Otterman speaks... (2003-2007)
Weblog about cycling, macintosh, natural history and life in Singapore.
Otterman - Blog Home

Archives - Blog's RSS - Comments RSS - LJ - Email me - All my blogs - About me: 2004 - 2002

Make a permalink or URL tiny:
Blog email subscription

Enter your email address to receive the previous day's posts:


Mac and the Internet - NUS
Cycling - Life in Singapore - Meow
Singapore Naturalist - Mangroves
Science - World - Museum
Movies - Literature - Travel

Biology module blogs:
Biodiversity (Year 1)
Ecology (Year 3)
Structure & Function (Year 3)
Marine Biology (Year 4)
Natural History Blogs:
The Biology Refugia
Raffles Museum Toddycats
Intl Coastal Cleanup Singapore
Labrador Park
Pulau Ubin Stories
Pulau Hantu
Cycling in Singapore
Mac Meetup Singapore
Aboard the Götheborg
Otterman Projects
Zendogs/Wheels are Turning
Hopea sangal

Raffles Museum Toddycats!

Pedal Ubin!
Pasir Panjang Heritage
Raffles Museum Internship
MR-BT Briskwalkers

Mac Meetups

Some of my kakis

Kakis at home
Ad & Jen
Inertia is a Sin
Halfway between the gutter and the stars
Lost in the Jungle
Dawn, Cat Welfare
Compulsive Maniac
Deadpoet's Cave
Rambling Librarian
Cooler Insights
Pencil Shavings
Ling the Merciless
Philosophize Me Jelly
Dewi A

Kakis overseas
Alvin - Beijing, China:
* Alvin's spiel
Kevin - Buffalo, NY:
Theory is the Reason
Bonny - HCMC, Vietnam:
Jac - London, UK:
Dogged Wanderings
Jasmin - NY, NY:
The Worsted Witch
Marcus - Shanghai, China:
You only live once
Tse-Lynn - Wilmington, NC:
Musings of a barefoot traveller
Jani - Newcastle, UK:
Salted & Fried

Seow Hwa's
The Ice Cream Gallery

Local reads
Commentary Singapore
Singapore Surf

Museum Roundtable
Science Daily
Environmental News Network
National Geographic News
New Scientist news
Nature News
Google News
Resource Shelf
The Unofficial Apple Weblog
Boing Boing
The Daily Show
This is a Flickr badge showing photos in a set called My Handphone Photos. Make your own badge here.

Made on a Mac with
Claris Home Page 3.0.
Blog engine: Samizdat,
based on PHPosxom,
based on Blosxom.
Updated with TextWrangler.

Creative Commons License
© N. Sivasothi, 2003
This work is licensed under a
Creative Commons License.

Subscribe with Bloglines

Otterman speaks...

Cycling, macintosh, natural history and life in Singapore - Archives

List of Categories : travel * museum * cycling * Singapore Naturalist * science * kakis * mangroves * movies * mac and the internet * meow * NUS * life in Singapore * lit * world *

Sat 29 May 2004

OS X security loophole - Fix, updates

Category : mac and the internet

[Update No. 6 - 10.3.4 combined updater; "telnet" and "ssh" possibly handled].

If this harmless link reveals the time, a security loophole from a URL reference by your browser, is able to call up the Help Viewer and potentially run a programme. Even on terminal! So fix it!

[1] Install 10.3.4 - it includes two security updates by Apple, but you must run the combined update.

Now try the harmless link. It will no longer work.

But there is more; try this Malware test. You are still vulnerable so carry on with steps 2-4.

[2] John Gruber's Daring Fireball recommends using Rubicode's RCDefaultApp, which he explains is more effective than Misfox (and presumably IE5).

After you download Default App, 1. Double click the icon. 2. Install in all users. 3. Enter your admin password. 4. System Preferences launches, Default Apps opens. 5. Click the "URLs" tab. 6. Set "disk", "disks", "afp", "ssh" and "telnet" to "disabled" (In 10.3.4, no worries about "help" and some say telnet or ssh). Or choose an app like Chess if you want to know when you struck a mine!

[3] Still within Default App, set "ftp" to "disabled" or to an ftp app like Interarchy, Fetch or Transmit.

[4] Turn off "open safe files" option in Safari. Go to preferences in Safari, and unselect the "open safe files after downloading" option.

These steps were proof against Unsanity's Jason Harris' Malware test. Freaked by his test results, he created Paranoid Android. I tried it out and between this haxie, APE (which it needs to work) and FruitMenu (another haxie by Unsanity), my iBook (G3 600MHz 640MB RAM) froze up. It's not the first time. Eventually I used another mac to delete the culprit files. Else, I'd still be staring at a blue screen.

This appears to be enough to sidestep the issue, but expect more - until Apple resolves it all. The MacNN forum is still discussing this. I will keep tabs and update this post.

Original sources: MacNN forums, Liz Lawley (Mama Musings) and Jay Allen (the Daily Journey).

Posted at 4:54AM UTC by N. Sivasothi | permalink | , .