Sunday, November 25, 2007

"pwned"?!

Ah, how I love humble-pie!

So it's all my fault. The day we get back from our Disneyland trip, I tell my parents and brother to turn on "Remote Login" on their home Macs so I can log in and copy the pictures to their computers over the internet. I love how connectable these machines are! Soon all the pictures are transferred and everyone's happy.

Um, ssh is "secure", so we don't really need to rush turning "remote login" back off -- right???

'Bout a month later my mom calls and says, "Uh, our computer is acting weird -- your dad can't log in until I reset his password, which I do, but then the next day it's broken again."

My heart sinks. That does *not* sound good! Hackers. Or bots.

So once I get there, I start poking through the logs. Guess what I find -- about a billion ssh login attempts for root, admin, and every other username you can imagine. On my brother's computer, the attempts started *less than 2 hours* after he turned on remote logins. Wow.

Upon further investigation, it looks like the hacker installed "energymech". All I could really recognize was a shell script that swaps out the /usr/bin/cron binary with a different one, and some config files authorizing some guys from undernet to do "stuff". I find other miscellaneous junk in /private/var/tmp, but no porn/mp3/spam stashes like I would've expected. What else would bots do? DoS attacks? We reinstalled the OSes in case they mucked with any of the other OS binaries.

Lessons learned:

  1. My mom's machine was hacked, my brother's was not. Why? On my mom's machine all short usernames were the same as the passwords, but on my brother's they were different. It would've taken a *very* long time to match a correct username to a password on his machine. SSH is only as secure as your password. Bottom line: Don't make your username and password the same, and a complex password (has numbers, letters, and symbols) is better.
  2. The machines were found on the network within hours. Hours! There must be a *lot* of bots out there scanning the networks. Even with good passwords, once they find you they'll sit there and pound on your system until they find a match -- maybe for years? That's a lot of junk traffic wasting bandwidth on your network. I'll bet, though, if the ports are closed, they move on. Bottom line: Leave network ports ("Sharing" options) closed unless you need them open.
  3. Even getting bit like this, I'd still rather have a Mac than a PC. I'm pretty sure my sister-in-law's PC is already virused/botted, and with 100k+ spyware packages for Windows, I don't trust a single thing that happens on that machine. Bottom line: The Mac isn't inherently insecure, it was me that was insecure. And you might be the weakest link in your system's security too.

A lesson I won't soon forget.

ps. Note, those with routers between their modems and their computers have to do extra steps to allow remote logins, i.e. instruct the router to pass traffic for the ssh ports on to your particular computer. If you don't know how to do that, there's a good chance this won't affect you.

pps. I wonder why OS X doesn't watch the security logs, and after a dozen or so unsuccessful logins under various names, advise the user that someone (or some machine) may be trying to hack in. I'd much rather click a button that says, "I know, don't tell me again", than find out a month later that a million attempts had been made to get into my machine when I had no idea... A lockout of IP addresses that have met some "hacking" criteria would be nice too. And why aren't the ISPs blacklisting machines that are doing this stuff?

Saturday, November 17, 2007

Leopard text rendering engine

Wow.

A hint on macosxhints talked about double command-clicking on text URLs doesn't work anymore because command dragging is for discontiguous text selections. Well guess what else Apple changed in Leopard: they added column selections!

In Terminal, TextEdit, and probably any other app that uses core-text rendering, you can now:
  • command-drag over other text to create a discontiguous selection
  • option-drag a region to create a rectangular text selection (yay!)
  • command-option-drag to select discontiguous rectangular text selections (wow!)
Rectangular selections work even if the font isn't monospaced -- and it seems to go by what you see visually, not by character position, so you now can rip a column out of a space-delimited table without a bunch of pre-processing with regular expressions. Nice job, Apple!

Sunday, November 11, 2007

To Leopard, or not to Leopard?

My 2 cents? Wait for another month.

Apple made some fairly significant changes in Leopard under the hood (LDAP, CUPS, 64 bit, fully "Unix", X.org X11, etc.), mostly for the better, but it's going to take some time for the kinks to get worked out in the new implementation.

You're probably going to like:
  • Time machine: easy backups, and done by creating date-stamped folders on the backup drive with your entire disk structure in each -- their secret is "hard links", which I'll explain another time, but is rather ingenious (requires another connected hard drive; watch out if you use Entourage 2004, your mail database, which for lots of people is pretty big, probably changes every time you get your email, so Time Machine is going to back it up every hour which will fill your backup drive in a hurry)
  • Quick look: select a file and hit the space bar to see a quick preview of it -- nice
  • Spotlight: is much faster (replaces Quicksilver as my launcher of choice), answers math questions and defines words for you
  • Preview: lets you combine pages from .pdf files and save them to a new .pdf -- this is *awesome* if you need to send any kind of compound document to anyone, mix and match Excel plots with Illustrator pages with PowerPoint slides -- love it!
  • Screen sharing: as if you're sitting in front of your Mac from almost anywhere, all built-in (see wikipedia on VNC)
But we pulled our hair out over:
  • After printing one job on our HP Deskjet 812c printer, the second one comes out as a single line of text across the top of a few pages; we have to shut it off before it'll print right again
  • Tried the guest user account, hard-locked up the machine within 30 seconds -- not sure what happened, couldn't even ssh in from my linux box
  • Bunches of third-party apps won't launch, who knows why
  • A co-worker upgraded and his Finder locks up with the spinning beach-ball of death (SBBOD) every time. He had to create a new user and start copying over all his stuff to keep it from doing that -- hopefully he'll know soon what's causing it
  • X11 breaks a bunch of stuff, notably multi-monitor support
  • Firewall took a huge step backward, I don't even understand it anymore
Give it another month and it'll be fine.

Nuggets of wisdom

Here are a few of my favorite little nuggets of wisdom I've gathered so far in my life:
  • Good decision, bad outcome -- 2 hours before your flight you leave for the airport, but on the way someone runs a red light and the crash leaves you paralyzed. "Oh, if I'd only left a few minutes later I wouldn't be left this way!", you begin to think. But we can make the right decision and still have a bad outcome because there is an inherent risk in everything. You still made the right decision. (source: Dr. Jeff Goldberg, UofA college economics professor)
  • Cause and effect -- You have a headache and someone gives you only one pill of a new medicine you've never tried before. Later you realize that it didn't work, so you ask yourself, "Did I not take enough, or does this stuff just not work?" I posed this to a great friend John Holman, who without thinking fired back: "Yeah, it can be hard figuring out cause and effect." I don't think anyone's ever broken such a big mental log-jam for me with so little effort. Just because two things seem to go together doesn't mean one caused the other. Look at the economy for some good examples. David Flynn put it another way (if I remember right): "Correlation doesn't imply causality."
  • EQ is supposedly a measure of one's ability to understand and control the emotions of themselves and others. The neatest people I know seem to understand how others feel, and they care. This is not like IQ, which a person supposedly can't change -- people can improve their EQ by working on it. (source: Jared Thompson, co-worker)
  • Intentions -- "Never attribute to malice that which can be adequately explained by stupidity." - Hanlon's razor. You tell someone about a mistake you made, and they respond, "Oh, that sounds like you." Instantly you take offense at the verbal jab: "What?! I can't believe you just said that!". But instead, take a step back and study the person's body language and see if there's really any malice there -- often they're just focused on something else and didn't think long enough before speaking. Just let it go.
  • Win the hearts of your children -- Mormons believe that the family unit can continue on beyond the grave into the eternities. The key here is "can". If you have kids, read this article, Love of Father and Mother, by Joseph F. Smith (nephew of the original prophet Joseph Smith), reprinted in the August 2004 Ensign. A beautiful explanation of how our relationship with our kids can and should develop.
  • Wise as serpents, harmless as doves -- This one's straight out of the Bible:
    "Behold, I send you forth as sheep in the midst of wolves: be ye therefore wise as serpents, and harmless as doves." Matt. 10:16.
    I love this approach to the "world".
  • You need only believe the truth -- Some think Mormons believe unusual things because they have to. But we don't have to believe anything, see Articles of Faith 11. "There is no truth but what belongs to the Gospel," Brigham Young said. "'Mormonism' includes all truth." Henry Eyring, Sr., said it this way:
    All day long, on a fiercely hot Friday in September 1919, I hauled hay in Pima, Arizona. On Monday I was going to start classes at the University of Arizona, where I was to study mining engineering. In the evening my father, as fathers often do, felt that he'd like to have a last talk with his son. He wanted to be sure I'd stay on the straight and narrow. He said, "Henry, won't you come and sit down. I want to talk to you."

    Well, I'd rather do that than pitch hay any time. So, I went over and sat down with him.

    "We're pretty good friends, aren't we?"

    "Yes," I said, "I think we are."

    "Henry, we've ridden together on the range, and we've farmed together. I think we understand each other. Well, I want to say this to you: I'm convinced that the Lord used the Prophet Joseph Smith to restore His Church. For me, that is a reality. I haven't any doubt about it. Now, there are a lot of other matters that are much less clear to me. But in this Church you don't have to believe anything that isn't true. You go over to the University of Arizona and learn everything you can, and whatever is true is a part of the gospel. The Lord is actually running this universe. And I want to tell you something else: if you go to the University and are not profane, if you'll live in such a way that you'll feel comfortable in the company of good people, and if you go to church and do the other things that we've always done, I won't worry about your getting away from the Lord."

    That's about the best advice I ever got. It has simplified my life. All I have to do is live in a wholesome way, which is best for me anyway, and be busy about finding truth wherever I can. I suspect that you would enjoy that formula too.

    The significant thing about a scientist is this: he simply expects the truth to prevail because it is the truth. He doesn't work very much on the reactions of the heart. In science, the thing is, and its being so is something one cannot resent. If a thing is wrong, nothing can save it, and if it is right, it cannot help succeeding.

    - Henry Eyring, Reflections of a Scientist

Does anyone read this thing?

views since Feb. 9, 2008