About Me
My name is Paul Bissex, and e-scribe.com is my consulting business. I build web applications using as much open source software as possible. From September to June I teach web design and other important non-photographic professional skills to photographers. In the '90s I wrote technology commentary and reviews for magazines, newspapers, and web publications, including Wired, Salon.com, FamilyPC, the late lamented Web Review, and the Chicago Tribune. Feel free to email me.
Book
I'm co-author of "Python Web Development with Django", an excellent guide to my favorite web framework. Its strong points include an introduction to Python, and better coverage of Django 1.0 than nearly anybody else. Published by Addison-Wesley, it is available from Amazon and your favorite technical bookstore as well.
Colophon
This runs on Django, served by Apache and mod_python. The database is SQLite. The operating system is FreeBSD, on a VPS hosted at Johncompanies.com. Comment-spam protection by Akismet. Vintage topo imagery from the Maptech archive. The markup engine is Markdown.
Pile o'Tags
Stuff I Use
Akismet, del.icio.us, Django, dpaste.com, Emacs, FreeBSD, Freenode, jQuery, LaunchBar, MacPorts, Markdown, Mercurial, OS X, Postfix, Python, SQLite, Subversion, TextMate, Trac, Ubuntu Linux, wmii
Spam Report
At least 59020 pieces of comment spam killed since January 2008, mostly via Akismet.
The dawn of OS X malware
It's been almost five years since the release of OS X 10.0.0, and along the way there's been very little to worry about in the way of malware. That changed last week with the announcement of a trojan that propagates via iChat in a semi-automated way, then a Java worm that attempts to disseminate itself via Bluetooth.
Both of these are relatively innocuous, but there's not much standing in the way of copycat efforts with more dangerous payloads.
It's a good time to get familiar with ClamXav, the open source anti-virus package.
That's the thing -- I don't think these get anywhere near what a more determined, careful, and/or mean perpetrator might accomplish. My advice about installing ClamXav is definitely about the (presumed) next wave, not this one.
Post a comment
Comments use Markdown syntax. Your comment will not appear until approved, which may take a few hours or more. Spammers will be torpedoed.
Search
Twittering
Recent Posts
SPF-enabled spam domains
1 comment
Chess via iPod
2 comments
Aesthetics and computation
2 comments
robots.txt via Django, in one line
4 comments
Recent Comments
zoot
Offsite, online backup: rsync.net
16 days ago
Craig
Bicycle Repair Man bundle for TextMate
24 days ago
Fazal Majid
SPF-enabled spam domains
29 days ago
Adrian Holovaty
Chess via iPod
53 days ago
Alexander Kahn
Aesthetics and computation
58 days ago
Feeds
RSS feedAtom feedOlder Posts
Credits
Copyright 2009
by Paul Bissex
and E-Scribe New Media
OS X malware? It's a social engineering hack, if anything at all.
The first: 1. It doesn't disguise the fact that it's an application, other than saying it's a tarball of pictures. 2. It asks for your password to install itself. 3. If you're not an admin user, it does nothing.
malware usually uses some kind of trickery to install itself, other than REALLY dumb users.
The second hasn't actually been seen in the wild, and expires on thursday.
I realize that this is something of a huge deal for a platform that hasn't seen an attack yet, but if this is anywhere near the cream of the crop for black-hat exploits, I'm still not worried.