Security
Telstra Next G Card Working with Mac OS X 10.6 Snow Leopard…
by Rodney Campbell on Nov.17, 2009, under Security
This post is an update to a previous blog entry on getting the 3G Express card working under 10.5 Leopard.
The steps for doing this are essentially the same as my previous entry with one additional step at the start (installing the Option GlobeTrotter Connect For Mac Software for 10.6) and ticking the new item which appears on the Network Configuration page at the end (Show modem status in menu bar).
OS X on an MSI Wind – Initial Theory…
by Rodney Campbell on Feb.05, 2009, under Life, Security, Technology
I’ve been researching what would be involved in putting some form of Mac OS X on my new MSI Wind netbook and there appear to be two major mechanisms one could use.
First some background on the OSx86 scene…
Hackintosh (or PC running OSx86), is the idea of putting the Mac OS X operating system on regular (non Apple) PC hardware using a variety of patches. Provided you use compatible hardware, you can create a pretty stable Mac clone – however there is likely always something which doesn’t 100% work correctly.
Some good background links and sites for this include:
Installing OS X on a NetBook has been gaining popularity with the rising popularity of NetBooks in general and if you are interested in general in this space then BoingBoing has an excellent OS X netbook compatability table indicating which netbooks are most compatable with OS X installs and what features work with each.
There are basically two main methods for installing OS X onto a PC…
The older original method to install OS X on non apple hardware was to use a premodified OS X (with patched kernels and patched extensions) installation disc to load OS X onto the machine. To this end a number of distributions have been released with various names like Kalyway, ToH, iATKOS, Leo4All and iPC. In the case of the MSI Wind this culminated in a release specifically for it so the best release for this type of mechanism was to obtain the MSIWindOSx86 ISO distribution (this is actually a slipstreamed boot-132+EFI method install – see below) which allows you to just boot the DVD and install (10.5.4).
Some good links for this method on the Wind include:
- Paul’s complete guide to installing OSX Leopard on your MSI Wind
- UnOfficial Guide: Mac OS X 1 Partition, Everything You Need
- The Creation of a Hackintosh and How To: Dual Booting the MSI Wind
- MSi Wind OSX86 Install [Driver Pack]
Disclaimer: This first method more than likely violates various laws given that you need to download a hacked pirated version of Apple’s OS X operating system to do it.
The primary reason these hacked builds were required was because “real” Intel Mac’s have EFI (Extensible Firmware Interface) and not the BIOS used in (Windows) PC’s. This is what allows the Mac to work like a Mac and be recognized like a Mac. However netkas developed a PC EFI system where the EFI code is injected into the bootloader, making OS X think that you are using a real Mac. This allows for the installation of default Apple extensions and kernels (VANILLA kernels) from the standard retail Leopard DVD. It also means that you can update your software directly from Apple software update without damaging it.
The second major recent innovation was when David Eliott (DFE) developed his modified boot-132 bootloader. It acts like a linux kernel (patched syslinux was used) bootloader which load kexts (Kernel Extensions) from an .img file (the ramdisk or initrd, as it’s known by the linux users) which contains kexts (or even an mkext) and boots OS X (the standard retail Leopard) and all the special custom files needed to boot live in the bootloader.
Short digression – What is the Kernel? – this is basically the core of the operating system and on OS X it is /mach_kernel. What are Kernel Extensions? – these live in /System/Library/Extensions on a standard Leopard install (and they are really folders of files disguised as files on OS X) – and you can think of them as drivers which allow for hardware support in the kernel and are dynamically loaded. In the case of OSx86 they may replace Apple’s original or add new support for hardware in the non Apple PCs.
So the new install method is called “boot-132” and some good links for this method on the Wind include:
- Retail DVD Install (with driver pack)
- Macbook Nano
- Clear & Easy Retail DVD Installation for everyone
- Leopard Retail DVD Install
- Retail Leopard Install with Boot-132-Chameleon w/ EFI-strings Loader
Disclaimer: This second process potentially violates Apple’s End User License Agreement for Mac OS X. Please ensure you own a copy of Mac OS X Leopard if you wish to follow the procedure.
The following are some other excellent Hackintosh and MSI Wind related resources:
2008.02.08 Daily Security Reading
by Rodney Campbell on Feb.08, 2008, under Security
MayDay! Sneakier, More Powerful Botnet on the Loose
A new peer-to-peer (P2P) botnet even more powerful and stealthy than the infamous Storm has begun infiltrating mostly U.S.-based large enterprises, educational institutions, and customers of major ISPs.
The popular open source privacy tool, TrueCrypt, has just received a major update. The most exciting new feature provides the ability to encrypt an entire drive, prompting the user for a password during boot up; this makes TrueCrypt the perfect tool for non-technical laptop users (the kind who are likely to lose all of that sensitive customer data). The Linux version receives a GUI and independence from the kernel internals, and a Mac OS X version is at last available too.
Google Blamed For Indexing Student Test Scores & Social Security Numbers
Heads Up Internet Explorer Users
A plug-in for Microsoft’s Internet Explorer Web browser that helps users upload photos to popular sites such as Facebook and Myspace contains multiple security holes.
When Security Improvements Backfire
Recently, when conducting an (authorized) security review at a small web hosting provider, I ended up as “root” on all their Unix systems within a matter of hours, and did not even need any l33t buffer overflow or the like. Well-meaning system administrators had tried to improve security of their servers, and had unwittingly ended up making life much easier for the bad guys.
2008.01.30 Daily Security Reading
by Rodney Campbell on Jan.30, 2008, under Security
Report – 51 Percent Of Malicious Web Sites Are Hacked
The number of legitimate Web sites that have been hacked and seeded with code that tries to infect visitors PCs with malware now exceeds the number of sites specifically created by cyber criminals.
Symantec reported Tuesday that the first case of drive-by pharming, in which a hacker changes the DNS settings on a customer’s broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank.
Spies In the Phishing Underground
Security researchers Nitesh Dhanjani and Billy Rios, who recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites turned into an extraordinary tour through the ecosystem that supports the business of phishing.
2008.01.16 Daily Security Reading
by Rodney Campbell on Jan.16, 2008, under Security
Retrospective: 10 Security Blunders
Every year gets its share of major, jaw-dropping security blunders. This is a retrospective for the 21st century so far, with special attention on 2007.
Zero-Day Exploit For Apple’s QuickTime Posted
Vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software.
Polish teen derails tram after hacking train network
The 14-year-old modified a TV remote control so that it could be used to change track points.
Malware Distribution Through Physical Media a Growing Concern
In the past month, at least three consumers have reported that photo frames – small flat-panel displays for displaying digital images – received over the holidays attempted to install malicious code on their computer systems.
Most Home Routers Vulnerable to Flash UPnP Attack
GNU Citizen have been researching UPNP Vulnerabilities in home routers, and have produced a flash swf file capable of opening open ports into your network simply by visiting an unfortunate URL.