Netscape.com breaks for Safari users

January 13, 2005

Until last month Apple used netscape.com to provide the default home page to its Safari users. Apple made a change last month and until today the old page continued to work. Now, however, a user of Safari who goes to www.netscape.com is treated to a redirect loop (the previous URL was home.netscape.com/apple.adp). Oddly changing Safari's user agent doesn't solve the problem. Internet Explorer on OS X continues to work. For now it appears it's just the users of Safari who have to go without the Netscape Network home page. cnn.netscape.cnn.com which is not on Netscape's servers does still work for Safari.

Looking for a way to restrict concurrent mail.app connections

January 6, 2005

Any ideas on how to restrict the number of concurrent connections mail.app (Mac OS X) makes would be appreciated. I want to have it check mail boxes sequentially instead of shotgun style (the default).

OS X Rootkit - includes Opener script

October 22, 2004

There is a discussion going on over at Macintouch about what they are calling "Opener" Malware. I sent a comment but unfortunately it was below the threshold of what was published. The discussion is focused on the Opener script but mostly misses the critical point - that it is a part of the OSXRK - OS X Root Kit. All of the comments I read at Macintouch are at best mis-informed. While the Opener script itself does not "infect" computers as a part of the OSXRK it can be used to exploit machines. From the readme file:

###################################
# osxrk : OS X - Rookit
#
# the burning man - Public Release 0.2.1
# Sept. 2004
#
# by g@pple
#
# greets and thanks to Dim Bulb, Dr. Springfield, Jawn Doh!, B-r00t!,
# the fbsdrk & fbsdrootkit teams for inspiration.
#

This is the initial Public Release of the OS X RootKit. This type of rootkit should be easy to defend against if you really care about your computer. Keep your system up to date and patched.

Opener - OS X Rootkit

October 21, 2004

There is a note on Macintouch today about somebody being hit by the opener rootkit on OS X. The rootkit is available for download from a .mac account as osxrk. This kit has been in the 'wild' for over a month now. The opener file says it will move itself to /System/Library/StartupItems. The script is aware of LittleSnitch and kills it before making network connections to download tools for wiping out logs and gathering of passwords.

From the readme "rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more."

Allow root to SSH in? No.

October 20, 2004

By default OS X ships with the root user set so you can't login. Many people know that you assign a password to the root user and viola you can now login. What is disappointing is that Apple by default does not configure SSH to prevent REMOTE login by root. It's a simple configuration change to the /etc/sshd_config file. There are two ways to do it. I prefer to add the following line:

AllowUsers username

There is also the possibility of using DenyUsers and putting root in that list, but by using AllowUsers you further limit who has access.

An idea for Family Controls

October 20, 2004

According to MacinTouch today Apple's next OS, Tiger, will include Family Controls that give administrators more granularity over the abilities of applications. What isn't mentioned there but would be nice are time of day related controls. Something that would allow kids to chat via iChat at certain hours but would limit what times of day it's possible.

Pages