Month: December 2010

Your site gets compromised, what do you do?

Posted on by alex

.. make people unable to use authentication methods that don’t involve giving you a password, that’s what!

Following on from the Gawker account hack, I have gone and changed a bunch of accounts, even though I may not have actually used a password I generated for Gawker, but it seemed prudent.

Lifehacker have a page up here which details the response..

Including this bit:

2) What if I logged in using Facebook Connect? Was my password compromised?
No. We never stored passwords of users who logged in using Facebook Connect. We have, however, disabled Facebook Connect logins temporarily.

*facepalm*

So what you’re saying is, not only are you incompetent, and let people steal your user/password database, you’ve now stopped the only way of stopping it from happening again??

Nothing pisses me off more than websites that require you to register or login to look at attachments on forums, for example. Facebook Connect (or ideally OpenID) are an awesome solution to the problem of having to create/maintain/worry about accounts on every site on the internet. I mean sure, there are idiots in marketing who love the idea of “rich user engagement” from tying them to your site with an account, but I think they severely overestimate their own importance.

.. but don’t get me started on janrain/rpx’s recent change that suggests you put your paypal username/password into HTML hosted on an insecure site so you can join the social engagement “story”. That’s just stupid.

Fixing GPT partition tables for OSX

Posted on by alex

With our upcoming visit to Australia, we’re doing backups before we go away. But alas! Elizabeth’s USB drive didn’t work. It became unmounted, and when she plugged it back in, no volumes were found!

.. by OSX

Never wanting to throw away the contents of a drive, I started digging. On a Linux box, I used parted to look at the disk and find that it did indeed know about all the partitions that should be on there, but for whatever reason, they weren’t being enumerated.

Satisfied the data was still there, I went back to my Mac and started poking around. I could see that /dev/disk1 existed, and had no partitions, just as OSX would have be believe. Using the gpt command line utility, I got the following:

# gpt -r show -l /dev/disk1
start size index contents
0 1
1 1 Pri GPT header
2 32 Pri GPT table
34 6
40 409600 1 GPT part - "EFI System Partition"
409640 1464471472 2 GPT part - "Time Machine Backups"
1464881112 262151
1465143263 32 Sec GPT table
1465143295 1 Sec GPT header

Twirling my evil moustache, I thought if I could relabel one of those partitions, it would make it rewrite both partitions, and she should be apples.

# gpt label -i 2 -l "Time Machine Backups" /dev/disk1
/dev/disk1s2 labeled

But no. I then wondered if /usr/sbin/diskarbitrationd was saying anything helpful about the situation, and ran it in debug mode (edited /System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist as root to add the -d flag to startup), and then kill -HUP `cat /var/run/diskarbitrationd.pid` and then tail -f /var/log/diskarbitrationd.log and I got this:

18:11:14 probed disk, id = /dev/disk1, with cd9660, failure.
18:11:14 probed disk, id = /dev/disk1, with exfat, ongoing.
18:11:14 probed disk, id = /dev/disk1, with exfat, failure.
18:11:14 probed disk, id = /dev/disk1, with msdos, ongoing.
18:11:14 probed disk, id = /dev/disk1, with msdos, failure.
18:11:14 probed disk, id = /dev/disk1, with ntfs, ongoing.
18:11:14 probed disk, id = /dev/disk1, with ntfs, failure.
18:11:14 probed disk, id = /dev/disk1, with ufs, ongoing.
18:11:14 probed disk, id = /dev/disk1, with ufs, failure.
18:11:14 probed disk, id = /dev/disk1, no match.

Good effort though, right? I mean, I’m sure Apple must expect regular users to put diskarbitrationd into debug mode on a regular basis.

Anyway.

Found out from this blog post that gdisk was available for OSX. Downloaded, installed and ran it:

# gdisk /dev/disk1
GPT fdisk (gdisk) version 0.6.13

Partition table scan:
MBR: not present
BSD: not present
APM: not present
GPT: present

Found valid GPT with corrupt MBR; using GPT and will write new
protective MBR on save.

Command (? for help): ?

To avoid prolonging the story any more, wrote the partition table to disk, and hey presto, there’s all the data back.

So what did we learn from this? Neither Apple, nor Linux, will try using a backup GPT if the primary one becomes fubared.

And despite all assurances to the contrary, USB bus-powered 2.5 inch HDD’s only just work with OSX’s meager power provision, and if they get unplugged, they won’t have enough juice to flush caches.