shell scripts

Apr 27 2009

Skin Websites, Save Directory Listings and Script your Services Menu

Camino consistently scores in speed and native Cocoa goodness, but often gets left behind by the add-on functionality of its older brother Firefox.

Thanks to an easy hack and tons of user-contributed scripts, you can emulate some of the most popular abilities of Firefox’s most flexible extension: Greasemonkey.

Userstyles.org has a huge repository of css scripts that reshape your favorite websites – from bloglines to IMDB. While these are easily added using a Firefox extension, they can also be added to Camino by pasting the scripts (minus the first namspace line) into a userContent.css in your /Library/Application Support/Camino/chrome folder.

greaderskin Skin Websites, Save Directory Listings and Script your Services Menu

(Above is an example skin for Google Reader that is Aqua-licious)

Java Embedding Plugin

While we’re putting Camino on equal ground with other browsers, we can grab this Open Source plugin to enable newer versions of Java in Camino (or Firefox). While Safari uses the most recent versions of Java are exclusive to Safari, without the above plugin other browsers are left with outdated code. No more!

ThisService

ThisService will turn shell scripts and AppleScripts into system-wide services. You can use these scripts to enter text, transform text or send it to another application. The best example John Gruber’s Markdown (a custom markup language that can be transformed into fully formatted text). For more, see the resources page.

Shindler

Keep directories full of project files that you’d love to catalog? Shindler is a simple application that will create a text file listing the contents of a directory (and its sub-directories). Its as easy as drag and drop. Supported on Tiger, but worked on my Panther machine.

Brian

By admin • Articles, Freeloader Friday Download of the Week Comments Off • Tags: , , , , , , , , , , , , , , , , , , ,

Feb 24 2006

Intego warns of another way to compomise a Mac…. metadata

It seems that we can’t go a few days before someone warns of a possible way that a hypothetical someone might conceivably exploit an obscure flaw in Mac OS X. So far none of these warnings has amounted to much save for a bit of paranoia from Mac users and a lot of unwarranted glee from jealous PC users.

It’s been a couple of days since the Safari shell script vulnerability (zero-day exploit) was described, so it must be time for another doomsday scenario to be revealed…The Mac OS X Metadata Exploit…
I received the following from Intego this morning:

Exploit: Mac OS X metadata exploit

Discovered: February 24, 2006

Risk: Critical

Description: Compressed archives can contain resource forks and HFS metadata stored in an invisible “__MACOSX” folder. Data contained in these resource forks and HFS metadata can mask the real type of a file in the archive, causing shell scripts to execute if users double-click such files.

The risk inherent in this exploit is that any compressed archive may contain such resource forks and metadata, and that decompressing an archive and double-clicking a resulting file can execute a shell script contained in the invisible __MACOSX folder.

Safari users who have not turned off auto-execution of “safe� files will download the malicious Zip archive, which will then execute. Even if this option is turned off, the Zip archive will download, and a user may double-click it to decompress it, then double-click its contents, causing the file to execute.

An additional exploit has been discovered, by which a malicious user can hack a web site, and add a script to a page that will generate a zip archive containing executable code. A user merely needs to visit a web page: the script actually creates the zip archive; the file itself does not need to be on the hacked server or any other server.

The ramifications of this are quite serious. While the first example above requires that a user double-click a file twice (if auto-execution of “safe� files is turned off), in the second case, users may go to a website where they expect to download legitimate files (zipped graphics, video, or even applications), and end up with a potentially dangerous executable.

When clicking on a link for a legitimate download, the script generates a zip archive that the user expects to receive. The user then decompresses the archive and expects the resulting file (an image, video or application) to be a graphic or application.

Means of protection: The first way to protect against this exploit is to uncheck the option Open “safe� files after downloading, found in Safari’s General preferences. (This option is on by default, and Mac OS X would be more secure if it were set to off.) But to fully protect against the possibility of accidentally executing code in a file downloaded intentionally, Intego VirusBarrier X and X4, with their virus definitions dated February 23, 2006, offer protection from this type of hidden executable file.

Scared? Don’t be.

This is just a warning of a possibility. We have nothing to fear but anti-virus companies plotting to profit from your fear itself. There have been no reports of anyone actually being infected or harmed by a malicious file leveraging this exploit. Do not be alarmed.
Note:

By admin • General News, News, troubleshooting Comments Off • Tags: , , , , , , , , , , , , , , , , , ,