•    
  •  
Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Opener's Existence Encourages Password Care

Opener's Existence Encourages Password Care -- Over the last few days, news of a malicious shell script known as "Opener" has appeared on MacInTouch, and several news organizations picking up the report have incorrectly started calling it a virus. It's not a virus, and frankly, it's not even that big of a concern. Opener is a shell script that, if installed and activated on a Mac, turns on file sharing and remote login, disables the firewall, extracts passwords, creates an admin-level user, installs a password sniffer, and more. That sounds bad, but Opener can't do any of these things unless someone with an administrator password or physical access to the Mac installs and runs it. More to the point, if someone has your administrator password or physical access to your Mac, Opener is just one of many possible worries.

<http://www.macintouch.com/opener.html>

So, unpleasant though it is, Opener doesn't really change much about maintaining a secure Mac. Make sure to install Apple's security updates as they're released, since some plug holes that could allow the necessary root access for a cracker. Be sure your administrator password can't be guessed easily. And most important, never enter your administrator password when prompted unless you know why it is being requested and trust the source of the request (a Trojan Horse carrying Opener could be extremely dangerous). In my mind, this is Apple's largest mistake with security; I'm prompted for my administrator password so often that it's easy to enter it reflexively, without considering who's asking and why. [ACE]

 

Backblaze is unlimited, unthrottled backup for Macs at $5/month.
Web access to files means your data is always available. Restore
by Mail allows you to recover files via a hard drive or USB.
Start your 15-day trial today! <https://www.backblaze.com/tb>