SecurityBy Bob LeVitus
…. continued from part 1
Most Macs aren’t affected by the latest parasitic outbreaks in the news (Nimda, Code Red, etc.). But while Mac-specific viruses and worms are rare, the most definitely do still exist. Which is why smart Mac users know if they’re at risk and if they are, they take precautions.
Are you at risk? There are three main groups at risk:
The first is anyone who uses any type of writable or rewritable, mountable media: Disk (floppy, Zip, SuperDisk), cartridge (Jaz, Orb, magneto-optical), burnable optical media (CD-R, CD-RW, …
November 6, 2001 •
4 min read
SecurityWe Mac users have a distinct advantage over our less fortunate Windows-using brethren (and sistren)-Macs are far less likely to suffer damage from an attack by a virus, worm, or even a malicious teenager. On the other hand, you shouldn’t be lulled into a false sense of security-your Mac is not immune to viruses, worms and other intrusions. Attacks that target Macs, while rare, do exist.
This subject is too big and too important to cover in a single column, so this week I’ll focus on new Internet security issues raised …
November 5, 2001 •
4 min read
SecurityIntego revolutionized the world of Macintosh security with its widely acclaimed NetBarrier personal firewall product for the Classic Mac OS. Now, they have brought the same powerful and easy to use security product over to Mac OS X. This new product, NetBarrier X, written completely in the Cocoa API, brings the same security and privacy features you expect, only now taken to a whole new level in the stable, multitasking, multi-user environment that is Mac OS X. Unlike other programs such as BrickHouse and Firewalk, which only configure the existing …
October 12, 2001 •
5 min read
SecurityFix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues.
Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability
Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV standards. They said in Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as …
October 6, 2001 •
2 min read
SecurityInformation
SecureMac.com steps into a new realm of security, that is securing the data on your computer. The best way we could think about having your data is secure is to have backups of the data. Backup your data and do it often! Fires happen, hard disks crash, and computers get stolen almost every second of the day.
Tri-BACKUP is the first backup utility for both Mac OS and Mac OS X. The programs easy to use and follow interface makes it possible for even the basic mac user to follow. When …
October 5, 2001 •
4 min read
SecurityOperating System: Max OS X Version Affected: up to 10.1
Security Risk: High
Remote: No
Fixed: 10.20.2001 see below
About
Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the operating system. Once logged into Mac OS X, any user can obtain a root shell by executing a few simple applications in specific order.
Mac OS X is already on computers in every sort of nature, even after the administrator sets up multiple accounts with specific privileges keeping the user from …
October 2, 2001 •
3 min read
SecurityInformation About Startup Security 1.1 for Mac OS 9 & Mac OS X
In case you do not know, your Macintosh may be able to have extra password protection offering you a extra touch of security if you are using Open Firmware 4.1.7 or higher running Mac OS 9 or Mac OS X.
What is Open Firmware Password Protection?
We have a whole discussion on Open Firmware Password protection here. In short it would be compared to the PC’s BIOS password where it asks you for password on startup or while trying to …
August 6, 2001 •
2 min read
Securitypublished: 08.31.2001
remote: Yes
updated: yes
vulnerable: all aim accounts under 10 characters
The security issue was addressed by AOL and to this date does not remain a concern.
Information
Has your AOL Instant Messenger (AIM) account password come up as invalid and you are sure that you entered it correctly? Figure that your account was hijacked by someone using the program AIMThief 5.2 for the Macintosh.
Hackers found a hole in the protocol used by AIM that lets them remotely change any users passwords if the user name is 10 characters of less.
After the AIM account …
August 6, 2001 •
3 min read
Security‘I’ve posted patches for xnu that allow Mac OS X / Darwin to spoof MAC addresses, for use in conjunction with tools like Nemesis and Ettercap’ -peter
Installation
If you’re a seasoned Darwin user or developer, you likely have all the tools ready to go to build xnu, the Darwin kernel. If so, skip ahead to step 5. However, if you’re running Mac OS 10.0.x, there are several steps to go through:
Grab and install the developer tools from Apple’s developer site if you haven’t already.
make and make install relpath from the bootstrap_cmds …
August 6, 2001 •
2 min read
SecurityInformation
SKS or The Shift Key Suite 1.0.6 is an extension for your Macintosh to stop users from being able to hold down the shift key during startup to disable the extensions.
“Holding down the Shift key while booting your Macintosh prevents all extensions to load – an important feature when you have start-up crashes from incompatible extensions.”
Many Macintosh computers have simple security programs setup that are supposed to keep users out, if you do not see options in the preferences to disable the shift key during startup the user may be …
August 5, 2001 •
2 min read
SecurityBroadband Internet technology, with its rapidly increasing availability and affordability, has generated a need to secure personal computers in a way never conceived by its original inventors. Constantly connected PC’s are more prone to malicious attempts by the rising amount of computer hackers and “script kiddies”. To defend ourselves without busting our wallets, several software vendors have stepped up to the plate to offer software-based firewall solutions to protect the average PC user from most attacks prevalent today.
Computers on dedicated connections are more open to Internet-based attacks because they are …
August 4, 2001 •
6 min read
SecurityEttercap is a multipurpose sniffer/interceptor/logger for switched LAN. This program is fully unix based and was just ported to Mac OS X after a user requested it. If you are looking for your favorite unix based application to run on Mac OS X just give the programmers remote root so they don’t have to buy expensive hardware and they can do all the work from your box. 0.6.0 adds more support for Mac OS X!
Tools like this come in handy when programming, when you believe their is foul play happening, …
August 3, 2001 •
3 min read
SecurityWhat is Firewalk?
Firewalk is a Mac OS X configuration utility for the built in firewall. While you are running Mac OS X you should be aware that you are running on a BSD/Mach kernal. The built in firewall that Mac OS X offers is rather dirty, some like to get into the unix part of the operating system others still prefer the nice Macintosh GUI. This application makes it possible for you to configure the firewall properly with the graphical user interface that Macintosh users are used to.
Firewalk X 2 …
July 12, 2001 •
2 min read
SecurityInformation
Agax is an extensible free Mac anti-virus program. It offers both standard virus-scanning facilities and more advanced background protection – so you don’t get infected in the first place. Click on one of the links below to download Agax.
Views
Excellent free program. Protects against SevenDust, Autostart, and CODE9811. So this isn’t a full blown virus protection program yet; they are definitely adding the most current virus definitions!
Download Version
You can download Agax 1.3 from:
SecureMac – 1.3 version
Or try Downloading From:
Agax’s Website
Features
This is a snippet from the manual:
Agax is an anti-virus application. It …
July 11, 2001 •
9 min read
SecurityWhat is Secure FTP Wrapper
Secure FTP Wrapper is a Java based program designed to easily make your existing FTP server compatible with Glub Tech’s Secure FTP client. In this release the wrapper allows for a Secure Sockets Layer, or SSL, connection to be made to your FTP server.
This Wrapper is supported by Mac OS X, Windows, and Linux running the Java 2 runtime environment
Instead of using the standard FTP Protocal transfering data in plain text you are using a enhanced version which offers encryption. If someone is watching (sniffing) your …
July 11, 2001 •
1 min read
SecurityInformation
Password Key was designed to provide a limited amount of security to your Macintosh system with emphasis on “security without modification” in its processes. Even though it offers a fairly high level of security to the average “looker”, it does not in any way, affect either the hardware configuration, system software, or any of your files.
When used properly, Password Key should provide you with at least the knowledge of “illegal attempts” to enter your system, and at best, with a system that is left alone with its integrity kept complete.
Password …
July 9, 2001 •
3 min read
SecurityComputer equipment is stolen every second around the world. What makes you believe your computer is any bit safer than the next guys. The concept of Stealth Signal is simple. When you use the Stealth Signal service your computer is being kept tabs on, so the next time someone steals your laptop of desktop computer they will help you locate it, read how…
How Stealth Signal Operates:
A small undetectable program (Stealth Signal Transmitter) is installed in your computer. This program silently tries to send a signal to our Monitoring Network at …
July 6, 2001 •
4 min read
SecurityComputer equipment is stolen every second around the world. What makes you believe your computer is any bit safer than the next guys. The concept of Stealth Signal is simple. When you use the Stealth Signal service your computer is being kept tabs on, so the next time someone steals your laptop of desktop computer they will help you locate it, read how…
How Stealth Signal Operates
A small undetectable program (Stealth Signal Transmitter) is installed in your computer. This program silently tries to send a signal to our Monitoring Network at …
July 6, 2001 •
4 min read
Security
What is nidump?
nidump reads the specified NetInfo domain and dumps a por-
tion of its contents to standard output. When a flat-file
administration file format is specified, nidump provides
output using the syntax of the corresponding flat file.
The allowed values for format are aliases, bootparams,
bootptab, exports, fstab, group, hosts, networks, passwd,
printcap, protocols, rpc, and services.
If the -r option is used, the first argument is inter-
preted as a NetInfo directory path, and its contents are
dumped in a generic NetInfo format.
If the -r option is used, the first argument is inter-
preted as a NetInfo directory …
July 5, 2001 •
2 min read
SecurityInformation
Monitorer is a extension to record keystrokes as they are typed. Monitorer records everything you type with your keyboard and saves it. That can be very useful if you just wrote a very long text and your computer crashes. After restarting you will find the saved log-file in your preferences folder where you can copy your lost text! This application can also be used to check if any unauthorized person used your computer or you use it to view what your employees “produced” the whole day.
However Keystroke loggers were originally …
July 5, 2001 •
2 min read
