Scripting Pearson’s TestNav: Safari and Java Exception Lists

[UPDATE 2015-05-13]: Pearson is getting DDoS’d again.

Pearson experienced intermittent issues with PearsonAccess and TestNav beginning at 7:13 a.m. this morning. These issues continue to occur.
Pearson has confirmed that a Distributed Denial-of-Service (DDoS) attack to Pearson?s firewall is causing degraded performance issues.  Pearson is actively monitoring the issue and working to resolve.

Continue reading “Scripting Pearson’s TestNav: Safari and Java Exception Lists”

OS X Yosemite: Enable Access for Assistive Devices Command Line

There are apps that require access to assistive devices in Yosemite.  A perfect example of this is TextExpander 4.  It needs the ability to type text on the user’s behalf.  The easiest way to enable access for these items is to drag-and-drop them into the Accessibility section under the Privacy tab in the Security and Privacy pane of System Preferences. Continue reading “OS X Yosemite: Enable Access for Assistive Devices Command Line”

Folder Actions On Yosemite Broken? Use launchd Instead

My roll-your-own malware detection has been having troubles in OS X Yosemite.  It appears that it increases CPU usage to abnormal amounts.  I have come up with two alternative solutions that you may want to try.

To detect many pieces of malware, you will want to monitor these folders:

/Library/LaunchAgents
/Library/LaunchDaemons
/Users/your_user/LaunchAgents

There are other folders to watch, which detect specific pieces of malware like the Backdoor.iWorm, but the three above should offer decent detection.

Two Methods to Replace Folder Actions On Yosemite

Malware Detection Using Hazel (Paid, But Easy)

This will be the easiest, but you also have to pay for the app.

Set up the Hazel rules as seen below for each of the folder mentioned above.

ryo-malware-hazel

You will get a notification with the filename if something gets placed in those folders.  It will then open the folder so you can decide if it needs to be deleted or if it is a legitimate file.

hazel-alert-malware

Malware Detection Using launchd (Free, More Technical, and Severely-limited)

Unfortunately, this method is more technical and does not work as well as Folder actions because the file and folder name do not get passed as arguments to the script.  So those nice alert dialogs you used to get won’t have all the nifty information.  But if you don’t feel like paying for Hazel, or having your CPU go crazy using Folder Actions, and still want to at least know if something is going on, then read on.

Ironically enough, you will be creating a file and putting it in one of the folders that Folder Actions may have previously been monitoring.  This should also give you some insight as to why hackers are always trying to put files into these folders.

Script To Run When Items Are Added To The Folders

First, you will need a script that will execute when a new item is added into one of the folders.  Since launchd won’t pass arguments to the script, you can just make a basic dialog that tells you an item was added to them.

#!/bin/bash
osascript -e 'display dialog "Possible launchd threat detected..." with title "Roll-your-own Malware Detection"'

launchd .plist To Watch The Folders For Changes

The next process is much easier if you use a program like Lingon X, but I will show you how to manually create the file.  I suggest using an app like TextWrangler because it works better for writing code.  If you want to use TextEdit or some other editor, be sure it is set to plain-text and not rich-text.

Create a new file called RollYourOwn.MalwareDetection.Yosemite.plist  with the following content:

Then, save it to /Library/LaunchAgents .  Make sure the file has the correct user, group, and permissions by running these commands:

sudo chown root:wheel /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
sudo chmod 644 /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist

You will also want to make sure any extended attributes are gone.  Check if there are any with this command:

ls -l@ /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist

If the result has an “@” symbol in it, then there are some extended attributes and they will be listed below the filename.  For example, this is what mine look liked:

-rw-r--r--@ 1 root wheel 582B Oct 20 14:05 /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
     com.apple.FinderInfo  32B
     com.apple.TextEncoding  15B

To remove these, use xattr  with the -d  (delete) option

sudo xattr -d com.apple.FinderInfo /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist
sudo xattr -d com.apple.TextEncoding /Library/LaunchAgents/RollYourOwn.MalwareDetection.Yosemite.plist

If you instead edited the text file from the command line in vim  or nano , there are probably not any extended attributes to remove.

Now the launchd plist is ready.  What you just made was your own little program that runs a custom script (for all users at login).  It will run automatically and in the background.  Now you might understand why hackers will try to install things in a similar fashion.  They can have their malicious code executed every time someone logs into their Mac.  But the file you just made runs code that will help rather than hinder.

The launchd plist utilized QueueDirectories, which will basically run the script as long as there is an item in it.  You can also use WatchPaths, but it it much more sensitive to changes.  Experiment with both to find out what is best for you.

Bash Script: Enable Access to Assistive Devices Programmatically in OS X Mavericks 10.9.x – Simulate Keystrokes

Use osascript to script a GUI login

Using a bash script to enable access to assistive devices is possible in Mavericks (and also Yosemite) despite the move to a per-app database.  This is useful for entering keystrokes or clicking GUI buttons via a bash script. Continue reading “Bash Script: Enable Access to Assistive Devices Programmatically in OS X Mavericks 10.9.x – Simulate Keystrokes”

Save Installer From Mac App Store (Updates and New Apps)

If you are an OS X administrator and deploy apps or updates, having a .pkg format is very useful.  Wouldn’t it be nice to save the installer from the App Store?

By default, any new apps or updates magically appear in the /Applications  folder.  In the background, however, there is actually a .pkg being run by Installer.  There is an manual way to capture and save the .pkgs from the App Store, but I wanted to write  script that would do this automatically. Continue reading “Save Installer From Mac App Store (Updates and New Apps)”

OS X: Roll-your-own Malware Detection

[UPDATE 2014-10-20]: This tricks seems to cause high CPU usage in Yosemite, try using launchd instead.

[UPDATE 2014-10-02]: defend yourself from becoming a zombie courtesy of Mac.BackDoor.iWorm

[UPDATE]: Use this trick to fend off the new malware XLSCmd

Macs are not immune to malware.  Authors of malicious software often try to get a LaunchDaemon or LaunchAgent installed onto your computer in one or more of the following locations: Continue reading “OS X: Roll-your-own Malware Detection”

Automator: Scale Down Large Images From the Contextual-menu

Automator seems to be one of those unknown or ignored Apple-made apps.  But it is very powerful and can save you a lot of time.  It has also been part of OS X for a long time.

Purpose

To save time by automatically scaling down images (while keeping the original file) to a pre-set size as opposed to manually editing each one.

Requirements For This Walkthrough

Materials

  1. Mac with OS X
  2. Large image files

Downloads

  1. Automator workflow

Knowledge, Skills, and Abilities

  • Ability to navigate throughout a computer OS
  • Knowledge of basic computer terminology

Step-by-step Instructions

Create the Automator Workflow

You can also download a a pre-built workflow.

  1. Create a folder for the scaled-down images to go
  2. Open /Applications/Automator
  3. Create a workflow similar to the following: (editing the folder and size fields)jacob_salmela_automator_workflow_reduce_image
  4. Click File > Save
  5. Save as something like Reduce to 800×600

Use The New Contextual Service

  1. Right-click a large image file
  2. Click Reduce to 800×600jacob_salmela_resize
  3. Watch the magic happen

The scaled-down image will now be revealed in the folder you designated.  The original remains in-tact.  This operation can also be completed on many files at once.  In this example, the picture was 1.8MB and was reduced to 144K.