Time Machine

I started using time machine with the network drive hack…

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

This turned out to be a life saver. Last Monday at work things started slowing down, big time. Eventually everything locked up. I could move my mouse but the OS would not accept keyboard input and none of the open apps would respond.

I powered it down and it booted up to the ? folder. I booted into my Leopard DVD and opened disk utilities. No hard drive was detected. How bad is that?

On the new MacBooks the hard drive is a user serviceable part. They had a replacement hard drive to me the next day.

Restoring from my time machine backup got me up and running in no time at all. I found that there are two ways to restore during the leopard install process.

1. Stop the install and go to the utilities menu. Select the time machine restore option and it will restore the entire hard drive as it was before.

2. Go through the install process as you would for a fresh install with your time machine drive plugged in. After the install reboots it will ask you what you want to restore. If memory serves it had check boxes for…

  • Home directory
  • Applications
  • Settings
  • Everything else

The “everything else” is useful if you have fink installed as its outside the normal directory structure.

EDIT: Now I know why the drive failed. 🙂   It was the same model as the article reports and I did hear loud clicking.  Mystery solved.

Chinese Hard Drive Manufacturer Embeds Trojan

“Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said.”

“The affected hard discs are Maxtor Basics 500G discs.”

“The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.”

“Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.”

source: http://www.taipeitimes.com/News/taiwan/archives/2007/11/11/2003387202

This sounds rather sensational, eh? I certainly hope it is.

Lets start with the “carried two Trojan horse viruses” part. This is a common mistake made by writers who don’t know anything about technology or information security. The word “viruses” is incorrect. To qualify as a virus the malicious software would require a propagation mechanism. As best I can tell from the articles, this is just a run of the mill trojan.

Next we see that they believe a hard drive shipped to a defense contractor or government agency wouldn’t be formated before being put into production. I will admit that from time to time large organizations may seem inept (none of us are as dumb as all of us) but policy and procedure should be in place to prevent things like this.

The same hysteria came about in May of 06 with Lenovo at which time I made the same argument. The only difference in this case is that this is an actual threat instead of a perceived threat.

In the article it also says…

“The tainted portable hard disc uploads any information saved on the computer automatically and without the owner’s knowledge to www.nice8.org and www.we168.org, the bureau said.”

So following this trail starting with nice8.org we come up with;

Domain ID:D145807509-LROR
Domain Name:NICE8.ORG
Created On:11-May-2007 07:20:24 UTC
Last Updated On:27-Sep-2007 05:57:07 UTC
Expiration Date:11-May-2008 07:20:24 UTC
Sponsoring Registrar:Xin Net Technology Corporation (R118-LROR)
Status:OK
Registrant ID:JHV8DUH7W9TIL
Registrant Name:ga ga
Registrant Organization:gaga
Registrant Street1:gagaga
Registrant Street2:
Registrant Street3:
Registrant City:gaga
Registrant State/Province:Beijing
Registrant Postal Code:126631
Registrant Country:CN
Registrant Phone:+86.2164729393
Registrant Phone Ext.:
Registrant FAX:+86.2164660456
Registrant FAX Ext.:
Registrant Email:safsafsa@ca.ca

Apparently we are dealing an evil mastermind named “Ga ga” who lives on “gagaga street”.  I have heard grumblings of this mad man in the hacker underground.  Okay, so its made up… probably random keyboard bashing.  Dead end.  You get similar worthles results when whois’ing we168.0rg.  Both of which are down now.

Mac OS X Trojan in the Wild

There are reports of an in-the-wild Trojan horse program that targets
Mac OS X systems.  Users are encouraged to visit malware-serving sites
through spam messages in Mac forums.  The Trojan, which pretends to be
a QuickTime plug-in, can hijack users’ search results, sending them to
websites the attackers want them to visit.

http://isc.sans.org/diary.html?storyid=3595
http://www.scmagazineus.com/Trojan-targets-Mac-users/article/58290/

This is yet another example of malware exploiting stupidity and thats all.  I am sick of people jumping at every trivial little article they find regarding mac malware and saying “see, the mac isn’t safe either”.

First off, nothing is ‘safe’… just safer.  Second, you can have the most secure operating system in the world but if someone is stupid enough to install malicious software onto it then it will be infected just like windows.

When I see a self-propagating  worm that exploits a zero-day vulnerability in OS X, only then will I change my rant… but only slightly. 🙂

OS X 10.5 Leopard File Share Issue

I just picked up a copy of Leopard and am LOVING it so far.  Spaces, stacks, cover flow and the new finder — alone — make it worth the upgrade.

Although I have found one minor issue.  When mounting a hidden share (active directory smb://servername/share$) it mounts it as you would expect… but then when you go browse back to in finder it will not display the share.

Now when mounting a share it will display the server name in the left area of finder, when clicking on that server it displays all shares that you have access to.  I am assuming because the share is hidden it is unable to enumerate it from the server, but it obviosly works because it opened it when I specificly told it where the share is located.

Hopefully they fix this in a update because I am not able to find anything on it on their support site.

New layout

My friend, Andrew, will be assisting me with the new design and layout.  He was my partner in crime in the creation of metaguard, membrane and metazoa.

He said that he will begin work on during the Thanksgiving break.  Although it just occurred to me that he lives in Canada.  I didn’t realize that people from Canadia [sic] celebrated Thanksgiving. 🙂

Microsofts ‘Stealth’ Update

Microsoft has done it again.

We receive reports from our WSUS server telling what updates are rolling out to what servers. So when I started receiving TripWire reports indicating files being altered on a bunch of windows boxes I got concerned.

I started opening the files with hex editors looking for strange junk and ran sigverif to see if files are properly signed. After doing that I detected nothing fishy.

So why did these files change?!

After doing a couple quick searches the answer became clear… Microsoft pushed some updates that it told no one about. These updates come even if you choose not to have updates downloaded automatically.

In this world of heightened security awareness, file integrity verification and patch pre-validation I can’t think of why they would do this.

I guess its just Microsoft’s way.