Okay, so we've got this problem:
(Leopard is MacOS X 10.5; I'm on 10.4.11 = Tiger)
<http://blog.wa****ngtonpost.com/securityfix/2008/06/serious_security_vul
nerabilty_1.html>
"Serious Security Vulnerabilty In Apple OS X Leopard
An unpatched security hole in Apple's OS X operating system could be
used by attackers to change key system settings or to take control of
vulnerable computers, security researchers warn.
In a posting to news-for-nerds site Slashdot.org on Wednesday, an
anonymous reader noted that a core component of OS X 10.4 (Tiger) and
10.5 (Leopard) called Apple Remote Desktop Agent could be leveraged by
any user on the machine to install new programs or alter im****tant
system settings. Generally, these tasks are reserved for only the "root"
account -- the most powerful user account on the system -- or at the
very least they require the user to first enter a password for the
requested changes to take effect.
[...]"
Now, I'm running 10.4.11 on this 'ere 4G5. It's recently back from the
menders and I'm busy re-installing and re-configuring everything from
scratch.
I happened to notice that a pair of binoculars had appeared in my menu
bar, greyed out. I thought `Eh what?' and looked - seems to be the
Apple Remote Desktop menubar status indicator/control thingy. ARD was
off according to that indicator, and also according to the indicator in
System Prefs->Sharing->Services.
I had tried
osascript -e 'tell app "ARDAgent" to do shell script "whoami"';
in the Terminal (as suggested on the above Web page) - all that did was
tell me:
23:47: execution error: ARDAgent got an error: Connection is invalid.
(-609)
(just done it again).
According to the above Website, I'm not vulnerable to this new exploit,
but still: anyone got any idea how come ARD's menu bar indicator ended
up appearing?
I'm a trifle concerned.
And while I'm at it:
<http://www.bartosiak.org/nonpareil/index.html>
If anyone's got a thing about old HP calculators, that's the place. I
fired up the 32E simulator - well, the on/off switch is missing and the
precise style of the printing of the keys and faceplate as well as the
precise style of the LED are not perfect matches for the physical HP-32E
on the desk in front of me, but aside from that it's bang on - if a wee
bit slower than the real thing.
(can't be down to slowness of the host - not on a 2.5GHz 4G5)
Try the Q^-1 function (inverse standard normal distribution function) to
see it working hard.
Rather entertainingly, I've noticed that the LED display of that
calculator catching the corner of my eye - on screen! - causes a `switch
it off before the battery goes flat seeing as it's idle' response.
Thanks for any thoughts that might turn up,
Rowland.
--
Remove the animal for email address: rowland.mcdonnell@[EMAIL PROTECTED]
Sorry - the spam got to me
http://www.mag-uk.org
http://www.bmf.co.uk
UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
|
