First OS X exploit: Concept

by

One of the (many) nice things about being a Mac user is our general invulnerability to the multitudes of viruses, trojan horses, and other exploits that threaten the ‘net on a regular basis. So it’s no wonder that the Mac world is all a-tizzy over anti-virus company Intego releasing news of what appears to be the first Mac OS X trojan horse, wrapped inside an apparent .mp3 file.

This Trojan horse, MP3Concept (MP3Virus.Gen), exploits a weakness in Mac OS X where applications can appear to be other types of files.

The Trojan horse’s code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X.

Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then iTunes to play the music contained in the file, to make users think that it is really an MP3 file . While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks.

As it turns out, there are some mitigating factors to this announcement that Intego either didn’t know about, or deliberately chose to ignore in their press release that haven’t been as widely reported, and really should be.

First off — and most importantly — yes, this should be taken seriously, as it does appear to be a very possible source of attack against OS X.

However.

This does not appear to be evidence of someone actually attempting to release a malicious attack into the wild.

Dori Smith was kind enough to point out this usenet thread from comp.sys.mac.programmer.misc where the possibility of this exploit was first broached. During the discussion as to whether or not this was a real possibility, one of the people involved took it upon themselves to create a benign proof-of-concept.

This proof-of-concept seems to be what Intego found, and then proceeded to craft an accurate, but very alarmist press release around. While the concept definitely seems to be sound, and is something that OS X users should keep in mind when accepting files from untrusted sources, there does not appear to actually be a malicious attack of any sort currently propagating across the ‘net aimed at OS X users, now matter how much FUD Intego puts into their Security Alert.

As always, while it’s still very true that OS X is a far more safe and secure system than Windows, no system is entirely safe, and the user has to accept some amount of responsibility for their actions.

iTunes: “Gutter Glitter” by Switchblade Symphony from the album Gothik (1995, 3:50).

Condi under oath

by

So National Security Adviser Condoleezza Rice appeared under oath before the 9-11 commission this morning. While I haven’t had the opportunity to go through the transcript, the Center for American Progress issued a statement regarding the contents of her deposition, and posted a page fact-checking some of Condi’s claims against prior news reports, government documents, and even some of Condi’s own statements:

CLAIM: There was “nothing about the threat of attack in the U.S.” in the Presidential Daily Briefing the President received on August 6th. [responding to Ben Veniste]

FACT: Rice herself confirmed that “the title [of the PDB] was, ‘Bin Laden Determined to Attack Inside the United States.'” [Source: Condoleezza Rice, 4/8/04]

(via Atrios)

Sci-Fi museum to open in two months

by

Paul Allen’s new addition to the EMP, the Science Fiction Museum and Hall of Fame, is due to open in approximately two months, according to the Seattle P-I.

About 13,000 square feet of the Frank Gehry-designed EMP will be dedicated to the new Science Fiction Museum and Hall of Fame (which was initially dubbed SFX, for Science Fiction Experience). This new sci-fi wing will have three levels of exhibit space and add more than 1,000 square feet of performance space to EMP.

Exhibits and artifacts celebrating such movies and television programs as “Star Trek,” “Planet of the Apes” and “Dr. Strangelove” will be complemented by objects or exhibits aimed at demonstrating how the literary genre sometimes leads to real scientific developments or technological achievements.

I’ll be very interested in checking it out, of course — my only worry is that I found the EMP to be fairly ridiculously overpriced, and I wasn’t a large fan of how the displays were set up (very little textual information, as there were PDA-ish handheld audio devices to guide you through, which were too heavy and kind of a pain to use). Hopefully the SFX doesn’t have these same issues, though as they are part of the same complex, who knows.

Guess I’ll find out in June, huh?

That’s one kinky rabbit

by

Okay, so there isn’t really a lot of connection between the resurrection of Jesus Christ and a magical rabbit that distributes eggs to children…but couldn’t this church have come up with a better way of getting their message across than whipping the Easter Bunny during a church pageant?

A church that put on an Easter show said it was trying to teach about Jesus Christ.

But the people who saw the show say they were upset by performers who broke eggs and pretended to whip the Easter bunny.

People who attended Saturday’s performance of an Easter celebration at a memorial stadium in Glassport, Allegheny County, quoted performers as saying “There is no Easter bunny.”

If I could draw, I’d have all sorts of fun with that combination of elements…I’m thinking something involving furries in S&M gear in front of an altar.

And now, if you’ll excuse me, I need to go scour my brain to get rid of that image.

This one’s for mom…

by

I mentioned briefly a few months ago that I was thinking about letting my hair grow out — at least until it got to a point where I get sick of fighting with the inevitable curls and shave it all off again.

I figured today that as I’ve now made it through just over three months without a haircut, I might as well post a “status update” on the experiment, and took this snapshot with my iSight. This should also reassure mom that yes, I do still have curls when my hair gets long enough. ;) You can see them starting to flip up just above my ears.

Me with hair

iTunes: “It’s Going Down” by Blackalicious feat. Lateef the Truth Speaker/Wyatt, Keke from the album Blazing Arrow (2002, 3:44).

But is it a specific ‘here’, or an existential ‘here’?

by

Finally, six months after coming up with the idea, I finally got around to getting my own “I’m just here to get laid.t-shirt and bookbag.

And yes, I am crazy enough to carry the bag around town, or wear the t-shirt in public (though, as t-shirts are outside of the dress code at work, I’m out of luck there).

iTunes: “Bewitched, Bothered and Bewildered (from Pal Joey)” by Segal, Vivienne from the album Broadway: The Great Original Cast Recordings (1950, 3:11).

TV got your brain

by

The last car I owned had three bumper stickers on it, all dead-center on the rear end, one above the other.

DIE MTV DIE

KILL YOUR TV

TELEVISION IS DRUGS

It appears that my sentiments now have the backing of scientific research showing that television causes ‘attention problems’ in young children.

Early television exposure in children ages 1-3 is associated with attention problems at age 7, according to a study from Children’s Hospital and Regional Medical Center in Seattle published in the April issue of PEDIATRICS. The study revealed that each hour of television watched per day at ages 1-3 increases the risk of attention problems, such as ADHD, by almost 10 percent at age 7. The study controls for other attributes of the home environment including cognitive stimulation and emotional support.

… The AAP recommends parents avoid letting their children under the age of 2 years watch television and that parents exert caution — such as setting limits on TV viewing, helping children develop media literacy skills to question, analyze and evaluate TV messages, and taking an active role in their children’s TV viewing — in children over the age of 2.

A Seattle P-I editorial mentions that some 3 year olds in the study were watching 12 or more hours of television a day.

Twelve or more?

My lord.

I wish I still had a copy of this, but years ago I saw an editorial cartoon called “The Pacifier” that showed a toddler sitting on the floor with dazed, glazed-over eyes, with a pacifier created from a television crammed into his mouth. I ended up turning that cartoon into a t-shirt (which I still have — the cartoon is by Jim Morin of the Miami Herald, unfortunately I can’t find a date on the cartoon to see if a copy might be available online anywhere). People who treat their children like this — and I’ve known more than a few — have always disturbed me, and while I’m sure I whined about it when I was younger, I’m very glad parents kept stricter controls over the viewing habits of my brother and I when we were growing up.

iTunes: “Light (Fat Back)” by K.M.F.D.M. from the album Light (1994, 7:29).

I am a grammar god! Bow before me!

by

Grammar God!

You are a GRAMMAR GOD!

If your mission in life is not already to preserve the English tongue, it should be.
Congratulations and thank you!

How grammatically sound are you?
Brought to you by Quizilla

In all honesty, I was a bit surprised — while I’m generally fairly sure of my ability to use the English language, some of the quiz questions actually had me debating and choosing whichever one “felt right”. Apparently my instincts haven’t gotten too terribly sloppy yet after all!

(via Shelley)

iTunes: “Habanera from Carmen” by Bizet, Georges from the album Trainspotting #2 (1994, 2:08).

Rockypalooza

by

This is more than a little tempting: This year’s Rocky Horror Picture Show convention, Rockypalooza, will be here in Seattle next month.

Rockypalooza II: Forbidden Palooza draws Rocky Horror fans from all over this end of the continent. It’s an excuse to share our fabulous obsession through shows, preshows and, ahem, post shows. It gives us an opportunity to get to know other people that perform in the area and to share a larger, more elaborate experience with theatergoers. We can find and share Rocky memorabilia. Also, we can settle that whole being-turned-to-a-pillar-of-salt/ getting run out of town by a pitchfork n’ torch mob thing once and for all.

(via LJ Seattle)