Are you over 18 and want to see adult content?
More Annotations
A complete backup of https://ramin.kz
Are you over 18 and want to see adult content?
A complete backup of https://metabolon.com
Are you over 18 and want to see adult content?
A complete backup of https://americanimmigrationcouncil.org
Are you over 18 and want to see adult content?
A complete backup of https://trippydelics.ca
Are you over 18 and want to see adult content?
A complete backup of https://antiquesworld.co.uk
Are you over 18 and want to see adult content?
A complete backup of https://hannover-concerts.de
Are you over 18 and want to see adult content?
A complete backup of https://mindviewllc.com
Are you over 18 and want to see adult content?
A complete backup of https://vietnambrideonline.com
Are you over 18 and want to see adult content?
A complete backup of https://imoves.com
Are you over 18 and want to see adult content?
A complete backup of https://thenorthfacejacket.com.co
Are you over 18 and want to see adult content?
A complete backup of https://advance-esthetic.us
Are you over 18 and want to see adult content?
A complete backup of https://sportsvl.com
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of lucernae.jimdo.com
Are you over 18 and want to see adult content?
A complete backup of all-things-unnecessary.myshopify.com
Are you over 18 and want to see adult content?
A complete backup of buddhabrot.tumblr.com
Are you over 18 and want to see adult content?
A complete backup of nopuedocreer.com
Are you over 18 and want to see adult content?
A complete backup of mislipozitivno.com
Are you over 18 and want to see adult content?
A complete backup of hqnetflixcookies.blogspot.com
Are you over 18 and want to see adult content?
A complete backup of gravityfying.tumblr.com
Are you over 18 and want to see adult content?
A complete backup of banderademexico.net
Are you over 18 and want to see adult content?
A complete backup of zelenaucionica.com
Are you over 18 and want to see adult content?
A complete backup of znowcosupieklam.blogspot.com
Are you over 18 and want to see adult content?
Text
REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MAC To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REVEAL HIDDEN USERS With malware big in the news again, and evidence that at least one malware variant that targets macOS creates hidden users on the victim’s system, here’s a timely tip on how to check for unwelcome guests.. For this tip, we’re going to use the Terminal, which you can find in the /Applications/Utilities folder. If you’re not a frequent visitor to the land of the command line, you might HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
WHAT IS RAPPORTD?
Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd. This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MAC To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REVEAL HIDDEN USERS With malware big in the news again, and evidence that at least one malware variant that targets macOS creates hidden users on the victim’s system, here’s a timely tip on how to check for unwelcome guests.. For this tip, we’re going to use the Terminal, which you can find in the /Applications/Utilities folder. If you’re not a frequent visitor to the land of the command line, you might HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
WHAT IS RAPPORTD?
Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd. This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
HOW TO REVEAL HIDDEN USERS With malware big in the news again, and evidence that at least one malware variant that targets macOS creates hidden users on the victim’s system, here’s a timely tip on how to check for unwelcome guests.. For this tip, we’re going to use the Terminal, which you can find in the /Applications/Utilities folder. If you’re not a frequent visitor to the land of the command line, you mightLIBRARY EXTENSIONS
Posts about library extensions written by philastokes. If Console is reporting the ‘can’t create kext cache / owner isn’t root‘ message, complete the following procedure.. 1. Run ‘Repair System Permissions‘ in Disk Utility. Repairing system level permissions won’t solve the kext cache problem, but you’ll want to make sure they are all in order first. HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. YAHOO SEARCH REDIRECT MAC VIRUS REMOVAL FROM SAFARI Yahoo is many Mac users’ favorite search service, but some are literally forced to join the army of its fans without ever agreeing to it. How come? Over the years, cybercriminals who hate to play by the rules have been busy building an intricate web traffic redistributionREVIEW
Posts about review written by philastokes. I’ve been a long time user of TechSmith’s Camtasia screen capture software, primarily for two reasons: ease of use combined with a rich set of editing features.Camtasia for Mac 2 strengthens this product in a number of significant ways although there are still some usability issues that need addressing, as well as room for further improvements in HOW HOMEBREW INVITES USERS TO GET PWNED Sure enough, I was able to use a simple script to steal the user’s password. In this case, an admin password, but it could and would have been the password of whoever is set as the owner of /usr/local/bin as a result of Homebrew’s recommended installation.Even for non-admin users this is a worry as the login password of course allows full access to the user’s Login Keychain.TCC.DB
Posts about tcc.db written by philastokes. That gives us a list of all the apps that macOS has ever thrown the ‘some.app would like permission to control your computer’ dialog alert for, along with an indication of the user’s response (1= they opened sys prefs, 0= theyhit Deny).
HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
DROPBOX HACK BLOCKED BY APPLE IN SIERRA With the release of the latest version of the Mac operating system, 10.12 macOS Sierra, it’s pleasing to see that Apple have fixed a bug I reported against El Capitan in October of last year, and wrote about on this blog here and here. The TCC.db is now under SIP, which means hacking the Accessibility preferences is no longer possible.REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MAC To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MAC To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
YAHOO SEARCH REDIRECT MAC VIRUS REMOVAL FROM SAFARI Yahoo is many Mac users’ favorite search service, but some are literally forced to join the army of its fans without ever agreeing to it. How come? Over the years, cybercriminals who hate to play by the rules have been busy building an intricate web traffic redistribution DONATE - APPLEHELPWRITER I run the blog for free, but if you want to show your appreciation for any help received and make a contribution to the upkeep of this site, you can do so by clicking the Donate image below. It would also be great if you could let me know what part of the blog helped you the HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for EASY WAY TO INSTALL UBUNTU ON MAC OS X If you have Parallels or VMFusion, you can download and run Ubuntu as a guest OS for free. Ubuntu has some nice features including a Spaces-like desktop switcher and loads of free software available in the Ubuntu App Store. For those still on Snow Leopard but wishing they could have the benefits of iCloud, Ubuntu provides an interestingoption: the
HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
HOW HOMEBREW INVITES USERS TO GET PWNED Sure enough, I was able to use a simple script to steal the user’s password. In this case, an admin password, but it could and would have been the password of whoever is set as the owner of /usr/local/bin as a result of Homebrew’s recommended installation.Even for non-admin users this is a worry as the login password of course allows full access to the user’s Login Keychain.WHAT IS RAPPORTD?
Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd. This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. DROPBOX HACK BLOCKED BY APPLE IN SIERRA With the release of the latest version of the Mac operating system, 10.12 macOS Sierra, it’s pleasing to see that Apple have fixed a bug I reported against El Capitan in October of last year, and wrote about on this blog here and here. The TCC.db is now under SIP, which means hacking the Accessibility preferences is no longer possible. REVEALING DROPBOX’S DIRTY LITTLE SECURITY HACK It remains the fact that the Dropbox process has that ability. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code. Of course, that’s entirely theoretical, but allREVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
YAHOO SEARCH REDIRECT MAC VIRUS REMOVAL FROM SAFARI Yahoo is many Mac users’ favorite search service, but some are literally forced to join the army of its fans without ever agreeing to it. How come? Over the years, cybercriminals who hate to play by the rules have been busy building an intricate web traffic redistribution DONATE - APPLEHELPWRITER I run the blog for free, but if you want to show your appreciation for any help received and make a contribution to the upkeep of this site, you can do so by clicking the Donate image below. It would also be great if you could let me know what part of the blog helped you the HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for EASY WAY TO INSTALL UBUNTU ON MAC OS X If you have Parallels or VMFusion, you can download and run Ubuntu as a guest OS for free. Ubuntu has some nice features including a Spaces-like desktop switcher and loads of free software available in the Ubuntu App Store. For those still on Snow Leopard but wishing they could have the benefits of iCloud, Ubuntu provides an interestingoption: the
HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
HOW HOMEBREW INVITES USERS TO GET PWNED Sure enough, I was able to use a simple script to steal the user’s password. In this case, an admin password, but it could and would have been the password of whoever is set as the owner of /usr/local/bin as a result of Homebrew’s recommended installation.Even for non-admin users this is a worry as the login password of course allows full access to the user’s Login Keychain.WHAT IS RAPPORTD?
Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd. This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. DROPBOX HACK BLOCKED BY APPLE IN SIERRA With the release of the latest version of the Mac operating system, 10.12 macOS Sierra, it’s pleasing to see that Apple have fixed a bug I reported against El Capitan in October of last year, and wrote about on this blog here and here. The TCC.db is now under SIP, which means hacking the Accessibility preferences is no longer possible. REVEALING DROPBOX’S DIRTY LITTLE SECURITY HACK It remains the fact that the Dropbox process has that ability. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code. Of course, that’s entirely theoretical, but allREVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
YAHOO SEARCH REDIRECT MAC VIRUS REMOVAL FROM SAFARI Yahoo is many Mac users’ favorite search service, but some are literally forced to join the army of its fans without ever agreeing to it. How come? Over the years, cybercriminals who hate to play by the rules have been busy building an intricate web traffic redistribution DONATE - APPLEHELPWRITER I run the blog for free, but if you want to show your appreciation for any help received and make a contribution to the upkeep of this site, you can do so by clicking the Donate image below. It would also be great if you could let me know what part of the blog helped you the HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for EASY WAY TO INSTALL UBUNTU ON MAC OS X If you have Parallels or VMFusion, you can download and run Ubuntu as a guest OS for free. Ubuntu has some nice features including a Spaces-like desktop switcher and loads of free software available in the Ubuntu App Store. For those still on Snow Leopard but wishing they could have the benefits of iCloud, Ubuntu provides an interestingoption: the
HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
HOW HOMEBREW INVITES USERS TO GET PWNED Sure enough, I was able to use a simple script to steal the user’s password. In this case, an admin password, but it could and would have been the password of whoever is set as the owner of /usr/local/bin as a result of Homebrew’s recommended installation.Even for non-admin users this is a worry as the login password of course allows full access to the user’s Login Keychain.WHAT IS RAPPORTD?
Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd. This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. DROPBOX HACK BLOCKED BY APPLE IN SIERRA With the release of the latest version of the Mac operating system, 10.12 macOS Sierra, it’s pleasing to see that Apple have fixed a bug I reported against El Capitan in October of last year, and wrote about on this blog here and here. The TCC.db is now under SIP, which means hacking the Accessibility preferences is no longer possible. REVEALING DROPBOX’S DIRTY LITTLE SECURITY HACK It remains the fact that the Dropbox process has that ability. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code. Of course, that’s entirely theoretical, but allREVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
YAHOO SEARCH REDIRECT MAC VIRUS REMOVAL FROM SAFARI Yahoo is many Mac users’ favorite search service, but some are literally forced to join the army of its fans without ever agreeing to it. How come? Over the years, cybercriminals who hate to play by the rules have been busy building an intricate web traffic redistribution DONATE - APPLEHELPWRITER I run the blog for free, but if you want to show your appreciation for any help received and make a contribution to the upkeep of this site, you can do so by clicking the Donate image below. It would also be great if you could let me know what part of the blog helped you the HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for EASY WAY TO INSTALL UBUNTU ON MAC OS X If you have Parallels or VMFusion, you can download and run Ubuntu as a guest OS for free. Ubuntu has some nice features including a Spaces-like desktop switcher and loads of free software available in the Ubuntu App Store. For those still on Snow Leopard but wishing they could have the benefits of iCloud, Ubuntu provides an interestingoption: the
HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
HOW HOMEBREW INVITES USERS TO GET PWNED Sure enough, I was able to use a simple script to steal the user’s password. In this case, an admin password, but it could and would have been the password of whoever is set as the owner of /usr/local/bin as a result of Homebrew’s recommended installation.Even for non-admin users this is a worry as the login password of course allows full access to the user’s Login Keychain.WHAT IS RAPPORTD?
Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd. This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. DROPBOX HACK BLOCKED BY APPLE IN SIERRA With the release of the latest version of the Mac operating system, 10.12 macOS Sierra, it’s pleasing to see that Apple have fixed a bug I reported against El Capitan in October of last year, and wrote about on this blog here and here. The TCC.db is now under SIP, which means hacking the Accessibility preferences is no longer possible. REVEALING DROPBOX’S DIRTY LITTLE SECURITY HACK It remains the fact that the Dropbox process has that ability. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code. Of course, that’s entirely theoretical, but allREVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
REVIEWS
Camtasia for Mac 2 – software review Scrivener for Mac – software review Script Debugger 6 – software review Trends in Technical Communication – book review Don’t forget to check out apps from Applehelpwriter.com! HOW TO CHECK WHAT’S BEEN INSTALLED ON YOUR MACHOW TO UNINSTALL SOFTWARE ON MACHOW TO UNINSTALL PROGRAMS ON MACBOOK PROINSTALL MACOS ON WINDOWSCHECK MACBOOK PRO SPECSCHECK MACBOOK WARRANTYLAST INSTALLEDON THIS COMPUTER
To do that, click on the Finder, then hit ‘shift-command-G’ on the keyboard (or click ‘Go’ in the menu bar and choose ‘Go to Folder’). Type or paste this into the dialogue box: /var/log. and hit the ‘Go’ button. Right-click on any of the logs you want to open and choose ‘open with’ from the HOW TO LOG OUT ANOTHER USER WITHOUT LOGGING IN In the filter bar, type loginwindow. 4. From the list of users that show up, for each one that you wish to log out: click on its row in the Activity Monitor pane to highlight the process. press the ‘Quit Process’ icon in the Task bar above. from the resulting dialogue window, click ‘Force Quit’. supply an Admin password if requested. HOW TO REMOVE ‘TOP SITES’ IN SAFARICAN T CLEAR WEBSITE DATA IN SAFARIHOW TO DELETE TOP SITES LISTDELETE TOP HITS SAFARI IPADREMOVETOP HIT FROM IPHONE
Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for HOW TO FIND THE PATHS OF ALL LOADED KEXTS The rest of the answer is to take the bundle identifiers provided by kextstat and then coerce kextutil into supplying the paths. We’ll then do a merry dance with a few other utilities (that don’t begin with the word ‘kext’) and a temp file to parse out the noise BROWSERS’ ANTI-PHISHING PROTECTIONS EASILY DEFEATED While troubleshooting a user’s mac the other day, I happened to come across a curious line in one of the logs: After a bit of digging, it occurred to me that this and the other flags being sent in the process command were possibly Preferences or Settings in the Chrome.app. Looking at chrome://settings/privacy revealed, of course, Google’sphishing and
HOW TO REMOVE GOOGLE’S SECRET UPDATE SOFTWARE FROM YOUR MAC If you’ve ever downloaded Chrome, even for just a trial (guilty!), you might not be aware that Google have slipped a little bit of hidden software into your Library. This software is called Google Updater, and it secretly “calls home” on a regular basis and downloads updates to your Google software without either asking before, HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
ACCESSING TCC.DB WITHOUT PRIVILEGES accessing TCC.db without privileges. Earlier this year, Digita Security’s Patrick Wardle took apart a cross-platform backdoor trojan he nicknamed ”ColdRoot’. Wardle was retro-hunting possible malware by searching for apps on VirusTotal that access Apple’s TCC privacy database. For those unfamiliar, TCC.db is the database thatbacks the
YAHOO SEARCH REDIRECT MAC VIRUS REMOVAL FROM SAFARI Yahoo is many Mac users’ favorite search service, but some are literally forced to join the army of its fans without ever agreeing to it. How come? Over the years, cybercriminals who hate to play by the rules have been busy building an intricate web traffic redistribution DONATE - APPLEHELPWRITER I run the blog for free, but if you want to show your appreciation for any help received and make a contribution to the upkeep of this site, you can do so by clicking the Donate image below. It would also be great if you could let me know what part of the blog helped you the HOW TO REMOVE ‘TOP SITES’ IN SAFARI Now you also need to get rid of the caches, and to stop Safari from continually storing imagesof your web page history (Tip: Safari will still track your History in the normal way, but here we are going to prevent it from downloading the image files that are used in Top Sites), so:. 3. In Safari > Reset Safari, check ‘Reset Top Sites’ and ‘Remove all webpage preview images’. DOCUMENTREVISIONS-V100 Posts about documentrevisions-v100 written by philastokes. Over the last few years,. Apple have made great strides in protecting users from losing their data, be it from system failure, software crashes, accidental deletion, disk corruption or just the plain negligence of forgetting to save before quitting. We now have Time Machine for automatic backups, application savedStates and Resume for EASY WAY TO INSTALL UBUNTU ON MAC OS X If you have Parallels or VMFusion, you can download and run Ubuntu as a guest OS for free. Ubuntu has some nice features including a Spaces-like desktop switcher and loads of free software available in the Ubuntu App Store. For those still on Snow Leopard but wishing they could have the benefits of iCloud, Ubuntu provides an interestingoption: the
HOW TO REMOVE MYCOUPONSMART ON MACOS Click on the Finder then use the keyboard combination. Command-Shift-G. Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a different place: ~/Library/LaunchAgents. This is the LaunchAgents folder. There’s actually more than one, but the one in your own useraccount is the
HOW HOMEBREW INVITES USERS TO GET PWNED Sure enough, I was able to use a simple script to steal the user’s password. In this case, an admin password, but it could and would have been the password of whoever is set as the owner of /usr/local/bin as a result of Homebrew’s recommended installation.Even for non-admin users this is a worry as the login password of course allows full access to the user’s Login Keychain.WHAT IS RAPPORTD?
Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd. This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. DROPBOX HACK BLOCKED BY APPLE IN SIERRA With the release of the latest version of the Mac operating system, 10.12 macOS Sierra, it’s pleasing to see that Apple have fixed a bug I reported against El Capitan in October of last year, and wrote about on this blog here and here. The TCC.db is now under SIP, which means hacking the Accessibility preferences is no longer possible. REVEALING DROPBOX’S DIRTY LITTLE SECURITY HACK It remains the fact that the Dropbox process has that ability. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code. Of course, that’s entirely theoretical, but all * Skip to navigation * Skip to main content * Skip to primary sidebar * Skip to secondary sidebar* Skip to footer
* Home
* Donate
* Free Downloads
* Reviews
* Scrivener for Mac
* Trends in Technical Communication * Camtasia for Mac 2* Script Debugger 6
* Contact
HOW TO REMOVE THE SYSTEM PREFERENCES BADGE APP ICON(CATALINA UPGRADE)
Oct 14
Posted by philastokes If you’re not ready to upgrade to macOS Catalina yet – and there’s good reasons why you might want to hold off – you might also be tired of seeing the red update badge in the System Preference’s Dock icon in macOS Mojave and the ‘Upgrade Now’ advert in the Software Update pane. Also, there’s a similar badge polluting you with more unwanted visual noise every time you open System Preferences main view itself. Unlike other applications in the Notifications preferences pane, there’s no entry for the System Preferences app itself where you can turn off the Badge app icon. I know there are those that will deliberately run their Macs at least one major version behind the current version (though I can think of multiple security reasons why that’s not a good idea) and others who don’t want to update at all. Aside from those wanting to avoid the expense of their current 3rd party software demanding _“pay-me for a new Catalina-compatible version”_, there are those still using incompatible 3rd party kexts, 32-bit apps or who are just happy with the features and performance they’re currently enjoying. Are they all condemned to having the annoying update notifications in their faces until they surrender to Apple’s will? Fortunately not, but there are THREE different places the nags appear, and depending on how obsessive you are about not seeing the update and badge icons, you may or may not want to deploy some or all of the tricks described below. There’s a couple of things to watch out for, too, so if you _do_ choose to implement any of these workarounds, remember to bookmark this page for future reference when you want to undo any of the changes you made. 1. REMOVE THE CATALINA ADVERT INSIDE SOFTWARE UPDATE If all you want to do is stop Catalina appearing in the Software Update pane urging you to “Upgrade Now”, you can use this super tip from Macadmin guru Rich Trouton.
It’ll require a trip to the Terminal.app (/Applications/Utilities/Terminal.app) and an administrator’spassword.
From the command line, copy and paste the following: sudo softwareupdate --ignore "macOS Catalina" Hit ‘return’ and type your admin password, which will be invisiblewhen you do so.
After completing this step, you’ll no longer see Catalina advertized, but you’ll still have the red number “1” badge in both System Preferences and the Dock. GOTCHAS AND HOW TO UNDO The main gotcha to remember after doing this is you won’t see Catalina updates, and even if you go to the App Store and try to “get” it, it will fail to install. To reverse the above step, go back to the Terminal and use: sudo softwareupdate --reset-ignored 2. REMOVE THE BADGE ON THE DOCK ICON If you keep System Preferences in the Dock, you’ll notice that even after the previous step you still have the eye-catching red banneralert on the Dock.
I’ve seen some suggestions of using a defaults command to try to address this, but it appears to be a temporary fix and has to be repeated every time you open Software Update, so I don’t recommend this particular trick. defaults write com.apple.systempreferences AttentionPrefBundleIDs 0;killall Dock
A better way to rid yourself of it is by replacing System Preferences in the Dock with an alias to the app instead. In the Finder, navigate to the /Applications folder, right-click on System Preferences and choose ‘Make Alias’. Now add the alias to the Dock by dragging it from the Finder into place on the Dock. Remove the original System Preferences Dock icon by dragging it from the Dock to the centre of your screen. GOTCHAS AND HOW TO UNDO The main gotcha with this one is that you won’t see the update badge for other updates that may be relevant to your current install, so you’re going to need to develop the habit of making a regular check. A weekly or fortnightly Reminder or Calendar alert could be useful here. While that might seem like you’re replacing one notification with another, at least it would be one that will leave you in peace during whatever interval you set between reminders. Undoing the workaround is as simple as removing the alias from the Dock and replacing it with the original. Of course, if you’re done with the alias don’t forget to delete it from the Applicationsfolder, too.
If you happened to try the defaults workaround, the way to reverse that is with the same command but replacing the 0 with a 1. 3. REMOVING THE BADGE ICON IN SYSTEM PREFERENCES PANE This is the trickiest one, as in fact there is no way to keep the icon in the pane without the badge. What we can do, however, is hide the icon entirely. That doesn’t mean we lose access to Software Update, however, as I’ll explain below. To hide the icon, go to the View menu and choose “Customise”. Unclick the checkbox next to “Software Update” and click “Done” at the top. You’ll now see that the Software Update iconis no longer shown.
In order to run a check for new software, just begin typing “software” in the search filter and click on either “Software Update” or “Check for Software Updates”. Alternatively, you can go to System Preferences’ View menu at the top of the screen and choose ‘Software Update’ from the menu list. GOTCHAS AND HOW TO UNDO The main “gotcha” here is that you might easily forget that you’ve hidden the pane and might also forget to check for updates. As always, it’s a good idea to have “Check for updates automatically” turned on with security updates set to install to avoid missing out on any important security and bug fixes. To reverse, just go back to the Customise option in the View menu, and re-enable the checkbox.CONCLUSION
If after reading all that you’re thinking: “my word, what a pallava, I’m not sure I’ll bother!” you may well be thinking exactly what Apple want you to think. Of course, Apple are heavily invested in ensuring users move up to the latest version of macOS as soon as possible, and the difficulty of avoiding that and the “nags” and nuisance badges is not accidental. Whether you decide to go along with Apple or hold out for your own reasons is entirely your choice, but the irritation or inconvenience you might experience with going with the latter option isn’t something Apple are going to lose sleep over, I’m afraid!Enjoy!
SHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in Catalina ,Mojave
Comments Off on how to remove the System Preferences Badge app icon(Catalina Upgrade)
Tags: badge , dock icon , system preferences, upgrade
21 MACOS & IOS TWITTER ACCOUNTS YOU SHOULD BE FOLLOWINGJun 1
Posted by philastokes WITH APPLE’S SIGNATURE developer event WWDC 2019 just around the corner, it’s a good time to think about your Apple-related Twitter feeds from an IT and security-related perspective. Are you keeping up with all the news that Apple want you to know about _and_ (maybe!) somethey don’t
,
like bugs
,
vulnerabilities
and exploits
?
In this post, we offer a curated list of all the best macOS and iOS related Twitter accounts to make sure you don’t miss a thing.Continue reading…
SHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in Developer ,Security
Comments Off on 21 macOS & iOS Twitter Accounts You ShouldBe Following
Tags: iOS , MacOS
, WWDC 2019
HOW TO REMOVE MYCOUPONSMART ON MACOSMay 25
Posted by philastokes THE ADWARE PLAGUE on macOS continues, and if you’re one of the thousands that have caught something unwanted when you downloaded some other program, this post should help. I’ll explain what MyCouponsmart is, what it does, and how you can remove it, either yourself or with a simple and free shareware program I develop.
WHAT IS MYCOUPONSMART?Like MyCouponize
,
TotalAdviseSearch, DigitalChannel Search and many others, MyCouponsmart is one of a host of “search offer” programs that either redirect or inject your web browser with ads when you make an internet search. You may have been looking for some kind of media downloader or media player, like Adobe’s Flash, and inadvertently end up with a bunch of unwanted programs like MacKeeper,
Mac Auto Fixer, Advanced Mac Cleaner or some other similarly named “performance”app.
Typically, these programs will take over your browser, showing scare pages like the following: Hmm, it looks like my computer has got plenty of free space available, thank you very much! That’s no surprise, really. Webpages cannot tell you how much free space is on your local drive, nor can they scan your drive and “detect infections” as some other scare pages want users tobelieve.
All such warnings are entirely fake and tell you only that you have some kind of adware infection in your browser! The people behind the ads bank on the fact that many users do have full drives, so when they check they are fooled into believing the advertised product can helpthem.
Similarly, many users who see these kind of scare adverts offering fake Anti-virus software often do indeed have malware on their computer: the malware that’s causing the advert to appear! Needless to say, none of these advertised programs are worth yourmoney.
WHAT DOES MYCOUPONSMART DO? Let’s take a look inside your user Library. This is hidden by default, but you can get to it from the Finder’s “Go” menu. Click on the Finder then use the keyboard combinationCommand-Shift-G
Type in, or copy and paste, the following, and be sure not to miss that tilde ~ at the beginning, or you’ll end up in a differentplace:
~/Library/LaunchAgents This is the LaunchAgents folder. There’s actually more than one, but the one in your own user account is the one we’re interested in. The LaunchAgents folder is responsible for ensuring certain things launch, as the name implies, every time you login. This is achieved by executing files called “property lists” or plist for short. Property lists are really useful, and are meant as an aid so that you don’t have to keep starting up lots of processes manually every time you log into your account. They can also be used to make sure that a process stays alive all the time that you’re logged in. Great for things that you want to happen, but bad if you have got some adware or malware that you’re trying to get rid of. If MyCouponsmart is installed on your Mac, you should find it has installed a property list in the LaunchAgents folder to ensure that it’s always running. Before getting rid of this, let’s just take a look at it. You don’t need to open it in an editor, just select the file by clicking it once and then pressing the spacebar to allow QuickView to show you the contents. Notice that first ProgramArgument? It points to a folder within your /Applications folder, also named MyCouponsmart, and then to something else with the same name inside that folder, too. Let’s go take a look at what they are. If you want to play along, open the Terminal, type the word file then drag the MyCouponsmart executable into the Terminal window. Press‘return’.
The file command reveals that the MyCouponsmart file is actually a bash script, and if we take a look at its contents with the cat command, you can see that the script is itself meant to launch another executable called mmLaunchMe located in the hidden /tmp/ folder. Let’s see if this executable has a valid code signature. codesign -d -v /tmp/mmLaunchMe No, indeed it doesn’t, but as I’ve written about before, that won’t stop the code from running,
regardless of what Gatekeeper settings you use. The purpose of this executable is to run every time you login, and download more software that you didn’t specifically ask for in the background. It’ll keep on doing this every time you login until you remove it. Of course, by then you’ll have lots of unwanted programs to remove, too. HOW DO I REMOVE MYCOUPONSMART? The main thing to do to remove MyCouponsmart is to delete the property list and restart your computer. After that, you’ll need to search and find all the components it’s installed. If you like playing around in the Terminal, I have a post here on how to do that.
Alternatively, you can use the shareware app I created, DetectX Swift , which will remove the property list and all the other components for you. Notice from the Activity Log that DetectX also automatically kills background processes belonging to the adware as well as removing the files. Nevertheless, you should always restart your Mac after removing these kinds of files to ensure you have purged everything from runningmemory.
You can use DetectX Swift to remove MyCouponsmart and similar adware without registering or paying any fee. In fact, I encourage you NOT to register DetectX Swift until after you’ve used the app a few times and feel you want to support the continued existence of shareware apps like this. Payment is not at all _required_: nobody should have to pay just to remove junkware from their Mac! If you have any questions about removing MyCouponsmart or about using DetectX Swift, feel free to share them in the comments below. Picture Credits: Anaya KatlegoSHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in Security
Comments Off on how to remove MyCouponsmart on macOS Tags: adware , mycouponize, mysmartcoupon
ADWARE EXTENSIONS ERODE TRUST IN APPLE, GOOGLE APP STORESMay 6
Posted by philastokes BROWSER EXTENSIONS ARE a staple of almost every user’s set up. Even in managed environments, users are often able to install extensions or ‘Add Ons’ without authorisation when these are sourced from trusted sources like Apple’s Safari Extensions Gallery and Google’s Chrome store. Of course, there’s nothing new about attackers exploiting the browser extension as a means to gaining a foothold in a target environment. The problem has been around for years: what is surprising is just how difficult it is to contain the problem. In this post, I take a look at the risks involved with what appears to be a harmless extension available for both Safari and Chrome. As we’ll find out, not everything appears asit seems.
Continue reading…
SHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in Safari ,
Security
Comments Off on adware extensions erode trust in Apple, Googleapp stores
Tags: adware , browser, safari
LAZARUS APT TARGETS MAC USERSMay 3
Posted by philastokes LAST MONTH, RESEARCHERS at Kaspersky reported on a Lazarus APT campaign targeting both macOS and Windows users involved in the financial sector, particularly those using cryptocurrency exchanges. The Lazarus group, also known as Hidden Cobra, have been operating since at least 2009 and were most notoriously blamed for the 2014 hackon Sony.
Continue reading…
SHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in Security
Comments Off on Lazarus APT targets Mac users Tags: asia , hacking, lazarus
LET’S BURY THE MYTH OF THE SAFE MACApr 30
Posted by philastokes DO MACS GET MALWARE? Can my Mac get infected by a virus? Do I need AV software for my Mac? These are questions I hear a lot, but the answers that come from many so-called Apple Mac gurus are often wrong ormisleading.
In this post, we’ll take a look at some of the reasons why people think Macs are safe from malware and the confusions that are often bandied around concerning “AV” (“anti virus software”), “viruses” and genuine malware. Then we’ll look at the actual security situation on macOS and make some suggestions as to how you can stay safe without turning yourself into a paranoid security conspiracist or downloading useless software that just eats up your system resources while providing no real protection. “IT’S ALL SECURITY THEATRE” THEATRICS There’s an unfortunate and dangerous misconception perpetrated by certain people in the macOS community. These people variously claim that there is no malware threat to Macs, or if there is then Macs are immune from it, and no matter what the case, Macs are inherently saferthan other kinds
of computer, specifically Windows computers. The purveyors of such arguments typically make a big deal of trying to undermine any argument that security is an issue on macOS by claiming that malware on Macs is all a myth made up by AV vendors to drum up business for their own products. In many Mac user forums, people worried about hacking and malware are often treated to dismissive replies of this sort: > “you are at much greater risk from a concussion due to a fish > falling from the sky. The Mac AV industry and security researchers > have worked very hard to make you believe this is something to be> afraid of.”
The claim that emanates from such people often begins with “there are no known viruses for macOS” and, therefore, you don’t need anti-virus software. This is a laughable confusion of terminology. AV software is inappropriately named. There actually aren’t any known _viruses_ on macOS, it’s true (these days, there are very few for Windows either and most AV software isn’t primarily looking for them). That’s because viruses are a specific kind of threat thatwent out of fashion
long
ago. Viruses were the product of vandals; the modern security threats facing macOS users are the products of profiteers. It’s a differentball game.
These days, criminals are more interested in pushing macOS adware,
backdoors
,
keyloggers
, RATS
,
trojans
and spyware
.
Ransomware has also been known on the platform, though thankfully to date that’s an isolated incident.
The conspiracy theorists like to point out that security vendors have a vested interest in making people fearful. It’s rather like saying insurance companies or law enforcement have an interest in higher crime rates. I’m all for _healthy_ cynicism. The reality is that there are, indeed, commercial interests involved in fighting malware just as there are in fighting other kinds of crime. And where there’s commerce, you’ll also find cheats and unscrupulous dealers. There are plenty of dodgy AV products around; some are even on the Apple App Store. Some of those proclaiming that the security industry is all fraud are pushing their own software as an alternative. Unscrupulous, indeed. Be wary of any software that offers to “find” threats but then insists you pay up in order to remove them or which tries to lock you in after minimal use where you cannot fully determine the value of theoffering.
However, unlike the one shown above and others like it, there are genuine security products out there developed by genuinely-good people serving the community.
But the real point is that the existence of commercial interests in the anti-malware industry is, on its own, no more an indicator of duplicity than it is in any other industry. While amplification of threat intelligence through news stories, tweets and other social media serves the security industry just as amplification of relevant issues serves any business sector, to claim that all vendors are unscrupulous or that the threat is entirely fictional is disingenuous and worse, it’s dangerous. As we’ll see below, the threats are real, but the conspiracy theorists threaten to lead macOS users into a false sense of security. BURYING THE MYTH OF THE SAFE MAC It’s not just the conspiracy theorists you have to watch out for. It’s also the “wisdom of the wise”. Far and
wide, you’ll hear Mac gurus arguing from their own personal experience that, since they’ve never encountered macOS malware and they’ve been using the platform for x, y, z amount of years, there are, consequently, no malware threats to macOS and that it’s inherently safer than other platforms. The logical fallacy in that should be clear. Arguing from a sample of one to a conclusion for all is just bad thinking. It also should perhaps come as no surprise if a “power user” hasn’t come across threats to their own Mac. They typically have limited and specialised interests that don’t take them to many of the far corners of the internet. Power users also tend to write scripts or even their own software to do things on their Mac, whereas other users would instead go looking for a tool to download from adware-infested mass distribution sites, torrent sites and who-knows-where, with all the risks that that involves. When the self-professed gurus tell you they have never encountered a security issue on a Mac, they aren’t testifying to the safety of the platform; they are in fact revealing only that they know nothing aboutmacOS security.
WILL GATEKEEPER PROTECT YOU FROM MALWARE? Some people are more realistic and acknowledge the existence of the threat, just as Apple themselves have done by building anti-malware protections into macOS itself, namely, Gatekeeper,
XProtect
and MRT
(Malware Removal Tool). Because Apple have taken these measures and have been pretty vocal in their marketing about it, too, many think that Apple’s built-in security technologies will keep them safe. Here’s a typical example of this kind of thinking, where a forum poster suggests Apple may not be sharing information about malware threats because they can just kill them by revoking the malware developer’s code signature. Of course, there is no such setting as “Run only signed apps”, but seasoned Mac users would understand that the poster is referring to Gatekeeper, which is the first check the system makes on applicationcode signatures .
Unfortunately, the poster is just flat-out wrong. Even when set to App-Store only, it’s a simple matter for even a standard user to run apps with invalid signatures or no codesigning at all. Both Gatekeeper and XProtect are easily bypassed.
Not only can standard users override Gatekeeper’s “App Store only” settings, so can other processes. None of this
needs admin privileges. As for Apple’s Malware Removal Tool, it is useful to the extent of its signature database, but it has the major limitation that it only runs when you reboot your Mac. MALWARE CAMPAIGNS THAT TARGET MACOS USERS A typical day for me hunting macOS threats on VirusTotal looks something like this, with several hundred new samples to inspect: So, yes, macOS malware is a thing and it’s out there. From nationstate actors
to sneaky hackers on Discord,
if you’re using a Mac to interact widely with other people, visit websites, read email – in other words, doing the things that make your Mac useful – then there is a non-negligible chance of you encountering someone trying to infect your Mac.In 2018 alone
, we
saw the emergence of malware families such as OSX.MaMi, CrossRAT, OSX.AppleJeus, WindTail, OSX.Dummy, CoinTicker, OSX.DarthMiner and OSX.LamePyre. On top of that, we’ve seen the appearance of a number of adware installers acting as trojans for cryptominers, such asPPMiner
,
CreativeUpdate
and SearchPageInstaller.
Old favourites like OSX.Fruitfly remain viable threats that can be repurposed by other actors as neither XProtect nor Gatekeeper is equipped to tackle script-based andfileless attacks.
Adware and PPI (pay-per-install) PUPs (potentially unwanted programs)like MacKeeper
and Advanced Mac Cleaner,
MyShopcoupon
and chill tab are
rampant. Adware in general is an increasing concern as we see adware developers expand their range of techniques and begin to cross the line into malware-like behaviour. Browser extensions are still a widely unappreciated threat,
built-in browser anti-phishing protections are easily defeated,
and if you haven’t had a phishing email in your Inbox then you are likely one of an increasingly diminishing global minority. Finally, let’s note that for criminal types, it’s never been easier to get into the macOS malware business with the proliferation of dedicated exploit kits like empyre, EvilOSX
,
Pupy , Bella
, EggShell
and others
.
HOW TO STAY SAFE ON MACOS The evidence provided above is conclusive: the threats are real, so don’t let anyone try to kid you otherwise. That said, the most widespread, “in the wild” problems affecting Macs today come from adware and PUPs. It might not be the end-of-the-world if your Mac gets infected with some nuisance adware and scam virus alerts keep popping up in your browser, but neither is it a particularly pleasant experience that you should have to put upwith.
Fortunately, dealing with them is fairly straightforward, so let common-sense prevail. Most home users don’t need the expense or resource-impact of a full-on AV Suite. Reboot your Mac often to take advantage of what protection the built-in MRT tool offers, and use a lightweight, troubleshooting tool like my DetectX Swift to help diagnose and remove problems if your Mac starts behaving oddly. While the technically-proficient may be able to deal with a lot of adware from the Terminal,
DetectX is light enough to be run on a regular or scheduled basis (like after you install any new software) and can look for and remove adware, malware, keyloggers and more. You can use DetectX Swift indefinitely and without paying a cent. It won’t burden your finances with a monthly subscription bill or demand that you pay money to remove suspicious or unwanted files, or insist that you pay up after a few uses. While there is an _optional_ registration for home use which also provides a few bonus features, it’s not necessary to register in order to use the app’s core functionality. You can even script it with AppleScript and enjoy almost all the troubleshooting functions it offers as an unregistered, unpaid user. I also offer free, personal triage to both registered and unregistered users if you have an issue that DetectX does not resolve. If you have a fleet of Macs in an organisational setting you might want to consider the low-cost, DetectX Swift Management license in order to access the command line search tool and integrate with platforms like Jamfor Munki
.
For more in-depth coverage and cross-platform support, enterprises should look at next-gen AV software that uses behavioural AI likeSentinelOne .
Picture Credit: Mikayla MallekSHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in Security
Comments Off on let’s bury the myth of the safe Mac Tags: exploit kits , mac security , malware HOW TO REVERSE MALWARE ON MACOSApr 27
Posted by philastokes RESOURCES FOR LEARNING malware analysis and reverse engineering abound for the Windows platform and PE files, but by comparison there’s very little literature or tutorials for those who want to learn specifically about how to reverse macOS malwareand
macOS malware analysis techniques. In this series of posts, you’ll take a sample file and use native tools and techniques to understand what a file does and to build a list of IoCs (Indicators of Compromise) that can be used in detection. As there’s a lot of ground to cover, the tutorial is split over several parts. In Part 1,
you’ll learn how to set up a safe environment to test malware on macOS. You’ll install all the tools you need (bonus: doesn’t cost a cent!) and learn where you can source samples of macOS malware from. You’ll examine an application bundle and its contents to understand how it works and find an interesting encrypted text file. In Part 2,
you’ll learn the fundamentals of static analysis of Mach-O binaries, the native executable file type for macOS. In Part 3,
you’ll use dynamic analysis techniques to execute a malware file in a controlled manner and read code from memory. If you have ever wanted to learn how to reverse malware on macOS, this is the place to start! Continue reading…SHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in Security
Comments Off on how to reverse malware on macOS Tags: apple , malware , reverse engineering MOJAVE: NOT AUTHORIZED TO SEND APPLE EVENTSSep 24
Posted by philastokes IF YOU’RE SUFFERING from error messages like the one above after upgrading to Mojave, welcome to macOS’s new “User Data Protections”. In this post we’ll explain what they are and how todeal with them.
That error’s produced when the app your script is targeting (in this example, System Events) has been denied access to one of the areas now protected in Mojave. Here’s the list of places which are no longer accessible programmatically without user approval on 10.14: If the app you’re targeting in your script – or the script runner itself – is trying to access any of those 12 locations, you’ll likely either get the error shown at the top of this post, or someother failure.
The official way of dealing with this is to add the application to System Preferences’ new ‘Full Disk Access’ section in thePrivacy pane:
At least that’s the theory, but you might find that you’ve tried that and things are still not working. If that happens, you can “start over from scratch” by resetting the access permissions todefault.
In Terminal, try
tccutil reset AppleEvents; tccutil reset SystemPolicyAllFiles After you’ve done that, the next time you run that script you should get an authorization dialog like this: Alternatively, just go right ahead and add the app with the ‘+’ button in System Preferences. Enjoy the resumption of normal serviceSHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in AppleScript, Uncategorized
Comments Off on Mojave: not authorized to send Apple events Tags: MacOS , scripting, upgrading
HELLO, APPLESCRIPT 3: (DON’T?) TELL ME TO RUNSep 14
Posted by philastokes CONTINUING WHERE WE left off at the end of User In, User Out,
let’s build on our knowledge of getting user input and usingconditionals.
SCRIPT 7
In this script, we’re going to query the user for some information, and if that information meets a certain test, we’ll give the user one answer, if it doesn’t we’ll give them another. Kind of like a mini-quiz game program. There’s lots of new stuff in this script, but don’t be put off. Just bang it out on the keyboad, fix any typos if it won’t compile, and run it. Run it at least three times choosing a different button each time. We’ll go through it line by line after you’ve had a play around with it. LINE 1 assigns a string literal (the lovely “Loser”) to a variable, theReply. We’re doing two things here. We’re first declaring a variable that we’ll want to use later in the script, and we’re also initialising it with a default value. “Loser” is one of two possible values we’ll want this variable to have later, so we’ll set this as the default now, which means the variable will always have this value when we use it _unless_ we change it later inthe script.
Most of LINE 2 should be familiar to you now, except that we’ve added a third button and a default value for the answer. We’ve also added a default button, in this case 3. To understand what the default button parameter does run the script with value 1, and then again withvalue 2.
As you will notice, the number refers to one of the buttons defined inthe buttons list
,
where 1 is the first item in the list and the left most button, and 3 is the last item in the list and the right most button. The parameter determines which button has focus (and therefore responds to the return key on the keyboard). If you’ve already tried experimenting with 4 buttons, you’ll see that the compiler complains that a maximum of 3 buttons is allowed. That’s not strictly true, but we’ll save that trickfor
later in the series. > Note: Lists in AppleScript, unlike most other modern programming > languages, are not zero-indexed. The first item is item 1, not item > 0 as it would be in Python, C, Swift and so on. If you prefer you can also refer to buttons by their name instead of their index. This helps improve readability of your code and makes it clearer which button was intended as the default. To refer to the button by name, you would write the parameter like this: default button "Sure?" LINE 3 should be familiar to you, but refer back to SCRIPT 6 in theprevious post
if you need a reminder. LINE 4 begins an if statement block that contains another if statement block (again, see Script 6), but there’s also something new here: the else condition. This says that if our condition in LINE 4 isn’t met, do whatever’s in the else block starting at LINE 10. If the condition in LINE 4 _is_ met, however, then LINE 6 offers a further condition: if the user typed in “Phil”, then LINE 7 says change the value of the variable theReply from “Loser” to “Winner”. Note, particularly, that if this condition is not met, then the value of theReply will be “Loser” when it’s called later in the script. LINE 8 ends the inner if statement block. LINE 9 now says: display the dialog to the user, showing them the value of whatever theReply is currently set to (either “Winner” or the default “Loser”). Note that the same value is used to set thetitle.
LINE 10 starts the else block. This will be triggered if the user doesn’t choose either “Cancel” – which would end the script – or “Sure?” – which would trigger the first condition – when LINE 2 is executed. > We don’t need to put in a specific test for “Cancel” because > “Cancel” will automatically end the script with error -128. > However, as we’ll see later in the series, sometimes it can be > useful to catch “Cancel” in the if block too, in order to > execute certain commands before the script quits. LINE 11 may look a bit mysterious; this is your first introduction to AppleScript’s most pervasive control statement.
tell is how you send a _command_ to a particular _object_ in AppleScript. If you’ve ever done any Object-oriented programming, another way of expressing the same idea is to say tell allows you to target a message toward an object. In this case the object is me — a built-in AppleScript keyword that refers to the script itself. So,tell me to run
says “send the run message to the script”. There’s an easy (and inaccurate) way to understand what that means, and a hard (and accurate)
way. For now, we’re going to go easy so that the learning curve doesn’t get too steep. In this context, we will say that run means “go back to Line 1 and begin execution of the script again”. Every time you choose “Try Again”, the script goes back to LINE 1 and repeats itself until you choose one of the other answers. WHERE WE ARE: SO FAR! In this post, we’ve been introduced to AppleScript’s list class, consolidated our knowledge of display dialogs and if statements, and had our first taste of TELL, ME, and RUN. These concepts will require more elucidation and, most importantly, more practice, all of which are coming up! In the next post HELLO APPLESCRIPT 4: SHELLING OUT, we’ll work with these concepts some more and build on them to produce our first practical scripts. Be sure to follow Applehelpwriter to be notified when the post is published.See you there!
FOR EXTRA CREDIT:
THIS WEEK’S EXTRAS 1. Modify SCRIPT 7’S inner if statement so that if the text returned contains your name, theReply is “Winner”; if the text contains “Phil”, theReply is set to “Runner Up”. Any other name should produce the default reply “Loser”. There are in fact two ways to solve this challenge, see if you can produce both. For help, look up else if in the Control StatementsReference
section of the AppleScript documentation. SOLUTIONS FROM LAST TIME 1. Use the hidden answer parameter: 2. In the second exercise, we posed a number of questions. The easiest way to find out about the parameters for a command is to use Script Debugger’s Dictionary viewer, which you can access by clicking on the Window menu (not, confusingly, the Dictionary menu!) and choosing ‘Dictionary’. Also, don’t forget to use the AppleScript documentation,
which I’ve linked to multiple times in this and earlier posts. It’s a great source of information, hampered somewhat by the lack of an effective search feature on Apple’s site. An older, pdf version of the doc which you can search can be downloaded by clicking thislink
,
and is also available from here . Bear in mind, though, that Apple’s online docs contain some information that the older pdfdoesn’t.
We’ll leave the other questions open for now, as they’ll be comingup in later posts!
SHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in AppleScript Comments Off on hello, applescript 3: (don’t?) tell me to runTags: applescript ,
hidden , run
, tell
HELLO, APPLESCRIPT 2: USER IN, USER OUTSep 3
Posted by philastokes IF YOU’RE READy to learn AppleScript, this is the place to start! If you’re not sure yet whether AppleScript is for you, take a look at the intro to this series, What’s the Use.
For those of you that are ready, let’s fire up Script Debugger and write our first script!SCRIPT 1
OK, you want ‘hello, world’? Of course, you do! Here it is, with a difference: Type it in to the editor’s window, then run the script by clicking the RUN button or hitting “Command-R” on the keyboard. Wow. No “print” command for one, and an actual user interface.Cool!
If you don’t see a notification in the top right of your screen, you may need to adjust your Notification preferences. What happens if you leave off the last quotation mark?Try it and see:
This is called a compile time error, one of three kinds we’ll learn about (the others are _run time_ and _logic_ errors). When you run a script, the AppleScript compiler first checks it for syntax errors. If all is well, it turns your plain text into “pretty print” (we’ll talk about what the syntax colouring means later in the series); if not, your text isn’t compiled and you get an error message. > You can get a compiler check anytime without running the script by > clicking either the √ button or using “Command-K” on the> keyboard.
You’ll notice that when you have a compile time error in Script Debugger, you get a message and the error number in the bottom left corner (you won’t see the error number if you’re using Apple’s Script Editor). These can be useful, so much so that we’ll write a little script ourselves to tell us more about the error based on the error number we get in HELLO, APPLESCRIPT 4: SHELLING OUT. For now, let’s take a look at the message. “Expected string but found end of script.” It may seem rather cryptic at first, but it can be translated simply enough. A string in AppleScript (and most other programming languages), is text placed between a pair of quotation marks. Anything between quotes will be treated as just a piece of ordinary text and not as part of the programming language. DISPLAY NOTIFICATION _isn’t_ a string in our script: it’s part of the programming language – specifically, a command to do something. “hello, world”, on the other hand, _is_ a string: it’s just the ordinary text we want to display. The compiler says it “expected a string” because it found the first quote mark at the beginning of “hello, indicating the start of a string. It then went looking for the second one to mark the end of the string, but instead found…yes, you guessed it: the end of the script!SCRIPT 2
Replace the missing quotation mark. We’ll come back to error messages shortly, but for now, let’s add our own title to the notification rather than having the default one: Make sure those quotation marks are balanced!Looking good!
SCRIPT 3
Notifications are useful when all we want to do is pass a simple message, but if you need users to make a choice or you need to provide a longer message, we should use a dialog. Type in the script as you see it on the left in the image below. Run it, and click the “OK” button when the dialog appears. Now look at the Results pane (right-hand panel in Script Debugger; bottom Accessory view in Script Editor). That looks interesting! Let’s explore some more.SCRIPT 4
Let’s add some bells and whistles:Run the script.
Click either one of the buttons to end the script. Again, remove the quote mark after “world”, but this time don’t try to run the script. Just try to compile it. Remember, you can do that either by clicking the √ button in the toolbar or “Command-K” on thekeyboard.
Notice this time we get a different error message and a different number, despite the fact that we seem to have errorred in exactly the same way and in exactly the same place as before: Or did we? Look at it from the compiler’s point of view. Just as before, the compiler finds the first quote mark and continues looking. But this time it _does_ find the second one! Only it’s not where it’s meant to be. Because we left off the quote mark after “world”, the compiler assumes that the quote mark that prefixes “Message is the closing quote mark for the opening one: As a result, the term MESSAGE looks to the compiler like its supposed to be part of the programming language, as it follows the string “hello world with title ”. That sure is a valid string (you can put any text you like in your string, it doesn’t have to make sense), but what follows it is _not_ a valid part of the programming language. You can learn more about identifiers here,
but for now, just note that this error message has the form “this can’t go after that”, and is another clue that our quote marks areunbalanced.
What about the third quote mark? The compiler never sees it. The compiler reads from left to right, so after pairing the first two quote marks it throws the error and stops trying to read any further. If there are further errors in our script, we’ll never know till we fix (all) the preceding ones. After you dismiss the error alert, the compiler is kind enough to highlight the _this_ (“Message”) that can’t go after the _that_ (“"“) in your script. > Errors -2740 and -2741 are common enough that whenever you see them, > you now know what to check first: _are my quotation marks balanced_? Let’s get back to our DISPLAY DIALOG command. Are you wondering what happens if you use another number instead of 2 after with icon? I hopeso!
Replace the missing quotation mark, and experiment by changing the number after with icon for all three values from 0 to 2. Normally, you’ll use with icon 1, which will insert the icon of the executing program. In this case, that’s the icon for Script Debugger, but as you go through this series you’ll be learning how to execute your scripts in other ways, and it’s useful to have the icon of the executing program visible in the dialog box so that you know exactly where it’s coming from. Our dialog box has some unnecessary cruft. We have an “OK” button and a “Cancel” button, but they appear to do the same thing; that is, they halt the script. But look a bit closer at the editor. Run the script again, twice, choosing the “Cancel” button first, and then the “OK” button on the second run. When you choose “Cancel” there is no result, but there is an error message in the Events pane, specifically, error -128. > Errors, error messages and error numbers are powerful friends. > We’ll see how we can harness errors like -128 later in the series. When you run the script again and choose “OK”, however, there is a result. There are many result types, but in this case you get what isknown as a record
(similar to a Dictionary or key/value pair in other languages) in theResults view:
{button returned:"OK"} The record contains a label (in this case, button returned, and a value (here, "OK"). This is important, as we’ll see in the followingscripts.
SCRIPT 5
What if we want to get more than just an acknowledgement, but need some input from the user? Here’s one way: Run the script, type in an answer, and hit “OK”. Take a look atthe result:
{button returned:"OK", text returned:"Phil"} It’s a record again, with the added pair “text returned” and the text that the user typed.The default answer
parameter is an empty string. What happens if you put some text between the quote marks and run the code?SCRIPT 6
Let’s build on SCRIPT 5 and capture the answer that the userprovides:
This script has a lot of new stuff going on. Let’s take it from Line 2 (refer back to SCRIPT 5 for line 1):LINE 2
This captures the result of the dialog in a variable called dialogAnswer. The result of the dialog isn’t the name you typed in, but the record of two labels with two values. In other words, the value of dialogAnswer is: {button returned: "OK", text returned: "Phil"} We could have called the variable (almost) anything we liked. I just chose dialogAnswer because it’s descriptive. Descriptive names are useful because when I read back my script at some point in the future, it’ll be immediately obvious what this variable represents. However, I _could_ have called it alpha, or just d or almost anything else. There are some reserved words in AppleScript that you can’t use, and you also can’t start variable names with a number or use certain special characters in them, asnoted here
.
Most commonly, we use the set command to assign values to variables. In many other programming languages, they use the = sign, like this: dialogAnswer = result You can’t do this in AppleScript (or rather you can, but it means something else, not variable assignment), so if you’ve come to AppleScript with a background in another language, you’ll need to make the mental adjustment. What about result though? Where did that come from? This is a built-inproperty
,
filled with the value of the last command to be executed. Take a moment to consider that. It means that the result property changes on (almost) every line of your script. Before we continue working through the rest of SCRIPT 6, let’s take a closer look at the result property. Type this in, then compile andrun it:
Notice that in the Events pane, result changes from 2, to 3 and finally (in the Results pane) to 6. AppleScript can use the usual programming conventions for mathematical operators (+, -, /, *. For x % y, use x MOD y). That also includes the = sign, where it means “is equivalent to” (aka “==” in many other programming languages) and _not_, as we mentioned above,“assign to”.
In this little script, we also learned how to use the log command to print the value of a variable to the Events pane. In Script Editor, you’ll need to do that a lot if you want to see the values of your variables at different times in your script. In Script Debugger, however, it’s rarely necessary as you can see the values in the Variables inspector view. To verify this, try removing the two log statements and running the script again. The log statements no longer appear in the Events pane, but Script Debugger captures them anyway in the Variables inspectorview.
LINE 3
Line 3 of SCRIPT 6 is an if statement, a kind of control flowstatement
.
The clause, in this case, takes the form of a block. That means it evaluates a condition on one line, executes any commands if the condition is met on subsequent lines (Line 4) and then provides an END statement (Line 5) to signal the end of the block. The conditional here first examines the button returned property of the result, which, remember, we’ve captured in the dialogAnswervariable.
After the conditional has been evaluated and any commands executed if the condition was satisfied, the rest of the script continues to execute as normal. In SCRIPT 6 there were no more commands after the block, so the script ends.LINE 4
In Line 4 of SCRIPT 6, if the user clicked “OK”, we set a new variable, theName, and assign it the value of the text returned property of the dialogAnswer record. Because we ended the block and the script on the next line, we never actually got to use this new variable, but typically the point of doing this would be so that we can use that value somewhere else in our script. WHERE WE ARE: SO FAR! Woah! We’ve done a lot in this post! We’ve seen how to get data in to our scripts from users and how to get data out, through dialogs, notifications and the Events and Results panes. We’ve had a first go at writing a conditional, logging messages, and viewing variable values. We’ve also been introduced to the compiler’s error messages and AppleScript’s record class. If it’s all a bit of a blur, don’t worry. We’ll be practicing all of this, and expanding our skills some more, in the next post in this series, hello, applescript 3: (don’t?) tell me to run!.
Be sure to follow Applehelpwriter to be notified when a new post ispublished.
See you there!
FOR EXTRA CREDIT:
1. Try to modify SCRIPT 6 so that when you run it and type in your name, it looks _exactly_ like this. You’ll need to consult the docs for DISPLAY DIALOG, so try to find and explore Script Debugger’s Dictionary viewer in order to do that. 2. Go back to SCRIPT 4. What happens if you set with icon to 3? This is an example of a _run_ time or ‘execution’ error. The script will compile fine, because the parameter, or value, for with icon only has to be a number in order to compile. AppleScript tells you ‘a resource wasn’t found’ because, unlike ‘icon 0, ‘icon 1’ and ‘icon 2’, there’s no such thing as ‘icon 3’. That raises a number of questions: how can we tell what kind of parameter an argument or command takes? Why are there only three icon resources and where are they declared? How can I add other icons if I want to? And last, but most importantly, what else do we need to know about run time errors? All this, and much, much more, will be covered in the HELLO, APPLESCRIPT series. Stay tuned!SHARE THIS:
* More
*
*
*
* Tumblr
*
LIKE THIS:
Like Loading...
Posted in AppleScript4 Comments
← Older Posts
*
SEARCH THE SITE:
Search for:
*
SITE COUNTER
* 4,966,129 visits
*
YOUR SUPPORT
If this site has helped you, please consider making a small "buy me a coffee" donation! ♡ ♡ ♡ Your support is _hugely_ welcome and is what keeps me going! :)*
RECENT POSTS
* how to remove the System Preferences Badge app icon(Catalina Upgrade)
* 21 macOS & iOS Twitter Accounts You Should Be Following * how to remove MyCouponsmart on macOS * adware extensions erode trust in Apple, Google app stores * Lazarus APT targets Mac users * let’s bury the myth of the safe Mac * how to reverse malware on macOS * Mojave: not authorized to send Apple events * hello, applescript 3: (don’t?) tell me to run * hello, applescript 2: user in, user out*
TRENDING LAST 24 HRS* what is rapportd?
* how to remove the System Preferences Badge app icon (CatalinaUpgrade)
* how to remove Google's secret update software from your mac * how to check what's been installed on your mac * how to reveal hidden users * how to remove MyCouponsmart on macOS * how to uninstall MacKeeper - updated * unable to turn Bluetooth on or off * Mojave: not authorized to send Apple events * accessing TCC.db without privileges*
RECENT COMMENTS
tucpakic on hello, applescript 2: user in,… philastokes on hello, applescript 2: user in,… philastokes on hello, applescript 2: user in,… tucpakic on hello, applescript 2: user in,… macgrunt on hello, applescript: what… philastokes on how Homebrewinvites users to…
Dan on how Homebrew invites users to… philastokes on how Homebrewinvites users to…
Rafiki Technology on how Homebrewinvites users to…
philastokes on how Homebrewinvites users to…
*
ARCHIVES
* October 2019 (1)* June 2019 (1)
* May 2019 (3)
* April 2019 (2)
* September 2018 (4)* August 2018 (4)
* July 2018 (2)
* June 2018 (3)
* May 2018 (1)
* March 2018 (6)
* February 2018 (4) * January 2018 (3) * December 2017 (4) * November 2017 (7) * October 2017 (2) * September 2017 (1)* July 2017 (5)
* June 2017 (2)
* May 2017 (3)
* April 2017 (3)
* March 2017 (4)
* December 2016 (1) * November 2016 (2) * October 2016 (1) * September 2016 (6)* August 2016 (8)
* July 2016 (8)
* June 2016 (2)
* May 2016 (3)
* April 2016 (2)
* March 2016 (2)
* February 2016 (7) * January 2016 (5) * December 2015 (5) * November 2015 (6) * October 2015 (3) * September 2015 (1)* August 2015 (2)
* July 2015 (4)
* June 2015 (2)
* May 2015 (2)
* April 2015 (2)
* March 2015 (3)
* February 2015 (1) * January 2015 (2) * December 2014 (1) * November 2014 (4) * October 2014 (5) * September 2014 (2)* August 2014 (4)
* July 2014 (3)
* June 2014 (1)
* May 2014 (3)
* April 2014 (3)
* March 2014 (2)
* February 2014 (2) * January 2014 (3) * December 2013 (1) * November 2013 (3) * October 2013 (7) * September 2013 (1)* August 2013 (2)
* July 2013 (3)
* June 2013 (4)
* May 2013 (5)
* April 2013 (2)
* March 2013 (6)
* February 2013 (2) * January 2013 (1) * December 2012 (2) * November 2012 (2) * October 2012 (1)* August 2012 (4)
* July 2012 (6)
* June 2012 (3)
* May 2012 (2)
* April 2012 (5)
* March 2012 (3)
* February 2012 (3) * January 2012 (9) * December 2011 (8) * November 2011 (3) * October 2011 (3) * September 2011 (8)* August 2011 (8)
* July 2011 (16)
*
CATEGORIES
* 10.11 (28)
* 10.12 (26)
* 10.13 High Sierra
(15)
* Accessories
(3)
* Address Book
(2)
* AppleScript
(60)
* Automator (11)
* Bluetooth (3)
* Catalina (1)
* Cocoa (15)
* Console (3)
* DetectX (25)
* Developer (28)
* Displays (3)
* Dock (1)
* El Capitan (7)
* FastTasks (13)
* FileVault 2
(2)
* Finder (14)
* Folder Actions
(1)
* Front Row (1)
* hammerspoon
(3)
* iCal (1)
* iCloud Drive
(2)
* iOS (2)
* iPad (1)
* iTunes (3)
* Java (3)
* Kindle for Mac
(4)
* Mail (6)
* Mavericks (21)
* Messages (2)
* Mission Control
(4)
* Mojave (1)
* Mountain Lion
(42)
* News (4)
* Notes.app (1)
* Objective-C
(4)
* OS X Lion (73)
* Performance
(5)
* PHP (1)
* Polls (1)
* Power (5)
* Preview (5)
* QuickTime (1)
* Reviews (1)
* Safari (6)
* Safari 5.1 (6)
* Safari 6.0 (10)
* Scripts (21)
* Security (56)
* Sierra (12)
* Snow Leopard
(34)
* Spotlight (6)
* Sqwarq (30)
* Swift (10)
* Tags (1)
* Terminal (25)
* TextEdit (3)
* Time Machine
(9)
* Trash (5)
* Ubuntu (2)
* Uncategorized
(6)
* Web development
(2)
* Wifi (4)
* Xcode (8)
* Xcode 4 (2)
* Xcode 5 (4)
* Xcode 6 (5)
* Yosemite (20)
*
FOLLOW APPLEHELPWRITER Enter your email here Join 1,070 other followersFollow
*
BLOGROLL
* AppleScript Reference Library * Learn Ruby on the Mac* Pastebin Scripts
* Sqwarq
*
META
* Register
* Log in
* Entries feed
* Comments feed
* WordPress.com
*
YOUR SUPPORT
If this site has helped you, please consider making a small "buy me a coffee" donation! ♡ ♡ ♡ Your support is _hugely_ welcome and is what keeps me going! :) Blog at WordPress.com. Do Not Sell My Personal InformationPost to
Cancel
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. To find out more, including how to control cookies, see here: CookiePolicy
* Follow
*
* applehelpwriter.com* Customize
* Follow
* Sign up
* Log in
* Report this content * Manage subscriptions* Collapse this bar
%d bloggers like this: Send to Email Address Your Name Your Email AddressCancel
Post was not sent - check your email addresses! Email check failed, please try again Sorry, your blog cannot share posts by email.Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0