Tag: hacking

Posted on

Not hacked, bugs

It turns out that my technical difficulties the other day were in all likelihood not the result of being hacked but an arsehat software incompatibility.

The short version is that the weirdnesses I experienced were caused by:

  • OS X Lion has known problems dealing with certain PDF files. It appears that the problematic PDF, produced by OpenOffice.org and then emailed via a Mailman mailing list, was one of them. Hence Apple Mail and sometimes Preview would crash when dealing with this PDF.
  • Norton Internet Security for Mac version 4 is only for OS X up to Snow Leopard. OS X Lion requires Norton Internet Security for Mac version 5. It’s a shame neither NIS nor Lion knew this.
  • Norton Internet Security probably hadn’t updated its virus definitions in the previous week because I was travelling a fair bit and was probably offline at the scheduled time.

I determined all this while I was running backups. It’s always sensible to make sure your backups are in order before doing any significant technical work.

I discovered that:

  • Copying the 400GB of Time Machine backups of my old MacBook Pro from one external USB drive (pocket sized) to another (bulkier, for archiving) using the Finder took more than 7 hours.
  • Creating the initial Time Machine backup of my new MacBook Pro on the pocket USB drive, some 220GB of data, took a little over three hours.
  • Encrypting that 640GB USB drive took 14.5 hours.

In hindsight, I suppose I should have checked software compatibility when transferring everything from the dead Snow Leopard machine to Lion, but then it did flag other stuff as incompatible so I assumed… yeah, I know.

Posted on

Live Blog: How pwned am I?

Uhoh. My MacBook Pro may have been hacked. I’ve already done a bit of troubleshooting, but this looks like it’s going to be A Thing, so I’ve decided to liveblog it. And here’s the liveblog.

The brief version is that Apple Mail crashed when it tried to open a particular email message dated 4 November, one containing a PDF file. Consistently. So I thought I’d do a virus scan on it.

That’s when Norton Internet Security reported that LiveUpdate was missing pieces, and I saw that it hadn’t checked for updates since… 4 November. Eek.

Now all the action would have happened on my battered old MacBook Pro running OS X 10.6 Snow Leopard. That computer finally died of motherboard failure on 11 November and I replaced it with a fresh OS X 10.7 Lion machine on 12 November.

However I did just transfer everything across using Apple’s migration tool, rather than freshly installing all the software and just copying the data, so… well… who knows what the hell is going on?

Deep in my heart I suspect that it was just bugginess and a dying computer, copied badly to a new computer. I hope.

If you want to follow or even help, the liveblog is over the jump.

[Update 11.20pm: Things may not be as bad as I thought. It turns out that Norton Internet Security for Mac version 4.x is only compatible for OS X up to version 10.6 Snow Leopard. There’s NIS version 5.x for OS X 10.7 Lion. It looks like it’s a straightforward software compatibility problem, and the lack of updates could be because I was travelling that week and the computer was offline when updates were scheduled. If this is all the case, I’m a bit disappointed that the software itself couldn’t figure this out.]

Continue reading “Live Blog: How pwned am I?”

Posted on

Weekly Wrap 66: Kuala Lumpur: haze, hackers, food aplenty

A weekly summary of what I’ve been doing elsewhere on the internets. Most of the week was spent in Kuala Lumpur, my first visit. I’ll write more about that anon.

Podcasts

  • Patch Monday episode 104, “Can security ever beat PEBKAC?”. A conversation with Paul Ducklin, head of technology for the Asia-Pacific region with Sophos, and Chris Gatford, proprietor of Hack Labs, a specialist in penetration testing.

Articles

Further material from the Kaspersky Lab event is appearing from today.

Media Appearances

None.

Corporate Largesse

  • On Tuesday I had lunch at Ocean Restaurant, Cockle Bay Wharf, thanks to Check Point. There’s some material from the conversations there that will appear in the next few days.
  • On Tuesday night I travelled to Kuala Lumpur thanks to Kasperky Lab. Their largesse included flights and airport transfers; meals and accommodation at Le Meridien; an evening sightseeing trip to Putrajaya including dinner on a cruise boat; a Kaspersky-branded leather document case, rather nice actually; Kaspersky-branded USB-powered speakers; and a t-shirt. I declined the offer of an all-day sightseeing tour on Friday because I had work to do.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Kuala Lumpur skyline, shrouded in haze, photographed with my battered HTC Desire from the 14th floor of Le Meridien, KL Sentral. It’s like this pretty much all day, what with the Indonesians burning down the rainforests and all. The photo doesn’t do the scene justice. I have since obtained a decent camera.]

Posted on

Talking LulzSec/Anonymous vs PayPal on TripleJ’s Hack

On Wednesday afternoon, LulzSec and Anonymous joined forces to encourage people to boycott PayPal by withdrawing their money and closing their accounts.

The back story is that PayPal has cut off WikiLeaks’ account, meaning that people could no longer donate money to WikiLeaks via PayPal. Anonymous launched distributed denial of service (DDoS) attacks against PayPal. Last week the FBI and others arrested people alleged to have been responsible for those attacks. So this week, the boycott of PayPal.

The joint statement by LulzSec and Anonymous makes for interesting reading. It describes DDoS attacks as “ethical, modern cyber operations”. Such things are actually a criminal act, despite what Anonymous may imagine the law to be. “Law enforcement continues to push its ridiculous rules upon us,” they write, when it’s not law enforcement who makes the laws, but governments.

The call for the boycott was unfolding as Triple J’s current affairs program Hack was going to air, and I phoned in a report. Here’s the audio.

Podcast: Play in new window | Download (1.7MB)

I found it interesting that presenter Tom Tilley responded to my comment that DDoS is a crime by saying “Yeah I imagine there’d be people with lots of different points of view about what they’re doing and whether it’s indeed lawful.”. Personally I reckon the law in this is pretty clear. Pandering to their audience?

The audio is ©2011 Australian Broadcasting Corporation. It has been extracted from the full program audio [MP3].

Posted on

Weekly Wrap 59: Making paragraphs while the rain pours

A weekly summary of what I’ve been doing elsewhere on the internets. While Sydney dealt with its wettest July since 1950, I was at the Bunjaree Cottages in Wentworth Falls, writing and writing and writing and writing. And talking on the radio.

“Make hay while the sun shines,” goes the old saying. But for a writer, it’s about making paragraphs while the rain pours. Being stuck indoors with a magnificent view really helps.

Podcasts

Articles

Media Appearances

Corporate Largesse

None. But there’ll be plenty next week. I’ll tell you more about that later this morning.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Potholes on Frenchmans Road, Wentworth Falls, photographed on 20 July 2011. This is a slightly modified version, here’s the original.]