Monthly Archives: June 2008

First Trojan Based on ARDAgent Root Exploit

Secure Mac are reporting that they have found a trojan designed to take advantage of the ARDAgent root exploit that I posted about previously.

The Trojan dubbed “AppleScript.THT” allows the remote attacker full access to the system, steals usernames and passwords, hides by turning off system logging, opening firewall ports and can also be used to install key logging software, take pictures using the inbuilt iSight and to enable file sharing.

The Trojan come as either a compiled AppleScript titled ASthtv05 or as a disc image called ASthtv_06. In both cases, the files have to be downloaded and executed by the user. At the moment, the Trojan does not take advantage of any other Mac vulnerabilities to automatically infect new machines – but that’s probably only a matter of time.

Secure Mac are advising Mac users to use MacScan to protect themselves against the threat. Or you could just stop the ARDAgent service from running scripts as root.

Temporary Fix for ARDAgent Root Privilege Escalation

If you’re worried about the security problem with Apples Remote Desktop Sharing that I posted about yesterday, but still want to use the service, then here’s a quick solution:

Open Terminal and type, all on one line, the following command:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/
ArdAgent.app/Contents/MacOS/ARDAgent

Now if you use,
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'you should get your own username back.

The Meaning of Life on Mars

I stumbled across this article from the Boston Globe about what it would mean if life was discovered on Mars. The author argues that because we have no objective evidence that there is other life in the Universe, that there is a Great Filter that prevents the rise of civilisations technologically advanced enough to colonise the stars.

Based on the theory of this Great Filter, he goes on to argue that it either lies in our past or our future. His argument that if it is in our past, the probabilities are that we are the only self-aware civilisation in the Universe.

The opposite argument that this Great Filter lies in the future, and that at some point in our future the human race will become extinct before it develops the technology to colonise space.

Moving on to life on Mars, the author then argues that if we do find life on the red planet, this means that it is less likely that the Filter lies in our past and that it then lies in our future. If so, all we have to look forward to is the extinction of the human race.

I think the author makes one very naive assumption here. If life was found on Mars, no matter how biologically advanced it once was, that would suggest, to me anyway, that this Great Filter occurred at that point in the evolution of life on Mars – and on Mars only.

If you take the theory of a Great Filter as being true, you are still left with the fact that you are basing your results on the evolution of life on one planet, i.e. Mars. In fact, as long as any life found on Mars was less complex than that found on Earth, we have an example of a data set that contradicts the theory – we have our evolution on Earth. (Unless of course there is a more technologically advanced civilisation hiding deep under the Martian surface).

Based on this theory, we can then argue that if all live on Mars died out when life was less biologically complex than it is currently on Earth, that it is more likely that the Great Filter lies in our past, because we managed to pass that level of complexity a long time ago. (Though we do have to allow for the fact that I am also basing that result on a data set of 1.)

As for the fact that we have yet to find evidence of a technologically advanced civilisation outside of our solar system, all I can say is space is a big place. A very big place. While scientists have found exo-planets, the methods used, and the equipment they have at their disposal at this point in time, means that these planets are usually very large and very close to their stars, which is not where you’d expect to find recognisable life. (I say recognisable, because no-one is entirely sure what other forms of life are possible.)

No matter how much I think about, I can’t see that the finding life on Mars in any form, or complexity, means that we should be pessimistic about the future survival of the human race. In fact, it should be the opposite: life on Mars would show us that life can begin in more inhospitable places than Earth. If it can happen on a much smaller, colder planet than Earth, the chances of sentient life elsewhere in the galaxy will go up. If complex life did develop on Mars, then those odds go way up.

Mac OS X – Gain Root Privileges Through AppleScript

A serious security hole has been found in Mac OS X – both Leopard and Tiger are affected. The exploit allows someone with physical access to a Mac to run programs as the Root user.

The exploit uses the Apple Remote Desktop, (ARDAgent), application to execute a shell script. When the shell script is executed it is done so as Root. To test this, type the following command in Terminal:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

This command works even if Remote Desktop Sharing is disabled and the Root user is disabled in the Directory Utility. However, it will only work if the user is logged into the computer. It will not work if Fast User Switching has been used.

As this is a brand new exploit there is no fix as of yet.

Theme Development

I’m currently working a simple black and white theme for this blog. While I’m working out the kinks, you may see some minor changes. Don’t fret, it will be finished soon enough!

Heineken Cup 2009 – Draw

The draw was made this morning for the Pool Stages of the Heineken Cup 2009. This was the first draw to be made using the new ERC ranking system. Having won the Heineken Cup twice in the last 3 years, Munster were ranked number 1. The Pools are:

Pool 1

Munster, Sale, Clermont, Montauban.

Pool 2

Wasps, Leinster, Castres, Edinburgh.

Pool 3

Leicester, Perpignon, Ospreys, Benneton Treviso.

Pool 4

Stade Francis, Llanelli, Ulster, Harlequins.

Pool 5

Toulouse, Bath, Newport, Glasgow.

Pool 6

Biarritz, Gloucester, Cardiff, Calvisano.

The first round of games kick off on the weekend of the 10th October 2008.

Munster have a tough group. There’s no doubt that the away matches to Sale and Clermont will be prove to be both very difficult and very important to our qualification hopes, but the away match to Montauban could be a bit of a banana skin.

Playing any French side in France is tough, but so is playing against a team that you know so very little about. Montauban finished 7th in their first year in the Top 14. That’s not bad. What’s even more remarkable is that they were the first team to beat Stade Francais that season.

Euro 2008 – What a Bore

I’m sitting here watching the opening minutes of the Turkey and Czech Republic match in 2008. So far the highlight of the game so far has been a Turkish player changing his boots.

After less then ten minutes, I’m bored. Not just with this game, but with football in it’s entirety. I don’t have the interest to follow who’s playing for which team, or whether the last foul really deserved a yellow card or not.

My interest started to wane several years ago when players started to spend more time rolling around on the ground in faux agony than they did trying to score goals. That period also saw the huge increase in players wages. When players are regularly receiving in excess of STG£100,000 a week to kick a ball, you know there has to be something wrong with the world.

But what really bugs me are the rules of football. There’s no consistency. Not just within the game, but during a match. For example, two players jump for a high ball. In 90% of these cases the refferee will blow the whistle for some unnoticeable foul. If the free kick is near the box, then you’ll have at least 15 players in the box jostling for positions. They’ll push each other, tug at each others jerseys and generally do everything they can to break the oppositions concentration and movement. Where’s the whistle? Where are the yellow cards? Where is the ref? That bugs me. If you’re going to give a free because two lads had a minor collision in the air, then surely you should be giving frees, and yellow cards if required, for all the messing that goes on while waiting for a free kick to be taken?

Don’t get me start about defenders “shepherding” the ball over the line while physically holding the attacker back.

Just as well I follow rugby. At least in rugby, the physicality is part and parcel of the game. It’s true what they say:

“Rugby is a game for hooligans played by gentlemen, while football is game for gentlemen played by hooligans.”

Removing RSS Links in WordPress

The project I’m working on is a static site, so it doesn’t require a RSS feed. While I’m sure that it’s possible to remove the RSS functionality from WordPress completely, it’s probably a good idea not to. Messing around with the core functionality can do Bad Things.

A much easier way is to remove the links from your theme.

  • Using your preferred FTP program, browse to /wp-content/themes/theme_name/
  • Download header.php
  • Open the header.php file in your preferred text editor
  • Delete the following lines from the file:

<link rel=”alternate” type=”application/rss+xml” title=”RSS 2.0″ href=”<?php bloginfo(‘rss2_url’); ?>” />
<link rel=”alternate” type=”text/xml” title=”RSS .92″ href=”<?php bloginfo(‘rss_url’); ?>” />
<link rel=”alternate” type=”application/atom+xml” title=”Atom 0.3″ href=”<?php bloginfo(‘atom_url’); ?>” />

  • Save the changes and upload the new version of header.php into your theme directory.

Note 1: Not all three lines may be present in your theme.
Note 2: You can also comment out the RSS links using the HTML comment tags like this: <—— HTML Code ——>

WordPress 2.5 and Page ID’s

I’m currently working on a small project for a local business. As I’m under pressure for time, I’m using WordPress as a CMS.

Because I use pages for the site content, there are times when I need to know the page ID. For some reason the developers have decided it would be better that the admin interface no longer shows the page ID.

According to this thread on the WordPress forums, the solution is to mouse over the page link and check the URL in the browser status bar. Not a very elegant solution if you ask me. Help is at hand. Thanks to Nick Ohrn, there’s a plugin available to restore page ID’s. You can grab it from the official Restore ID WordPress plugin page.

Slow-Mo Mac OS X Expose Shortcut Key

The Function Keys F3 – F9 in Mac OS X gives you access to the various Exposé “views”. For example, pressing F3 on my MacBook shows all open application windows. (Depending on your Mac, the function keys may be mapped differently. Check System Preferences – Exposé & Spaces for a full list.)

While trying to figure out a keyboard shortcut, I happened upon a neat little “feature” of Leopard. By holding down the Shift key while pressing a function key gives a nice little slo-mo version of the Exposé transition.

I know that’s not a great explanation, but give it a try and you’ll see what I mean.