Thu 30 Dec. 2004

21C3: Mac OS X (In)security

Heads-up!

On the last day of 21C3 a student from Bonn named Angelo Laub gave a presentation detailing several vulnerabilites in OSX.

  • User rights escalation through System Preferences
  • Bad Installers and wrong Permissions
  • Clear Text Passwords in Swap File
  • Personal Filesharing Denial of Service
  • Mach Injection
  • Disguised Executables

He apparently notified Apple in October about the System Prefs vulnerability, to which they responded inadequately and now ask him not to go public and to wait for the next update!

Not good.

Anyhow, here are slides of the presentation: Practical Mac OS X Insecurity (PDF).

(thanks to Industrial Technology & Witchcraft)

RSSTop55

Robin Good keeps a regularly updated list of Best Blog Directory And RSS Submission Sites.

A recommended resource.

Amongst others I just found Postami there.

Feedster Contest Winners

Scott Johnson provides a listing of the Feedster contest winners.

For example, in the following categories:

Oddest Use: Shimon Rura and the Memory Game, and
Feedster in a Web App: Feedster RSS Zeitgeist.

(via SearchEngineWatch Blog)

Blogsome login down

Seems like there’s been a service glitch preventing web based login to all accounts… and won’t be fixed untill the 4th of Janaury.

Luckely I found a tip in the forum that the XML-RPC interface is still up and working.

So, just downloaded ecto and voila! we’re good-to-go!

A good thing the service supports the MetaWeblog API!

Update: 03.01.05:
The login and the rest of the web based service was restored yesterday already (perhaps even the day before - so busy bloggin!).

Whilst I enjoyed taking ecto for a run - I’ve come to rely on the benefits and power of blogging right from the browser using Firefox and the fantasic Sage RSS-reader and JustBlogIt! extensions.

Kottke’s Best of 2004

…see also Rex Sorgatz’s Best of list.

Good value!