Monday, March 30, 2009
More Safe or More Secure ( Mac Vs PC )
After our dear Mac been p0wned and Charlie gave a long interview to Tom's Hardware we came with this:
"PC is more secure ( technology wise) and Mac are more safe ( real world wise ) "
So, it is your choice: you can get a house in a really bad area with gun shots and police and FBI running around AND inside your house ( allow or deny ?) that will have a submarine style double steel doors and STILL have malware and spyware breaking in with or without your assistance : hackers are not sleeping. Or ... you can get Mac. It does not have all security gadgets build in Vista like memory randomization and you may not even find a Antivirus for OS X ( that will actually hunt some OS X germs - not much to hunt for and such products normally filter out windows viruses) but it will be like ... having a house in a nice place. I would not say : house without doors ( or walls - that is "Windowz(TM") ): OS X is based on secure multiuser core of UNIX, but it streamlined nature does not do much by itself to prevent turning bugs in to software exploits. Apple and other vendors keep fixing bugs and it is not that much different from other OS in this respect.
Per Charlie Miller, that trend may still continue for a while ( at least 2-3 years) and Mac and OS X may still remain "more safe", after all, not much changed after he broke into Safari a year ago and do not forget that all computers ( even Latest Windowz) was p0wned :-) So it is not like Windows security prevents hackers from breaking in ( sucks )
Also main attack vector is Browser+plugins and venerable JavaScript ( and it bugs)
So, it is up to you, dude, what to choose: more Safe or more Secure. :-)
We will see what Snow Leopard will add to security ( it is all about speed, stability and security ), but in the mean while, try to be smart: run as less privileged users, keep updating s/w, do not go to "bad sites", do not open attachments or run unknown s/w and if you extra paranoid you can disable Java Script and plugins ( but that will be hard to tolerate ) or try Opera for your browser.
... and of course, hope for the best and be "more safe":-)
"PC is more secure ( technology wise) and Mac are more safe ( real world wise ) "
So, it is your choice: you can get a house in a really bad area with gun shots and police and FBI running around AND inside your house ( allow or deny ?) that will have a submarine style double steel doors and STILL have malware and spyware breaking in with or without your assistance : hackers are not sleeping. Or ... you can get Mac. It does not have all security gadgets build in Vista like memory randomization and you may not even find a Antivirus for OS X ( that will actually hunt some OS X germs - not much to hunt for and such products normally filter out windows viruses) but it will be like ... having a house in a nice place. I would not say : house without doors ( or walls - that is "Windowz(TM") ): OS X is based on secure multiuser core of UNIX, but it streamlined nature does not do much by itself to prevent turning bugs in to software exploits. Apple and other vendors keep fixing bugs and it is not that much different from other OS in this respect.
Per Charlie Miller, that trend may still continue for a while ( at least 2-3 years) and Mac and OS X may still remain "more safe", after all, not much changed after he broke into Safari a year ago and do not forget that all computers ( even Latest Windowz) was p0wned :-) So it is not like Windows security prevents hackers from breaking in ( sucks )
Also main attack vector is Browser+plugins and venerable JavaScript ( and it bugs)
So, it is up to you, dude, what to choose: more Safe or more Secure. :-)
We will see what Snow Leopard will add to security ( it is all about speed, stability and security ), but in the mean while, try to be smart: run as less privileged users, keep updating s/w, do not go to "bad sites", do not open attachments or run unknown s/w and if you extra paranoid you can disable Java Script and plugins ( but that will be hard to tolerate ) or try Opera for your browser.
... and of course, hope for the best and be "more safe":-)
Labels: OS X security vs Windows
Wednesday, March 25, 2009
Dreams about WWDC09
This is me and Mario dreaming about WWDC09 and new iPhone 3.0 :-)
...btw, according to rumors it will happen in June 2009 (probably) . See you all in Moscone West :)
UPDATE: I guess Steve Jobs read my blog, so I got e-mail. After seeing how we are exited, a date is finally revealed!
When is WWDC?
WWDC takes place June 8-12, 2009
Yeah !!!!
Another update: Mario is NOT coming. He is drinking way too much of Cool Aid recently and started to like it.
...btw, according to rumors it will happen in June 2009 (probably) . See you all in Moscone West :)
UPDATE: I guess Steve Jobs read my blog, so I got e-mail. After seeing how we are exited, a date is finally revealed!
When is WWDC?
WWDC takes place June 8-12, 2009
Yeah !!!!
Another update: Mario is NOT coming. He is drinking way too much of Cool Aid recently and started to like it.
Labels: WWDC09
Kantoku Banzai (JAPAN 2007) Glory to the Film Maker
This flick is not yet available here in USA :-) But it looks super cool and real Mr Kitano-san ! :-)
Here is a link to Amazon but it just have a place holder and one lonely review.
YouTube have a few clips :)
Labels: Kantoku Banzai (JAPAN 2007) Glory to the Film Maker
Tuesday, March 24, 2009
Nice Tag
New Bar Super Cool bar stool
Friday, March 20, 2009
Sex Machines. How to build one
This is a 5 star book :-) Just do not attach it to a saber saw as one dude did
Labels: Sex machines DIY
Hardening Safari 4 OS X in light of p0wning by Charlie Miller
It is an old news, but Safari , both version 3 and version 4 is "hacked" or p0wned. According to Charlie Miller, dude :-) , and his friends, it was very easy.
If you read some papers available on his site you will find out a fascinating Java Script exploit that probably can be called classics by now and as it seems Apple is aware of the mess, but did not do anything for more then a year : he claims that 2009 "p0wn" bug is essentially the same bug he found in 2007.
Now, may be , we fun boys still have time ( may be not) thanks to small popularity of our beloved platform, but it may be true that OS X is "less ready" to "tough realty" in comparison to Windowz that is suffering from hackers for years or even decades :-)
For the record: All Platforms and all browsers WAS hacked. It does not matter what went down first: I guess Mac was first because everybody wanted to get "p0wned" machine. So, no, you are not safer with Windows. Even so Vista + FireFox 3.0 seems to be a hardest combination ( if configured right of course), but , as I said, if you
go to the "bad site" or executed a trojan than you are the only one to blame for that :-)
Now, it is not all that bad: hackers did not found a remote exploits this year. While it does not mean there is none, it is calming, after famous Windows worm you probably know about.
So, what poor man ( Apple fun boy) do?
Before Apple reply try to make your Mac more secure. This called "hardening".
First some data points:
1) All browsers on OS X ( Safari, Firefox ) can be hacked per hackers, duh :-)
2) OS X is too friendly, memory layout is very predictable ( we know that, thank you very much)
3) You risking when you go to "bad" web sites. ( Well, Mac is no longer for p0rn! :-))
4) There are cases when malware was distributed via ads on a "good sites"
5) When you execute some thing it can be bad for you ... duh ... you know...
6) Did we say do not open mail from strangers or open attachments that you got even from friends? :-) Web mails like GMail or yahoo have virus scanner and may help as well as they have preview and you can upload documents to Google Documents to make them "safer"
There are extra measures you can take, if you are paranoid like me :
1) Firewall
Go to System Preferences. Security.Firewall. Pick last option: "Set access for specific services and applications" and watch the list. This is a most secure option.
You may also check all in "Advanced" dialog. Just in case ;-)
I hope you are behind NAT firewall of your router as well.
I do hope you never connect to un-trusted WiFi and that you house WiFi have WAP ( even so it is broken, but ... it is better than nothing )
2) Browsers , say Safari
This is a most important step for CURRENT situation. First, you should understand that you gonna loose some of connivence and functionality to gain some more security. Sucks, I know.
OK. Open Safari and go to Preference.
a) First tab : Uncheck "open safe files"
b) Security tab:
Uncheck : Enable plugins
UNCHECK: Enable Java
UNCHECK : Enable JavaScript
Make sure that these checked:
Warn when visition a fraudulent website
Ask before sending a non-secure form.
You will have to keep Accept cookies for at least : Only from sites I visit or Gmail and others will stop working.
Now you, can enable briefly JavaScript if you 100% sure about site and 100% need it ( for work for example). Do not do it for p0rn sites! :-)
You may want to do same with FireFox.
Opera browser was not tested, but it might be more secure ( less main stream).
Google Chrome was best, but it is not yet available on OS X.
3) System
Make sure it updated and keep updating: may be even make it daily. Check that it is working: in some cases, when say Mac log out or go down during update, cash may get fuzzy. In this case Update may stack. Happened to me :-) You need to Google and find 3 places you have cash on your system and then wipe it. I amy put a link here latter, it is not 100% relevant for this particular post. But DO fix update if this is broken.
There is another place : Remote Sharing . Check it out. Make sure you do not have much checked there if at all. There are OLD trick to enable REMOTE MANAGEMNT, but have it for " ONLY THESE USERS" ( even if it is empty). I do not know if Apple fixed that or not, but apparently it was more secure this way ( more system checks).
I will put some other tips here if I will recall or find out some new ones.
Keep it safe and have fun!
4) Applications
Adobe have a lot of security holes, some still un-pacthed.
If you have Acrobat or Reader go there and
a) DISABLE JavaScript !!!!
b) DISABLE Browser pluging : do not let Adobe open PDF in Safari.
I would recommend mitigate M$ Applications if you can same way.
Also, keep them updated.
Flash is another dark pony: you should go to www.Adobe.com and on your right see a get Flash and shock.
Check your \Library\Internet Plug-ins ( get Info) and see: if you have old version ( say 9.0) you may be screwed.
You have to update to latest ( 10? now) or disable it ( plugin in browser)
... As well as Apples own Quick Time.
5) User: you may create a "less privileged" user and use it to browse :-0
6) Virtualization: you can install a Sun's free Virtual Box and put say some Ubunty on it with FireFox ;) Keep a fresh image and swap it back after you done with session.
While malware can get out of VM, it is very hard and on OS X+Virtual Box+Linux+FireFox may be harder to do and find in the wild. That is yet another solution if you must have JavaScript .
7) Other box: if you are super paranoid, make a Linux ( Ubuntu or other ) box for internet browsing :-) make it boot each time from CD or USB Flash to keep it clean.
Well, when you absolutely need it, you may play with JavaScript ON/OFF ( when you need) and may be Googles Chrome or Apple updates ( Snow Leopard ?) will bring us some more safety in our so far, tfu tfu tfu ... small and safer little Mac world :-)
If you read some papers available on his site you will find out a fascinating Java Script exploit that probably can be called classics by now and as it seems Apple is aware of the mess, but did not do anything for more then a year : he claims that 2009 "p0wn" bug is essentially the same bug he found in 2007.
Now, may be , we fun boys still have time ( may be not) thanks to small popularity of our beloved platform, but it may be true that OS X is "less ready" to "tough realty" in comparison to Windowz that is suffering from hackers for years or even decades :-)
For the record: All Platforms and all browsers WAS hacked. It does not matter what went down first: I guess Mac was first because everybody wanted to get "p0wned" machine. So, no, you are not safer with Windows. Even so Vista + FireFox 3.0 seems to be a hardest combination ( if configured right of course), but , as I said, if you
go to the "bad site" or executed a trojan than you are the only one to blame for that :-)
Now, it is not all that bad: hackers did not found a remote exploits this year. While it does not mean there is none, it is calming, after famous Windows worm you probably know about.
So, what poor man ( Apple fun boy) do?
Before Apple reply try to make your Mac more secure. This called "hardening".
First some data points:
1) All browsers on OS X ( Safari, Firefox ) can be hacked per hackers, duh :-)
2) OS X is too friendly, memory layout is very predictable ( we know that, thank you very much)
3) You risking when you go to "bad" web sites. ( Well, Mac is no longer for p0rn! :-))
4) There are cases when malware was distributed via ads on a "good sites"
5) When you execute some thing it can be bad for you ... duh ... you know...
6) Did we say do not open mail from strangers or open attachments that you got even from friends? :-) Web mails like GMail or yahoo have virus scanner and may help as well as they have preview and you can upload documents to Google Documents to make them "safer"
There are extra measures you can take, if you are paranoid like me :
1) Firewall
Go to System Preferences. Security.Firewall. Pick last option: "Set access for specific services and applications" and watch the list. This is a most secure option.
You may also check all in "Advanced" dialog. Just in case ;-)
I hope you are behind NAT firewall of your router as well.
I do hope you never connect to un-trusted WiFi and that you house WiFi have WAP ( even so it is broken, but ... it is better than nothing )
2) Browsers , say Safari
This is a most important step for CURRENT situation. First, you should understand that you gonna loose some of connivence and functionality to gain some more security. Sucks, I know.
OK. Open Safari and go to Preference.
a) First tab : Uncheck "open safe files"
b) Security tab:
Uncheck : Enable plugins
UNCHECK: Enable Java
UNCHECK : Enable JavaScript
Make sure that these checked:
Warn when visition a fraudulent website
Ask before sending a non-secure form.
You will have to keep Accept cookies for at least : Only from sites I visit or Gmail and others will stop working.
Now you, can enable briefly JavaScript if you 100% sure about site and 100% need it ( for work for example). Do not do it for p0rn sites! :-)
You may want to do same with FireFox.
Opera browser was not tested, but it might be more secure ( less main stream).
Google Chrome was best, but it is not yet available on OS X.
3) System
Make sure it updated and keep updating: may be even make it daily. Check that it is working: in some cases, when say Mac log out or go down during update, cash may get fuzzy. In this case Update may stack. Happened to me :-) You need to Google and find 3 places you have cash on your system and then wipe it. I amy put a link here latter, it is not 100% relevant for this particular post. But DO fix update if this is broken.
There is another place : Remote Sharing . Check it out. Make sure you do not have much checked there if at all. There are OLD trick to enable REMOTE MANAGEMNT, but have it for " ONLY THESE USERS" ( even if it is empty). I do not know if Apple fixed that or not, but apparently it was more secure this way ( more system checks).
I will put some other tips here if I will recall or find out some new ones.
Keep it safe and have fun!
4) Applications
Adobe have a lot of security holes, some still un-pacthed.
If you have Acrobat or Reader go there and
a) DISABLE JavaScript !!!!
b) DISABLE Browser pluging : do not let Adobe open PDF in Safari.
I would recommend mitigate M$ Applications if you can same way.
Also, keep them updated.
Flash is another dark pony: you should go to www.Adobe.com and on your right see a get Flash and shock.
Check your \Library\Internet Plug-ins ( get Info) and see: if you have old version ( say 9.0) you may be screwed.
You have to update to latest ( 10? now) or disable it ( plugin in browser)
... As well as Apples own Quick Time.
5) User: you may create a "less privileged" user and use it to browse :-0
6) Virtualization: you can install a Sun's free Virtual Box and put say some Ubunty on it with FireFox ;) Keep a fresh image and swap it back after you done with session.
While malware can get out of VM, it is very hard and on OS X+Virtual Box+Linux+FireFox may be harder to do and find in the wild. That is yet another solution if you must have JavaScript .
7) Other box: if you are super paranoid, make a Linux ( Ubuntu or other ) box for internet browsing :-) make it boot each time from CD or USB Flash to keep it clean.
Well, when you absolutely need it, you may play with JavaScript ON/OFF ( when you need) and may be Googles Chrome or Apple updates ( Snow Leopard ?) will bring us some more safety in our so far, tfu tfu tfu ... small and safer little Mac world :-)
Labels: Hardening Safari 4 OS X
Thursday, March 19, 2009
Poem about Safari 4 OS X p0wned by Charlie Miller
"Firefox Three for the Elven-kings under the sky,
IE Seven for the Dwarf-lords in their halls of stone,
Netscape Nine for Mortal Men doomed to die,
One Safari for the Dark Lord on his dark throne
In the Land of Apple where the Shadows lie.
One Browser to rule them all, One Browser to find them,
One Browser to bring them all and in the darkness bind them
In the Land of Apple where the Shadows lie."
( Have no idea who wrote this :-) but it sounds cool )
Now... this is not so much cool
IE Seven for the Dwarf-lords in their halls of stone,
Netscape Nine for Mortal Men doomed to die,
One Safari for the Dark Lord on his dark throne
In the Land of Apple where the Shadows lie.
One Browser to rule them all, One Browser to find them,
One Browser to bring them all and in the darkness bind them
In the Land of Apple where the Shadows lie."
( Have no idea who wrote this :-) but it sounds cool )
Now... this is not so much cool
Labels: Poem and Safari 4 OS X p0wned
Wednesday, March 18, 2009
iPhone OS 3.0 is OUT in beta !
Yeah!!!
It is out in beta.
See what Apple have to say about The most advanced mobile OS
Now more advanced:
"When iPhone OS 3.0 arrives this summer, it will introduce over 100 new features, including the ability to:
Search your iPhone
Cut, copy, and paste
Send photos, contacts, audio files, and location via MMS*
Read and compose email and text messages in landscape
"
Dudes, there are some nice things in SDK, I would rather not comment on to here, of course. :-)
But take a look on a Highlights!
I would be delighted to see even more cool "Designed to work with iPhone" labeled gadgets this summer !
Great job, Apple !
Now my only question is if iPhone 3.0 will be shipped with new h/w as well and when.
Per Apple information, iPhone 1.0 will run a reduced set ( no MMS for example) of 3.0 and 3G should be mostly fine.
iPod owners will have to shelf out 10$ as usual ;-)
It is out in beta.
See what Apple have to say about The most advanced mobile OS
Now more advanced:
"When iPhone OS 3.0 arrives this summer, it will introduce over 100 new features, including the ability to:
Search your iPhone
Cut, copy, and paste
Send photos, contacts, audio files, and location via MMS*
Read and compose email and text messages in landscape
"
Dudes, there are some nice things in SDK, I would rather not comment on to here, of course. :-)
But take a look on a Highlights!
I would be delighted to see even more cool "Designed to work with iPhone" labeled gadgets this summer !
Great job, Apple !
Now my only question is if iPhone 3.0 will be shipped with new h/w as well and when.
Per Apple information, iPhone 1.0 will run a reduced set ( no MMS for example) of 3.0 and 3G should be mostly fine.
iPod owners will have to shelf out 10$ as usual ;-)
Labels: iPhone OS 3.0 Beta
Sunday, March 15, 2009
This is not Cool, Google
Google have a lot of open API that looks attractive and useful to me. AppEngine, maps, you name it. But reality check is that it is very dangerous to really on that "free staff" even in a very small applications. You should be EXTRA careful with so call "experimental staff" that have a smallest tolerance threshold. Read about a fate of Infinite SMS that Google effectively shut down in just a couple of days on iPhone AppStore : link
That brings a hard question : should you use Google API or not in anything bigger than a practical joke application? Go figure ...
My verdict : probably , yes, it is a cool gimmick, but do not bet your hole business on it :-)
That brings a hard question : should you use Google API or not in anything bigger than a practical joke application? Go figure ...
My verdict : probably , yes, it is a cool gimmick, but do not bet your hole business on it :-)
Labels: GOOGLE shut down service
Thursday, March 12, 2009
Mother of All Funk Chords
Wednesday, March 04, 2009
Google Sync over Air to iPhone using M$ ActiveSync
This is AWESOME !!!
I know for granted that M$ *HATE* Apple and Google so much they "sshhh" in corridors, pure dirt on they own Mac products and ban Google name on campus ( like Voldemort in Harry Porter) to avoid "making Google brand stronger".
Btw: Do you know that each time you say GOOGLE it make the "G-company" brand stronger?
Did you GOOGLED it ? Go GOOGLE it! :-)
GOOGLE GOOGLE GOOGLE GOOGLE .... :-)
...now go check GOOG stock :-) ( was it up ?) Yeah! We just made some cash , keep saying GOOGLE ... GOOGLE... GOOGLE. Thank you! :-) you make me ( and yourself) rich!
Now check MSFT stock. It may go up ... even if just a little ( and I hope it will, damn it !), unless Balmer keep his trap .. shut ... Apparently even what sounds like a "good news", reported by Steve, put stock on 11 years LOW of al times and he was not even buying Yahoo this time :-) So, please, I want to see my portfolio grow, just ... say NOTHING, Stivy, pleeeeeeaaaseeee :-) ? Will ya? ( I do not think so :-( )
It seems that Apple and Google *DO* like each others. That starts from build in Google search in Safari, Google Applications on iPhone and ends with shared directors board members we will not name here , of course.
Apple is good for you. If you do not have it, go grab some NOW : they just got some fresh from the oven. If you do, go grab some more : Apple ( and AAPL) a day keep doctors( and MSFT) away ! ;-) Such a Gooooooood Apple funboy, aren't you ? ( we call ourselves "Apple faithful" )
Anyway. We just come closer to ETERNAL PEACE ON EARTH. Look, ma! Google use Microsoft ActiveSync on Apples iPhone !
All three big companies work together ! WooooW !
If you have Mac, iPhone and gmail you may want to check this to get going !
Note, it is all not that cool and shiny. I am not talking about MibileMe and Google Sync competition here. I am talking about ... yes ... YOU! You should back up and you should configure crap. You should make it work and you should LIKE the way GOOGLE work for contacts and calendars. It is not 1:1 to Apple way ( that I like).
If you happy with iTune sync ( I am, after I eat some crap with MobileMe and syncing my dirty Yahoo and Gmail with iPhone : stupid and un-organized me !) DO NOTHING. If you need INSTANT over the air sync ( you do have GMAIL and YAHOO sync via iTunes already ) and willing to take some risk and spend time on configuration, go cowboy and tell us how it was :-)
Technically, what Google did was probably THE ONLY way to do it on iPhone right now. There is no other "push" way to do this trick, thank to Apple :-) That probably cost GOOG some license $$$ that went to M$ :-) Auch ... :-)
Namashte!
I know for granted that M$ *HATE* Apple and Google so much they "sshhh" in corridors, pure dirt on they own Mac products and ban Google name on campus ( like Voldemort in Harry Porter) to avoid "making Google brand stronger".
Btw: Do you know that each time you say GOOGLE it make the "G-company" brand stronger?
Did you GOOGLED it ? Go GOOGLE it! :-)
GOOGLE GOOGLE GOOGLE GOOGLE .... :-)
...now go check GOOG stock :-) ( was it up ?) Yeah! We just made some cash , keep saying GOOGLE ... GOOGLE... GOOGLE. Thank you! :-) you make me ( and yourself) rich!
Now check MSFT stock. It may go up ... even if just a little ( and I hope it will, damn it !), unless Balmer keep his trap .. shut ... Apparently even what sounds like a "good news", reported by Steve, put stock on 11 years LOW of al times and he was not even buying Yahoo this time :-) So, please, I want to see my portfolio grow, just ... say NOTHING, Stivy, pleeeeeeaaaseeee :-) ? Will ya? ( I do not think so :-( )
It seems that Apple and Google *DO* like each others. That starts from build in Google search in Safari, Google Applications on iPhone and ends with shared directors board members we will not name here , of course.
Apple is good for you. If you do not have it, go grab some NOW : they just got some fresh from the oven. If you do, go grab some more : Apple ( and AAPL) a day keep doctors( and MSFT) away ! ;-) Such a Gooooooood Apple funboy, aren't you ? ( we call ourselves "Apple faithful" )
Anyway. We just come closer to ETERNAL PEACE ON EARTH. Look, ma! Google use Microsoft ActiveSync on Apples iPhone !
All three big companies work together ! WooooW !
If you have Mac, iPhone and gmail you may want to check this to get going !
Note, it is all not that cool and shiny. I am not talking about MibileMe and Google Sync competition here. I am talking about ... yes ... YOU! You should back up and you should configure crap. You should make it work and you should LIKE the way GOOGLE work for contacts and calendars. It is not 1:1 to Apple way ( that I like).
If you happy with iTune sync ( I am, after I eat some crap with MobileMe and syncing my dirty Yahoo and Gmail with iPhone : stupid and un-organized me !) DO NOTHING. If you need INSTANT over the air sync ( you do have GMAIL and YAHOO sync via iTunes already ) and willing to take some risk and spend time on configuration, go cowboy and tell us how it was :-)
Technically, what Google did was probably THE ONLY way to do it on iPhone right now. There is no other "push" way to do this trick, thank to Apple :-) That probably cost GOOG some license $$$ that went to M$ :-) Auch ... :-)
Namashte!
Labels: Google iPhone Sync Air ActiveSync iCal
Subscribe to Posts [Atom]
