Mac Users Of Mtc (apple: Go Ahead, Take A Bite!)

boomouse · July 2, 2008

welcome back boomouse.

:rolleyes:

How about that one flaw that Mac OS X 10.5.4 didn't fix?

You are probably referring to the ARDAgent security hole—discovered just a few weeks ago which did not have a fix in 10.5.4.

ARD is the Apple Remote Desktop. ARDAgent runs when you use Screen Sharing in 10.5, and if you've enabled Remote Management in the System Preferences panel, but the exploit that proved the existence of this security hole actually works when ARDAgent isn't running. Basically, it relies on the fact that ARDAgent runs as root and can send AppleScript commands, such as do shell script, to the system it's running on. Given ARDAgent is running as root, any shell script launched by ARDAgent also runs as root, so such scripts run without prompting the user for their admin password and have full access to every file on the system. Obviously, this opens up a huge world of hacking possibilities. Unlike some other exploits, this one will also work on even a lowly guest account; an admin account is not required to take advantage of the security hole.

Before you guys panic or Windows users start wagging their fingers, be assured that it is still not that easy to compromise your Macs because this exposure needs to be exploited either by someone who already has access to your Mac, or by tricking you into downloading and running a program designed to look like something benevolent (known as a trojan horse) -- you can't be hacked by simply reading an email or visiting a malicious web page.

There are two ways to lessen and/or remove your exposure to this security hole.

The less-severe solution (but one not guaranteed to be 100% effective) is to enable the Remote Management feature (leave all the "All local users can..." features unchecked) in the Sharing System Preferences panel, as explained in the Intego security memo. When ARDAgent is running, it seems that it can't be used to run scripts in this manner. However, there is no confirmation if all scripts will fail 100% of the time, or if some scripts may still be able to run. So far tested scripts were reported to all have failed when Remote Management was enabled, but there aren't any guarantees -- it's quite possible there are methods that may still allow the scripts to execute.

A more-severe but guaranteed effective solution is to disable ARDAgent itself, which is located in /System » Library » CoreServices » RemoteManagement. Just take that file and zip it, so that you can unzip it before you install the hopefully-forthcoming Apple update -- if you delete the file, the update will fail if it's just a patch. Note that this solution will also disable screen sharing, so it may not be usable by everyone.

Until Apple figures out a way to patch this hole, the best way to stay safe is, as always, to not download and run software from untrusted sources. (Patching it may be tricky, because administrators really do need the ability to run root-enabled scripts remotely and non-interactively ... it will be interesting to see what solution Apple comes up with.)

So, just as you won't walk into a dark alley when someone whispers and beckons to you, do not be tricked into downloading and running something you don't know from a source you don't know. Or don't let your Mac near anyone who might.

Edited July 2, 2008 by boomouse

artvader · July 2, 2008

But didn't it got patched before (10.4.11)? And was later exposed again? What I'm trying to say is - it is possible to patch it... just wondering why it's taking this long.

chunkyhunk · July 2, 2008

But didn't it got patched before (10.4.11)? And was later exposed again? What I'm trying to say is - it is possible to patch it... just wondering why it's taking this long.

Leopard is an altogether different "species" from Tiger. As far as I know, it's developed "from ground up."

As far as the hole goes, you won't hear any low-level Mac user complaining about the hole, because one has to be a high-level hacker to exploit the hole to begin with. Aside from that, even with the hole present, a hacker will have to know where to look and what to look for, because the hole is NOT that easy to exploit.

Also, you'll have to look for holes in the Mac OS, whereas you can expect it from Windows. I was more wary when I'm booted on Windows via bootcamp than I am on OS X.

I'm still on Tiger, so technically I'm safe. I haven't upgraded to Leopard yet because of the incompatibility issues with Adobe CS3.

artvader · July 2, 2008

I disagree. Most holes are hard to exploit anyways and it takes a good hacker to properly exploit these (in all OSes - except Windows). But combine a good hacker with a "dumb" user and you have the recipe for disaster.

While boomouse's advice is good (don't download suspicious programs), it doesn't always work in reality as most people doesn't really follow it. Especially when you have this mind-set that you will ALWAYS be safe no matter what you do. It's like saying you'll dare to go in that dark alley with a stranger because you have that anting-anting you wear around your neck that will protect you from all harm.

chunkyhunk · July 3, 2008

I disagree. Most holes are hard to exploit anyways and it takes a good hacker to properly exploit these (in all OSes - except Windows). But combine a good hacker with a "dumb" user and you have the recipe for disaster.

While boomouse's advice is good (don't download suspicious programs), it doesn't always work in reality as most people doesn't really follow it. Especially when you have this mind-set that you will ALWAYS be safe no matter what you do. It's like saying you'll dare to go in that dark alley with a stranger because you have that anting-anting you wear around your neck that will protect you from all harm.

That's the point actually, art. MOST Mac users are wary of "unknown" software. Sufficed to say, we don't have much "dumb" Mac users. I read a survey somewhere that most "smart" people choose the Mac, not to say that windBlows users are dumb. They can't be dumb, since it's an amazing thing they do with all those tinkering.

Besides, a hacker must really be mad at a Mac user to even initiate an attack, and he would have to figure out WHICH Mac amongst millions online he has to attack to specifically target that hole.

I think that's where Mac users have the advantage. We've only one "hole" that you will still have to look for when you've managed to find your target, whereas all you have to do with WindBlows is send an email.

Not to be overconfident, we're still "safe" even with that hole.

artvader · July 3, 2008

The thing is... the longer that hole remains unpatched, the longer these mac hating hackers can exploit it properly. And contrary to popular notion, hackers doesn't even need to specifically target a particular computer among millions in order to hack into that computer. All they have to do is run an automated program to do it for them. Next thing you know, your machine could become a spam sending 'zombie', all without your knowledge and the hacker without even knowing he's even targeting your machine.

chunkyhunk · July 3, 2008

The thing is... the longer that hole remains unpatched, the longer these mac hating hackers can exploit it properly. And contrary to popular notion, hackers doesn't even need to specifically target a particular computer among millions in order to hack into that computer. All they have to do is run an automated program to do it for them. Next thing you know, your machine could become a spam sending 'zombie', all without your knowledge and the hacker without even knowing he's even targeting your machine.

Oh, they have tried. Theoretically (or even realistically) what you say is true. And we should really be worried. The thing with Mac users is we don't really "target" each other because of, let's say mutual respect for one another. It takes a Mac-hating hacker to do that, and though you are right that they don;t need to target a specific computer to exploit the hole, they will still have to look for the hole in the targeted computer.

As I understand it, the hole is not in the same place between computers, unless of course they already know where to look.

Hence hackers target mostly server systems and not individual computers.

So far, we've no Mac-related "epidemic" as damaging as the "I love you" virus. Imagine that, an email that exploited the very weakness of Microsoft's programming.

The last Mac epidemic that cause "major" headaches was the AutoStart worm back in the late 90s. That worm didn't even target then OS 8-9, but specific files with image extensions.

boomouse · July 3, 2008

Oh, they have tried. Theoretically (or even realistically) what you say is true. And we should really be worried. The thing with Mac users is we don't really "target" each other because of, let's say mutual respect for one another. It takes a Mac-hating hacker to do that, and though you are right that they don;t need to target a specific computer to exploit the hole, they will still have to look for the hole in the targeted computer.

As I understand it, the hole is not in the same place between computers, unless of course they already know where to look.
Hence hackers target mostly server systems and not individual computers.

So far, we've no Mac-related "epidemic" as damaging as the "I love you" virus. Imagine that, an email that exploited the very weakness of Microsoft's programming.

The last Mac epidemic that cause "major" headaches was the AutoStart worm back in the late 90s. That worm didn't even target then OS 8-9, but specific files with image extensions.

Well, just to share a bit of history--and betray my age in the process, the first Mac-related (and the biggest) epidemic was the NVIR infestation which liked to infect the resource forks of pre- OS X files. I remember being asked to fly from my office at Apple Far East in Hong Kong to eradicate an infestation in the editorial offices of the Times of India in New Delhi. They were on OS 4.7.1

This thing spread like the plague. Every floppy, everynetowrk volume that is infected would infect an uninfected host machine upon boot and would announce its conquest with a system beep. Then the host slowly starts slowing down as files sizes are increased until all you have left is one system crash after another and pre-OS X Macs can crash in spectacular fashion even displaying a graphic of an old fashioned round bomb with a lit fuse in what is now known as a blue screen, green screen, or kernel panic notice.

But all that was needed as a clean startup floppy (yes, the OS would fit in all of 800k, even 400k if stripped down), about 24 lines of Pascal code, and all would be well. I owed a lot of my travelling on first class to NVIR.

roxysnonie · July 4, 2008

errr...

any you guys gor nitraktor 3 for mac?

chunkyhunk · July 4, 2008

Well, just to share a bit of history--and betray my age in the process, the first Mac-related (and the biggest) epidemic was the NVIR infestation which liked to infect the resource forks of pre- OS X files. I remember being asked to fly from my office at Apple Far East in Hong Kong to eradicate an infestation in the editorial offices of the Times of India in New Delhi. They were on OS 4.7.1

This thing spread like the plague. Every floppy, everynetowrk volume that is infected would infect an uninfected host machine upon boot and would announce its conquest with a system beep. Then the host slowly starts slowing down as files sizes are increased until all you have left is one system crash after another and pre-OS X Macs can crash in spectacular fashion even displaying a graphic of an old fashioned round bomb with a lit fuse in what is now known as a blue screen, green screen, or kernel panic notice.

But all that was needed as a clean startup floppy (yes, the OS would fit in all of 800k, even 400k if stripped down), about 24 lines of Pascal code, and all would be well. I owed a lot of my travelling on first class to NVIR.

I experienced nvir on the tail-end of the infestation. There was also System 5 and 6 "mutations" of the virus that actually attacks the directory file, but my memory of it is sketchy.

boomouse · July 5, 2008

errr...

any you guys gor nitraktor 3 for mac?

I have it. 57mb file size. PM me ftp access to somewhere I can leave it.

serpentor_ph · July 5, 2008

@ boomouse - just to confirm, is it true that you cant play pirated mp3's on the latest version of itunes on mac ?

roxysnonie · July 5, 2008

ive got mac the ripper, what i need now is to convert its files to mpeg 4 for itunes...

any suggestions? links?

ive got mac the ripper, what i need now is to convert its files to mpeg 4 for itunes...

any suggestions? links?

also i plan on changing my hdd, to 320gb up...how to go about it?

boomouse · July 5, 2008

@ boomouse - just to confirm, is it true that you cant play pirated mp3's on the latest version of itunes on mac ?

I don't think so. You would be readig about my bricked ipods by now. We do not have an itunes service in the Philippines. So the only ways you can load your ipod is by ripping CDs you own and copying the songs into it (legal) or using MP3s that 'fell off a truck' (not legal but practically unenforceable—unless you do it in such a grand scale).

I keep my iTunes updated within hours that an update is released. I remove and add songs at least twice a week, plus videos and podcasts. I play back two iPods in the car everyday. MP3s of whatever kind or progeny have never been aproblem.

Nismo · July 6, 2008

Sir Boo is there anyway i can use the built in isight in my macbook as a webcam here in the phil?how do i get about it?

Recently Browsing

Mac Users Of Mtc (apple: Go Ahead, Take A Bite!)

Recommended Posts

Link to comment

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

deepdiverboy

phenom9

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Join the conversation