Wednesday, November 03, 2004

S5: CSS/XHTML Slide Show Package

Slashdot | Standards-Based CSS/XHTML Slide Show
I did a for more modest slide show tool years ago. One this site recovers from the Slashdot hits it'll be interesting to read.

Good OS X security practices

"Opener" Malware

This came out of the opener malware discussions. Some of this I won't bother with, but others I will. I'm especially interested in disabling root (esp. if I can reverse that!).

I wont' be changing permissions until I learn more about the consequences.
After sifting through the various responses from readers this problem seems to boil down to a few simple things. Openr.sh has to be deliberately downloaded or copied to a Mac through direct access to the machine. 'Direct access' means physical access to the machine with sufficient privileges to copy files to appropriate directories or access via remote log-in with the same privilege levels and a method to execute the script. Basic (paranoid) security needs to be exercised in order to prevent/mitigate the unsophisticated type of attack that Opener.sh represents.

Servers should be isolated from casual access (all the system level security in the world won't help if someone gets to your box with a boot CD) and never left unattended with admin/owner or root logged-in. Remote log-ins (ssh) to servers should be allowed only with the root user and interactive log-ins disabled combined with an ACL (access control list). Restrict admin/root access to a limited number of people. Unused/unneeded services should be disabled and their ports closed.

Workstations in an office setting should have the screen saver enabled with a short time-out and password required to unlock/wake up. Automatic log-in to workstations should be disabled. Inactivity log-out should be enabled. No users other than designated admins should have admin level privileges or access to an admin level account on these machines.

Use "strong" passwords. Passwords like 'guyvlv*&%*%@KJBb039' are harder to guess or crack than 'a12345'. Change passwords often, especially admin level passwords.

Users are logged into their machines, by default, as the owner of the machine who is a member of the admin group. For your own personal account on your own machine create a standard/no limits account for everyday use. Enable 'fast user switching' so you can change to to the owner account for admin level tasks that you may need to perform on a day-to-day basis.

Disable the root account. First enable the root account, give it a different password from the owner account, then disable the root account. You can do just about everything the root user can do as the owner/admin user of the machine without root access. This won't affect how the root(system) user processes run. See this Apple KB article on how to enable/disable the root user: http://docs.info.apple.com/article.html?artnum=106290.

Reduce your 'attack surface' by turning off unneeded services. Securing and turning off services on workstations is first accomplished by selecting the 'Security' System Preferences item and check the 'Require password to unlock each secure system preference'. Then under Sharing in System Preferences, select the Services tab and turn off (uncheck) all unnecessary services. The same goes for the Firewall and Internet tabs. Then click the lock icon to prevent tampering.

Permissions on certain directories, particularly /System/Library/StartUpItems, are incorrect and there seems to be some confusion as to what they should be. Incorrect permissions combined with elevated access privileges can lead to unfortunate incidents with inexperienced/malicious users. Permissions on system level files and directories should not be changed without a full understanding of the implications of such changes. Problems with incorrect permissions can range from applications unexpectedly quitting to kernel panics, so users should tread carefully.

In particular the permissions on /System/Library/StartUpItems should not be set to root:admin as owner and group but root:wheel. Directories and binaries in /System/Library/StartUpItems should be set with permissions of 755, while .plist and .strings files in these directories should be 744. These are the default permissions that are set after installation or a permissions repair are done. Recursive changing of access permissions with 'chmod -R' or owner:group ownership with 'chown -R' should be used with caution.

If you feel that something is amiss with your Mac you can get a good sense of what is going on 'under the hood' by using the terminal and the 'ps' command. Typing:

ps -aeux

in a terminal window will give you a quick snapshot of what's happening; including commands, paths, and user processes running on your Mac.

For a 'live' view of what's going on you can use the 'top' command. The 'top' command has several options to allow absolute, cumulative, or delta display of system resource usage. To terminate top while it is running simply press 'q' on the keyboard and you will be returned to the prompt. To see more options for 'top' type:

man top | more

in a terminal window to view the man page for top.

Monday, November 01, 2004

Amazon.com: website info: faughnan.com .... and google.com

Amazon.com: website info: faughnan.com/

Amazon's A9 toolbar has an "about button" (Alexa of course). I tried it on my personal page (faughnan.com) and it took me to an Amazon.com listing for my web site! So I have an ASIN ID, just like a book: B00006E3JP. One can now use Amazon to write reviews on web sites. Mine had not been reviewed, so I couldn't resist contributing the first entry:
Ok, so it's my web site. The astounding part was playing with the (Firefox!) A9 toolbar and following the link -- to discover that my personal hobby/obsession web site has an ASIN number (B00006E3JP). So am I an author now?

This is really a fascinating development.

The data displayed is interesting. The domain probably dates to 1995. A9 lists the site as 'clinical systems design' because that appeared in an early domain registration (it's almost impossible to change that early registration information).

Somehow they also list my home phone number, but with an old area code. The fax number doesn't work either. The email address is a joke address that once belonged to my dog (she got too much spam, so we jointly agreed to delete the address).

I shall have to create a blog posting with this review; I do enjoy the self-referential aspect of all this.
It does look like Amazon is going to leverage their review technologies to rate web pages and augment their search. Here's the page for Google! This page lists Larry Page's (Google founder, now worth billions) contact info
Larry Page
2400 E. Bayshore Parkway
Mountain View, CA 94043
US
+1 650 318 0200, Fax: +1 650 618 1499
info@google.com
There are only 135 reviews for Google, which suggests this is a rather new toy.

Amazon has a toolbar specificially for Firefox

A9.com > A9 Toolbar

Definitely worth a try for Firefox fans.

gPhotoShow - the sad (spyware) fate of a once fine product

gPhotoShow - Slide Show Maker and Photo Screen Saver Creator

I loved gPhotoShow. It worked well on all my machines and was a pleasure to use. It was free, but I'd have paid for it. I didn't want to "pro version" -- forget why.

Recently I ran into problems installing the free version on a machine. I downloaded a new free version to see if that would work better.

On install, it mentioned it was supported by NavCell (sp?) and installation required installing the NavCell toolbar.

This is the modus operandi of spyware -- the lowest form of software (basically a self-inflicted virus).

Of course I aborted the install immediately and deleted the new version.

This is a sad end to what was once a fine piece of software.

Mac security tips - Mac OS X Hints

macosxhints - Regarding the 'opener' malware script

Similar to the Macintouch recommendations. My main takeaway:

1. Don't run as admin.
2. Don't install s/w that requires one to run as admin (Photoshop Elements 3, for example).