There's got to be a temporary solution, while we wait for Apple to fix it.
I don't use Screen Sharing, so I assume sudo chmod 4744/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent will do the trick, huh?
I think this approach is better than deleting or compressing ARDAgent... Is it?
For those that use Screen Sharing, is there a fix?
I tried to take out the "osascript -e" part (and the single quotes too), create an AppleScriptand save as a compiled application. It doesn't work.
I just tried a more sophisticated trick:
tell application "Terminal"
do script "osascript -e 'tell app \"ARDAgent\" to do shell script \"touch/etc/test\"'" end tell
This works! Double click the app and the file test will be created on/etc.
The only downside to this (for the attacker) is that a Terminal window opens and the user can see the commands. If you use the preflight script trick, the user will see nothing!
I tried check_afp and it does not work on my machine if the full path to it isn't given on the command line. After that, I got the same error as you got.
If I pay twice as much for a "drum and bass" album, will they throw in the "guitar and vocals" also? I am not sure, but pray to Gosh you don't get a boring MC doing some ragga-style vocals over the beats... I love drum and bass, but these MC's are sooooooo damn boring!
I was just looking for someone I could agree with. There's really no need to triangulate anything.
Just install an RFID portal on every door and corridor of the house! It could be one of these: Motorola XR440. Connect them to a switch, like the new Motorola RFS6000, so you can easily manage all of them...
Finally, develop some software for the readers (they run Windows CE) to talk to your tracking application.
All the items to be tracked should be tagged with EPCGlobal compliant tags. Enter the item information in your database.
At this point, you can get to know the last room the items entered or exited.
Yea, that's what I meant when I wrote "I know this remote control is awfully designed and could do with half of the keys".
But, when you have a graphical, touch-screen remote control, it can show only the relevant options for the task.
For example, if you hit "DVD Player" on a main menu, it will then show only the play, pause, stop, next/previous chapter, menu and other relevant keys.
I know this is not really a good example of an application for touch-screens, but illustrates some of the key advantages.
I agree with the fixed position, but I invite you to think a little about the remote control issue.
My DVD recorder's remote has so many buttons! For example, there are 3 keys to go to on-screen menus:
* Top Menu - where you can choose what to watch from the programs recorded on the internal HD;
* Home Menu - goes to the player's menu where you can go to the "top menu" or change player settings;
* Menu - goes to the DVD menu, if there's a DVD in the player.
I know this remote control is awfully designed and could do with half of the keys, but this is only one example of how a "contextual key pad" could be used. And you need a graphical interface for that, in my opinion.
And I can't really used this remote without looking at it, I can assure you.
One could argue that a DVD recorder/player with an internal HD is a multi-function device and I could agree with that.
Yea... I was thinking about it last night. I don't know where did I get the motivation to answer trolls, when there was so many people giving good and serious answers.
My needs are not that urgent. I already have hired some developers for other similar projects, but they keep disappointing me. Most of them can't deliver the apps on time and, when they do, the interface is not well designed.
I disagree with you on the "non-trivial" part, as I see most data collection applications as a kind of crippled CRUD (Create, Retrieve, Update, Delete -- I think you know it). The classes for barcode reader access (supplied by the device manufacturers) are pretty straight forward to use and the documentation is good.
As I stated originally, my main problem is with the IDE's that are confusing to me.
Naaahhh! Showing my face is hard. It's waaaay harder than posting as Anonymous Coward, like I use to do since kindergarten. And this post I am writing has everything the OP needs, like an answer. Why should I bother? Like I knew how to help the poor bastard. I'll just troll anonymously and everything will just be fine.
I think it's very natural for a product to evolve and get better. It's not really the norm with Microsoft, but it sure is expected.
One thing I noticed, though, is that every new version of Visual Studio is incompatible with some previous technologies:
* If you want to write apps for Windows CE 4.2 or PocketPC 2002 with.Net CF 1.1, you need VS 2003;
* If you want to write apps for Windows CE 5.0 or Windows Mobile 5.0, you need VS2005, but you can't use it to write apps for the older versions of CE/Mobile;
* I still have not checked how VS2008 deals with this, but I know I can write Windows CE 5.0 apps with it.
To make myself clear: I need to target CE 4.2, CE 5.0, Mobile 2003 and Mobile 5.0. The apps will be developed specifically for one of these, but I need to be able to write apps for all of them.
Can I use only one IDE or will I need several versions of Visual Studio?
Not really... I didn't make myself clear in the first place.
Most of experience in programming come from PHP, because that's the language that I really used to write something useful. I used to work with web site development, and I can say I wrote some very nice custom designed content management systems (very simple ones, but still I think they're nice). Just so you know, I know what a class is and I can write OO code.
I started with BASIC on a Commodore 64 in 1986, when I was 9 years old. I used Visual Basic 2.0 or 3.0 in 1992 or 1993 (can't remember) and, at the time, developed some Windows (3.1) front-ends for DOS programs. I also can write some simple C programs (a little more than a "Hello World!"), but never tried anything really fancy.
My real problem is not with the languages. I can get to understand the basics of any language, I guess.
Slashdot Mirror
There's got to be a temporary solution, while we wait for Apple to fix it.
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent will do the trick, huh?
I don't use Screen Sharing, so I assume sudo chmod 4744
I think this approach is better than deleting or compressing ARDAgent... Is it?
For those that use Screen Sharing, is there a fix?
Now THAT is scary...
That seems fair, but 1337 H4X0RZ D0 I7 WI7H 57YL3!
Remember: you're root just as long as your "whoami" command is running.
So, you have to replace "whoami" with some other command to own the machine...
I tried to take out the "osascript -e" part (and the single quotes too), create an AppleScriptand save as a compiled application. It doesn't work.
/etc/test\"'"
/etc.
I just tried a more sophisticated trick:
tell application "Terminal"
do script "osascript -e 'tell app \"ARDAgent\" to do shell script \"touch
end tell
This works! Double click the app and the file test will be created on
The only downside to this (for the attacker) is that a Terminal window opens and the user can see the commands. If you use the preflight script trick, the user will see nothing!
I tried check_afp and it does not work on my machine if the full path to it isn't given on the command line. After that, I got the same error as you got.
No worries, dude... My nerdy jokes are never understood by my non-nerd friends or family members. I am pretty used to it by now!
The joke was not a good one, IMHO, but he simpy meant:
"The trick works through SSH if you know the password of the user currently logged on the target machine."
I tried some variations, but I still think this bug is serious enoguh that Apple should do something ASAP!
/etc/whatever"
I tried substituting the "whoami" part for some other command, just like pudge did with "touch", and it worked...
I was thinking how someone could fool a user to execute these commands, but I didn't have success with other variantions.
A simple AppleScript like this won't work:
tell appplication "ARDAgent" to do shell script "touch
As stated by others, it won't work through ssh, but it wouldn't be wise to use ssh to attack a machine, anyways...
So, I think that the only way this will work is through a shell script. An easy trick:
1. Just create some stupid application that people would want to try and install and that looks unsuspicious;
2. Create an installation package, so it looks safe. In this package, use a script for "post-install work" that does whatever you want;
3. Put it up on the web or send through e-mail to your target and wait for them to execute the installer;
4. ???
5. Profit? Well, not necessarily, but...
Since the script will be quite well hidden in the installation package, the user will not suspect the nasty stuff going on in his/her system.
You can, for instance, edit sharing preferences, create a user, or just wreak havoc by deleting some essential system file. The sky is the limit...
Well... Then, think of the children!
I was just looking for someone I could agree with. There's really no need to triangulate anything.
Just install an RFID portal on every door and corridor of the house! It could be one of these: Motorola XR440. Connect them to a switch, like the new Motorola RFS6000, so you can easily manage all of them...
Finally, develop some software for the readers (they run Windows CE) to talk to your tracking application.
All the items to be tracked should be tagged with EPCGlobal compliant tags. Enter the item information in your database.
At this point, you can get to know the last room the items entered or exited.
It won't be cheap, though.
Talking about sigs, I really loved this code version of "All You Base Are Belong To Us".
Yea, that's what I meant when I wrote "I know this remote control is awfully designed and could do with half of the keys".
But, when you have a graphical, touch-screen remote control, it can show only the relevant options for the task.
For example, if you hit "DVD Player" on a main menu, it will then show only the play, pause, stop, next/previous chapter, menu and other relevant keys.
I know this is not really a good example of an application for touch-screens, but illustrates some of the key advantages.
I agree with the fixed position, but I invite you to think a little about the remote control issue.
My DVD recorder's remote has so many buttons! For example, there are 3 keys to go to on-screen menus:
* Top Menu - where you can choose what to watch from the programs recorded on the internal HD;
* Home Menu - goes to the player's menu where you can go to the "top menu" or change player settings;
* Menu - goes to the DVD menu, if there's a DVD in the player.
I know this remote control is awfully designed and could do with half of the keys, but this is only one example of how a "contextual key pad" could be used. And you need a graphical interface for that, in my opinion.
And I can't really used this remote without looking at it, I can assure you.
One could argue that a DVD recorder/player with an internal HD is a multi-function device and I could agree with that.
Yea... I was thinking about it last night. I don't know where did I get the motivation to answer trolls, when there was so many people giving good and serious answers.
My needs are not that urgent. I already have hired some developers for other similar projects, but they keep disappointing me. Most of them can't deliver the apps on time and, when they do, the interface is not well designed.
I disagree with you on the "non-trivial" part, as I see most data collection applications as a kind of crippled CRUD (Create, Retrieve, Update, Delete -- I think you know it). The classes for barcode reader access (supplied by the device manufacturers) are pretty straight forward to use and the documentation is good.
As I stated originally, my main problem is with the IDE's that are confusing to me.
Well, I really don't see all that content on his post.
I do appreciate your post, though. It's really insightful.
I know my question was not a very good one. Still, I wanted to hear from people and I dared to ask.
Thanks for your post. You're writing anonymously, but not cowardly.
Thanks for those who posted serious answers, even if I accidentally ego-tripped, as try_anything pointed out.
I am following the links, reading carefully and looking for more information.
It seems I'll have to deal with my shortcomings and learn how to use Visual Studio. At least, most of you told me that's the wiser thing to do.
I'll keep looking back here, searching for good answers, but I have some links to follow now.
As you can see, I really didn't understand you were being picky. I found your post rather amusing, seriously...
/. crowd these questions.
And I have to thank you, for pointing out one of my mistakes when I decided to ask the
And that would be you, I presume?
Naaahhh! Showing my face is hard. It's waaaay harder than posting as Anonymous Coward, like I use to do since kindergarten. And this post I am writing has everything the OP needs, like an answer. Why should I bother? Like I knew how to help the poor bastard. I'll just troll anonymously and everything will just be fine.
You just made me LOL with something I wrote...
Let's try to get this right:
"I am a long time Mac user and, like most Mac users, I have some particular problems with Microsoft technologies."
Is it any better?
Now, if you like me better now, I think my over-inflated-mac-user-ego will be satisfied.
You nailed it: english is not my native language.
Someone, please mod parent +5 Funny...
I didn't say it's good. I am still playing with it. But it seemed far simpler and accessible to me.
Now, I think SharpDevelop looks like a copy of VS. MonoDevelop is quite different, from what I saw.
I think it's very natural for a product to evolve and get better. It's not really the norm with Microsoft, but it sure is expected.
.Net CF 1.1, you need VS 2003;
One thing I noticed, though, is that every new version of Visual Studio is incompatible with some previous technologies:
* If you want to write apps for Windows CE 4.2 or PocketPC 2002 with
* If you want to write apps for Windows CE 5.0 or Windows Mobile 5.0, you need VS2005, but you can't use it to write apps for the older versions of CE/Mobile;
* I still have not checked how VS2008 deals with this, but I know I can write Windows CE 5.0 apps with it.
To make myself clear: I need to target CE 4.2, CE 5.0, Mobile 2003 and Mobile 5.0. The apps will be developed specifically for one of these, but I need to be able to write apps for all of them.
Can I use only one IDE or will I need several versions of Visual Studio?
Not really... I didn't make myself clear in the first place.
Most of experience in programming come from PHP, because that's the language that I really used to write something useful. I used to work with web site development, and I can say I wrote some very nice custom designed content management systems (very simple ones, but still I think they're nice). Just so you know, I know what a class is and I can write OO code.
I started with BASIC on a Commodore 64 in 1986, when I was 9 years old. I used Visual Basic 2.0 or 3.0 in 1992 or 1993 (can't remember) and, at the time, developed some Windows (3.1) front-ends for DOS programs. I also can write some simple C programs (a little more than a "Hello World!"), but never tried anything really fancy.
My real problem is not with the languages. I can get to understand the basics of any language, I guess.