|
FileGuard Advisory
(comp security)
Author: brian
|
SecureMac.Com Advisory
Brian Dittmer - brian@securemac.com
02.18.2k
---
Operating System Affected: MacOS 8.6 and below
Software: ALL versions of FileGuard
Threat: medium
The computer protection software "FileGuard" is renowned for its excellent ability of keeping people off your box. While playing around with the latest version, I started playing with the logs. I got to fooling around with file names and realized that you can change the name of a file without it being logged.
Take this scenario. Someone gets onto your computer and they are restricted from all of your
Internet applications. They bring a copy of "ferret" (http://jindel.cjb.net), a notorious hacker tool
used to gather passwords. Not taking the (highly unlikely) chance that you aren't logging anything,
they rename ferret "AppleWorks". They run ferret and get all your passwords. Print them out. Rename
ferret like "AppleWorks Art" and trash it. Now they have all your passwords and stuff - to about
15 odd apps.
You're probably saying - “what can I do?” Well, nothing. Heh. Sorry. The best solution is to keep everyone off your computer.
Send Us feedback or opinions!
|
