Most Popular Articles
- MobileMe Mail and Gmail Go Down Simultaneously (11 Aug 2008)
- Comparing Apple's MobileMe Contrition with Google and Netflix (19 Aug 2008)
- iPhone Apps That Go Beyond Entertainment (08 Aug 2008)
- Jobs Personally Acknowledges iPhone Bug and Upcoming Fix (19 Aug 2008)
Recent TidBITS Talk Discussions
- Google Chrome (13 messages)
- Firefox 3 Bounds Forward (12 messages)
- Problems with Eudora on OSX 10.5 (Leopard)? (49 messages)
- Cox.net Will Not Send from iPhone (55 messages)
Published in TidBITS 752. Subscribe today to receive TidBITS in email every Monday.
- DealBITS Drawing: Marketcircle's DayLite
- Take Control's First Anniversary (and 50% Off Sale!)
- Apple Refreshes iBooks, Power Mac G5, Xserve RAID
- Apple Remote Desktop 2.1 Released
- Serving Rolex Spam at Alice's Restaurant
- Persistence Pays: The Return of XNS
- Hot Topics in TidBITS Talk/25-Oct-04
| Opener's Existence Encourages Password Care
Opener's Existence Encourages Password Care -- Over the last few days, news of a malicious shell script known as "Opener" has appeared on MacInTouch, and several news organizations picking up the report have incorrectly started calling it a virus. It's not a virus, and frankly, it's not even that big of a concern. Opener is a shell script that, if installed and activated on a Mac, turns on file sharing and remote login, disables the firewall, extracts passwords, creates an admin-level user, installs a password sniffer, and more. That sounds bad, but Opener can't do any of these things unless someone with an administrator password or physical access to the Mac installs and runs it. More to the point, if someone has your administrator password or physical access to your Mac, Opener is just one of many possible worries.
<http://www.macintouch.com/opener.html>
So, unpleasant though it is, Opener doesn't really change much about maintaining a secure Mac. Make sure to install Apple's security updates as they're released, since some plug holes that could allow the necessary root access for a cracker. Be sure your administrator password can't be guessed easily. And most important, never enter your administrator password when prompted unless you know why it is being requested and trust the source of the request (a Trojan Horse carrying Opener could be extremely dangerous). In my mind, this is Apple's largest mistake with security; I'm prompted for my administrator password so often that it's easy to enter it reflexively, without considering who's asking and why. [ACE]
WebCrossing Neighbors Creates Private Social NetworksCreate a complete social network with your company or group's
own look. Scalable, extensible and extremely customizable.
Take a guided tour today <http://www.webcrossing.com/tour>