Check Point researchers have discovered a massive malware campaign, dubbed Fireball, that has already infected more than 250 million computers across the world, including Windows and Mac OS. The Fireball malware "is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data," reports The Hacker News. From the report: Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plugins to manipulate the victim's web browser configurations to replace their default search engines and home pages with fake search engines (trotux.com). "It's important to remember that when a user installs freeware, additional malware isn't necessarily dropped at the same time," researchers said. "Furthermore, it is likely that Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors."

mspohr shares a report written by Jason Koebler via Motherboard who makes the case for why you should break up with Chrome and switch to the Opera browser: Over the last few years, I have grown endlessly frustrated with Chrome's resource management, especially on MacOS. Admittedly, I open too many tabs, but I'd wager that a lot of you do, too. With Chrome, my computer crawls to complete unusability multiple times a day. After one too many times of having to go into Activity Monitor to find that one single Chrome tab is using several gigs of RAM, I decided enough was enough. I switched to Opera, a browser I had previously thought was only for contrarians. This, after previous dalliances with Safari and Firefox left me frustrated. Because Opera is also based on Blink, I almost never run into a website, plugin, script, or video that doesn't work flawlessly on it. In fact, Opera works almost exactly like Chrome, except without the resource hogging that makes me want to throw my computer against a brick wall. This is exactly the point, according to Opera spokesperson Jan Standal: "What we're doing is an optimized version of Chrome," he said. "Web developers optimize most for the browser with the biggest market share, which happens to be Chrome. We benefit from the work of that optimization."

Slashdot reader mspohr adds: "I should note that this has also been my experience. I have a 2010 MacBook, which I was ready to trash since it had become essentially useless, coming to a grinding halt daily. I tried Opera and it's like I have a new computer. I never get the spinning wheel of death. (Also, the built-in ad blocker and VPN are nice.)" What has been your experience with Google Chrome and/or Opera? Do you prefer one over the other?

HandBrake team, writing on their forum: Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it. Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you've downloaded HandBrake during this period. If you see a process called "Activity_agent" in the OSX Activity Monitor application. You are infected. HandBrake is a popular, open-source video conversion tool. The team hasn't issued any advisory for Windows users.

An anonymous reader shares an excerpt from a report written by Andrew Cunningham via Ars Technica: Apple is working on new desktop Macs, including a ground-up redesign of the tiny-but-controversial 2013 Mac Pro. We're also due for some new iMacs, which Apple says will include some features that will make less-demanding pro users happy. But we don't know when they're coming, and the Mac Pro in particular is going to take at least a year to get here. Apple's reassurances are nice, but it's a small comfort to anyone who wants high-end processing power in a Mac right now. Apple hasn't put out a new desktop since it refreshed the iMacs in October of 2015, and the older, slower components in these computers keeps Apple out of new high-end fields like VR. This is a problem for people who prefer or need macOS, since Apple's operating system is only really designed to work on Apple's hardware. But for the truly adventurous and desperate, there's another place to turn: fake Macs built with standard PC components, popularly known as "Hackintoshes." They've been around for a long time, but the state of Apple's desktop lineup is making them feel newly relevant these days. So we spoke with people who currently rely on Hackintoshes to see how the computers are being used -- and what they'd like to see from Apple.

An anonymous reader writes: The Internet Archive has added a curated collection of Mac operating system and software emulators from 1984 through 1989. The Internet Archive already hosts browser-based emulators of early video games and other operating systems, but this is its first foray into Mac software. The collection includes classic applications like MacPaint, programming tools such as MacBasic, and many games including Dark Castle. Each app can be run in an in-browser emulator and is accompanied by an article that chronicles its history. It's fun to play with the apps in the collection and realize just how far apps have come since the earliest days of the Mac. It's also remarkable how many computing conventions used today were introduced during those earliest days.

An anonymous reader quotes a report from BleepingComputer: A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations. Called USB Canary, this tool is coded in Python and currently, works only on Linux (versions for Windows and Mac are in the works). The tool works by watching USB ports for any activity while the computer is locked, which generally means the owner has left his desk. If an USB device is plugged in or unplugged, USB Canary can perform one of two actions, or both. It can alert the owner by sending an SMS message via the Twilio API, or it can post a message in a Slack channel, which can be monitored by other co-workers. USB Canary can prove to be a very useful tool for large organizations that feature strict PC policies. For example, if you really want to enforce a "No USB drives" at work, this could be the tool for the job. Further, with modifications, it could be used for logging USB activity on air-gapped systems.

According to the U.S. Patent and Trademark Office, Apple has filed a patent for an "Electronic accessory device." It describes a "thin" accessory that contains traditional laptop hardware like a large display, physical keyboard, GPU, ports and more -- all of which is powered by an iPhone or iPad. The device powering the hardware would fit into a slot built into the accessory. AppleInsider reports: While the accessory can take many forms, the document for the most part remains limited in scope to housings that mimic laptop form factors. In some embodiments, for example, the accessory includes a port shaped to accommodate a host iPhone or iPad. Located in the base portion, this slot might also incorporate a communications interface and a means of power transfer, perhaps Lightning or a Smart Connector. Alternatively, a host device might transfer data and commands to the accessory via Wi-Fi, Bluetooth or other wireless protocol. Onboard memory modules would further extend an iOS device's capabilities. Though the document fails to delve into details, accessory memory would presumably allow an iPhone or iPad to write and read app data. In other cases, a secondary operating system or firmware might be installed to imitate a laptop environment or store laptop-ready versions of iOS apps. In addition to crunching numbers, a host device might also double as a touch input. For example, an iPhone positioned below the accessory's keyboard can serve as the unit's multitouch touchpad, complete with Force Touch input and haptic feedback. Coincidentally, the surface area of a 5.5-inch iPhone 7 Plus is very similar to that of the enlarged trackpad on Apple's new MacBook Pro models. Some embodiments also allow for the accessory to carry an internal GPU, helping a host device power the larger display or facilitate graphics rendering not possible on iPhone or iPad alone. Since the accessory is technically powered by iOS, its built-in display is touch-capable, an oft-requested feature for Mac. Alternatively, certain embodiments have an iPad serving as the accessory's screen, with keyboard, memory, GPU and other operating guts located in the attached base portion. This latter design resembles a beefed up version of Apple's Smart Case for iPad.

BrianFagioli quotes a report from BetaNews: As more and more consumers buy Mac computers, evildoers will have increased incentive to write malware for macOS. Luckily, users of Apple's operating system that choose to use Google Chrome for web surfing will soon be safer. You see, the search giant is improving its Safe Browsing initiative to better warn macOS users of malicious websites and attempts to alter browser settings. "As part of this next step towards reducing macOS-specific malware and unwanted software, Safe Browsing is focusing on two common abuses of browsing experiences: unwanted ad injection, and manipulation of Chrome user settings, specifically the start page, home page, and default search engine. Users deserve full control of their browsing experience and Unwanted Software Policy violations hurt that experience," says Google. The search giant further explains, "The recently released Chrome Settings API for Mac gives developers the tools to make sure users stay in control of their Chrome settings. From here on, the Settings Overrides API will be the only approved path for making changes to Chrome settings on Mac OSX, like it currently is on Windows. Also, developers should know that only extensions hosted in the Chrome Web Store are allowed to make changes to Chrome settings. Starting March 31 2017, Chrome and Safe Browsing will warn users about software that attempts to modify Chrome settings without using the API."

An anonymous reader quotes a report from 9to5Mac: AOL announced today that it is starting to cut off third-party app access to its Instant Messenger service. As first noticed by ArsTechnica, AOL began notifying users of at least one third-party app, Adium, that it would become obsolete starting on March 28th. At this point, it's unclear whether or not all third-party applications will be rendered useless come March 28th, but the message presented to Adium users seemed to strongly imply that: "Hello. Effective 3/28, we will no longer support connections to the AIM network via this method. If you wish to use the free consumer AIM product, we invite you to visit http://www.aim.com/ for more information." What this likely means is that AOL is shutting down the OSCAR chat protocol that is used to handle AIM messages. The service will, however, continue to be available via AOL's own chat app that is supported on macOS, Windows, iOS, and Android.

An anonymous reader quotes a report from Softpedia: It's finally here! After so many months of development and hard work, during which over 6,600 bugs have been patched, the Wine project is happy to announce today, January 24, 2017, the general availability of Wine 2.0. Wine 2.0 is the biggest and most complete version of the open-source software project that allows Linux and macOS users to run applications and games designed only for Microsoft Windows operating systems. As expected, it's a massive release that includes dozens of improvements and new features, starting with support for Microsoft Office 2013 and 64-bit application support on macOS. Highlights of Wine 2.0 include the implementation of more DirectWrite features, such as drawing of underlines, font fallback support, and improvements to font metrics resolution, font embedding in PDF files, Unicode 9.0.0 support, Retina rendering mode for the macOS graphics driver, and support for gradients in GDI enhanced metafiles. Additional Shader Model 4 and 5 shader instructions have been added to Direct3D 10 and Direct3D 11 implementation, along with support for more graphics cards, support for Direct3D 11 feature levels, full support for the D3DX (Direct3D Extension) 9 effect framework, as well as support for the GStreamer 1.0 multimedia framework. The Gecko engine was updated to Firefox 47, IDN name resolutions are now supported out-of-the-box, and Wine can correctly handle long URLs. The included Mono engine now offers 64-bit support, as well as the debug registers. Other than that, the winebrowser, winhlp32, wineconsole, and reg components received improvements. You can read the full list of features and download Wine 2.0 from WineHQ's websiteS.

An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap.

Apple has launched Single Sign-on, a service designed to make logging into TV apps much less annoying. It "allows cable subscribers to sign in once with their cable credentials to gain access to all cable-restricted content in iOS and tvOS apps," writes Juli Clover via MacRumors: Single Sign-on is limited to the United States, and according to a support document, is available for the following providers: CenturyLink Prism, DirecTV, Dish, GVTC, GTA, Hawaiian Telecom, Hotwire, MetroCast, and Sling. While Single Sign-on was introduced and tested in the tvOS 10.1 and iOS 10.2 betas, the feature was remotely released today to all iOS 10 and tvOS 10 devices. Using Single Sign-on does not require one of the betas, and is instead immediately available to all iPhone and Apple TV users running iOS 10 or tvOS 10. With Single Sign-on, customers with a supported provider will use the Settings options in iOS or tvOS to sign in with their cable credentials. From then on, when accessing a supported app that requires a cable subscription, the app will ask to use the saved sign-on credentials. Most cable channels and content providers offer individual apps on the Apple TV and iOS devices, but still require cable authentication before users can access content. Prior to Single Sign-on, customers were required to enter their credentials in each individual app, a frustrating and time-consuming process.

An anonymous reader writes:Apple has released the open source Darwin code for macOS 10.12 Sierra. The code, located on Apple's open source website, can be accessed via direct link now, although it doesn't yet appear on the site's home page. The release builds on a long-standing library of open source code that dates all the way back to OS X 10.0. There, you'll also find the Open Source Reference Library, developer tools, along with iOS and OS X Server resources. The lowest layers of macOS, including the kernel, BSD portions, and drivers are based mainly on open source technologies, collectively called Darwin. As such, Apple provides download links to the latest versions of these technologies for the open source community to learn and to use.

As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called "Speake(a)r," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

An anonymous reader quotes a report from Network World: As Phil Schiller explained during today's event, Apple's new MacBook Pros feature four Thunderbolt 3 USB Type-C ports, and conveniently, each of these can be used to charge the machine. Now, USB-C is incredibly versatile, and Apple will use the advanced port for power charging, HDMI and much more. However, with USB-C the only game in town, you might reasonably be wondering: How in the world do I connect my iPhone to my sleek new MacBook Pro? The frustrating answer is that you won't be able to do so out of the box. Instead, you'll have to buy a dongle. This is especially frustrating because many people use their notebooks for a) charging purposes when an outlet isn't necessarily handy and b) for transferring photos and other data. Now, you might reasonably state that you can just rely upon the cloud for items like data transfer, but there's no getting around the fact that Apple's efforts in the cloud still leave much to be desired. How much will it cost to connect your iPhone to your brand new MacBook Pro? Well, Apple sells a USB-C to Lightning cable on its website for $25. While this is undoubtedly frustrating, we can't say that it's entirely unexpected given Apple gave us a preview of its preference for USB-C when it released its 12-in. MacBook last year. Still, it's a funky design choice for a decidedly Pro-oriented device where the last thing a prospective consumer would want to do is spend some extra cash for a dongle after spending upwards of $2,399. Lastly, while we're on the topic of ports, it's worth noting that the new MacBook Pros also do away with the beloved MagSafe connector.

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.

An anonymous reader quotes a report from Motherboard: First the headphone jack, now the USB port? Rumor has it that Apple may get rid of the USB 3.0 port and the Magsafe port (where the charger plugs in) on the next generation of MacBooks. Japanese tech site Macotakara, which accurately predicted that Apple would kill the headphone jack on the iPhone 7, now also claims that the USB port is on the way out. The move would be similar to Apple's latest 12-inch MacBook and its streamlined profile. There's also word that Apple may discontinue the 11-inch MacBook Air to focus instead on the 13-inch laptop. Discontinuing the 11-inch MacBook Air would also potentially boost sales on the 12-inch MacBook. If these rumors are in fact true, then the new MacBooks will have only a USB-C and Thunderbolt 3 ports. Both of these ports are about the size of the part of an iPhone charger that plugs into the phone. But since most laptop accessories still plug in via the USB port, Apple owners might have to use an adaptor, or upgrade their technology. Meanwhile, the new MacBooks would likely be charged through the USB-C port or Thunderbolt 3 port. Currently, Apple already sells a USB-C dock with other USB and HDMI ports for $79. The USB-C port uses USB 3.1 Standard, according to PCWorld, which will connect to a wide variety of accessories, such as external hard drives, cameras, and printers. The USB 3.1 can also transfer data between the host computer and the peripheral accessories at a speed of 10 gigabits per second, which is twice as fast as the USB 3.0. Apple is expected to reveal the new Macs at an October 27th event in Cupertino, California.

Evernote has sent an email to users warning of a serious bug "in some versions of Evernote for Mac that can cause images and other attachments to be deleted from a note under specific conditions." The company claims only "a small number of people" are affected, but those who have received the email will need to update their Mac app as soon as possible. The glitch occurs in the September version of the software, and less frequently in the versions released since June. TechCrunch reports: In these applications, certain sequences of events can cause an image or other attachments to be deleted from notes without warning, but text is not affected. For example, the bug can be triggered by skimming quickly through a large number of notes, Evernote says. The email explains that once the company identified the problem, it worked quickly to implement a solution and attempted to restore all lost data. The issue was under discussion in Evernote's forums earlier this month. For heavy Evernote users, the bug could have a major impact. One user in the forums posted that they had 20,000 notes in their Evernote account, as part of their PhD research. Hundreds (or maybe even thousands) of their notes may have now become corrupted, according to their post. Unfortunately for some affected users, data recovery was not possible through automated means, the company's email stated. Instead, Evernote is advising those users who are missing attachments to use Evernote's note history feature in Evernote Premium to try to recover the missing data.

An anonymous reader quotes a report from Ars Technica: Yesterday, software developer John Brooks released what is clearly a work of pure love: the first update to an operating system for the Apple II computer family since 1993. ProDOS 2.4, released on the 30th anniversary of the introduction of the Apple II GS, brings the enhanced operating system to even older Apple II systems, including the original Apple ][ and ][+. Which is pretty remarkable, considering the Apple ][ and ][+ don't even support lower-case characters. You can test-drive ProDOS 2.4 in a Web-based emulator set up by computer historian Jason Scott on the Internet Archive. The release includes Bitsy Bye, a menu-driven program launcher that allows for navigation through files on multiple floppy (or hacked USB) drives. Bitsy Bye is an example of highly efficient code: it runs in less than 1 kilobyte of RAM. There's also a boot utility that is under 400 bytes -- taking up a single block of storage on a disk. The report adds: "In addition to the Bitsy Boot boot utility, the ProDOS 2.4 'floppy' includes a collection of utilities, including a MiniBas tiny BASIC interpreter, disk imaging programs to move files from physical floppies to USB and other disk storage, file utilities, and the 'Unshrink' expander for uncompressing files archived with Shrinkit."

An anonymous reader writes from a report via Softpedia: An attacker can use a modified USB Ethernet adapter to fool Windows and Mac computers into giving away their login credentials. The attack relies on using a modified USB Ethernet adapter that runs special software, which tricks the attacked computer into accepting the Ethernet adapter as the network gateway, DNS, and WPAD server. The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device. Even worse, when installing the new (rogue) USB Ethernet adapter, the computer will give out the local credentials needed to install the device. The custom software installed on the USB intercepts these credentials and logs them to an SQLite database. This attack can take around 13 seconds to carry out, and the USB Ethernet adapter can be equipped with an LED that tells the attacker when the login credentials have been stolen.