What is Digg?127 Comments
- inactive, on 04/08/2008, -6/+109Billy: Hey Mom, could I please post a comment on Digg?
Mom: Of course not Billy dear, THERE WAS A PROBLEM COMPLETING YOU REQUEST PLEASE RELOAD THE PAGE AND TRY AGAIN.
Billy: Mom, you're talking all funny, may I know what's wrong?
Mom: You can't darling, because THERE WAS A PROBLEM COMPLETING YOU REQUEST PLEASE RELOAD THE PAGE AND TRY AGAIN. - built2spill, on 04/08/2008, -2/+41My PC gets controlled by email all the time!
- venson, on 04/08/2008, -3/+25OK, sent email to corybohon@gmail.com with subject System Shutdown
- geekmansworld, on 04/08/2008, -1/+19For those who find VNC, ARD, and SSH far too straightforward, here's a method that's way more convoluted!
- oldhick, on 04/08/2008, -4/+21Fanboy war!!!! Woo hoo... *cough* hooo.... *cough* hooo.. alright, i'm tired of your stupid fan boy wars! One of you likes the mac, one of you likes the PC. As long as you're happy, good.
- girlscout, on 04/08/2008, -9/+26I really wish the people who claim this is a security risk would explain how they would exploit it.
More ways to control your Mac by email:
http://murphymac.com/retrieve-a-remote-file-by-ema ... - girlscout, on 04/08/2008, -6/+19Anyone who is worried about this is overly paranoid.
1. It can be exploited if you tell someone about it. But then so can anything if you TELL someone your PASSWORD.
2. You set the rule in Mail to use a keyword, which in effect is a password. You don't tell anyone the password.
3. You use secure email, like Gmail.
4. Everyone is saying use the sender as the security. wrong. use a keyword in the subject or body. that becomes the password.
I defy you to tell me how you would know there is an applescript waiting to run on a system just by seeing an email that has been sent to it. With secure email you won't even see the email. This is totally secure. Let's have some details on the danger. You're way off on this. - KevinRoseMustDy, on 04/08/2008, -1/+13I love you.
- Raydr, on 04/08/2008, -1/+12For some reason I can't get my Mac to turn on by email.
Help? - wild, on 04/08/2008, -3/+12I love your mom.
- arizonagroove, on 04/08/2008, -0/+8"...single remote e-mail..."
As opposed to what, multiple local emails? - motang, on 04/08/2008, -1/+8Kinda freaky, I could just see how my father would be sitting and surfing the web and I would send an email and the Mac would just shutdown on him...actually that would be awesome!
- thebigbradwolf, on 04/08/2008, -0/+7Sure, if e-mail was encrypted...unless you're counting on security through obscurity.
- IllBeBack, on 04/08/2008, -2/+8Perhaps it would be money spent better if you used that $1,800 on some elementary school education to learn how to properly capitalize your sentences and spell the word "definitely" correctly.
- WiseWeasel, on 04/08/2008, -0/+6Because 'from' addresses can easily be forged. Cryptic keywords in the message body are the way to go to avoid false positives.
- billjjones, on 04/08/2008, -2/+8By pyrates reasoning ssh shouldn't be there either. It might be exploited. Part of implementing security is accessing risk. People who codemn methods like this post fail to access the risk. Is pyrates going to remove the network card and keyboard from his system? That would make it more secure.
- cawpin, on 04/08/2008, -0/+6http://digg.com/apple/Forget_to_Turn_off_Your_Mac_ ...
This is a link to the site that girlscout commented on. Stop submitting dupes, people. - subscriber, on 04/08/2008, -7/+12I think I just shut down Cory Bohon's Mac.
- billjjones, on 04/08/2008, -0/+5Actually, from a phone. this IS 2008...
- inactive, on 04/08/2008, -0/+5What could possibly go wrong?
- Pattyo13, on 05/14/2009, -6/+11this will be great for all those times i need to turn off my computer when i'm gone (sarcasm)
- WiseWeasel, on 04/08/2008, -0/+5Send a second email to your significant other/parent/roommate/etc. asking them to open your email app...
- wellyuk, on 04/08/2008, -2/+6Can you point out where in the ***** article that the words "innovative", "apple made this", "for the first time ever" or similar were uttered?
That'll be nowhere. It's a ***** tip. It did not ***** claim to be the first ever method of shutting down a computer using email. It was a ***** tip. It did not claim to have come out of Apple's R+D lab. It was a ***** TIP! What the ***** is wrong with you? Beat off last night and didn't cum? - godofpumpkins, on 04/08/2008, -3/+7I agree that you have to know about it. But given the default instructions on TUAW don't have any kind of authentication mechanism in them, and people who read tuaw might follow the instructions blindly. For example, I was able to pick a positive comment to that story, and by looking at their profile and googling, find their email address. Then all I would've needed to do was forge the from address on an email with those words in it to say it was from their email address (in case they felt they were securing it that way) and I could've played a prank.
So yeah, if you know what you're doing, you can obviously do this right, but as it's presented, it's highly insecure and begging for some prankster to go crazy with it. Especially if this makes it to the front page and loads of people say "whoa this is cool, works fine!"
In a sentence, though, I'd say I have a fairly decent likelihood of hitting an applescript waiting to run on a system, if I pick my targets from a demographic that's likely to have read this article. - protodon, on 04/08/2008, -2/+6Maui Wowie!!! Now I can shut my computer off from bed! Yes!! Lazy prevails once again!
- caerwyn, on 04/08/2008, -2/+6Applescript predates VB script.
- girlscout, on 04/08/2008, -3/+7I'm not sure what you mean, if you think this is some Apple thing. but you could do this same exact thing on Windows with Outlook (or other mail clients) and a batch file.
- wellyuk, on 04/08/2008, -2/+5For ***** sake! It was a ***** TIP! Who cares what you did back in 1997. It was a useful tip for people who were unaware of this. Nowhere did it say "THIS HASN'T BEEN DONE BEFORE!". It was a ***** tip!
- aydoubleyou, on 04/08/2008, -0/+3Ah, AppleScript. Brings back memories...
- BrendanSheehan, on 04/08/2008, -0/+3Old news: http://murphymac.com/slib/sleep-your-mac-by-email. ... Murphy Mac is the king of this stuff.
- sagat, on 04/08/2008, -3/+6You mean Tiger Uppercunt!
- redxxx, on 04/08/2008, -0/+3SSH
- WiseWeasel, on 04/08/2008, -0/+3You could always play some fun pranks by setting this up on a "friend's" computer...
Why do you keep sending me emails with the word "hotdog" in them? Damnit, my computer shut off again! - insertAliasHere, on 04/08/2008, -0/+3Or vnc, or ssh. But that's not the point. If you want to use a scripted action and you have nothing but an email client, this still works. Perfect if you have an email capable phone.
- inactive, on 04/08/2008, -2/+5Allowing scripts from ANY email automatically is simply STUPID and you can easily get by spam by spoofing the identity of email. No big whoop there. spam filters aren't quite that good. You either have to set it to a lower setting and allow email to yourself, or if you set it too high, you will catch legitimate email as well as spam.
- lizlemon, on 04/08/2008, -2/+5you don't understand what has been described here at all. this isn't about mailing scripts. there is no mention of mailing a script anywhere in any of this discussion. except for what you wrote.
- Tyr7BE, on 04/08/2008, -0/+3What do you think a phone is? It's a processor with a bunch of peripherals - ie, a computer.
- digitalpencil, on 04/08/2008, -0/+3fair enough, can't really think of a time where i'd want to switch off my mac by email though.
- girlscout, on 04/08/2008, -2/+5Well, I don't think I'm going to agree with you, but at least you thought about your answer which is more than can be said for the majority of this discussion!
And truly, if anyone is dumb enough to follow the directions verbatim and not set a keyword that's unlikely to be guessed they deserve what they get.
I don't think the FROM address is any kind of security. But a keyword used with an encrypted email protocol is quite secure. - insertAliasHere, on 04/08/2008, -0/+2Well, there are a few times that that might be nice (if not necessary.) But what you're missing is that you can do this with anything you can script. Just because I can't think of anything off the top of my head doesn't mean that I'll never want to script anything and remotely trigger it.
- webbles, on 04/08/2008, -0/+2I didn't assess the risks at all. I merely pointed some risks out. I don't have nearly as many facts as I would like to do a proper assessment of the risk, plus I don't own a mac.
With that being said, a cursory glance at the facts would suggest that there is little risk outside of the people that know already about what is going on, but that doesn't make this any more "secure", but even these risks can be mitigated (with the solution that I posted).
"so many people obsess about all the wrong things with security. it sound like you're one of them."
Thanks for assuming and for adding positive value to the conversation. - TnTBass, on 04/08/2008, -2/+4You're right. Not so much a security risk if you use a lot of precautions when you set up the triggers for the email.
However, if my buddy so much as mentioned he set this up, I would be emailing him all the time trying to set it off. Spoofing his email, trying keywords, etc. Sooner or later he would either get annoyed by the constant SPAM and turn it off, or I would be shutting down his system all the time.
Heaven forbid I borrow his machine and he turns his back for a second so I can figure out those triggers.
Not so much an easily exploited security flaw, but a hell of a fun prank. - wellyuk, on 04/08/2008, -0/+2BOB SAGAT!
- uberfu, on 04/08/2008, -1/+3This is old_
But since Tuaw recently figured out their own method of doing this - it must be something new_ yay Tuaw! Not_ - aspade, on 04/08/2008, -0/+2What is wrong with these people???
- girlscout, on 04/08/2008, -8/+10If you want to do this in Windows click here.
http://tech.shantanugoel.com/projects/windows/remo ... - thecoleorton, on 04/08/2008, -1/+3so i'm assuming i email everyone who dugg this story - and reboot their macbook? :D
- rookie, on 04/08/2008, -4/+6When you send an email YOU specify who it is from and if you use an smtp server that will let you(like if you set your own up) it will have no problem sending it. A fun thing that some spammers do is send mail to you, from you hoping that you are whitelisted from/to yourself or have some lame spam software. As long as you have a good antispam system it should catch all of these before they even hit the inbox. So it is possible and even very easy to do but will most likely only get though if you set up your own mail server without a spam filter. All of the main webmail providers should take care of this no problem.
As easy as typing. http://www.google.com/search?hl=en&client=safari&r ... - ShiningSquirrel, on 04/08/2008, -1/+3You can do this with Outlook and a simple batch file.
I can send an e-mail to my corporate account that causes every single workstation in our company to reboot, then send another that automatically updates certain files on them.
It's absolutly endless what you can do with this. I control all of my scripts with keywords in the subject so I can send the commands from anywhere securly.
There is no real security hole unless your stupid enough to use something like "shut down" as the command in the e-mail to shut it down. For my setup, first you would have to spoof my sending e-mail address, and most important, you would need to know my cryptic keywords. - lizlemon, on 04/08/2008, -1/+2logmein is great. but the email way is better from your phone.
-
Show 51 - 100 of 127 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is