•    
  •  
Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Opener's Existence Encourages Password Care

Opener's Existence Encourages Password Care -- Over the last few days, news of a malicious shell script known as "Opener" has appeared on MacInTouch, and several news organizations picking up the report have incorrectly started calling it a virus. It's not a virus, and frankly, it's not even that big of a concern. Opener is a shell script that, if installed and activated on a Mac, turns on file sharing and remote login, disables the firewall, extracts passwords, creates an admin-level user, installs a password sniffer, and more. That sounds bad, but Opener can't do any of these things unless someone with an administrator password or physical access to the Mac installs and runs it. More to the point, if someone has your administrator password or physical access to your Mac, Opener is just one of many possible worries.

<http://www.macintouch.com/opener.html>

So, unpleasant though it is, Opener doesn't really change much about maintaining a secure Mac. Make sure to install Apple's security updates as they're released, since some plug holes that could allow the necessary root access for a cracker. Be sure your administrator password can't be guessed easily. And most important, never enter your administrator password when prompted unless you know why it is being requested and trust the source of the request (a Trojan Horse carrying Opener could be extremely dangerous). In my mind, this is Apple's largest mistake with security; I'm prompted for my administrator password so often that it's easy to enter it reflexively, without considering who's asking and why. [ACE]

 

TextExpander: Communicate smarter. Accuracy and consistency
wherever you type. Insert “snippets” of text from a repository of
boilerplate, emails and other text. Seamless sharing between you
and your team on Mac, Windows, and iOS <http://smle.us/newte-tb>