Re: Command Conquer Generals Demo
On Thu, 2004-04-08 at 20:28, Ryan Schotte wrote: Then again, I consider 1024x768 to be the bare minimum (on a 19 monitor, anything less looks awful). Hmm. I just finished doing some work for someone who had this nice big plasma screen (around 1m diagonal?) hooked up to his PC, but he was running it in 800x600... made me want to scream. If it was an actual plasma display, then they're not really capable of very high resolutions so it's probably fair enough (if still awful). Example: http://www.monitorgalaxy.com/catalog/2764.cfm . I'd love a plasma as a second display, but not at the going prices. I'd prefer a quality 21 CRT or 19 LCD (*drool*) for a primary monitor any day. Craig Ringer
bandwidth costs
Much as I'm inclined to complain about current bandwidth costs, this is just jaw dropping in comparison: http://whirlpool.net.au/article.cfm/1258 Yes, that's $4,000 per gig. Craig Ringer
Re: FW: Housekeeping for Macs
Make sure you have at least 15 - 20% of your HD disk space unfilled as files need to be expanded when copying etc. To assign extra RAM to P/S is easy - just select the P/S application with a single click then Get Info by Command-I then select memory and adjust to what you want. Also check in P/S what you have set as the Scratch has plenty of space left to work with files expansion and tasking. cheers, Brad Thanks for reply, Yes, I do mean rebuild the desktop. And I try not to have too many Apps open at once, usually just Entourage Photoshop. And yes the problems seem to only be with Photoshop. I've gone into System, Preferences deleted Photoshop's preferences, rebooted but still have probs. When I go to save my 250meg PSD files, it seems to take forever. And I'm now having problems trying to save my Photoshop raw files to JPG's. This has never happened before. I get an error message saying: Could not save because of a program error. TIA Denise on 8/4/04 4:30 PM, Robert Howells at [EMAIL PROTECTED] wrote: On Thursday, April 8, 2004, at 04:21 PM, Denise Williams wrote: Hi All My G4, running OS9.2 is becoming VERY SLOW But when ? Is this all the time ? How many Apps do you have open ? Is it only when you have Photoshop open ? Is it only when you are using photoshop ? When you say rearrange the desktop do you mean rebuild the Desktop ? You should not need to regularly Zap the P Ram ! Bob I'd like to know what is best to do to in the way of 'housekeeping'. I regularly zap the P Ram (and hold down for at least 4 pings) and I also rearrange the Desktop. What else can I do? How do I delete cookies? And yes I am using huge photo files all the time. When going into 'About this computer' I have 832MB of built in memory and Photoshop's blue bar is almost full, at 293MB. Should I allocate more space to Photoshop? If so, How? TIA Denise -- The WA Macintosh User Group Mailing List -- Archives - http://www.wamug.org.au/mailinglist/archives.shtml Guidelines - http://www.wamug.org.au/mailinglist/guidelines.shtml Unsubscribe - mailto:[EMAIL PROTECTED] WAMUG is powered by Stalker CommuniGatePro -- The WA Macintosh User Group Mailing List -- Archives - http://www.wamug.org.au/mailinglist/archives.shtml Guidelines - http://www.wamug.org.au/mailinglist/guidelines.shtml Unsubscribe - mailto:[EMAIL PROTECTED] WAMUG is powered by Stalker CommuniGatePro -- End of Forwarded Message -- The WA Macintosh User Group Mailing List -- Archives - http://www.wamug.org.au/mailinglist/archives.shtml Guidelines - http://www.wamug.org.au/mailinglist/guidelines.shtml Unsubscribe - mailto:[EMAIL PROTECTED] WAMUG is powered by Stalker CommuniGatePro -- Brad Helden Perth, Western Australia * The contents of this email transmission are confidential and may be protected by professional privilege. It is only intended for the named recipient/s of this email.
Lost favourites in IE
Dear list Since about the 1/4 I have lost all of my favourites, even Hotbar, in IE5. Even the ones I put back in disappear if I restart my Imac333. Could not download Virex 6 update as it would keep having an error. Eventually downloaded it through a thumb drive but the update did not find any viruses or trojans. Anybody got any ideas please? John C
First Trojan Horse for MacOS X reported
Mac security software firm Intego have reported what they claim to be the first Trojan horse (MP3Concept) to affect MacOS X. http://www.intego.com/news/pr40.html This thing apparently comes in on MP3 files, and can do all sorts of nasty things, including deleting all the files in your user account, emailing itself to other users, and infecting other files on your computer. The warning from Intego is to avoid double-clicking MP3 files. Of course, Intego are entreating us all to install their VirusBarrier software which will remove this nasty. At the same time, McAfee have released an update (v7.5 beta) to their Virex package, but apparently this does not detect MP3Concept. The virus has also been reported on other sites, including MacCentral, apple-x.net and MacNN. Looks like the fun's starting, folks... -- Peter Hinchliffe Apwin Computer ServicesFileMaker Pro Solutions Developer Perth, Western Australia Phone (618) 9332 6482Fax (618) 9332 0913 Mac because I prefer it -- Windows because I have to.
More on Trojan Horse
It may be a little too early to panic over this. Apparently, it's doubtful if the virus exists as anything more than a proof of concept that such a thing is possible. Read more in the reader responses at http://www.apple-x.net/modules.php? op=modloadname=Newsfile=articlesid=872mode=threadorder=1thold=0 -- Peter Hinchliffe Apwin Computer ServicesFileMaker Pro Solutions Developer Perth, Western Australia Phone (618) 9332 6482Fax (618) 9332 0913 Mac because I prefer it -- Windows because I have to.
Re: First Trojan Horse for MacOS X reported
In message [EMAIL PROTECTED] on Fri, Apr 09, 2004 at 10:34:17AM +0800, Peter Hinchliffe wrote: Mac security software firm Intego have reported what they claim to be the first Trojan horse (MP3Concept) to affect MacOS X. As an administrator of UNIX and Linux systems, I am intrigued by the wording of the Intego advice. It says Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application...double clicking the file launches the hidden code,...then iTunes. It then says users can no longer safely double-click MP3 files. From a technical point of view, this requires clarification. One possibility is that they are implying that someone is producing double-clickable applications with icons that are the same as iTunes' audio icons. Although this might be true, it's the same risk that you run when downloading any application. If you download a StuffIt archive or installer from the web, thinking it's a music file when in fact it's an application, this is no different to the risk you run when downloading any software on any platform. If, instead, they are definitely indicating that the ID3 tags can contain executable content within the valid structure of an MPEG audio file, then there are a number of issues at hand. The main one is that this must represent a bug in the audio player (e.g. iTunes), and that this vulnerability is dependent on the audio file being opened within that specific audio player. So, I hope they have made direct contact with Apple and that Apple release a security update. This type of 'data execution' vulnerability applies to all data formats/protocols and is therefore a routine risk that programmers must skillfully avoid. (Actually, it is possible for an operating system to provide a high degree of protection against this type of fault, but I am not sure of any such mechanisms within Mac OS X client.) The extent of the vulnerability depends on the application and the development on an exploit (for instance, it might just cause iTunes to crash). Also, ID3 processing flaws are well-known, and have affected a number of products on various platforms in the past. It is a shame that Apple has succumbed to such a flaw, but at least it can be fixed readily (if everyone can has access to an iTunes security update, that is). Intego's claims seem highly speculative (has the potential... could infect other files...), which makes me wonder how they can detect this Trojan, and whether they are talking about multiple Trojans (or none!). Can their product detect variations of this Trojan?
Re: First Trojan Horse for MacOS X reported
From apple-x.net Rob -- Is this the real deal? [UPDATE: This alert seems to be blown out of proportion. The only working code seems to be just a CONCEPT trojan for Mac OS X (especially since concept appears in the trojan's name). A Google groups thread has an actual working trojan that does not harm your computer, but just illustrates the vulnerability. Another dodgy fact about the press release is that it contradicts itself. First, the press release states that [t]he Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This is obviously wrong (unless someone at Apple really screwed up), because iTunes only reads and displays information in ID3 tags. The press release then goes on to say that Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. Here Intego says that the trojan creator simply masked the icon of the application to make it look like an MP3 file, rather than actually having any code in an ID3 tag of a real MP3 file. Clearly, the only possibility is the second case (and the concept code is precisely done in this second manner), but Intego didn't seem to have understood this. There's one flaw in the execution of this concept trojan, however. When you double-click the MP3 file, it becomes obvious it's an application if your Dock is visible -- an MP3 file appears in your Dock and starts bouncing. The only reason it looks like an MP3 file is because the application has no .app extension, but the creator named it with a .mp3 extension. Mac OS X interprets this to be an MP3 file, even though it does correctly identify it as an application when you get info on it. However, the fact that the MP3 icon appears bouncing in the Dock makes this an easily noticeable trojan. The application is a Carbon app, and Carbon apps may not have the ability to not have their icons appear in the Dock -- the fact that it is a Carbon application is why it is allowed not to have a .app extension, as all Cocoa apps require. If the application was a Cocoa application, it would have a .app extension, in which case the application would not have an MP3 icon on it. A custom icon could be applied in this case, however, to fool users AND have the Dock icon hidden, since Cocoa apps can definitely hide their icon in the Dock. Given how high profile this concept trojan has already become, let's hope that Apple will issue a security update to address this issue. Mac OS X can clearly identify what an application is or isn't (as evidenced by the Get Info window), so Mac OS X should display file icons based on the KIND of file, not its extension. Of course, this doesn't change the fact that a custom icon can still be applied to mask the trojan application. -- simX]
Re: First Trojan Horse for MacOS X reported
However, the fact that the MP3 icon appears bouncing in the Dock makes this an easily noticeable trojan. The application is a Carbon app, and Carbon apps may not have the ability to not have their icons appear in the Dock -- the fact that it is a Carbon application is why it is allowed not to have a .app extension, as all Cocoa apps require. If the application was a Cocoa application, it would have a .app extension, in which case the application would not have an MP3 icon on it. A custom icon could be applied in this case, however, to fool users AND have the Dock icon hidden, since Cocoa apps can definitely hide their icon in the Dock. Hmm. If it wanted to produce a little more uncertainty and doom, it could even launch iTunes when the trojan starts running ;) Of course type of trojan could have happened on OS 9 as well... it isn't something that OS X's extensions have helped produce. I am very glad that it's just a proof of concept -- it's even named virus.mp3.sit! But it wouldn't take much for someone else to run with the idea... Just have to be more careful about anything from an untrusted source I guess. Ryan
Enlarging text in article.
Hi Wamuggers, I have forgotten the key strokes to enlarge text on the screen, it's the 'old timers disease'!, can someone enlighten me please. BTW trying to find it using Mac Help is a waste of time :--(try typing 'magnify text' into it! Mac
Re: Enlarging text in article.
Hi, In message [EMAIL PROTECTED] on Fri, Apr 09, 2004 at 12:04:49PM +0800, Malcolm J McCallum wrote: I have forgotten the key strokes to enlarge text on the screen, it's the 'old timers disease'!, can someone enlighten me please. I can think of at least three different things you might be trying to do: 1/ Increase the size of text in your word processor so that it prints out bigger, 2/ Increase the magnification in your word processor so that it displays bigger on screen but prints out the same as before, 3/ Magnify the size of every programme on your whole screen. For the first one, it will depend on your word processor. In Microsoft Word, I think it's COMMAND+] to increase the size (you will need to select any existing text first, in order for it to increase). For the last one, it depends on whether you are running OS X or not. If you are running OS 8 or 9, you should perhaps look at the 'Easy Access' control panel. Perhaps there is help for Easy Access that tells you about keystrokes? If you are using Mac OS X, go into 'System Preferences' and have a play around with 'Universal Access'. There is also a Keyboards Shortcuts list under 'Keyboard Mouse'.
Re: Enlarging text in article.
On Friday, April 9, 2004, at 12:04 PM, Malcolm J McCallum wrote: Hi Wamuggers, I have forgotten the key strokes to enlarge text on the screen, it's the 'old timers disease'!, can someone enlighten me please. BTW trying to find it using Mac Help is a waste of time :--(try typing 'magnify text' into it! Try typing universal accessor seeing panel or just Apple Option + + Bob You did not say which OS But the last above works in Jaguar Mac -- The WA Macintosh User Group Mailing List -- Archives - http://www.wamug.org.au/mailinglist/archives.shtml Guidelines - http://www.wamug.org.au/mailinglist/guidelines.shtml Unsubscribe - mailto:[EMAIL PROTECTED] WAMUG is powered by Stalker CommuniGatePro
Re: Enlarging text in article.
Also, if you are wanting to increase the size of text in a web browser or PDF viewer, it will depend on what programme you're using. Commmon shortcuts or COMMAND with the equals sign or COMMAND with the plus sign. You should be able to find it in the menus (possibly under a 'View' menu).
Re: Enlarging text in article.
Thanks everyone :--) It was COMMAND + and = that I had forgotten. Mac PS panther BTW On 09/04/2004, at 12:17, James Devenish wrote: Hi, In message [EMAIL PROTECTED] on Fri, Apr 09, 2004 at 12:04:49PM +0800, Malcolm J McCallum wrote: I have forgotten the key strokes to enlarge text on the screen, it's the 'old timers disease'!, can someone enlighten me please. I can think of at least three different things you might be trying to do: 1/ Increase the size of text in your word processor so that it prints out bigger, 2/ Increase the magnification in your word processor so that it displays bigger on screen but prints out the same as before, 3/ Magnify the size of every programme on your whole screen. For the first one, it will depend on your word processor. In Microsoft Word, I think it's COMMAND+] to increase the size (you will need to select any existing text first, in order for it to increase). For the last one, it depends on whether you are running OS X or not. If you are running OS 8 or 9, you should perhaps look at the 'Easy Access' control panel. Perhaps there is help for Easy Access that tells you about keystrokes? If you are using Mac OS X, go into 'System Preferences' and have a play around with 'Universal Access'. There is also a Keyboards Shortcuts list under 'Keyboard Mouse'. -- The WA Macintosh User Group Mailing List -- Archives - http://www.wamug.org.au/mailinglist/archives.shtml Guidelines - http://www.wamug.org.au/mailinglist/guidelines.shtml Unsubscribe - mailto:[EMAIL PROTECTED] WAMUG is powered by Stalker CommuniGatePro
Older projector price?
Hi All! Just wondering if anyone knows how much older projectors go for these days? The ones that weighed 3 ton and did 800x600 resolution :-) Have a good Easter Wamuggers! Seeya Rod!
Re: More on Trojan Horse
On Fri, 2004-04-09 at 12:45, Peter Hinchliffe wrote: It may be a little too early to panic over this. Apparently, it's doubtful if the virus exists as anything more than a proof of concept that such a thing is possible. Uhm, from what I've read so-far, this is not a virus or a trojan horse at all. It's a concept of social engineering. The idea is that you can make an attachment look like one thing and be another. A virus spreads without your intervention - AFAIK this doesn't. A trojan horse pretends to be one thing while doing another - AFAIK this isn't. I know, right now some of you are jumping up and down and getting ready - or have already - hit the reply button and have all manner of argument. Let me point this out: A trojan horse pretends to *be* one thing while *doing* another. This doesn't pretend to be an MP3 file - it just looks like one - nor from what I read is it actually playable in iTunes - so it's not an MP3 - it's an application. Also it doesn't spread by itself - though it conceivably mail copies of itself to others if you launched it, so it's not a virus. Back to my original statement: This is social engineering So. Hope you've stopped being huffy, and got to this part - what do you do about it? For starters, don't launch things you get from people you don't know or don't expect. Second, don't launch things you get from people you don't know or don't expect. From my perspective this is just an attempt to create a marketing need for anti-virus software for the Macintosh. Here endeth the lesson (PS. I've you've got something to rebuke the above, I'm all ears - I don't profess to know everything about everything, but I'll confess I know a lot about a great many things to do with computing - hint: I've been doing this for a few years :-) (Second hint: My first computer was a Commodore Vic-20) Onno Benschop Connected via Optus B3 at S38°01'05 - E145°25'10 (Upper Beaconsfield, VIC) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - onno at itmaze dot com dot au
Re: More on Trojan Horse
On 9/4/04 1:28 PM, Onno Benschop [EMAIL PROTECTED] wrote: snip (Second hint: My first computer was a Commodore Vic-20) My first was a C64, so na na ne nah na! :-) All jokes aside, your points are very valid Onno. I'm sure the spread of virii in the PC world would be so much less if people didn't open attachments without thinking first, not send emails to people with the subject lines of Hi there! and so forth, and if using Outlook-style email programs, keeping the preview pane *closed*! A bit of commonsense goes along way in this world.. Seeya Rod!
Re: Older projector price?
On 9/4/04 1:08 PM, Rod Lavington [EMAIL PROTECTED] wrote: Hi All! Just wondering if anyone knows how much older projectors go for these days? The ones that weighed 3 ton and did 800x600 resolution :-) Have a good Easter Wamuggers! Seeya Rod! I should have clarified my message a bit better here - I'm looking to buy (thanks Kat!). Doesn't have to light up in a bright room, as it will mostly be used at night. Seeya Rod!
default app selection
HI everyone Could someone please advise me how to select the default application that is used by the OS when new documents, pictures, sound files, etc etc are copied or downloaded to the hard drive? For example, I have a Powerbook 15 G4 1000 running 10.3.3. I have downloaded some reference papers that are pdf's. The icon of these papers in the folder on the HD does not show the red Acrobat reader icon indicating they are pdf's? I have reader version 5 on the drive but have to open it then open the pdf paper, rather than clicking directly on the pdf. thanks for any help. It has got to be a simple one, but I just cant remember how to tell OSX how to do it Chris
Re: More on Trojan Horse
In message [EMAIL PROTECTED] on Fri, Apr 09, 2004 at 03:28:51PM +1000, Onno Benschop wrote: Uhm, from what I've read so-far, this is not a virus or a trojan horse at all. It's a concept of social engineering. The idea is that you can make an attachment look like one thing and be another. I'm not entirely sure what Intego are talking about -- I don't know if they have found code in the wild or whether they are simply pointing out the potential for malicious use. I did see a proof-of-concept virus.mp3.sit, which is a Trojan Horse -- as I recall, English wasn't Onno's first language ;-) (Just teasing.) I just downloaded virus.mp3.sit (not a virus) from the Google groups thread (can't remember where I found it) and unstuffed it. `file` identifies it as MP3 file with ID3 version 2.2.0 tag. The valid ID3 tag is followed by a valid MPEG 1 Layer III stream. From examining this file, I see that it contains a GEO general encapsulated object that itself encapsulates a PowerPC PEF header (Mac OS 9 executable) with filename virus.mp3 -- the same as the existing file. Perhaps iTunes extracts the GEO, overwriting the original virus.mp3 in the process? Then, when virus.mp3 is next opened, it is recognised as a PEF file and it is launched? I don't know if this is actually what happens (especially since it doesn't seem to have the proper 'metadata' to signify that the file is an application). But, if it is, then it would seem to arise from (a) the use of ID3 as a file archive and (b) the action taken by iTunes (namely, extracting files from that archive). Alternatively, iTunes is invoking the GEO directly? That seems very foolish. Perhaps there is some invalid length field in the header that causes iTunes to get confused? I don't know the specifics, but the proof-of-concept does seem to be a Trojan Horse. (Note: I have not tried running the proof-of-concept Trojan.) Normally, I think it is hard to spread Mac programme directly via e-mail because of the necessary 'metadata' (OS 9) or .app directory structure (OS X), which either give the game away or require extra steps to make the virus into a double-clickable application. This ID3 vulnerability (if it is true) would allow people to insert executables into valid, pre-existing audio files that could be sent easily via e-mail. (Second hint: My first computer was a Commodore Vic-20) Get a Mac! Oops ;-)
Re: default app selection
Click on the file then Get InfoOpen With Happy Easter, Regards Greg Manzie Macintosh G4 400 MHz (PCI graphics), 640 Meg RAM, OS10.3.3, 10 Gig 20 Gig internal HD's, SCSI card, Netgear RP 614 Router, Alcatel Speed Touch ADSL Modem through built in Ethernet. On 09/04/2004, at 3:04 PM, Chris Burton wrote: HI everyone Could someone please advise me how to select the default application that is used by the OS when new documents, pictures, sound files, etc etc are copied or downloaded to the hard drive? For example, I have a Powerbook 15 G4 1000 running 10.3.3. I have downloaded some reference papers that are pdf's. The icon of these papers in the folder on the HD does not show the red Acrobat reader icon indicating they are pdf's? I have reader version 5 on the drive but have to open it then open the pdf paper, rather than clicking directly on the pdf. thanks for any help. It has got to be a simple one, but I just cant remember how to tell OSX how to do it Chris -- The WA Macintosh User Group Mailing List -- Archives - http://www.wamug.org.au/mailinglist/archives.shtml Guidelines - http://www.wamug.org.au/mailinglist/guidelines.shtml Unsubscribe - mailto:[EMAIL PROTECTED] WAMUG is powered by Stalker CommuniGatePro Regards Greg Manzie Director Glyde Gallery Conservation Conservators, Consultants and Picture Framers for Museums, Art Galleries and Collectors 5 Glyde Street MOSMAN PARK Western Australia 6012 Telephone (08) 9383 3929 Mobile 0438 833 144 Email [EMAIL PROTECTED] ABN 89 154 124 265 Regards Greg Manzie Director Glyde Gallery Conservation Conservators, Consultants and Picture Framers for Museums, Art Galleries and Collectors 5 Glyde Street MOSMAN PARK Western Australia 6012 Telephone (08) 9383 3929 Mobile 0438 833 144 Email [EMAIL PROTECTED] ABN 89 154 124 265 Regards Greg Manzie Director Glyde Gallery Conservation Conservators, Consultants and Picture Framers for Museums, Art Galleries and Collectors 5 Glyde Street MOSMAN PARK Western Australia 6012 Telephone (08) 9383 3929 Mobile 0438 833 144 Email [EMAIL PROTECTED] ABN 89 154 124 265
Re: More on Trojan Horse
On Fri, 2004-04-09 at 16:11, Rod Lavington wrote: On 9/4/04 1:28 PM, Onno Benschop [EMAIL PROTECTED] wrote: snip (Second hint: My first computer was a Commodore Vic-20) My first was a C64, so na na ne nah na! So you're younger and dumber? grin Onno Benschop Connected via Optus B3 at S38°01'05 - E145°25'10 (Upper Beaconsfield, VIC) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - onno at itmaze dot com dot au
Re: More on Trojan Horse
On Fri, 2004-04-09 at 17:46, James Devenish wrote: I just downloaded virus.mp3.sit (not a virus) from the Google groups thread (can't remember where I found it) and unstuffed it. `file` identifies it as MP3 file with ID3 version 2.2.0 tag. The valid ID3 tag is followed by a valid MPEG 1 Layer III stream. So you can play it in an mp3 player? To make sure here, we're talking about a valid stuffit archive file that has a compressed file that when extracted is identified as an mp3? Now if you can actually play the mp3 and music happens *and* code executes that does something else, you've got a ridgey-didge Trojan, but I'm not yet convinced. From examining this file, I see that it contains a GEO general encapsulated object that itself encapsulates a PowerPC PEF header (Mac OS 9 executable) with filename virus.mp3 -- the same as the existing file. Perhaps iTunes extracts the GEO, overwriting the original virus.mp3 in the process? If that is the case, we're talking about an iTunes exploit, not a Trojan. Then, when virus.mp3 is next opened, it is recognised as a PEF file and it is launched? I don't know if this is actually what happens (especially since it doesn't seem to have the proper 'metadata' to signify that the file is an application). So now we're opening the same file twice? (While it got changed in the background...) That would mean more argument against a Trojan and more for an exploit - and social engineering project. I realise I'm arguing semantics here, but in this world I believe that this is important, because the difference determines where the fix lies - the User, the OS or iTunes. But, if it is, then it would seem to arise from (a) the use of ID3 as a file archive and (b) the action taken by iTunes (namely, extracting files from that archive). Alternatively, iTunes is invoking the GEO directly? That seems very foolish. Perhaps there is some invalid length field in the header that causes iTunes to get confused? I don't know the specifics, but the proof-of-concept does seem to be a Trojan Horse. (Note: I have not tried running the proof-of-concept Trojan.) If I were you and you didn't have a completely separate machine that you would be prepared to sacrifice, I wouldn't even have gone as far as you state you have... Normally, I think it is hard to spread Mac programme directly via e-mail because of the necessary 'metadata' (OS 9) or .app directory structure (OS X), which either give the game away or require extra steps to make the virus into a double-clickable application. This ID3 vulnerability (if it is true) would allow people to insert executables into valid, pre-existing audio files that could be sent easily via e-mail. I'd agree with that. (Second hint: My first computer was a Commodore Vic-20) Get a Mac! Oops ;-) I did - two years or so later - a Mac 512ED, which served me well for four years when I sold it just before the LC came out. Onno Benschop Connected via Optus B3 at S38°01'05 - E145°25'10 (Upper Beaconsfield, VIC) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - onno at itmaze dot com dot au
Re: More on Trojan Horse
On 09/04/2004, at 1:28 PM, Onno Benschop wrote: From my perspective this is just an attempt to create a marketing need for anti-virus software for the Macintosh. This was definitely my first reaction after reading the Intego report. The distressing thing, apart from the FUD factor, is that there is a huge (virus protection) industry out there that needs to be fed. I worry that it's looking on the Mac market as finger food. Just as an aside - I had to re-install re-install Windows XP for someone the other day. After erasing the partition and reinstalling XP, I immediately installed McAfee VirusScan Enterprise Edition. Between installing the OS and downloading the latest virus libraries, XP had already contracted at least 5 viruses by the time VirusScan started doing its thing. I can only conclude they came down with the virus libraries or they were already installed, courtesy of Micro$oft themselves. It's a self-perpetuating disaster. We need to run and hide from this. -- Peter Hinchliffe Apwin Computer ServicesFileMaker Pro Solutions Developer Perth, Western Australia Phone (618) 9332 6482Fax (618) 9332 0913 Mac because I prefer it -- Windows because I have to.
Re: More on Trojan Horse
On 9/4/04 4:18 PM, Onno Benschop [EMAIL PROTECTED] wrote: On Fri, 2004-04-09 at 16:11, Rod Lavington wrote: On 9/4/04 1:28 PM, Onno Benschop [EMAIL PROTECTED] wrote: snip (Second hint: My first computer was a Commodore Vic-20) My first was a C64, so na na ne nah na! So you're younger and dumber? grin Onno Benschop Younger, yes. Dumber, well, why buy the crappy base model when for a few extra bucks you can get a much better machine??? ;-) Hope the trip is going well Onno! Seeya Rod!
Re: More on Trojan Horse
On 9/4/04 4:59 PM, Peter Hinchliffe [EMAIL PROTECTED] wrote: On 09/04/2004, at 1:28 PM, Onno Benschop wrote: From my perspective this is just an attempt to create a marketing need for anti-virus software for the Macintosh. Out of interest, I notice Virex 7.5 beta has been released. Have installed it, and seems to run okay. As with all beta software, run at your own risk! Seeya Rod!
Re: Lost favourites in IE
On Fri, 2004-04-09 at 09:54, John Carlson wrote: Since about the 1/4 I have lost all of my favourites, even Hotbar, in IE5. Even the ones I put back in disappear if I restart my Imac333. I've seen that happen when the disk is 100% full, but it's more commonly caused by corrupt application preferences or disk corruption. Run disk first aid from a CD, and verify your disk. Also try completely removing the IE prefs (this _will_ lose all your bookmarks and settings). I suggest making a backup of the prefs as a stuffit file before deleting them - just in case. Craig Ringer
Re: More on Trojan Horse
On Fri, 2004-04-09 at 18:58, Rod Lavington wrote: On 9/4/04 4:18 PM, Onno Benschop [EMAIL PROTECTED] wrote: On Fri, 2004-04-09 at 16:11, Rod Lavington wrote: On 9/4/04 1:28 PM, Onno Benschop [EMAIL PROTECTED] wrote: snip (Second hint: My first computer was a Commodore Vic-20) My first was a C64, so na na ne nah na! So you're younger and dumber? grin Onno Benschop Younger, yes. Dumber, well, why buy the crappy base model when for a few extra bucks you can get a much better machine??? Ahh, because when I bought my Vic 20, the Commodore 64 didn't exist... ;-) Indeed... Hope the trip is going well Onno! Yeah, bit lonely socially, so I rile some WAMUGgers when I can :-) Onno Benschop Connected via Optus B3 at S38°01'05 - E145°25'10 (Upper Beaconsfield, VIC) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - onno at itmaze dot com dot au
Re: More on Trojan Horse
On 9/4/04 5:15 PM, Onno Benschop [EMAIL PROTECTED] wrote: Hope the trip is going well Onno! Yeah, bit lonely socially, so I rile some WAMUGgers when I can :-) And an excellent job you are doing of that! Have a good Easter! Seeya Rod!
Re: First Trojan Horse for MacOS X reported
On Fri, 2004-04-09 at 10:34, Peter Hinchliffe wrote: This thing apparently comes in on MP3 files, and can do all sorts of nasty things, including deleting all the files in your user account, emailing itself to other users, and infecting other files on your computer. The warning from Intego is to avoid double-clicking MP3 files. While the actual issue appears to be blown out of all proportion (anyone remember the JPEG virus for Linux? *lol*), it does appear to raise a valid issue. By supporting type/creator codes, file extensions, and other methods of identifying files, the MacOS can and will run into areas where it identifies a file one way for display, and another when actually opened. This is very similar to the eternal problems Microsoft has with IE, where it will display information based on the MIME type, and act based on the file extension, or vice versa. This will almost certainly lead to significant security problems, just as it has on Windows. Users who are aware now that a file with a given icon and listed type may not actually be that sort of file will be safer - so keep that in mind, especially when you get email. Alternately, instead of thinking only Windows users need to worry about attachments, think I'll be careful anyway - and avoid being bitten when the first /real/ Mac worm hits. (Note: the same goes for users of other plaforms. Linux users in particular seem far too happy to say it'll never happen to us.). Craig Ringer
Re: More on Trojan Horse -- discussion of Trojan Horse terminology
In message [EMAIL PROTECTED] on Fri, Apr 09, 2004 at 06:32:24PM +1000, Onno Benschop wrote: To make sure here, we're talking about a valid stuffit archive file that has a compressed file that when extracted is identified as an mp3? Yes (I tried this under Mac OS X). Now if you can actually play the mp3 and music happens Yes (though I only tried this under Linux/Pentium). *and* code executes that does something else, I haven't tried this under Mac OS X. From examining this file, I see that it contains a GEO general encapsulated object that itself encapsulates a PowerPC PEF header (Mac OS 9 executable) with filename virus.mp3 -- the same as the existing file. Perhaps iTunes extracts the GEO, overwriting the original virus.mp3 in the process? If that is the case, we're talking about an iTunes exploit, not a Trojan. Not necessarily. iTunes would not be executing the code itself -- it might merely be following a liberal interpretation of ID3 (eek!). While this would be a misfeature in iTunes, the malicious binary would actually be launched by the Finder. Thus, if ID3 provides a sanctioned way to initiate the extraction of arbitrary files hidden within music, I would think it to be an example of the Trojan Horse phenomenon. It would be possible, for example, for a cracker to insert malicious code into other people's audio files as part of website defacement. Although Trojans are by their definition (hmm...what definition?) a social engineering exploit, a pure social engineering exploit would not need to involve the concealment of an executable payload. I did think at first that it must be iTunes-specific, because iTunes is the default player for MP3 files. (Intego hasn't provided sufficient details.) However, it might be a common vulnerability amongst audio players that interpret ID3 headers. On most UNIX systems, however, you'd also need to set the executable permission -- something that probably can't be conveyed via ID3. I suspect that it's unlikely that a malicious exploit would be a virus -- more likely a worm. So now we're opening the same file twice? Not by the sound of what I've read on the web. (The double-open procedure was merely my own speculation.) I realise I'm arguing semantics here, but in this world I believe that this is important, because the difference determines where the fix lies - the User, the OS or iTunes. I suspect this problem does not lie with the OS or the user. It's either with ID3 or iTunes (most likely: iTunes' overzealous honouring of ID3). If I were you and you didn't have a completely separate machine that you would be prepared to sacrifice, I wouldn't even have gone as far as you state you have... I didn't believe that a StuffIt Expander, `vim` or `file` exploit was involved. However, you are correct that I don't consider my test machine 'entirely sacrificial'. I did think twice before using StuffIt Expander, and perhaps I shouldn't have carried through with it. However, I cannot see any evidence that any files were modified as a result of 'unstuffing' the file (apart from com.stuffit.Expander.plist, which I have now removed), nor can I see any suspicious processes. Get a Mac! Oops ;-) I did - two years or so later - a Mac 512ED, which served me well for four years when I sold it just before the LC came out. Ah, yes, I think the 512K was my mainstay during primary school.
Re: More on Trojan Horse -- discussion of Trojan Horse terminology
On Fri, 2004-04-09 at 17:21, James Devenish wrote: I suspect this problem does not lie with the OS or the user. It's either with ID3 or iTunes (most likely: iTunes' overzealous honouring of ID3). iTunes does support storing album covers or somesuch, doesn't it? Perhaps it supports storing images in ID3 data, and that support is a little _too_ flexible? Craig Ringer
Re: More on Trojan Horse -- discussion of Trojan Horse terminology
On Fri, 2004-04-09 at 19:21, James Devenish wrote: In message [EMAIL PROTECTED] on Fri, Apr 09, 2004 at 06:32:24PM +1000, Onno Benschop wrote: Yes (though I only tried this under Linux/Pentium). *and* code executes that does something else, I haven't tried this under Mac OS X. From examining this file, I see that it contains a GEO general encapsulated object that itself encapsulates a PowerPC PEF header (Mac OS 9 executable) with filename virus.mp3 -- the same as the existing file. Perhaps iTunes extracts the GEO, overwriting the original virus.mp3 in the process? If that is the case, we're talking about an iTunes exploit, not a Trojan. Not necessarily. iTunes would not be executing the code itself -- it might merely be following a liberal interpretation of ID3 (eek!). While this would be a misfeature in iTunes, the malicious binary would actually be launched by the Finder. Yeah, except that iTunes is the one making the .mp3 into an executable. Thus, if ID3 provides a sanctioned way to initiate the extraction of arbitrary files hidden within music, I would think it to be an example of the Trojan Horse phenomenon. Yup, but my understanding of the ID3 definition is that it contains meta-data like artist, name, album etc. There should be no extraction required to get this stuff out. Merely from this byte, or from this delimiter to this delimiter is the name of the artist. I wouldn't have thought that the ID3 definition had any means of packaging anything - unless iTunes decided that it would be cool to say that from this byte to this byte is a compressed image that can be extracted as a separate file, in which case the guy who thought of that is a moron. It would be possible, for example, for a cracker to insert malicious code into other people's audio files as part of website defacement. And it would be pretty subtle too, evil... Although Trojans are by their definition (hmm...what definition?) Here are some :-) The Collaborative International Dictionary of English v.0.48 Trojan horse Trojan horse`, n. from the incident described in Homer's Iliad. 1. (Classical mythology) a large hollow wooden horse built by Greek soldiers besieging Troy during the Trojan War, and left as a gift when they pretended to abandon their seige. It was taken into the city by the Trojans, and Greek soldiers concealed inside came out and opened the gates to the city, enabling the capture of the city by the Greeks. RP + PJC 2. Hence, any thing or person which appears harmless but is designed to destroy or attack from within. It may sometimes refer to a group; -- see also fifth column. RP + PJC 3. (Computers) A computer program designed to evade the security precautions within a computer system and perform illicit operations, or to do malicious damage, and often designed to look like a different kind of program, such as a game, archiver, or directory lister. This term is not applied to a program that replicates itself, such as a virus. RP + PJC The Collaborative International Dictionary of English v.0.48 fifth column fifth` column, n. from a statement during the Spanish Civil War (1936) that the Falange had four columns of soldiers marching on the city, and a fifth column already there (i.e. sympathizers inside the Republican lines). 1. a group of persons inside the battle lines of a territory engaged in a conflict, who secretly sympathize with the enemy, and who engage in espionage or sabotage; -- sometimes also referred to as a trojan horse. RP 2. Hence, any faction of persons within a group who secretly sympathize with an enemy, especially those who engage in activities harmful to the group; an enemy in one's midst; a group of traitors. RP WordNet (r) 2.0 (August 2003) Trojan horse n 1: a subversive group that supports the enemy and engages in espionage or sabotage; an enemy in your midst syn: fifth column, Trojan horse 2: a program that appears desirable but actually contains something harmful; the contents of a trojan can be a virus or a worm; when he downloaded the free game it turned out to be a trojan horse syn: trojan 3: a large hollow wooden figure of a horse (filled with Greek soldiers) left by the Greeks outside Troy during the Trojan War syn: Trojan Horse, Wooden Horse The Free On-line Dictionary of Computing (19 Sep 2003) Trojan horse application, security (Coined by MIT-hacker-turned-NSA-spook Dan Edwards) A malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses! A Trojan horse is similar to a back door. See also RFC 1135, worm, phage, mockingbird.
Re: Onno and the Trojan Horse
On Fri, 2004-04-09 at 12:45, Peter Hinchliffe wrote: It may be a little too early to panic over this. Apparently, it's doubtful if the virus exists as anything more than a proof of concept that such a thing is possible. Uhm, from what I've read so-far, this is not a virus or a trojan horse at all. It's a concept of social engineering. The idea is that you can make an attachment look like one thing and be another. A virus spreads without your intervention - AFAIK this doesn't. A trojan horse pretends to be one thing while doing another - AFAIK this isn't. (PS. I've you've got something to rebuke the above, I'm all ears And I thought it was nose... :-) - I don't profess to know everything about everything, but I'll confess I know a lot about a great many things to do with computing I see you're still working on your modesty! - hint: I've been doing this for a few years :-) (Second hint: My first computer was a Commodore Vic-20) and my first computer was an IBM 1620(?) in 1973. It was the first computer at UWA, and took up about a lounge room. UWA decommissioned it for a new machine and turned it over to students to play with. I used to sneak into the Physics building to play with it on weekends. Andrew Marriott who teaches in Comp Sci at Curtin was another, with a guy called Mike Palm. All input and output from the computer was thru punched cards, even loading the operating system. I would guess the operating system took up 800 cards - 800 lines of code. How things have changed... Anyway, Sev Crisp from Albany, who was teaching me Physics at the time, probably used this machine before I got to it. I used to do fun(?) things like solving integrals numerically using the Newton-Rhapson method. It took 20 minutes for something a $200 calculator would now do in a flash. Back to my wheelchair... Rob PS. I first used email and chat in 1982. -- --- Dr Rob Phillips, Senior Lecturer,[EMAIL PROTECTED] Room 4.38 Teaching and Learning Centre, Library North Wing Murdoch University, South St, Murdoch, 6150, Perth, AUS Phone: +61 8 9360 6054 Mobile: 0416 065 054 Chair, 2004 ASCILITE Conference, http://www.ascilite.org.au/conferences/perth04/ ---
computer speakers
I'm looking for some advice... my borrowed stereo has gone back to its rightful owner and as an interim solution I'm looking for some computer speakers for my dual 800 g4 I'm only willing to spend around $200 what do people recommend? thanks Sam
Good link for those with Mac OSX servers
http://diveintoosx.org/ -- Mrs Nathalie Collins Box A176, Australind WA 6233 AUSTRALIA Tel Fax: (+61) 8 9796 0509 Mobile: (+61) 43 989 1998 --
Re: Trojan Horses, Dachshunds and Easter
On 9 Apr 2004, at 6:37pm, Rob Phillips wrote: Anyway, Sev Crisp from Albany, who was teaching me Physics at the time, probably used this machine before I got to it. I used to do fun(?) things like solving integrals numerically using the Newton-Rhapson method. It took 20 minutes for something a $200 calculator would now do in a flash. Back to my wheelchair... Wheelchair? Oh my god you have a wheelchair? We bought a new blue electric scooter on eBay! Sorry, Have you seen Larson's cartoon of the dachshund trojan horse? That's something else indeed. You need to have had a dachshund to really appreciate that story, and his cartoon. So what sort of Mac attack would a miniature dachshund virus be... indeed! Regards and have a wonderful Easter Reg and Elaine
SCSI Connections
Hi My old HP scanner has a 25 pin scsi connector, my new G4 has a 50 hole SCSI SE card. Is there an adapter available to get them to connect. Regards Clive TIA
