Top stories

Journalists Cover Microsoft, Using Macs

It’s not an easy time for Microsoft — with Steve Ballmer having to field questions about being “buffoons” and an “evil empire”  at the shareholder’s meeting (.doc) — so when they get together “the world’s most influential technology pundits and online writers” (nb: we weren’t invited) for Mobius to discuss super-secret mobile tech you’d think [...]

Guide To Black Friday Apple Bargains: Cheap MacBooks, iPods and Accessories Galore

Here’s a guide for finding the best bargains on Apple-related gear during the infamous Black Friday sales on November 27. We’ve compiled a comprehensive list of gear from leaked photos of sales flyers and descriptions of sales.
The bargains include a 2.26 GHz MacBook + $150 gift card at Best Buy for $999.99 ; a 32GB [...]

Review: Voices Is Today’s Best Thing Ever, Grab It Now While It’s Cheap

New on the App Store is Voices from the clever folk at Tap Tap Tap. You can guess what it does.

Open it up, pick a silly voice. Helium is pretty silly. A microphone appears and the app even clears your throat for you (try it, you’ll see what I mean). Now speak your brains, and [...]

Review: Sony Walkman S540 Series Video MP3 Player

Press releases, you will hardly be surprised to hear, are rarely very interesting. But one arrived in my inbox a couple of weeks ago that made me double-take.
“Sony’s S Series Walkman,” it chattered, “is a serious challenger to the iPod Nano.” Gosh, really? Perhaps the Cult had better have a look at one, then, despite [...]

Time Machine is Awesome, Vulnerable to Attack

9:36 pm, November 4th, 2007, Pete Mortensen

timemachine_hero20071016.png

Time Machine, the automated back-up system built into Mac OS X Leopard, has been justly celebrated for making the least-fun of all computer practices easy. At the touch of a button, you can find every revision of every single one of your files on hand at the time of its installation. Unfortunately, as Steven Fisher recently discovered, this comes with an ugly side effect: Even executable code can get run from Time Machine. Cool as that might sound, the consequences could be grim:

Let me give you a simple example: You find out Adium (for example) has an available exploit that the developers haven’t patched yet. You remove Adium, but it continues to exist in your backup. You visit a web page that activates the Adium bug, and Adium is launched from your backup. That you can launch Adium from your backup is not a bug. That Mac OS X will do so automatically without confirmation is a bug. The backup should be considered a vault for the user, not Launch Services.

Yikes.  Rogue code is bad. Rogue code that you have to go out of
your way to re-delete from your archives? Really nasty. Apple, let’s get a fix going.

Via Daring Fireball

Posted by Pete Mortensen in Software | Comment on this article

About the author

Petemortensen

Pete Mortensen is the communications lead for growth strategy firm Jump Associates and the co-author of Wired to Care: How Companies Prosper When They Create Widespread Empathy, a book and blog that are significantly more interesting than you might initially think. Pete's particular Apple avocations are both around design--interface and industrial. Follow him on Twitter!

Email the author | Read more posts by Pete Mortensen.

Related posts from Cult of Mac

4 comments

    Not (just) to pile on, but I infer from this that Time Machine doesn’t compress files? Or at least not much more than Win95 did with Disk Doubler? I’m gonna need a 250GB drive to support my 60GB notebook. And I really don’t like the idea that the files are recognized by anything other than Time Machine. Would adding a simple password prevent this – and keep the files secure in case someone “accidentally” plugs in my external drive?

    imajoebob, on November 4th, 2007 at 10:27 pm

    Not only aren’t the files compressed, but they aren’t ‘archived’ at all. They are merely copied to a subfolder on the backup drive. Therefore, there is no way to password protect the ‘backup’ file since there is no backup file. The only unusual thing about the Time Machine files that differentiate them from your original file structure, is something called ‘hard links’ which are used so that the same file can appear to simultaneously exist in multiple time-based iterations of backup folders. Note that this whole approach is a very good thing; this is the way Time Machine is able to so very quickly access and recreate a snapshot of your hard drive structure at any point in history, without duplicating files that haven’t changed. It also creates an easily Finder-browsable backup structure that will make sense to the average person. And you do not need a 250GB drive to support a 60GB original — it only needs to be as big or bigger. Time Machine will automatically adjust how many historical changes to documents it preserves according to the size of the drive. If your backup drive gets too full, it starts to drop older versions of documents. You won’t even notice.

    It’s pretty much the best of all worlds. Except … yeah. They definitely should not let any document or web page launch applications that are *only* on the backup drive without an OK from the user! But this is simple to fix and I’m certain it will happen. In the meantime — BECAUSE of the very simple non-compressed, non-archived file structure, it is TRIVIALLY easy for anyone to walk through the backup and delete any historical instances of the insecure application you are worried about. So one of Time Machine’s strengths greatly mitigates this (likely temporary) weakness.

    DBL, on November 5th, 2007 at 9:20 am

    DBL: The vast majority of files on any given hard drive are hard links. The difference with Time Machine is that Apple made a fundamental change to the HFS+ file system to allow for *multiple* hard links (called “multi-links”) for any given file. Hard links in and of themselves aren’t a new concept, though, by any stretch of the imagination.

    I definitely agree with you, though, that it will be fixed soon (most likely in the 10.5.1 update) and that in the meantime it is trivially easy to go into your Time Machine backup and simply remove any archived apps in question.

    Ian Adams, on November 7th, 2007 at 2:34 pm

    Actually, with regard to hard links, the big change here isn’t allowing multiple hard links (all unices can do this) but to allow hard links for folders. This is new – under normal circumstances it can cause problems which they appear to have solved for Time Machine. This is the reason you can’t back up to anything but a local disk or another Leopard machine.

    coljac, on November 14th, 2007 at 3:19 pm

Buy Inside Steve's Brain Buy from Amazon.com Buy from Barnes & Noble