SecureMac.com
About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Advertising
Security Consulting
Employment/Jobs
Feedback Form

SecureMac Software
PrivacyScan

 

Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
SAINT
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing


Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
LittleSecrets
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry
Apple.com Security Resources
Marketing Macintosh Security Programs

A little Too much of a Preview

Timbuktu Preview Hole on Mac OS X

of OS X when you install Timbuktu


Information:
Netopia has released Timbuktu Preview for Mac OS X. There is a 29.95 charge for this software. Timbuktu is remote administration software which runs on Windows and Macintosh platforms. We received a E-Mail from Ed noting of a security hole with this product that lets a user @ the console have access without even having to log in to Mac OS X. The problem was reported to Netopia and because this is only a preview version we will look for a fix in the next release.

Author: ed@hintz.org
Tested: G4 DP 450/Mac OS X w/ update
Software: Netopia Timbuktu Preview for Mac OS X
Method: Console
Risk:
raterateraterate


Scenario:
At the login screen of the freshly updated Mac OS X with preview version of Timbuktu for Mac OS X we have found a Timbuktu icon in the upper right hand portion of the screen. The menu contains all of the goodies (open timbuktu, turn tcp on/off, about, etc) Timbuktu users have known and loved from the classic OS. The menu About Timbuktu when clicked on gives you full control to the apple menu and system preferences without even being logged into OS X.

Having access to the System Preferences without being logged in can allow access to the users panel where someone could change passwords or any system setting.

Essentially, you've got admin access to the entire system prefs window and the users panel even shows the hidden admin/root user. Some say this is something not that large because you can gain full access through single user mode also, SM feels that the problem should be addressed by Netopia ASAP.

If you have purchased this product and would like this issue taken care of please contact Netopia

Netopia - "This issue was reported to us today. Our engineers were able to reproduce the error, and have completed a new build correcting it. All existing users will be notified when this build is available for download later today. Thanks for your vigilance and your feedback!
Stephanie S.
Timbuktu Pro Macintosh Product Specialist
Netopia, Inc.
"


Feedback Time:


Enter Email Address:

Enter your message:


Select Either of These Two Buttons


Security + OS
DiskLock
PowerBook Security Control Panel
Empower Pro
FileGuard
FreeGuard
FoolProof
Deus Lock Master
OnGuard
Keys Off
LockOut
MacOS Algorithm
Modem Security
Password Key
PGPuam
PPF
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro
Web-Confidential


Macintosh Viruses
Disinfectant
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security


Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
IPNetSentry
NetBarrier
Norton Personal Firewall

Mac Spyware & Privacy
Monitorer
NetShred - Delete Files Safely

Network Security
MacAnalysis
Oyabun Tools
WDTech RAE
ToolDaemon

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
NetBus
Outlook Express 4.5 Password Flaw
SubSeven
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
EnScript
FGP
FileTwister
ForgotIt?
GenPass
MacLockSmith
My-Privacy
My Secret
PGPi
PGPhone
PGP Personal
PGP Freeware
PowerCrypt-dev
Private File
Quick Encrypt
SubRosa Utilities
Tresor

Deleting Files
Eraser Pro
ShredIt

Backups

Apple Hardware

MacOS DoS
Mac Attack


All material (c) 2014 SecureMac.com and respected owners