OS X

Netscape.com breaks for Safari users

Until last month Apple used netscape.com to provide the default home page to its Safari users. Apple made a change last month and until today the old page continued to work. Now, however, a user of Safari who goes to www.netscape.com is treated to a redirect loop (the previous URL was home.netscape.com/apple.adp). Oddly changing Safari's user agent doesn't solve the problem. Internet Explorer on OS X continues to work. For now it appears it's just the users of Safari who have to go without the Netscape Network home page. cnn.netscape.cnn.com which is not on Netscape's servers does still work for Safari.

OS X Rootkit - includes Opener script

There is a discussion going on over at Macintouch about what they are calling "Opener" Malware. I sent a comment but unfortunately it was below the threshold of what was published. The discussion is focused on the Opener script but mostly misses the critical point - that it is a part of the OSXRK - OS X Root Kit. All of the comments I read at Macintouch are at best mis-informed. While the Opener script itself does not "infect" computers as a part of the OSXRK it can be used to exploit machines. From the readme file:

###################################
# osxrk : OS X - Rookit
#
# the burning man - Public Release 0.2.1
# Sept. 2004
#
# by g@pple
#
# greets and thanks to Dim Bulb, Dr. Springfield, Jawn Doh!, B-r00t!,
# the fbsdrk & fbsdrootkit teams for inspiration.
#

This is the initial Public Release of the OS X RootKit. This type of rootkit should be easy to defend against if you really care about your computer. Keep your system up to date and patched.

Opener - OS X Rootkit

There is a note on Macintouch today about somebody being hit by the opener rootkit on OS X. The rootkit is available for download from a .mac account as osxrk. This kit has been in the 'wild' for over a month now. The opener file says it will move itself to /System/Library/StartupItems. The script is aware of LittleSnitch and kills it before making network connections to download tools for wiping out logs and gathering of passwords.

From the readme "rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more."

Allow root to SSH in? No.

By default OS X ships with the root user set so you can't login. Many people know that you assign a password to the root user and viola you can now login. What is disappointing is that Apple by default does not configure SSH to prevent REMOTE login by root. It's a simple configuration change to the /etc/sshd_config file. There are two ways to do it. I prefer to add the following line:

AllowUsers      username

There is also the possibility of using DenyUsers and putting root in that list, but by using AllowUsers you further limit who has access.

An idea for Family Controls

According to MacinTouch today Apple's next OS, Tiger, will include Family Controls that give administrators more granularity over the abilities of applications. What isn't mentioned there but would be nice are time of day related controls. Something that would allow kids to chat via iChat at certain hours but would limit what times of day it's possible.

Pages

Subscribe to OS X