Tag Archives: security


Gestern wollte ich während eines Bestellvorgangs mit PayPal bezahlen als ich feststellte, dass mein PayPay-Sicherheitsschlüssel nicht mehr funktionierte. Egal wie oft ich den Knopf zur Anzeige eines Sicherheitscodes drückte, das Display blieb ohne Funktion, das Gerät war wie “tot”.

Es handelt sich bei meinem Modell noch um den ursprünglichen Schlüssel (und nicht den neuen im Kreditkartenformat), der eine gewisse Ähnlichkeit mit den ersten RSA SecurID-Tokens hat:

Das Teil war jetzt über sechs Jahre alt, daher ging ich davon aus, dass schlicht und einfach die Batterie leer war. Da ich nicht riskieren wollte dass mein Bestellvorgang wegen Inaktivität abgebrochen wurde, wollte ich den Schlüssel möglichst schnell “reparieren”. Continue reading PayPal-Sicherheitsschlüssel

ARDAgent exploitable locally

I was pointed by a colleague that ARDAgent can be exploited locally to gain “root” privileges under MacOS 10.4 and 10.5. A quick search on Google turned up this post on Macworld that gives some details about this issue.

To check whether you’re vulnerable type the following in a Terminal window:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

And if it says root you are vulnerable. To quickly protect you type the following:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

TrueCrypt for Mac

I was very happy to see that there’s TrueCrypt for the Mac, a disk encryption tool I really like and use since a long time on my Windoze PC.

Quickly I installed it. The installation went smoothly, and a quick test was successful. However, when I played some more with it, I found a strange oddity which I couldn’t clarify myself. I doubt that it’s because I’m a new Mac user, but I rather think it’s a quirk in TrueCrypt. Let’s see whether anyone can reproduce the issue, and whether it will be fixed (shortly). :)

Anyway, this is a tool that you should definitely use when you have confidential data on your laptop.

GPG with IDEA on the Mac

One of the first things I did when I got my new Mac was install Mozilla Thunderbird, the invaluable EnigMail extension, which is a very easy-to-use frontend to GNU Privacy Guard (GPG), and of course GPG itself.

All went very smoothly, and to check whether the installation was fine I tried to opened an encrypted message which I had received some days ago. Unfortunetly GPG couldn’t decrypt the message. A quick look at EnigMail’s console window told me that the message was encrypted using IDEA, and that the version of GPG I had installed was lacking support of that encryption algorithm.

Continue reading GPG with IDEA on the Mac