Weak spots found in Apple’s Leopard

1 11 2007

Computer owners installing Apple’s new operating system, Mac OS X Leopard, may be making their machines less secure, according to experts.

Features of the new system designed to protect a user’s computer from hostile attack do not work as efficiently as they should, and could lead to hackers being able to install malicious software, according to the security firm Heise.

The default setting for Leopard’s firewall – which is supposed to block unauthorised access to the machine – is to “allow all incoming connections,” a report by Heise said. If a user has upgraded from an existing Mac system which had a firewall activated, the protection is de-activated, the report added.

The weaknesses mean that “system services representing potential access points for malware” are accessible via the internet, and that unauthorised connections to such services could be established “even under the most restrictive setting,” according to Jurgen Schmidt, a researcher who analysed the system.

Mr Schmidt stressed that the “peculiarities” of Leopard were “not security vulnerabilities in the sense that they can be exploited to break into a Mac,” but said Apple would be “well advised to sort them out pronto.”

In a separate development, Apple users were warned about a new ‘trojan horse’ – a type of malware – which masqueraded as a download necessary to view certain video content.

Symantec, the security firm, said that the trojan – which was found a number of pornography sites – was a sign that “the Mac is becoming popular enough that the ‘bad guys’ think it is worth spending time and effort in developing malware for the Mac OS.”

Apple was not immediately available for comment.

Advertisements




Mac OS X vulnerable? Trojan horse on the move

1 11 2007

Security software firm Intego is warning Mac OS X users today about a trojan horse that targets the Mac. OSX.RSPlug.A is showing up on pornography sites disguised as a movie. When someone clicks the link to watch the video clip, a Web page states that a new QuickTime codec must be installed. Opening the disk image that downloads results in the installer asking for an administrative password (which is the first serious sign of trouble); if the option to Open “Safe” Files After Downloading is enabled in Safari, the image opens automatically (you should disable that feature in Safari; see “Significant Safari Exploit Discovered,” 2007-09-07).

Once given root access, the trojan changes the computer’s DNS settings to point to phishing sites or ads for other pornography sites. Even if the DNS is reset manually, a background task added by the trojan changes the DNS again automatically.

Rob Griffiths at Macworld has written up instructions for removing OSX.RSPlug.A manually; Intego’s VirusBarrier X4 with updated virus definitions for 31-Oct-07 also identifies and removes the trojan. Griffith writes: “This is really bad. Really. And even though it’s targeted at porn surfers today, the malware could easily be associated with anything else, like a new viral video site, or a site that purports to show commercials from the upcoming Super Bowl.”

As always, the best defense against such attacks is to not install third-party software that you’re not familiar with, especially any that require an administrator password. Although the Mac has proved remarkably resilient to the threat of viruses and other malware, it’s not immune.





Lightroom update for Leopard users on the way

31 10 2007

An update to make Lightroom 1.2 fully compatible with Leopard Mac OS X 10.5 should be available mid-November, Adobe has announced.

The company says photographers can continue using the photo management software in Leopard without too much issue, but stressed that the current version of Lightroom 1.2 is not fully compatible with Apple’s new operating system.

Adobe recommends that users refer to a list of known compatibility issues published on Adobe’s Lightroom Journal Web site before deciding whether to use the current version of Lightroom with Leopard. It also issued this warning:

 

(Credit: Apple)

 

“The interaction between Leopard’s Time Machine and Lightroom’s catalog files is unknown at this time. Running Time Machine backup or restore operations while Lightroom is in use is not recommended until more information can be obtained,” Tom Hogarty, Adobe Lightroom Project Manager, said in a statement.

Most of the Lightroom/Leopard compatibility problems involve visual issues with the interface rather than functionality. For example, users may have to open and close left-side panels to get the Develop module to display properly. Other glitches are more serious, such as the Print module not loading at all for some Leopard users.

Adobe stated previously that its Creative Suite 3 versions of Photoshop, Illustrator, InDesign, Flash, Dreamweaver, and Fireworks are safe for continued use in Leopard.

While not directly related to the use of Adobe Lightroom, photographers commonly dealing with frequent backups and file sharing should also be aware that Leopard’s Time Machine will not support AirPort Extreme’s AirPort Disk. This is the feature that allows users to plug an external hard drive into AirPort Extreme and share its files over a secure network.

Credit : C|Net News





Leopard Installer – Case of the disappearing Volumes!

31 10 2007

Discussions boards are filling with reports of odd behavior with the Leopard Installer. I joined that experience yesterday with my first attempt at the upgrade.Since I have some important apps in my workflow that have yet to be declared fully Leopard compatible, I decided to wait on upgrading the primary drive in my MacBook Pro. Instead, I planned to upgrade to an external hard drive; and to begin that journey, I cloned the entire contents of my notebook to a volume on a USB 2.0 HDD.

After rebooting into the Leopard Installer DVD, I began the process of clicking through various screens. Soon, I ran into a serious roadblock: in the “Destination” screen where we choose the volume to be upgraded, no volumes appeared. Nothing. Read the rest of this entry »





Leopard crosses 2 million sales mark

31 10 2007

Apple said it sold more than 2 million copies of the latest version of its operating system, Mac OS X Leopard, since its release on Friday.

Leopard introduces new features to Apple PCs, including automatic backup, a quick way to browse and share files over multiple Macs, and a new way to see files without opening an application, the company said in a statement.





Mac OS X Hints – Convert a drive from Apple Partition Map to GUID

31 10 2007

While upgrading the laptop hard drive on my Macbook, I inadvertantly partitioned the new hard drive in the “Apple Partition Map” mode, which is reserved for PowerPCs. The normal partition type for a Intel Mac boot drive is GUID. My Intel Macbook still booted from this drive, but having my hard drive in Apple Partition Map mode had two severe drawbacks:

  1. I couldn’t install Boot Camp.
  2. I couldn’t upgrade to Leopard!

I read a couple guides online, and they involved simply copying your user folder and reformatting the drive, but I wanted a method that copied absolutely everything so that I wouldn’t have to install my horde of apps. So, here’s how I went from an Apple Partition Mapped drive to a GUID drive for Leopard, without losing any of my data, settings, or having to re-install my applications.





Mac OS X Hints – Change your login shell in leopard

31 10 2007

To change the login shell of your account in Leopard, do this… 2br Control-click on your account name in the Accounts pane of System Preferences and choose Advanced Options in the contextual menu that appears (you’ll have to unlock the pane first, by clicking the lock icon).

In the resulting Advanced Options screen, either type in the path to your preferred shell, or choose among the various shells already installed in /bin: bash, tcsh, sh, csh, zsh, or ksh. Finally, click on OK.

The note at the top of the Advanced Options screen claims you have to restart for the change to take effect, but you really just need to log out and back in again.