Tags: access, keychain, macosx, pubsubagent, safari, safari 4, security
3 comments
[Safari 4] PubSubAgent wants access to KeyChain
But I have no reason to give it that access. This is a Safari 4 thing, I think. It keeps giving me a popup asking permission to access KeyChain for the login details of some internal website of ours. I don’t use anything from PubsubAgent, so have no reason to give access, but when I click “Deny”, it just gives me the same dialog again. Very annoying.
After some searching, I found the solution by disabling RSS in Safari. I use NewsFire for reading those, so this is a good enough workaround for me.
If anyone else has the same trouble, this is the command to disable RSS in Safari:
defaults write com.apple.Safari DebugSyndicationEnabled 0
If only Apple would add a “Never allow” button to that window, it might be something useful…
Botnet from pirated Windows 7
This is funny in so many ways, I’m not even going to describe it. And people wonder why more and more people are switching their desktop to Linux or Mac OS X…
Security is hard
Just got an email form one of our customers asking if it was possible to use an encrypted password in PHP for connecting to MySQL. So that instead of doing something like:
$connection = mysql_connect(host,user,pass);
He wanted to do something like:
$connection = mysql_connect(host,user,encrypted_pass);
Which is of course not very useful (since you could use the encrypted string just like any other normal password, so there’s no added security). We come across these kinds of notions quite often, people want to use encryption for security, but the way they use it makes it kind of useless.
A few years ago we had a customer who wanted a fully secured machine, from boot onwards. This so he could sell appliances without giving his customers easy access to the operation system and application. He wanted an encrypted hard disk. But if you use standard x86 based hardware, you have no way to store an initial secret. Even if you’d embed the password somewhere in the bootloader, it’s still somewhere on that machine.
Security is hard to do well. I wish people would start by simply applying best practises, like setting safe file permissions. Encryption is often not very useful if you want parts of an application to actually access the data without the user entering the password of that encrypted data.
Security guru predicted consequences of 9-11
I’m probably not the first to post this on the Internet, but here goes anyway.
From Bruce Schneier‘s Applied Cryptography, which was written in 1996:
“Imagine a major terrorist attack in New York; what sorts of limits on the police would be thrown aside in the aftermath?
Schneier on Security: Sony’s DRM Rootkit: The Real Story
You might think Schneier is overreacting and blowing things up, but once again, I think he exactly hit the right spot. Read his article: Schneier on Security: Sony’s DRM Rootkit: The Real Story
Yet another reason to… Well, you fill in the blanks.
