PhotoRadar Security issue (possibly important)

[Jonathan]

Ordinarily I'd punt this over to the site admins and they would tell me why I don't need to worry.  For "obvious" reasons I'm not going to do that......

Anyway I turned on the Mac in the Gallery today.  It did some software updates and all was cool.  Then it chucked up an alert.  Apparently the PubSub Agent was requesting access to my keychain.  Alerts like this are reasonably common in OS X after an update.  If an app accesses the keychain (and lots do) and it changes then it has to be reauthorised.  Ordinarily I'd just hit "always allow" and that would be it.

But the keychain element it wanted access to is beta.photoradar.com.  Now Google says that PubSub updates are to do with syncing MobileMe and RSS feeds which all seems pretty cool.  But I don't have a MobileMe bookmark for PR and have never subscribed to their RSS.  (Or any RSS on this particular machine)

It's entirely possible there's nothing to worry about but there's a small chance there's something a bit iffy about their site pushing RSS updates or something.  It appears that something is polling the PR site for updates.

If you're still on PR you may want to check any dodgy incoming traffic or suspicious phone homes.  TBH I doubt the team have the skills or the inclination to do anything like this but it's ever so suspicious that of all sites this is the one that popped up.

[greypoint]

If only I understood that I might be worried

[Trickee]

pubsub agent? is that someone that sells pubs?--it does read very jargonistic but my understanding is that its a security issue form that site, that they won't have a clue about and won't know how to fix it and could annoy many of its new shiny members

[picsfor]

not just annoy members - it could lead to you having your computer hacked into remotely or a nice little prgoram being deposited that sends all your critical stuff to some one for their benefit.

I think the word amateurs is a little too complimentary for the crowd they have working over there.

Hence i had to ask what is going on - not happy with what i saw and as this place is doing a darn good job of replacing DCM, don't see a need to bother!

[Peter Jackson]

Ordinarily I'd punt this over to the site admins and they would tell me why I don't need to worry.  For "obvious" reasons I'm not going to do that......

Anyway I turned on the Mac in the Gallery today.  It did some software updates and all was cool.  Then it chucked up an alert.  Apparently the PubSub Agent was requesting access to my keychain.  Alerts like this are reasonably common in OS X after an update.  If an app accesses the keychain (and lots do) and it changes then it has to be reauthorised.  Ordinarily I'd just hit "always allow" and that would be it.

But the keychain element it wanted access to is beta.photoradar.com.  Now Google says that PubSub updates are to do with syncing MobileMe and RSS feeds which all seems pretty cool.  But I don't have a MobileMe bookmark for PR and have never subscribed to their RSS.  (Or any RSS on this particular machine)

It's entirely possible there's nothing to worry about but there's a small chance there's something a bit iffy about their site pushing RSS updates or something.  It appears that something is polling the PR site for updates.

If you're still on PR you may want to check any dodgy incoming traffic or suspicious phone homes.  TBH I doubt the team have the skills or the inclination to do anything like this but it's ever so suspicious that of all sites this is the one that popped up.

Hmmmm........That starts to make more sense now Jonathan, ever since I have been logging onto PR I receive a warning message from Sophos Firewall that the site is attempting to access my computer, after hitting "block all activity" it allows me in. Ordinarily that would be an end of the matter as once a site is blocked, it is blocked, unless something changes as I understand. However it would appear that something on PR is changing as I keep getting the firewall alert each and every time I access the site, I had put it down to my firewall being a little over zealous, which it can be on occasions, now it looks like there is possibly more to it.

I think I'll just stop visiting there to be on the safe side.

[Jonathan]

it does read very jargonistic

OK, I was trying not to be alarmist.  I'll simplify.......

It's possible that something on the PR site is retrieving personal data from your machine.  It's possible this is happening even if you don't visit the site any more (i.e. it may have dropped some code into the browser such as a bookmark or RSS).

TBH I don't think it is much to worry about - I just installed Little Snitch and went for a quiet browse on the site (OMG - things are worse than I thought!!!) and it seems reasonably happy.  But Peter's results may back mine up.  If it was put there by the site developers then it's a little dodgy.  If it's something piggybacking on their code to access your machine then it's well dodgy.

But then, I've been warned about even discussing security with anybody.  What's that black van doing outside........?  

ETA: very enlightening browsing the PR site with a couple of freeware dev tools running.  Typical page has 20 - 30 coding errors.  Most links (and there are a lot of links) have a couple of warnings about sloppy code and nearly all have a severe warning about unsafe Javascript.  It seems some of the Javascript is trying to access the wrong domain which actually looks very dodgy.....

[wendoureecat]

Must admit havent ventured back to PR site for a while nor the DCM site. The DCM site was one of the more user friendly forums with some great characters and must confess although I dont post much have learnt a great deal from reading the forum. The PR site now and yes I know it is still a beta site seems to have more holes than the Albert Hall in it and I prefer a more user friendly forum........I dont want to get an IT degree just to post a pic. they really need to get their backside into gear with it. My congrats and thanks though goes to Lurkalot as this site is better than them both with again great characters to grace the threads.

[Sarasocke]

Must admit havent ventured back to PR site for a while nor the DCM site. The DCM site was one of the more user friendly forums with some great characters and must confess although I dont post much have learnt a great deal from reading the forum. The PR site now and yes I know it is still a beta site seems to have more holes than the Albert Hall in it and I prefer a more user friendly forum........I dont want to get an IT degree just to post a pic. they really need to get their backside into gear with it. My congrats and thanks though goes to Lurkalot as this site is better than them both with again great characters to grace the threads.

I cannot agree more 

[Bigbill]

Hewwo from Chilly Sheffy.

Yahhhhh,have to agree with the above,Lurky deserves a huge pat on the back for getting this place up and running,i just hope it goes on and on and develops into something huge,,,,,i never would have said that in DCM,and ive never seen PR,and having read the opening bit of this thread i wont be rushing over there,despite all the glee though,i think its very unfortunate that DCM has gone the way it has.

Shine On

[greypoint]

A site/forum is simply the sum of it's members [and the hard work and generosity of it's owner!] so if everyone who's an active member now remains active here and others continue to join there's no reason why it can't continue to be better than those commercial ones we won't mention

[John Doyle2]

 I stopped visiting P.R. Awhile back. Still visiting DC Forums though and hope that it will continue to function! Yes, Lurk has created a good home here.

[Hybridphotog]

A site/forum is simply the sum of it's members [and the hard work and generosity of it's owner!] so if everyone who's an active member now remains active here and others continue to join there's no reason why it can't continue to be better than those commercial ones we won't mention

At least the admin here listen. They also seem to actually do something, as opposed to just collecting dust and a monthly wage.

[Mick]

A site/forum is simply the sum of it's members [and the hard work and generosity of it's owner!] so if everyone who's an active member now remains active here and others continue to join there's no reason why it can't continue to be better than those commercial ones we won't mention

At least the admin here listen. They also seem to actually do something, as opposed to just collecting dust and a monthly wage.

I try Dave, I try.  My web dev skills aren't up to much though.  Still learning as I go.   

Thanks to all for the kind words about CC.  It really was a case of trial and error to get it to this stage, believe me. 

[Damon]

A site/forum is simply the sum of it's members [and the hard work and generosity of it's owner!] so if everyone who's an active member now remains active here and others continue to join there's no reason why it can't continue to be better than those commercial ones we won't mention

This is my one and only site & i`m here to stay. Even if i had time to spend thralling through various site`s i still don`t think i`d bother.
I can`t say enough how much i like this site & i`m very comfortable now.

[Hinfrance]

I can't even sign on to PR. It says it doesn't recognise the name they set for me, it won't let me reregister and it won't let me change the moniker.

I see you've quit Mick.