that has infected a wide range of Linux and Windows devices,
>>>>>>>>>>> including small office routers, FreeBSD boxes, and large enterprise
>>>>>>>>>>> servers.
>>>>>>>>>>>
>>>>>>>>>>> ——
>>>>>>>>>>>
>>>>>>>>>>> Be careful out there!
>>>>>>>>>>
>>>>>>>>>> Thanks! This is a time when it's good to be an Apple customer! 🤣
>>>>>>>>>
>>>>>>>>> Yes, though they are not 100% safe either.
>>>>>>>>
>>>>>>>> True - especially if you download rogue Apps! https://imgbb.com/X2kyxCM
>>>>>>>
>>>>>>> Not sure I follow. Rogue apps? Wasn't that from a corrupt app?
>>>>>>
>>>>>> When I reported the error to HO he said to me, in email:-
>>>>>> "That's because you didn't follow the instructions that I gave you, and
>>>>>> you tried running the app from the same folder that it was unarchived
>>>>>> to. Please move the app out of that, preferably into your Applications
>>>>>> folder. I have also explained this in at least two articles recently.
>>>>>
>>>>> Have you read these articles?
>>>>
>>>> Yes, I have.
>>>
>>> That's passive aggressive! You're playing a game! ;)
>>
>> Absolutely not. I have read hundreds of HO's Blog articles.
>
> Not sure where that could even be seen as such.
I didn't quite understand where he was coming from with that.
No matter. I want to show him (SC) that I am not his enemy.
>>> And is HO correct (based on what's in the articles)?
>>
>> I do not know. I *WANT* him to be genuine but I have absolutely no way
>> of checking if what he puts onto my iMac (via his self-built tools) will
>> harm my machine or enable others to use it as part of a Botnet.
>
> You have no real way with ANY app. Even open source ones -- if you do not read
> code how would you know? And code is big and complex enough there can still be
> hidden things.
How? By getting a warning from my operating system!
https://imgbb.com/X2kyxCM
Why do you accept HO's 'excuse' - instead of believing Apple?
You don't think of the worst case scenario - that he could be a bad guy
who made a mistake, quickly corrected so as to fool the likes of you! ;-)
If you wished, you could raise a question in one of his Blog's
'Comments' areas and see what he says! But you won't, will you?
I cannot do so because he recently said to me .... "Please do not send
me any further emails, or attempt to communicate with me in any way.
All your future attempts to post comments on my blog will now be
automatically deleted, without being read."
>>>>>> But I HAD installed the Mints App exactly as instructed - in the
>>>>>> Applications folder - before I ran it. I believe HO altered the coding
>>>>>> in his App so that the next time I downloaded it an ran it, no error
>>>>>> message was shown.
>>>>>>
>>>>>> I have no idea how an App can become corrupt, but I decided to rid this
>>>>>> machine of /all/ tools supplied by HO. Over-Kill? Maybe, but who knows
>>>>>> for sure.
>>>>>
>>>>> He did that... just for *you*?
>>>>
>>>> No - but he referred me to this article:-
>>>> https://eclecticlight.co/2022/09/21/what-does-silentknight-check-and-why/
[....]
--
David
> On Sep 30, 2022 at 9:40:14 AM MST, "David Brooks" wrote
> <OZEZK.549763$wkZ5....@fx11.ams1>:
>
>> On 30/09/2022 17:09, Steve Carroll wrote:
>>> On 2022-09-30, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>> On 30/09/2022 16:20, Steve Carroll wrote:
>>>>> On 2022-09-29, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>>>> REPOSTED!
>>>>>>
>>>>>> On 29/09/2022 23:13, Snit wrote:
>>>>>>> On Sep 29, 2022 at 2:42:40 PM MST, "David Brooks" wrote
>>>>>>> <kjoZK.343820$9f26....@fx09.ams1>:
>>>>>>>
>>>>>>>> On 29/09/2022 21:35, Snit wrote:
>>>>>>>>> On Sep 29, 2022 at 12:22:09 PM MST, "David Brooks" wrote
>>>>>>>>> <BfmZK.548310$wkZ5....@fx11.ams1>:
>>>>>>>>>
>>>>>>>>>> On 29/09/2022 19:36, Snit wrote:
>>>>>>>>>>> https://arstechnica.com/information-technology/2022/09/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices/
>>>>>>>>>>>
>>>>>>>>>>> Researchers have revealed a never-before-seen piece of cross-platform
>>>>>>>>>>> malware that has infected a wide range of Linux and Windows devices,
>>>>>>>>>>> including small office routers, FreeBSD boxes, and large enterprise
>>>>>>>>>>> servers.
>>>>>>>>>>>
>>>>>>>>>>> ——
>>>>>>>>>>>
>>>>>>>>>>> Be careful out there!
>>>>>>>>>>
>>>>>>>>>> Thanks! This is a time when it's good to be an Apple customer! 🤣
>>>>>>>>>
>>>>>>>>> Yes, though they are not 100% safe either.
>>>>>>>>
>>>>>>>> True - especially if you download rogue Apps! https://imgbb.com/X2kyxCM
>>>>>>>
>>>>>>> Not sure I follow. Rogue apps? Wasn't that from a corrupt app?
>>>>>>
>>>>>> When I reported the error to HO he said to me, in email:-
>>>>>> "That's because you didn't follow the instructions that I gave you, and
>>>>>> you tried running the app from the same folder that it was unarchived
>>>>>> to. Please move the app out of that, preferably into your Applications
>>>>>> folder. I have also explained this in at least two articles recently.
>>>>>
>>>>> Have you read these articles?
>>>>
>>>> Yes, I have.
>>>
>>> That's passive aggressive! You're playing a game! ;)
>>
>> Absolutely not. I have read hundreds of HO's Blog articles.
>
> Not sure where that could even be seen as such.
I didn't quite understand where he was coming from with that.
No matter. I want to show him (SC) that I am not his enemy.
>>> And is HO correct (based on what's in the articles)?
>>
>> I do not know. I *WANT* him to be genuine but I have absolutely no way
>> of checking if what he puts onto my iMac (via his self-built tools) will
>> harm my machine or enable others to use it as part of a Botnet.
>
> You have no real way with ANY app. Even open source ones -- if you do not read
> code how would you know? And code is big and complex enough there can still be
> hidden things.
How? By getting a warning from my operating system!
https://imgbb.com/X2kyxCM
Why do you accept HO's 'excuse' - instead of believing Apple?
You don't think of the worst case scenario - that he could be a bad guy
who made a mistake, quickly corrected so as to fool the likes of you! ;-)
If you wished, you could raise a question in one of his Blog's
'Comments' areas and see what he says! But you won't, will you?
I cannot do so because he recently said to me .... "Please do not send
me any further emails, or attempt to communicate with me in any way.
All your future attempts to post comments on my blog will now be
automatically deleted, without being read."
>>>>>> But I HAD installed the Mints App exactly as instructed - in the
>>>>>> Applications folder - before I ran it. I believe HO altered the coding
>>>>>> in his App so that the next time I downloaded it an ran it, no error
>>>>>> message was shown.
>>>>>>
>>>>>> I have no idea how an App can become corrupt, but I decided to rid this
>>>>>> machine of /all/ tools supplied by HO. Over-Kill? Maybe, but who knows
>>>>>> for sure.
>>>>>
>>>>> He did that... just for *you*?
>>>>
>>>> No - but he referred me to this article:-
>>>> https://eclecticlight.co/2022/09/21/what-does-silentknight-check-and-why/
[....]
--
David
Snit
Sep 30, 2022, 5:38:57 PM9/30/22
to
On Sep 30, 2022 at 1:00:57 PM MST, "David Brooks" wrote
<ZVHZK.760345$f0c6....@fx10.ams1>:
...
>>>> And is HO correct (based on what's in the articles)?
>>>
>>> I do not know. I *WANT* him to be genuine but I have absolutely no way
>>> of checking if what he puts onto my iMac (via his self-built tools) will
>>> harm my machine or enable others to use it as part of a Botnet.
>>
>> You have no real way with ANY app. Even open source ones -- if you do not read
>> code how would you know? And code is big and complex enough there can still be
>> hidden things.
>
> How? By getting a warning from my operating system!
> https://imgbb.com/X2kyxCM
Did it do so when you downloaded a new copy? Did it from the Applications
folder?
> You don't think of the worst case scenario - that he could be a bad guy
> who made a mistake, quickly corrected so as to fool the likes of you! ;-)
No, I do not even consider that as a likely scenario. If it was then others
would not be able to use the software.
> If you wished, you could raise a question in one of his Blog's
> 'Comments' areas and see what he says! But you won't, will you?
Why would I? I do not see much of a mystery here.
> I cannot do so because he recently said to me .... "Please do not send
> me any further emails, or attempt to communicate with me in any way.
>
> All your future attempts to post comments on my blog will now be
> automatically deleted, without being read."
You have been suggesting he is some sort of bad guy based on... what is likely
a faulty download? And then he helped direct you how to fix it. I can see
where he might not be pleased with that.
--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.
They cling to their attacks and ignore the message time and time again.
<ZVHZK.760345$f0c6....@fx10.ams1>:
...
>>>>>>
>>>>>> Have you read these articles?
>>>>>
>>>>> Yes, I have.
>>>>
>>>> That's passive aggressive! You're playing a game! ;)
>>>
>>> Absolutely not. I have read hundreds of HO's Blog articles.
>>
>> Not sure where that could even be seen as such.
>
> I didn't quite understand where he was coming from with that.
>
> No matter. I want to show him (SC) that I am not his enemy.
I wish you luck with that.
>>>>>> Have you read these articles?
>>>>>
>>>>> Yes, I have.
>>>>
>>>> That's passive aggressive! You're playing a game! ;)
>>>
>>> Absolutely not. I have read hundreds of HO's Blog articles.
>>
>> Not sure where that could even be seen as such.
>
> I didn't quite understand where he was coming from with that.
>
> No matter. I want to show him (SC) that I am not his enemy.
>>>> And is HO correct (based on what's in the articles)?
>>>
>>> I do not know. I *WANT* him to be genuine but I have absolutely no way
>>> of checking if what he puts onto my iMac (via his self-built tools) will
>>> harm my machine or enable others to use it as part of a Botnet.
>>
>> You have no real way with ANY app. Even open source ones -- if you do not read
>> code how would you know? And code is big and complex enough there can still be
>> hidden things.
>
> How? By getting a warning from my operating system!
> https://imgbb.com/X2kyxCM
folder?
>
> Why do you accept HO's 'excuse' - instead of believing Apple?
Not sure what you mean by this.
> Why do you accept HO's 'excuse' - instead of believing Apple?
> You don't think of the worst case scenario - that he could be a bad guy
> who made a mistake, quickly corrected so as to fool the likes of you! ;-)
would not be able to use the software.
> If you wished, you could raise a question in one of his Blog's
> 'Comments' areas and see what he says! But you won't, will you?
> I cannot do so because he recently said to me .... "Please do not send
> me any further emails, or attempt to communicate with me in any way.
>
> All your future attempts to post comments on my blog will now be
> automatically deleted, without being read."
a faulty download? And then he helped direct you how to fix it. I can see
where he might not be pleased with that.
--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.
They cling to their attacks and ignore the message time and time again.
David Brooks
Sep 30, 2022, 6:02:59 PM9/30/22
to
On 30/09/2022 22:38, Snit wrote:
> On Sep 30, 2022 at 1:00:57 PM MST, "David Brooks" wrote
> <ZVHZK.760345$f0c6....@fx10.ams1>:
> ...
>>>>>>>
>>>>>>> Have you read these articles?
>>>>>>
>>>>>> Yes, I have.
>>>>>
>>>>> That's passive aggressive! You're playing a game! ;)
>>>>
>>>> Absolutely not. I have read hundreds of HO's Blog articles.
>>>
>>> Not sure where that could even be seen as such.
>>
>> I didn't quite understand where he was coming from with that.
>>
>> No matter. I want to show him (SC) that I am not his enemy.
>
> I wish you luck with that.
Thank you! :-)
> On Sep 30, 2022 at 1:00:57 PM MST, "David Brooks" wrote
> <ZVHZK.760345$f0c6....@fx10.ams1>:
> ...
>>>>>>>
>>>>>>> Have you read these articles?
>>>>>>
>>>>>> Yes, I have.
>>>>>
>>>>> That's passive aggressive! You're playing a game! ;)
>>>>
>>>> Absolutely not. I have read hundreds of HO's Blog articles.
>>>
>>> Not sure where that could even be seen as such.
>>
>> I didn't quite understand where he was coming from with that.
>>
>> No matter. I want to show him (SC) that I am not his enemy.
>
> I wish you luck with that.
>>>>> And is HO correct (based on what's in the articles)?
>>>>
>>>> I do not know. I *WANT* him to be genuine but I have absolutely no way
>>>> of checking if what he puts onto my iMac (via his self-built tools) will
>>>> harm my machine or enable others to use it as part of a Botnet.
>>>
>>> You have no real way with ANY app. Even open source ones -- if you do not read
>>> code how would you know? And code is big and complex enough there can still be
>>> hidden things.
>>
>> How? By getting a warning from my operating system!
>> https://imgbb.com/X2kyxCM
>
> Did it do so when you downloaded a new copy? Did it from the Applications
> folder?
place.
>> Why do you accept HO's 'excuse' - instead of believing Apple?
>
> Not sure what you mean by this.
>> You don't think of the worst case scenario - that he could be a bad guy
>> who made a mistake, quickly corrected so as to fool the likes of you! ;-)
>
> No, I do not even consider that as a likely scenario. If it was then others
> would not be able to use the software.
Indeed, you have it yourself and have tried it - haven't you?
>> If you wished, you could raise a question in one of his Blog's
>> 'Comments' areas and see what he says! But you won't, will you?
>
> Why would I? I do not see much of a mystery here.
https://imgbb.com/X2kyxCM
>> I cannot do so because he recently said to me .... "Please do not send
>> me any further emails, or attempt to communicate with me in any way.
>>
>> All your future attempts to post comments on my blog will now be
>> automatically deleted, without being read."
>
> You have been suggesting he is some sort of bad guy based on... what is likely
> a faulty download? And then he helped direct you how to fix it. I can see
> where he might not be pleased with that.
Snit
Oct 1, 2022, 12:00:12 AM10/1/22
to
David Brooks <Dav...@nomail.afraid.org> wrote:
> On 30/09/2022 22:38, Snit wrote:
>> On Sep 30, 2022 at 1:00:57 PM MST, "David Brooks" wrote
>> <ZVHZK.760345$f0c6....@fx10.ams1>:
>> ...
>>>>>>>>
>>>>>>>> Have you read these articles?
>>>>>>>
>>>>>>> Yes, I have.
>>>>>>
>>>>>> That's passive aggressive! You're playing a game! ;)
>>>>>
>>>>> Absolutely not. I have read hundreds of HO's Blog articles.
>>>>
>>>> Not sure where that could even be seen as such.
>>>
>>> I didn't quite understand where he was coming from with that.
>>>
>>> No matter. I want to show him (SC) that I am not his enemy.
>>
>> I wish you luck with that.
>
> Thank you! :-)
You are welcome.
> On 30/09/2022 22:38, Snit wrote:
>> On Sep 30, 2022 at 1:00:57 PM MST, "David Brooks" wrote
>> <ZVHZK.760345$f0c6....@fx10.ams1>:
>> ...
>>>>>>>>
>>>>>>>> Have you read these articles?
>>>>>>>
>>>>>>> Yes, I have.
>>>>>>
>>>>>> That's passive aggressive! You're playing a game! ;)
>>>>>
>>>>> Absolutely not. I have read hundreds of HO's Blog articles.
>>>>
>>>> Not sure where that could even be seen as such.
>>>
>>> I didn't quite understand where he was coming from with that.
>>>
>>> No matter. I want to show him (SC) that I am not his enemy.
>>
>> I wish you luck with that.
>
> Thank you! :-)
>>>>>> And is HO correct (based on what's in the articles)?
>>>>>
>>>>> I do not know. I *WANT* him to be genuine but I have absolutely no way
>>>>> of checking if what he puts onto my iMac (via his self-built tools) will
>>>>> harm my machine or enable others to use it as part of a Botnet.
>>>>
>>>> You have no real way with ANY app. Even open source ones -- if you do not read
>>>> code how would you know? And code is big and complex enough there can still be
>>>> hidden things.
>>>
>>> How? By getting a warning from my operating system!
>>> https://imgbb.com/X2kyxCM
>>
>> Did it do so when you downloaded a new copy? Did it from the Applications
>> folder?
>
> No to both. BUT ..... it should.t have triggered a warning in the first
> place.
>>> Why do you accept HO's 'excuse' - instead of believing Apple?
>>
>> Not sure what you mean by this.
>
> You've seen the warning:- https://imgbb.com/X2kyxCM
app that shows that? And what error did you get as you tried to run it?
Maybe it was a GateKeeper glitch.
>>> You don't think of the worst case scenario - that he could be a bad guy
>>> who made a mistake, quickly corrected so as to fool the likes of you! ;-)
>>
>> No, I do not even consider that as a likely scenario. If it was then others
>> would not be able to use the software.
>
> Once installed the software WILL be working for others.
> Indeed, you have it yourself and have tried it - haven't you?
>>> If you wished, you could raise a question in one of his Blog's
>>> 'Comments' areas and see what he says! But you won't, will you?
>>
>> Why would I? I do not see much of a mystery here.
>
> To challenge why the software produced this warning:-
> https://imgbb.com/X2kyxCM
again? What is the issue here? I’m not seeing it.
>>> I cannot do so because he recently said to me .... "Please do not send
>>> me any further emails, or attempt to communicate with me in any way.
>>>
>>> All your future attempts to post comments on my blog will now be
>>> automatically deleted, without being read."
>>
>> You have been suggesting he is some sort of bad guy based on... what is likely
>> a faulty download? And then he helped direct you how to fix it. I can see
>> where he might not be pleased with that.
>
> Or he swiftly covered his tracks!
David Brooks
Oct 1, 2022, 3:02:39 AM10/1/22
to
https://support.apple.com/en-gb/guide/security/sec469d47bd8/web
I've shown you the protection in action.
Why do you doubt the macOS built by Apple itself?
Odd.
--
David
Snit
Oct 1, 2022, 3:14:09 AM10/1/22
to
On Oct 1, 2022 at 12:02:36 AM MST, "David Brooks" wrote
<gCRZK.259545$YVsf....@fx01.ams1>:
...
Any associated Developer ID certificates are revoked.
That has not happened. Good. We can rest easy that there is no evidence of
malware with the product.
> I've shown you the protection in action.
>
> Why do you doubt the macOS built by Apple itself?
>
> Odd.
Again: it can happen from a corrupted download. If you download it again it
will be fine.
<gCRZK.259545$YVsf....@fx01.ams1>:
...
>>>>
>>>> You have been suggesting he is some sort of bad guy based on... what is likely
>>>> a faulty download? And then he helped direct you how to fix it. I can see
>>>> where he might not be pleased with that.
>>>
>>> Or he swiftly covered his tracks!
>>
>> Huh? From what? I’m not following this.
>
> May I suggest that you read here?
>
> https://support.apple.com/en-gb/guide/security/sec469d47bd8/web
If malware is found:
>>>> You have been suggesting he is some sort of bad guy based on... what is likely
>>>> a faulty download? And then he helped direct you how to fix it. I can see
>>>> where he might not be pleased with that.
>>>
>>> Or he swiftly covered his tracks!
>>
>> Huh? From what? I’m not following this.
>
> May I suggest that you read here?
>
> https://support.apple.com/en-gb/guide/security/sec469d47bd8/web
Any associated Developer ID certificates are revoked.
That has not happened. Good. We can rest easy that there is no evidence of
malware with the product.
> I've shown you the protection in action.
>
> Why do you doubt the macOS built by Apple itself?
>
> Odd.
will be fine.
David Brooks
Oct 1, 2022, 4:31:20 PM10/1/22
to
On 01/10/2022 08:14, Snit wrote:
> On Oct 1, 2022 at 12:02:36 AM MST, "David Brooks" wrote
> <gCRZK.259545$YVsf....@fx01.ams1>:
> ...
>>>>>
>>>>> You have been suggesting he is some sort of bad guy based on... what is likely
>>>>> a faulty download? And then he helped direct you how to fix it. I can see
>>>>> where he might not be pleased with that.
>>>>
>>>> Or he swiftly covered his tracks!
>>>
>>> Huh? From what? I’m not following this.
>>
>> May I suggest that you read here?
>>
>> https://support.apple.com/en-gb/guide/security/sec469d47bd8/web
>
> If malware is found:
>
> Any associated Developer ID certificates are revoked.
>
> That has not happened. Good. We can rest easy that there is no evidence of
> malware with the product.
>
>> I've shown you the protection in action.
>>
>> Why do you doubt the macOS built by Apple itself?
>>
>> Odd.
>
> Again: it can happen from a corrupted download. If you download it again it
> will be fine.
<Shakes head>
> On Oct 1, 2022 at 12:02:36 AM MST, "David Brooks" wrote
> <gCRZK.259545$YVsf....@fx01.ams1>:
> ...
>>>>>
>>>>> You have been suggesting he is some sort of bad guy based on... what is likely
>>>>> a faulty download? And then he helped direct you how to fix it. I can see
>>>>> where he might not be pleased with that.
>>>>
>>>> Or he swiftly covered his tracks!
>>>
>>> Huh? From what? I’m not following this.
>>
>> May I suggest that you read here?
>>
>> https://support.apple.com/en-gb/guide/security/sec469d47bd8/web
>
> If malware is found:
>
> Any associated Developer ID certificates are revoked.
>
> That has not happened. Good. We can rest easy that there is no evidence of
> malware with the product.
>
>> I've shown you the protection in action.
>>
>> Why do you doubt the macOS built by Apple itself?
>>
>> Odd.
>
> Again: it can happen from a corrupted download. If you download it again it
> will be fine.
What can possibly have happened to the response I wrote to you about
this matter this morning?
Did you see it and read it, Snit?
Did anyone else see my response? *CAN* anyone see the response I wrote
to Snit this morning?
Hmmm.
FromTheRafters
Oct 1, 2022, 4:52:06 PM10/1/22
to
David Brooks formulated on Saturday :
Date: Sat, 1 Oct 2022 08:02:36 +0100
I see that, and his response at
Date: Sat, 01 Oct 2022 07:14:06 GMT
I see that, and his response at
Date: Sat, 01 Oct 2022 07:14:06 GMT
David Brooks
Oct 1, 2022, 5:07:12 PM10/1/22
to
Methinks there are Gremlins! I replied to Snit after his 0714 p0st - but
my post appears to have been removed from the Usenet servers.
Now who could control such action?!!
Snit
Oct 1, 2022, 6:28:07 PM10/1/22
to
On Oct 1, 2022 at 1:31:17 PM MST, "David Brooks" wrote
<ps1_K.662143$qD%2.14...@fx08.ams1>:
What post?
<ps1_K.662143$qD%2.14...@fx08.ams1>:
David Brooks
Oct 1, 2022, 6:43:38 PM10/1/22
to
When I questioned HOW you know that the ID
certificate has not been revoked.
Snit
Oct 2, 2022, 1:56:27 AM10/2/22
to
On Oct 1, 2022 at 3:43:36 PM MST, "David Brooks" wrote
<so3_K.192646$GzSf....@fx04.ams1>:
Just ran the command again.
Identifier=co.eclecticlight.Mints
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=3138 flags=0x10000(runtime) hashes=87+7
location=embedded
VersionPlatform=1
VersionMin=720896
VersionSDK=787200
Hash type=sha256 size=32
CandidateCDHash sha256=fca0396a659854c388d954a9348f63e283a60560
CandidateCDHashFull
sha256=fca0396a659854c388d954a9348f63e283a60560c302ff59665f2a46b99a8d26
Hash choices=sha256
CMSDigest=fca0396a659854c388d954a9348f63e283a60560c302ff59665f2a46b99a8d26
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=245760
Executable Segment flags=0x1
Page size=4096
CDHash=fca0396a659854c388d954a9348f63e283a60560
Signature size=8975
Authority=Developer ID Application: Howard Oakley (QWY4LRW926)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Aug 31, 2022 at 10:15:01 AM
Info.plist entries=25
TeamIdentifier=QWY4LRW926
Runtime Version=12.3.0
Sealed Resources version=2 rules=13 files=60
Internal requirements count=1 size=216
Also used this:
pkgutil --check-signature [path]/Mints.app
Package "Mints":
Status: signed by a certificate trusted by macOS
Certificate Chain:
1. Developer ID Application: Howard Oakley (QWY4LRW926)
Expires: 2027-02-01 22:12:15 +0000
SHA256 Fingerprint:
A1 F8 87 B8 D9 8E 77 21 49 EF 12 DE C5 EF D8 54 8B 7E 9F A5 FD 71
3D C1 DE CD 4E BF 7A 97 BE DA
------------------------------------------------------------------------
2. Developer ID Certification Authority
Expires: 2027-02-01 22:12:15 +0000
SHA256 Fingerprint:
7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
F2 9C 88 CF B0 B1 BA 63 58 7F
------------------------------------------------------------------------
3. Apple Root CA
Expires: 2035-02-09 21:40:36 +0000
SHA256 Fingerprint:
B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
68 C5 BE 91 B5 A1 10 01 F0 24
You can do these with downloading it and never running it.
<so3_K.192646$GzSf....@fx04.ams1>:
Identifier=co.eclecticlight.Mints
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=3138 flags=0x10000(runtime) hashes=87+7
location=embedded
VersionPlatform=1
VersionMin=720896
VersionSDK=787200
Hash type=sha256 size=32
CandidateCDHash sha256=fca0396a659854c388d954a9348f63e283a60560
CandidateCDHashFull
sha256=fca0396a659854c388d954a9348f63e283a60560c302ff59665f2a46b99a8d26
Hash choices=sha256
CMSDigest=fca0396a659854c388d954a9348f63e283a60560c302ff59665f2a46b99a8d26
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=245760
Executable Segment flags=0x1
Page size=4096
CDHash=fca0396a659854c388d954a9348f63e283a60560
Signature size=8975
Authority=Developer ID Application: Howard Oakley (QWY4LRW926)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Aug 31, 2022 at 10:15:01 AM
Info.plist entries=25
TeamIdentifier=QWY4LRW926
Runtime Version=12.3.0
Sealed Resources version=2 rules=13 files=60
Internal requirements count=1 size=216
Also used this:
pkgutil --check-signature [path]/Mints.app
Package "Mints":
Status: signed by a certificate trusted by macOS
Certificate Chain:
1. Developer ID Application: Howard Oakley (QWY4LRW926)
Expires: 2027-02-01 22:12:15 +0000
SHA256 Fingerprint:
A1 F8 87 B8 D9 8E 77 21 49 EF 12 DE C5 EF D8 54 8B 7E 9F A5 FD 71
3D C1 DE CD 4E BF 7A 97 BE DA
------------------------------------------------------------------------
2. Developer ID Certification Authority
Expires: 2027-02-01 22:12:15 +0000
SHA256 Fingerprint:
7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03
F2 9C 88 CF B0 B1 BA 63 58 7F
------------------------------------------------------------------------
3. Apple Root CA
Expires: 2035-02-09 21:40:36 +0000
SHA256 Fingerprint:
B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C
68 C5 BE 91 B5 A1 10 01 F0 24
You can do these with downloading it and never running it.
David Brooks
Oct 2, 2022, 11:01:59 AM10/2/22
to
In the post which "went missing" I asked about HOW you had checked on
the authenticity of HO, the maker of the 'Mints.app'.
What you have provided above seems pretty authoratitive.
I tried it again earlier today. I downloaded Mints and installed the zip
file into my Applications folder BEFORE I unzipped it. When I did unzip
it, it was available instantaneously. *WOW*!
That, though, does NOT indicate that it contains nothing malicious.
I am STILL bothered by having seen this warning. https://imgbb.com/X2kyxCM
Whilst I appreciate That you are a graduate in computing matters, I
can't help feeling that if installed software carries malware, it would
be capable of disrupting your check using Terminal - giving false results.
No doubt you, or someone else, will explain why I am wrong about that!
--
Kind regards,
David
Snit
Oct 2, 2022, 12:14:20 PM10/2/22
to
On Oct 2, 2022 at 8:01:56 AM MST, "David Brooks" wrote
<EJh_K.662149$qD%2.7...@fx08.ams1>:
Thank you.
> I tried it again earlier today. I downloaded Mints and installed the zip
> file into my Applications folder BEFORE I unzipped it.
Why?
> When I did unzip
> it, it was available instantaneously. *WOW*!
>
> That, though, does NOT indicate that it contains nothing malicious.
I do not follow this. What would indicate that about ANY app?
Why?
> Whilst I appreciate That you are a graduate in computing matters, I
> can't help feeling that if installed software carries malware, it would
> be capable of disrupting your check using Terminal - giving false results.
>
> No doubt you, or someone else, will explain why I am wrong about that!
It is very unlikely that the CLI apps could be corrupted without asking for
admin permission.
What software do you trust?
<EJh_K.662149$qD%2.7...@fx08.ams1>:
> I tried it again earlier today. I downloaded Mints and installed the zip
> file into my Applications folder BEFORE I unzipped it.
> When I did unzip
> it, it was available instantaneously. *WOW*!
>
> That, though, does NOT indicate that it contains nothing malicious.
Why?
> Whilst I appreciate That you are a graduate in computing matters, I
> can't help feeling that if installed software carries malware, it would
> be capable of disrupting your check using Terminal - giving false results.
>
> No doubt you, or someone else, will explain why I am wrong about that!
admin permission.
What software do you trust?
David Brooks
Oct 2, 2022, 2:15:03 PM10/2/22
to
On 02/10/2022 18:30, Steve Carroll wrote:
> ran the command again>>>>> <Shakes head>
> It actually doesn't speak to HO's authenticity, it speaks to the app he
> ran the command on ("again" - so did you really need to ask this
> question? - I draw this distinction because of what you're doing
> (pre-sliming HO). I've tried to explain it to you and failed,
> apparently. I suggest you read the Apple links I previously provided as
> to why this is the case.
> why the "*WOW*!" here?.
> Given that it was a 'one-off', I wouldn't worry about it.
> explain why the likelihood of that isn't very high.
But possible?
> The following is not an OLAS...
>
> man spctl
>
> Using certain flags and checking for certain types of 'a' (assessment),
> for example, "install", you can check if an app has been notarized. In
> part of the output from the command you'll see:
>
>
> "source=Unnotarized Developer ID"
>
> or
>
> "source=Notarized Developer ID"
>
> So YOU should be adding this to your file that contains the codesign
> command, you know, the file you haven't yet created so you don't have to
> keep asking the same questions over and over ;)
Please will you remind me to come back to this?
TIA
> ran the command on ("again" - so did you really need to ask this
> question? - I draw this distinction because of what you're doing
> (pre-sliming HO). I've tried to explain it to you and failed,
> apparently. I suggest you read the Apple links I previously provided as
> to why this is the case.
>
>> I tried it again earlier today. I downloaded Mints and installed the zip
>> file into my Applications folder BEFORE I unzipped it. When I did unzip
>> it, it was available instantaneously. *WOW*!
>
> ?? Some days back you indicated that you did this and things worked, so
>> I tried it again earlier today. I downloaded Mints and installed the zip
>> file into my Applications folder BEFORE I unzipped it. When I did unzip
>> it, it was available instantaneously. *WOW*!
>
> why the "*WOW*!" here?.
>
>> That, though, does NOT indicate that it contains nothing malicious.
>
> That's true.
>> That, though, does NOT indicate that it contains nothing malicious.
>
> Given that it was a 'one-off', I wouldn't worry about it.
>
>> Whilst I appreciate That you are a graduate in computing matters, I
>> can't help feeling that if installed software carries malware, it would
>> be capable of disrupting your check using Terminal - giving false results.
>>
>> No doubt you, or someone else, will explain why I am wrong about that!
>
> Again, I would refer you to the Apple links I gave you, they will
>> Whilst I appreciate That you are a graduate in computing matters, I
>> can't help feeling that if installed software carries malware, it would
>> be capable of disrupting your check using Terminal - giving false results.
>>
>> No doubt you, or someone else, will explain why I am wrong about that!
>
> explain why the likelihood of that isn't very high.
But possible?
> The following is not an OLAS...
>
> man spctl
>
> Using certain flags and checking for certain types of 'a' (assessment),
> for example, "install", you can check if an app has been notarized. In
> part of the output from the command you'll see:
>
>
> "source=Unnotarized Developer ID"
>
> or
>
> "source=Notarized Developer ID"
>
> So YOU should be adding this to your file that contains the codesign
> command, you know, the file you haven't yet created so you don't have to
> keep asking the same questions over and over ;)
Please will you remind me to come back to this?
TIA
Kelly Phillips
Oct 2, 2022, 9:55:38 PM10/2/22
to
>
>Methinks there are Gremlins! I replied to Snit after his 0714 p0st - but
>my post appears to have been removed from the Usenet servers.
>Now who could control such action?!!
Wow. Mental illness takes many forms.
>Methinks there are Gremlins! I replied to Snit after his 0714 p0st - but
>my post appears to have been removed from the Usenet servers.
>Now who could control such action?!!
Kelly Phillips
Oct 2, 2022, 10:28:02 PM10/2/22
to
On Sun, 2 Oct 2022 19:15:01 +0100, David Brooks <B...@not.on.your.life>
wrote:
As an adult, you really should be able to create your own reminders. Are
you unable, or perhaps unwilling, to do that?
wrote:
you unable, or perhaps unwilling, to do that?
Kelly Phillips
Oct 3, 2022, 11:01:16 PM10/3/22
to
On Fri, 30 Sep 2022 21:00:57 +0100, David Brooks
>>>>>>>>>>>>
>>>>>>>>>>>> Be careful out there!
>>>>>>>>>>>
>>>>>>>>>>> Thanks! This is a time when it's good to be an Apple customer! ?
That is f'ing awesome! Just totally epic. I love it and I'm beyond
pleased that you shared this smackdown. The poor guy went from hero
status to 'get the f away from me' in record time. I'm sorry but I'm
enjoying that very much. :-)
<Dav...@nomail.afraid.org> wrote:
>On 30/09/2022 20:29, Snit wrote:
>> On Sep 30, 2022 at 9:40:14 AM MST, "David Brooks" wrote
>> <OZEZK.549763$wkZ5....@fx11.ams1>:
>>
>>> On 30/09/2022 17:09, Steve Carroll wrote:
>>>> On 2022-09-30, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>>> On 30/09/2022 16:20, Steve Carroll wrote:
>>>>>> On 2022-09-29, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>>>>> REPOSTED!
>>>>>>>
>>>>>>> On 29/09/2022 23:13, Snit wrote:
>>>>>>>> On Sep 29, 2022 at 2:42:40 PM MST, "David Brooks" wrote
>>>>>>>> <kjoZK.343820$9f26....@fx09.ams1>:
>>>>>>>>
>>>>>>>>> On 29/09/2022 21:35, Snit wrote:
>>>>>>>>>> On Sep 29, 2022 at 12:22:09 PM MST, "David Brooks" wrote
>>>>>>>>>> <BfmZK.548310$wkZ5....@fx11.ams1>:
>>>>>>>>>>
>>>>>>>>>>> On 29/09/2022 19:36, Snit wrote:
>>>>>>>>>>>> https://arstechnica.com/information-technology/2022/09/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices/
>>>>>>>>>>>>
>>>>>>>>>>>> Researchers have revealed a never-before-seen piece of cross-platform
>>>>>>>>>>>> malware that has infected a wide range of Linux and Windows devices,
>>>>>>>>>>>> including small office routers, FreeBSD boxes, and large enterprise
>>>>>>>>>>>> servers.
>>>>>>>>>>>>
>>>>>>>>>>>> 覧
>On 30/09/2022 20:29, Snit wrote:
>> On Sep 30, 2022 at 9:40:14 AM MST, "David Brooks" wrote
>> <OZEZK.549763$wkZ5....@fx11.ams1>:
>>
>>> On 30/09/2022 17:09, Steve Carroll wrote:
>>>> On 2022-09-30, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>>> On 30/09/2022 16:20, Steve Carroll wrote:
>>>>>> On 2022-09-29, David Brooks <Dav...@nomail.afraid.org> wrote:
>>>>>>> REPOSTED!
>>>>>>>
>>>>>>> On 29/09/2022 23:13, Snit wrote:
>>>>>>>> On Sep 29, 2022 at 2:42:40 PM MST, "David Brooks" wrote
>>>>>>>> <kjoZK.343820$9f26....@fx09.ams1>:
>>>>>>>>
>>>>>>>>> On 29/09/2022 21:35, Snit wrote:
>>>>>>>>>> On Sep 29, 2022 at 12:22:09 PM MST, "David Brooks" wrote
>>>>>>>>>> <BfmZK.548310$wkZ5....@fx11.ams1>:
>>>>>>>>>>
>>>>>>>>>>> On 29/09/2022 19:36, Snit wrote:
>>>>>>>>>>>> https://arstechnica.com/information-technology/2022/09/never-before-seen-malware-has-infected-hundreds-of-linux-and-windows-devices/
>>>>>>>>>>>>
>>>>>>>>>>>> Researchers have revealed a never-before-seen piece of cross-platform
>>>>>>>>>>>> malware that has infected a wide range of Linux and Windows devices,
>>>>>>>>>>>> including small office routers, FreeBSD boxes, and large enterprise
>>>>>>>>>>>> servers.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Be careful out there!
>>>>>>>>>>>
>>>>>>>>>>> Thanks! This is a time when it's good to be an Apple customer! ?
pleased that you shared this smackdown. The poor guy went from hero
status to 'get the f away from me' in record time. I'm sorry but I'm
enjoying that very much. :-)
0 new messages