Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Update 2006-008 Available

I

iowamensan

macrumors 6502
Feb 19, 2006
312
2
I just wish Remote Desktop had the ability to view the iSight image. In a lab situation, I can already watch what they have on the screen, let me see who is sitting at it.
 
SeaFox

SeaFox

macrumors 68030
Jul 22, 2003
2,621
954
Somewhere Else
iowamensan said:
I just wish Remote Desktop had the ability to view the iSight image. In a lab situation, I can already watch what they have on the screen, let me see who is sitting at it.
Click to expand...

That's a pretty cool idea, but I think most users would find it a bit too Orwellian.
 
MrCrowbar

MrCrowbar

macrumors 68020
Jan 12, 2006
2,234
519
SeaFox said:
Since the camera only has to be on long enough to capture an image, it could take a still image and only be on as long as the "shutter", which might be hard to catch if you're not paying attention. One of those things where you might "think you saw it" but then convince yourself you were imagining things.
Click to expand...

I googled a tool that does this a while ago. It has the light lit for just one second and it took a good picture. I could imagine a tool that takes your picture only when you're not actively using your computer. Imagine a screensaver that uploads the iSight input once in a while.
 
eric_n_dfw

eric_n_dfw

macrumors 68000
Jan 2, 2002
1,517
59
DFW, TX, USA
iowamensan said:
I just wish Remote Desktop had the ability to view the iSight image. In a lab situation, I can already watch what they have on the screen, let me see who is sitting at it.
Click to expand...

That should be pretty easy to do for them since the new iChat in 10.5 will have a similar functionality.
 
M

mattster16

macrumors 6502a
Apr 18, 2004
743
489
iowamensan said:
I just wish Remote Desktop had the ability to view the iSight image. In a lab situation, I can already watch what they have on the screen, let me see who is sitting at it.
Click to expand...

I see your point, most computer labs already have cameras, so this is just another. It is still a little creepy though to think someone could be looking at you...face on from 3 feet away.
 
L

Links

macrumors member
Oct 18, 2003
58
0
Hollywood North
Applied the security update and the O'Reilly page

http://www.oreillynet.com/lpt/wlg/7409

STILL captures my web cam, not an iSight. Live video, not just a still.
iChat is not running and no images on my desktop.
Using a DV Camcorder as web cam.
Not only that, but it captures the live video output of my BlackMagic video capture card when I'm not using a camera!!
 
koobcamuk

koobcamuk

macrumors 68040
Oct 23, 2006
3,195
9
IEatApples said:
Hehe... Scary bug. :)

Oh, and it's 2,7 MB on my iMac G5, and you need to restart!
Click to expand...

My iMac doesn't have an iSight so I won't be doing this. My uptime is 16 days on the iMac and 21 days on the MacBook so I won't be doing this. I couldn't give a damn if someone watched me on my MacBook anyway. They'd see my office and that's about. Occasionally the side of my head.

My girlfriend doesn't like the black dot at the top (the actual isight) so she covered hers up with a white sticker.:D
 
invalidname

invalidname

macrumors member
May 1, 2003
64
9
Grand Rapids, MI
The O'Reilly blog does not show the actual exploit

Links said:
Applied the security update and the O'Reilly page

http://www.oreillynet.com/lpt/wlg/7409

STILL captures my web cam, not an iSight. Live video, not just a still.
iChat is not running and no images on my desktop.
Using a DV Camcorder as web cam.
Not only that, but it captures the live video output of my BlackMagic video capture card when I'm not using a camera!!
Click to expand...

Hi. I'm Chris Adamson, the author of the blog you're quoting, and I want to clarify that the blog does not constitute a test of the exploit. It will continue to work even after you've applied the security patch.

The page does one thing: it shows that a Quartz Composer composition can turn on your camera. This is not a security issue in and of itself, because the image from the camera is only used locally (ie, shown in the web page). This example uses the QuickTime plug-in to put the Quartz Composer composition, saved as a QuickTime "movie", in a web page.

The actual exploit uses a second technology, QuickTime for Java, to load the Quartz Composer movie into a Java applet. Once it does this, the applet can then get the image from the camera and then upload it to a server.

Apple's security fix only disallows this combination. It prohibits "unsigned" applets (those that don't assert the identity of their authors and ask for insecure access to the system) from loading Quartz Composer compositions. Therefore, the applet cannot load the movie that turns on your camera. Note that signed applets, and full-blown double-clickable QTJ applications, are assumed to have full access to your system and thus can still load QC compositions.

So now you know. And knowing is half the battle. :D

--Chris
 
madmax_2069

madmax_2069

macrumors 6502a
Aug 17, 2005
886
0
Springfield Ohio
invalidname said:
So now you know. And knowing is half the battle. :D

--Chris
Click to expand...

GI-JOE

i had to :D

i hope that all of this will make apple to make OS X more secure. the bad is that some one could use this before apple has released a patch for it. but its good to se apple did do something with this one as soon as they could. the only thing that worries me of this is a security update breaking something and or not allowing OS X to properly function or boot up. but all seems good so far that apple is on top of things. i dont have a iSite but i do have a web cam.
 
savar

savar

macrumors 68000
Jun 6, 2003
1,950
0
District of Columbia
longofest said:
However, I hesitate to say 100% definitive statements like "no way". For instance, what if the LED actually burns out or looses contact?
Click to expand...

I agree in principle. "100%" statements are NEVER true.

But....the LED is one of the last things that will fail in your computer. LEDs -- operated under proper electrical conditions -- have absurd lifespans. The electrolytic caps on your mobo will fail decades before that LED burns out.

Edit: I'm using IE7 here at work to post this....For some reason when you select text in IE7, it expands your selection to the right, and whenever I'm editing a QUOTE block it chops of the "[/" of the closing tag. This happens on *every* forum I read because they all use the same markup syntax....its so annoying. I'm constantly having to edit posts to put those two characters back in.
 
longofest

longofest

Editor emeritus
Jul 10, 2003
2,925
1,695
Falls Church, VA
invalidname said:
Hi. I'm Chris Adamson, the author of the blog you're quoting, and I want to clarify that the blog does not constitute a test of the exploit. It will continue to work even after you've applied the security patch.

The page does one thing: it shows that a Quartz Composer composition can turn on your camera. This is not a security issue in and of itself, because the image from the camera is only used locally (ie, shown in the web page). This example uses the QuickTime plug-in to put the Quartz Composer composition, saved as a QuickTime "movie", in a web page.

The actual exploit uses a second technology, QuickTime for Java, to load the Quartz Composer movie into a Java applet. Once it does this, the applet can then get the image from the camera and then upload it to a server.

Apple's security fix only disallows this combination. It prohibits "unsigned" applets (those that don't assert the identity of their authors and ask for insecure access to the system) from loading Quartz Composer compositions. Therefore, the applet cannot load the movie that turns on your camera. Note that signed applets, and full-blown double-clickable QTJ applications, are assumed to have full access to your system and thus can still load QC compositions.

So now you know. And knowing is half the battle. :D

--Chris
Click to expand...

Thanks for clearing that up, Chris. I was about to, but I guess its a bit more authoritative coming from you :)
 
L

LastZion

macrumors 6502a
Apr 13, 2006
582
14
anyone elses airport wack now? Mine is terrible, disconnects all day. I have done a few reboots since, and its terrible.
 
Windowlicker

Windowlicker

macrumors 6502a
Feb 17, 2003
713
1
Finland
The first time I got problems from a security update (I assume it's the update that's doing this):

a) Computer doesn't sleep anymore; the fans keep spinning and the computer doesn't respond to anything.

b) Volume control buttons don't function anymore. The system recognizes if they're pressed (visual sign), but they don't do anything.

DAMNIT!
 
S

scott523

macrumors 6502a
Sep 8, 2006
870
128
Saint Charles, MO
This update really sucked. It wiped out the iSight camera off my MacBook! At first I was about to panic and everything but I had to do an SMC reset to get it back. :mad:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom