Emergent Chaos
Or something like that. You have to know how to use a Mac and be British. Her Majesty needs you.
Bookmark this post:
Emacs users get addicted to the standard key bindings (which are also available in Cocoa apps). Microsoft Word doesn't support these by default, but you can add them through customization. Here are the ones I find most useful:...you'll have to read "Add emacs key bindings to Microsoft Word" at MacOSX Hints.
StartOfLine: Control-A
EndOfLine: Control-E
To set these up in Word...
Bookmark this post:
Bookmark this post:
"Decaf" over on DeadBeefCafe, relates the story of a colleague whose response to yet another virus outbreak is to convince management to purchase Macintoshes, with the following justification:
We’re going to buy Mac Minis and run Windows on them because Macs aren’t affected by these security problems.
Decaf breaks down the several fallacies of this statement and sardonically sums it up with:
So we’re left with the best security method I’ve heard of: A different case! By affixing an Apple logo onto the host, we’ve made it more secure, because Macs aren’t subject to the same security problems.
Just when I think that my organization is getting behind the curve for one reason or another, I come across something like this and I feel lucky to be where I am today.
[Image from: techno-science.net ]
Bookmark this post:
So John Gruber, who has written quite a bit on the whole did-they-didn't-they spat between Apple and Dave Maynor and Jon Ellch, offers up "An Open Challenge to David Maynor and Jon Ellch," offering them a Macbook if they can root it.
I'd like to mention something that hasn't happened lately. By not happening, it seems to have not drawn attention to itself. After a war in which gallons of ink were spilled, and every utterance by Apple, Maynor, and Secureworks were analyzed by Talmudic scholars, there's silence.
What might be the cause of such silence? Are Apple and Maynor finally talking? (In my personal experience of trying to learn more about security issues with Apple products, Apple ignores questions. They ignored questions when I name dropped. They ignored questions when I mentioned things like being an editorial board member at the CVE project.)
So one possible interpretation of events is that there was serious mis-communication, and the parties involved are now having interesting discussions.
If that's the case, then Gruber is trying to pour gasoline on a fire that others are trying to extinguish.
After I wrote this, Jon Ellch posted to DailyDave, that post was covered in Linux.com, "Johnny Cache breaks silence on Apple Wi-Fi exploit," and that story was picked up by Slashdot.
[Update: Rob Lemos has a short article, "MacBook Controversy continues with Challenge" at SecurityFocus.]
Bookmark this post:
...What they haven’t noticed yet is Mac OS X Server 10.4 overrides an explicit administrator firewall security setting to keep its copy protection functional.I promised not to comment. I think it's still fair to link.OSXS 10.4’s “Server Admin” lists “Serial Number Support” on UDP port 626 under its firewall pane, with an option to turn it off. You can, in fact, block that port with the UI. And it will work for a little while.
However, serialnumberd will eventually notice this and re-enable UDP port 626 itself. This results in a disparity where Server Admin’s UI says you have port 626 disabled, but it’s clearly active in the “Active Rules” pane.
Bookmark this post:
So if you have a Mac, you really want to open software update now. You can read about Apple Security Update 2006-0003 after you've installed it and the Quicktime patch. In "Apple Security Update RoundUp," DaveG explains:
So, in short, without the latest update, OS X is secure as long as you don’t look at any movies, images, websites, zip files, flash content or email messages.He also says "That’s around 35 vulnerabilities in one day!" Why the 'around?' As I explained in "Counting In Computer Security," that counting can be tricky.Snarkiness aside, I like that a number of these vulnerabilities appear to have been found internally (assuming that is what uncredited vulnerabilities mean).
One final comment. For comparison, Microsoft shipped three patches this month, covering roughly 5 vulns (CVEs). Apple shipped 2 patches, covering roughly 35. I feel so warm and fuzzy.
Bookmark this post:
Over at Security Curve, Ed Moyle has some good thoughts on "the Gigantic 'Bull's Eye' on Apple's Forehead:"
Now, I don't know about you but I haven't seen this kind of hubris since Oracle's "unbreakable" campaign. Remember that? I do. I remember that at one point in time, most researchers ignored Oracle and pretty much left it alone... Then Oracle stepped up on the soapbox shouting "we're unbreakable", only to find themselves getting the kind of scrutiny from hackers usually reserved for new flavors of Mountain Dew.I don't think the current threat is that bad. I also don't think that Apple is ready for the sort of onslaught that's taught such harsh lessons to Microsoft and Oracle.
So Apple, please think about those shoes you're wearing. Think about the message you're sending, because teenage boys will respond.
(Image from istock photo.)
Bookmark this post:
Over the past several months, Security Fix published data showing how long it took Microsoft and Mozilla to issue updates for security flaws. Today, I'd like to present some data I compiled that looks at Apple's performance on this front.It's a good thing no one has any technology that would help a researcher understand exactly the changes that a patch makes. Because if they did, they could sure read those Linux patches and learn a lot about Apple vulnerabilities.
Bookmark this post:
When I try to drop files in the Trash, the Finder gives me this awful[1] dialog box. I really don't want to delete files immediately, and am not sure why it wants to. Does anyone know what I do to fix this?
[1] It's awful for two reasons: First, it gives me no advice on what's causing this, or what I can do to fix it, and second, it uses "OK/Cancel," rather than "Delete/Keep/Adjust Trash Settings."
[Update: Ok, its not awful. It's comprehensible, but not up to Apple's usual standards. Also, according to "Prevent local files from being deleted immediately" on MaxOSXHints, if you delete ~/.Trash, this can happen. I seem to recall using the command 'srm -rf ~/.Trash/' yesterday, and could it's conceivable that I forgot the trailing slash. Now while it makes perfect sense that 'rm foo' and 'rm foo/' are different, its an odd interaction between the UNIX side of OSX and the pretty bits.]
Bookmark this post:
Yesterday, DaveG posted "When OSX Worms Attack" Its some good analysis of the three Apple Worms:
Safari/Mail Vulnerability: Far more interesting. This is a serious vulnerability that needs to be fixed. If you are Mac user, I would at the very least uncheck 'Open Safe Files' in Safari preferences. I don't understand why Apple isn't advising people on this better. This vulnerability is public, trivial to exploit, and we are at the 7 day mark.Just a bit over a day later, Apple ships APPLE-SA-2006-03-01, with about 21 CVE marked vulns, and two extra "security enhancements." Some of it is confusing, for example, "Authenticated users may cause an rsync server to crash or execute arbitrary code" I understand neither the ordering or the lack of specificity.
"Crash" is what happens when I write exploit. "Execute arbitrary code" happens when DaveG writes exploits. So what's happening? Is it "there's an overflow, and we're not sure if you can turn it into run code, and we fixed it?" That's ok. No, I take it back. That's great! I don't want to have to prove that I can execute an overflow to see it fixed. Preemptive fixing is a great plan. If that's what's happening, please keep it up, and then please brag about it.
(Image stolen from the F-Secure blog.)
Bookmark this post:
Bookmark this post:
Today we got a sample of rather interesting case, a Mac OS X Bluetooth worm that spreads over Bluetooth.Via F-Secure. I feel weird linking a CVE to not-MITRE. F-Secure's full description explains that the code expires, and isn't in the wild.OSX/Inqtana.A is a proof of concept worm for Mac OS X 10.4 (Tiger). It tries to spread from one infected system to others by using Bluetooth OBEX Push vulnerability CAN-2005-1333.
Bookmark this post:
6a) If your uid = 0 (you're root), it creates /Library/InputManagers/ , deletes any existing "apphook" bundle in that folder, and copies "apphook" from /tmp to that folderName is from F.Secure. See my "The Approaching Apple OSX86 Security Nightmare" for my prior thoughts. If any reader has an archived copy, I'd like one so I can do some analysis.
6b) If your uid != 0 (you're not root), it creates ~/Library/InputManagers/ , deletes any existing "apphook" bundle in that folder, and copies "apphook" from /tmp to that folder
7) When any application is launched, MacOS X loads the newly installed "apphook" Input Manager automatically into its address space
First thought: It's not attacking that nice, secure, BSD Unix base, but the Apple-designed parallel bits that help make the Mac so beautiful, usable, and extensible.
[Update: Second thought: there's a lot of Mac-specific code here. Its not simply a port of a UNIX trojan.]
[2nd Update: The wording above implies a contrast between secure and usable; I meant only to acknowledge Apple's longstanding focus on making a polished product.]
Bookmark this post:
In a comment on "Software Usability Thoughts: Some Advice For Movable Type," Beau Smith asks "What Mac software do you like?"That's a tough question for three reasons: First, there's enough decent software (consistent, attractive, discoverable) that the bad stuff can generally be avoided. Secondly, I'd like to choose examples which are either free or cheap, because I think that's more useful, than, say, commenting on Excel. Thirdly, Apple has an excellent set of "Human Interface Guidelines," which seemingly most developers have read. The HIG really create a floor for what Mac developers tend to do, and the Mac faithful crush anything that falls near or below that floor. As I'm writing this, I'm reminded of a vignette in the Ars Technica review of Delicious Library:
This is a splash screen for a beta—something that will never be seen by more than a handful of people. Note the bullet hole, the magic marker graffiti, the scratched-out slogan, the haphazardly placed logo sticker.Linux users, think about this image the next time you download a release version of a product without a comprehensive sample configuration file or with "cosmetic" bugs. Windows users, think about this the next time you see a poorly drawn 16-color icon or toolbar graphic in a multi-hundred dollar commercial software package.
That said, I'd like to discuss two apps a little bit: iCal, which ships with the OS, and "Notational Velocity."
I like ical quite a bit. It took a little exploration to get used to, and some things didn't work quite as I wanted. For example, I wanted recurring todo items to help remember to pay bills. Almost as good, I use recurring "all day" appointments in a finance category. I use the same sort of thing to manage travel information. It works quite well for me.
Notational Velocity is useful because of how small and fast it is, and how well searching works. Now that I have a program that implements incremental search, I find not having it in other places to be a lack. It's that useful.
More than any particular feature, I appreciate the effort that goes into making something look easy.
Bookmark this post:
The folks at eEye and Fortinet have identified a variety of image based heap overflows that allow for arbitrary code execution on both OSX and on Windows. Also an article on news.com.com claims that the patch initially caused some issues for some users on both platforms, that have been addressed now. Seems that poor implementation of image formats isn't limited to just Microsoft. Any guesses to how long before we see malware for these vulns?
Bookmark this post:
It turned out to be something of a bear to configure, and tech support has not been very helpful. I finally got it all working. A bunch of technical details and gripes are after the break.
The correct default IP address for the WGPS606 is 192.168.0.102. It's print queues are named l1 and l2, not LPT1 and LPT2 as the docs state. (That's from 'freakboy' on MacOSXHints. Thanks, dude! I've given your info to Netgear.)
This may be because I don't have a Windows PC, but it was made worse by a routing glitch on my Mac as I tried to scan 192.168 (oops, wrong interface!) and then being given the wrong default IP address by Netgear support.
Netgear also has the world's strangest support system, with our conversation arranged in a web page as follows:
first Netgear response (2, 16/11/2005 19:56:00)
second netgear respose (4, 17/11/2005 06:46:00)
my initial inquiry (1, 16/11/2005 01:20:00)
my follow on question (3, 16/11/2005 20:02:00)
my second response (5, 19/11/2005 16:35:00)
Oh, if you're in this situation, it may help you to say its similar to my case, which was #2366120
Bookmark this post:
One of the reasons that people become enraged by spyware is the interference with what ought to be a private space. It is, after all, called a personal computer, and peope extensively personalize them. An important and worrisome trend is your computer responding to commands from outsiders. Recently, AOL added two "buddies" to my buddy list on AIM. What the hell? It turns out that AIM synchronizes buddy lists with the mothership, and that there are good reasons for this. (Thanks to Len for explaining that to me.) But it was deeply offensive, and the Pebble and the Avalanche has a good analysis in "Putting the 'Mess' in Instant Messaging: AOL Makes a Big Mistake."
Another instance of this is web sites that think you should write your password on paper instead of a nice, semi-secure, encrypted keystore like KeyChain. (Hello, Citibank!) JWZ, who knows a thing or two about browsers, offers suggestions for fixing this bug in Safari in <form autocomplete="yes, dammit">. [Update: fixed link.]
Bookmark this post:
It wasn't a plan that I was going to slag Apple this week. Really, I'm fond of my Mac, I'm just tired of claims that it's somehow über-secüre. Now it comes out that Sony has licensed technology from SunnComm to rootkit your Mac. It's harder for Sony to install, because (unlike a PC) they need you to authorize the installation. It's possibly less damaging than on the PC, but we don't yet know what the two kernel extensions do. The Unofficial Apple Weblog suggests that they'll be disassembled, and I hope they're right.
Comments in "Unintended consequences of DRM" suggest that the password is important, and while it is, I'm not sure how many people won't just type their password on demand.
Previous posts about Apple security have been: "Kudos to Microsoft, Brick-brats to Apple" and "The Approaching Apple OSX86 Security Nightmare."
Bookmark this post:
MS05-038 and MS05-052 contain a number of defense-in-depth changes to the overall functionality of Internet Explorer. These changes were done mostly for security reasons, removing potentionally unsafe functionality and making changes to how Internet Explorer handles ActiveX controls.As a result
