"MP3Concept Trojan Horse" caused an uproar in the Mac OS X community. It also gave something for those Windows folk who seem to jump at the chance to call us on our mac pride something to harp about. ( No, I don't fault them - I enjoy a good laugh when my PC friend gets hacked or something of the sort! ) If you've somehow missed the whole fiasco, move on with your life and forget about it. If for some reason you ( like me ) still want to get in on it, go read Gruber, he does a far better coverage than I'll attempt. ( Crying Wolf )
I would like to think this hullabaloo was a one-time shot. I'd like to think that next time some lame-duck, sorry excuse for a threat to Mac OS X security comes along that we dismiss it with the lack of fanfare it deserves. Alas, I am not sure that will happen. Security is important to all of us. We value our relatively secure status as Mac OS X users. I know that when I glanced at the headlines for the first time, I was immediately engaged and very curious - perhaps even a little scared. ( mission accomplished for the traffic/attention hungry news folks)
What I didn't like was the number of big news outlets that blew this thing up and changed the facts so quick. Intego was the worst offender. If a security company either A) doesn't know enough to get their technical facts right, or B) doesn't care and purposely stretches the truth as far as they did, then they are not a valid security company in my book.
With a scrap of technical knowledge, a person could verify the facts and know this was no where near the crisis some news outlets tried to make it sound like. I think I'm particularly bugged because it just seems to be the standard in journalism lately. And we all seem to be suckers for it. :(
Let's hope we don't have a true security situation that really requires our community attention anytime soon. And let's all never read any of the offending news outlets ever again. Hmm, I think I just made my tenth visit today to each of those said offenders. Alright - maybe just take things with a grain of salt. :)
Posted by brian at 03:34 PM
| Comments (9)
| TrackBack (0)
Related:
- Hiya Kids, it's Theming Time! - Oct 06, 2009
- Mighty Mouse with Some Theme Sauce - Jun 02, 2009
- WindowShade X 4.3 - Apr 24, 2009
- Sound of the Underground - Apr 20, 2009
- Welcome back. - Apr 17, 2009
This is yet another reason HFS metadata (and resource forks) needs to go away.
Posted by: Mike Cohen on April 16, 2004 5:27 PMThis had nothing to do with HFS metadata. Just the resource fork.
Posted by: James on April 16, 2004 7:16 PMIt's just a carbon program with a custom icon and a .MP3 file extension!
Posted by: Sean on April 16, 2004 8:29 PMMike Cohen, why is that? So people start to depend on extensions?
This thing does NOT require a resource fork or any metadata to work. It is very possible with a Cocoa bundle as well. If you drag a folder to iTunes, doesn't it scan the contents?
Posted by: Rosyna on April 16, 2004 10:08 PM>This is yet another reason HFS metadata (and resource
>forks) needs to go away.
Uhm... Non sequitur? How does the MP3 concept application have anything to do with HFS metadata or resource forks being bad? Do you realise that you don't need resource forks in order to create troyan horses? Do you realise that if somebody created an actual troyan horse, he or she would most likely try to avoid using this technique exactly *beacause* it involves resource forks (because they tend to get removed during transfer)?
Posted by: LKM on April 18, 2004 12:08 AMAs Rosyna said a trojan like this doesn't require HFS meta data or Resource forks (as I proved to Rosyna myself :). It's trivial to do the same thing with a bundle (just two lines of code for the source application!) and you can impersonate more than just an mp3, and you can even do nifty things that a user would expect to see from those file types (like image previews). Best of all, they can travel in any kind of archive, and come with any extension (because the .app is NOT required).
About the only protection you have is the fact that some e-mail apps will tell you that what you are opening is an application and not a file, and that the Finder does know that the item is an application regardless. Otherwise, you can get burned pretty badly by someone who has spent all of 2 days in the Mac OS X programming environment.
Posted by: Rincewind on April 19, 2004 8:28 PMI think it's been really over hyped. You can do the same thing on windows (even more so because it doesn't have the creator code and stuff). All that needs to be changed is to make it so Finder pays less attention to the extension and more to the creator code stuff.
Correct me if I'm wrong (I'm pretty sure the extension was .mp3 and the creator code was AAPL)
Joe
Posted by: Joe on April 20, 2004 4:48 AMWait, that's their stock abbreviation, it should be APPL :).
Joe
Posted by: Joe on April 20, 2004 4:49 AMit's not workable at all - this fake mp3 transmitted across all main network protocols will become again only pure mp3, because resource fork will be always stripped, thats why all mac apps needs to be encoded as macbinary (.bin) or binhex (.hqx). The only exception are Hotline and Carracho networks which count on resource forks.
Posted by: palec on April 26, 2004 10:59 PMKeep comments on topic. If a comment is unrelated to this post, it may be removed or moderated.