TV-PGMay 21, 2004: Apple patches that scary Help Viewer security flaw, apparently before any real damage was done. Meanwhile, a company rep describes the Xserve RAID as "the iPod for the enterprise market," which may reveal more about the people running Big Business than you really want to know...
But First, A Word From Our Sponsors
 

Mash-ups and original music by AtAT's former Intern and Goddess-in-Training

Prim M at YouTube
 
At Last, The End Of An Error (5/21/04)
SceneLink
 

Folks, we don't want to send you off into your weekend all alarmed and stuff, but we just wouldn't feel right if we didn't remind you one more time that this latest Mac OS X security hole is the Real Deal™. It's understandable if you're still playing the part of a skeptical villager, given how often people have cried wolf by playing up Mac security flaws that turn out to be all theory and no practice; that executable-code-in-MP3-ID-tags one, for example, was pretty nifty and definitely clever, but apparently a little too academic for anyone to bother exploiting for real-- and yet there was all sorts of hubbub over someone having finally found a major Mac OS X hole, the sky was falling, life as we knew it would never be the same, yadda yadda yadda.

Or what about security flaws that aren't flaws at all, like that Trojan that was just an executable AppleScript with a custom icon slapped on top? It's not a security problem with the operating system if someone lies to you about what a program does, just like it's not the architect's fault if someone tells you that jumping off a skyscraper's roof won't kill you much. But of course, the media loves grasping at every straw it can find in hopes of convincing people that Mac OS X is no more secure than Windows-- which is sort of like saying that sand is no less wet than water, but hey, whatever fries their bacon.

But this Help Viewer vulnerability, well, like we said, it's genuine, and easy enough to exploit that a sleep-deprived monkey with attention deficit disorder could do it. Indeed, WIRED reports that tossing together an exploit is so gosh-darned simple that "malicious script kiddies" are falling all over themselves to do it, and the "outburst of scripts and applications designed to exploit the hole" since it became well-known on Tuesday has prompted Secunia to upgrade the severity of the hole from "Highly Critical" to "Extremely Critical"-- which is, of course, just a little ironic, since the sudden proliferation of exploits is a direct result of Secunia having publicized the flaw in the first place. Ain't it always the way?

Anyway, it's worth mentioning that the two-part exploit to which we originally linked may have implied that you need to download a disk image before your system can be messed with, which is not at all the case. For a clearer picture of what's going on, check out Richard Bronosky's harrowing demonstration-- no disk image involved, and just visiting the page causes Terminal to start spewing data on your disk usage. Basically, if someone knows the location of a script on your hard disk, they can throw together a web page that'll cause it to run automatically. That's probably not all that dangerous, since scripts that ship as part of Mac OS X aren't likely to be destructive in any way, and Bronosky wasn't able to execute UNIX commands with command line arguments, so you can't send, for example, the UNIX command to delete all files, etc.

So the disk image part of the equation just provides the Bad Guys with a convenient way to stick evil scripts onto your system in a known location-- which is a pretty important step if they're trying to do something seriously evil, of course, but control freaks will hate just knowing that the Help Viewer bug alone gives people a certain level of access to what's happening on their systems. If you're anything like us (heaven help you), you still get the screaming mimis just knowing that random people can, for example, minimize all your Finder windows. (If you visited Bronosky's page first, you may need to quit Help Viewer before that link will work, but you get the idea.)

Well, good news: faithful viewer jeffNOTjon informs us that Apple has finally moved past the "We Take Security Very Seriously™" stage of its investigation. Security Update 2004-05-24 (for Panther; there's also one for Jaguar) is now available for your Help Viewer-patching enjoyment, and while it claims to deliver "a number of security enhancements," we strongly suspect that that number is "one." In fact, the update's list of updated components consists of, well, Help Viewer (plus Terminal for Jaguar), so you can be pretty sure of what this thing does. Apply it, and start working on rebuilding that Wall o' Mac Smug you've been sitting on top of for all these years.

 
SceneLink (4710)
0.9 M Songs In Your Pocket (5/21/04)
SceneLink
 

You know, for the most part, we like to think of ourselves as pretty shrewd students of human behavior, but we admit that there are still certain segments of the population whose actions and motivations confound us. In particular, we sort of wish that Jane Goodall had spent a few years studying Enterprise People in their native habitat, because frankly, those guys baffle us. Mind you, we're not talking about Spock, Bones, and the guy in the red shirt who snuffs it within fifteen seconds of beaming down to the planet's surface; we mean "enterprise" in the context of big business IT and the like. The few Enterprise People with whom we've come in contact have exhibited behavior so alien to our own that we find ourselves desperate for an Animal Planet hour-long special to explain just what the heck they're thinking. (Like, what was with those haircuts?)

Lucky for us, then, that Apple has devoted resources to the study of this fascinating species, even if it is just in hopes of siphoning a bunch of cash from those juicy enterprise IT budgets. While the company hasn't generally shared its findings with the scientific community yet, it has dropped a few helpful nuggets of info to the public on occasion. For instance, Macworld UK reports that Apple UK's managing director Mark Rogers recently described the company's Xserve RAID product as "the iPod for the enterprise market," and that single simple statement actually reveals quite a lot about these creatures whose ways are so different from our own.

For one thing, Enterprise People apparently have really big pockets.

Seriously, think about it; the Xserve RAID measures 5.25 inches by 17 inches by 18.4 inches, so anyone who's going to lug around something that's almost a full cubic foot in volume just so he can listen to music all day clearly must have an appropriate wardrobe capable of accommodating its bulk. Moreover, given that the Xserve RAID weighs "60-100 pounds depending on configuration," Enterprise People possess either superhuman strength and exceptional physical endurance, or little enough mental acuity to grasp that stuffing a big honkin' RAID server down their pants is perhaps not the best way to carry their music around with them-- unless, of course, Enterprise People also have really extensive music collections and require high-speed access to any of 875,000 songs at any given moment.

Also, given the Xserve RAID's need to draw 300 watts of power while in use, we can infer that either Enterprise People are stuffing another enormous pocket with a fully-charged, heavy-duty uninterruptible power supply, or they never venture out of range of a single wall socket. (Or they're using a Really Long Extension Cord™.) Indeed, the more we think about Xserve RAIDs being used as portable music players by Enterprise People, the less suitable they seem for the task. For instance, there's no audio jack, so we haven't a clue what these people think they're actually listening to in the first place.

We suppose it must all come down to cost savings; while they would be far more portable and functional as portable music devices, the 88 iPods necessary to store as much music as a top-of-the-line Xserve RAID would cost four times as much money-- unless, of course, you factor in the additional costs that accompany the Xserve RAID choice, such as hernia operations, hospital stays, and the like. Hmmm, let's see, now... reduced functionality and higher long-term costs in exchange for a smaller up-front expenditure; sounds a little like the practice of outfitting large companies with fleets of cheap Wintels and then eating a fortune in support costs and downtime in the future. Fascinating. Whoever said that Enterprise People weren't at least consistent?

 
SceneLink (4711)
← Previous Episode
Next Episode →
Vote Early, Vote Often!
Why did you tune in to this '90s relic of a soap opera?
Nostalgia is the next best thing to feeling alive
My name is Rip Van Winkle and I just woke up; what did I miss?
I'm trying to pretend the last 20 years never happened
I mean, if it worked for Friends, why not?
I came here looking for a receptacle in which to place the cremated remains of my deceased Java applets (think about it)

(1287 votes)

Like K-pop, but only know the popular stuff? Expand your horizons! Prim M recommends underrated K-pop tunes based on YOUR taste!

Prim M's Playlist

DISCLAIMER: AtAT was not a news site any more than Inside Edition was a "real" news show. We made Dawson's Creek look like 60 Minutes. We engaged in rampant guesswork, wild speculation, and pure fabrication for the entertainment of our viewers. Sure, everything here was "inspired by actual events," but so was Amityville II: The Possession. So lighten up.

Site best viewed with a sense of humor. AtAT is not responsible for lost or stolen articles. Keep hands inside car at all times. The drinking of beverages while watching AtAT is strongly discouraged; AtAT is not responsible for damage, discomfort, or staining caused by spit-takes or "nosers."

Everything you see here that isn't attributed to other parties is copyright ©,1997-2024 J. Miller and may not be reproduced or rebroadcast without his explicit consent (or possibly the express written consent of Major League Baseball, but we doubt it).