[X4U] Did this guy short AAPL?

[Michael Elliott]

I think that this was more serious that you would imagine.

The trojan, as I recall, exploits what is basically a convention for  
the typical OSX install:  the first account to register is given  
administrator privileges.  The second defect as I recall is that  
Terminal will run some of these scripts as administrator even without  
a password.  The lynchpin, as is always so common on Windows, is the  
browser:  Safari would consider the downloaded file as an image file  
if it was named with .jpg or something on it, but was actually a  
terminal script, and would "open" it automatically in Terminal.

The description of commands being sent across the screen is him  
describing Terminal as being launched and various UNIX commands being  
processed.

This problem was detailed many weeks ago in such reputable websites  
as xlr8yourmac.com and macfixit.com.  One of the remedies suggested  
was to create another account without administrator privileges, then  
use that one exclusively as the primary account.

I think that the issue was Terminal-specific in some way, as I know  
that my administrator account is still required to manually enter  
passwords whenever I want to do something important, like OS updates,  
etc.

My impression was that this was not a problem to be blown off.

Michael

On May 1, 2006, at 7:49 AM, Aron Spencer wrote:

> He shorted AAPL.
>
> he had to type in his administrator password to get anything bad to  
> happen...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.themacintoshguy.com/pipermail/x4u/attachments/20060502/0827a2b0/attachment.html