[Newsletter] MacWorld, Information Source Credibility,
Tiger Client networksetup and AirPort Bug
Paul Suh
paul.suh at ps-enable.com
Tue Dec 11 23:20:27 EST 2007
Folks,
MacWorld 2008
-------------------------
Just a little plug, I'm going to be speaking at a session on
Application Sandboxing on Friday, January 18 at 10:45 AM. I'll be
covering why you would want to do this, how it's done, and how you
can take advantage of sandboxes. A kind gentleman has actually put
the entire MacWorld schedule up in iCal form at:
<http://www.pixelography.com/>
Also, the IDG folks have put up a social networking page on Ning:
<http://macworldexpo.ning.com/>
If you're coming, I'll see you there!
Information Source Credibility
---------------------------------------------
While we're on the subject of security, it seems like a good time to
step back and take a look at how you might evaluate the credibility
of an information source. I read an Op-Ed by Joshua Bolton (the
former U.S. ambassador to the U.N) this morning that was attempting
to minimize the impact of the National Intelligence Estimate that
stated that Iran had suspended its nuclear weapons program two years
ago. I have to say that I can't believe a word that he says, based on
his previously expressed views and statements.
This got me to thinking: what are some useful criteria for evaluating
new security information, such as warnings about new attacks on your
computer systems. When you run into any information about an issue
(any issue really, but especially security), it's useful to ask:
1) What are the incentives of the source?
2) What is the source's track record? What biases has the source
shown in the past?
3) What elements of the story can you corroborate? What elements of
the story has the source omitted? If you assume the opposite of these
elements from what the source states or presumes, how would that
change your conclusions?
4) What do you know about the technical feasibility of the story?
5) What are the opinions of other knowledgeable people?
Looked from this angle, a lot of the security warnings about Mac
viruses and worms from the past couple of years are of dubious value.
That said, some of the more recent holes, especially the current
QuickTime RTSP header vulnerability, really are worth serious concern.
Tiger Client networksetup and AirPort Bug
---------------------------------------------------
Buried deep in the System folder is the networksetup command line
tool, part of the Apple Remote Desktop client package. It's at:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/
Support/networksetup
This allows you to change any of the network settings from the
command line -- like from a shell script. Run it with the flag --help
to see all of the dozens of options.
On Tiger client systems only, there is bug in this tool. (It does not
apply to Tiger server, which has its own separate networksetup tool
in /usr/sbin, and it's fixed in Leopard.) No matter what command you
give it relative to the AirPort settings, it always comes back with
the error message:
AirPort Power: Off
However, there's a separate, equally undocumented binary at:
/System/Library/PrivateFrameworks/Apple80211.framework/Resources/
airport
This will let you manipulate the AirPort settings from the command
line, and has even more options than the networksetup command. If you
use the --password option with the --associate=<network name>
command, it will put the network password into the System keychain.
--Paul
Paul Suh
http://www.ps-enable.com/
paul.suh at ps-enable.com (240) 672-4212
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2615 bytes
Desc: not available
Url : http://lists.ps-enable.com/pipermail/newsletter/attachments/20071211/8785bb98/smime.bin
More information about the Newsletter
mailing list