SecurityPRODUCT: Macintosh Hacker’s Workshop (MHW) v1.1
Review by: James M. Buehring
RATING: 4.5 / 5
THE PRODUCT & DEVELOPER:
MWH, or “Macintosh Hackers Workshop” is the first of (hopefully) a long line of products from a security expert team from France named CODE511. The author, grungie, offers up the only graphical UNIX password cracker for OS X to date.
This is not a program for your novice user who is unfamiliar with password files or DES encryption. If “DES” and “passwd” draw a blank for you, skip over this product.
For those of you who could …
December 11, 2001 •
3 min read
SecuritySneak Preview of MacAnalysis for Mac OS X
“Exclusive Previews of MacAnalysis X!”
Lagoon Software’s MacAnalysis has become a manditory program for Macintosh users trying to secure their systems. MacAnalyis is a security auditing suite that runs on your Macintosh, test the security of a local or remote computer system.Read about MacAnalysis @ this SecureMac.com review
After many weeks of programming they are almost ready to start distribution of their Mac OS X version. SecureMac.com was given the program to take a look at – the program follows the same style setup from …
December 2, 2001 •
2 min read
SecurityMarketing your Macintosh Security Programs Online v1.0
Once you have the program created you need people to download, test, and update the software. This simple how to guide is to share with you realms of the Internet where you can reach all different markets, from the hackers, security experts to regular Macintosh users.
Your Web Site
Create a web site the goal is to keep it as clean and simple as possible. Make sure you have pages for the following:
Contact (e-mail address, website – bookmark it, mailing list)
Program (with description, screenshots, and examples)
Index …
November 10, 2001 •
3 min read
SecurityIntroduction
Sophos declares the following in their campaign for Sophos Anti-Virus for Mac
-Malware myth: Macs can’t get viruses.
-SophosLabs have detected over 1,000 threats for Mac OS.
Sophos Anti-Virus for Mac Home Edition runs in the background and scans files for threats whenever your Mac opens them. It comes with an uninstaller (Applications/Remove Sophos) in case you want to remove it after trying it on your system.
I’ll be going through this review step-by-step and cover all the features related to the Mac system, usability, configuration and overall experience. Feel free to follow my …
November 7, 2001 •
17 min read
SecurityBy Bob LeVitus
…. continued from part 1
Most Macs aren’t affected by the latest parasitic outbreaks in the news (Nimda, Code Red, etc.). But while Mac-specific viruses and worms are rare, the most definitely do still exist. Which is why smart Mac users know if they’re at risk and if they are, they take precautions.
Are you at risk? There are three main groups at risk:
The first is anyone who uses any type of writable or rewritable, mountable media: Disk (floppy, Zip, SuperDisk), cartridge (Jaz, Orb, magneto-optical), burnable optical media (CD-R, CD-RW, …
November 6, 2001 •
4 min read
SecurityWe Mac users have a distinct advantage over our less fortunate Windows-using brethren (and sistren)-Macs are far less likely to suffer damage from an attack by a virus, worm, or even a malicious teenager. On the other hand, you shouldn’t be lulled into a false sense of security-your Mac is not immune to viruses, worms and other intrusions. Attacks that target Macs, while rare, do exist.
This subject is too big and too important to cover in a single column, so this week I’ll focus on new Internet security issues raised …
November 5, 2001 •
4 min read
SecurityIntego revolutionized the world of Macintosh security with its widely acclaimed NetBarrier personal firewall product for the Classic Mac OS. Now, they have brought the same powerful and easy to use security product over to Mac OS X. This new product, NetBarrier X, written completely in the Cocoa API, brings the same security and privacy features you expect, only now taken to a whole new level in the stable, multitasking, multi-user environment that is Mac OS X. Unlike other programs such as BrickHouse and Firewalk, which only configure the existing …
October 12, 2001 •
5 min read
SecurityFix: Use the Software Update feature in Mac OS X to resolve the issues with WebDAV security issues.
Security Advisory: Apple’s Mac OS X iDisk WebDAV vulnerability
Open Door Networks recently discovered that Apple’s iDisk under Mac OS X 10.1 wasn’t properly written to WebDAV standards. They said in Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as …
October 6, 2001 •
2 min read
SecurityInformation
SecureMac.com steps into a new realm of security, that is securing the data on your computer. The best way we could think about having your data is secure is to have backups of the data. Backup your data and do it often! Fires happen, hard disks crash, and computers get stolen almost every second of the day.
Tri-BACKUP is the first backup utility for both Mac OS and Mac OS X. The programs easy to use and follow interface makes it possible for even the basic mac user to follow. When …
October 5, 2001 •
4 min read
SecurityOperating System: Max OS X Version Affected: up to 10.1
Security Risk: High
Remote: No
Fixed: 10.20.2001 see below
About
Mac OS X over the past few months have started to spout security concerns, this being one of the first most publicized attacks on the operating system. Once logged into Mac OS X, any user can obtain a root shell by executing a few simple applications in specific order.
Mac OS X is already on computers in every sort of nature, even after the administrator sets up multiple accounts with specific privileges keeping the user from …
October 2, 2001 •
3 min read
SecurityInformation About Startup Security 1.1 for Mac OS 9 & Mac OS X
In case you do not know, your Macintosh may be able to have extra password protection offering you a extra touch of security if you are using Open Firmware 4.1.7 or higher running Mac OS 9 or Mac OS X.
What is Open Firmware Password Protection?
We have a whole discussion on Open Firmware Password protection here. In short it would be compared to the PC’s BIOS password where it asks you for password on startup or while trying to …
August 6, 2001 •
2 min read
Securitypublished: 08.31.2001
remote: Yes
updated: yes
vulnerable: all aim accounts under 10 characters
The security issue was addressed by AOL and to this date does not remain a concern.
Information
Has your AOL Instant Messenger (AIM) account password come up as invalid and you are sure that you entered it correctly? Figure that your account was hijacked by someone using the program AIMThief 5.2 for the Macintosh.
Hackers found a hole in the protocol used by AIM that lets them remotely change any users passwords if the user name is 10 characters of less.
After the AIM account …
August 6, 2001 •
3 min read
Security‘I’ve posted patches for xnu that allow Mac OS X / Darwin to spoof MAC addresses, for use in conjunction with tools like Nemesis and Ettercap’ -peter
Installation
If you’re a seasoned Darwin user or developer, you likely have all the tools ready to go to build xnu, the Darwin kernel. If so, skip ahead to step 5. However, if you’re running Mac OS 10.0.x, there are several steps to go through:
Grab and install the developer tools from Apple’s developer site if you haven’t already.
make and make install relpath from the bootstrap_cmds …
August 6, 2001 •
2 min read
SecurityInformation
SKS or The Shift Key Suite 1.0.6 is an extension for your Macintosh to stop users from being able to hold down the shift key during startup to disable the extensions.
“Holding down the Shift key while booting your Macintosh prevents all extensions to load – an important feature when you have start-up crashes from incompatible extensions.”
Many Macintosh computers have simple security programs setup that are supposed to keep users out, if you do not see options in the preferences to disable the shift key during startup the user may be …
August 5, 2001 •
2 min read
SecurityBroadband Internet technology, with its rapidly increasing availability and affordability, has generated a need to secure personal computers in a way never conceived by its original inventors. Constantly connected PC’s are more prone to malicious attempts by the rising amount of computer hackers and “script kiddies”. To defend ourselves without busting our wallets, several software vendors have stepped up to the plate to offer software-based firewall solutions to protect the average PC user from most attacks prevalent today.
Computers on dedicated connections are more open to Internet-based attacks because they are …
August 4, 2001 •
6 min read
SecurityEttercap is a multipurpose sniffer/interceptor/logger for switched LAN. This program is fully unix based and was just ported to Mac OS X after a user requested it. If you are looking for your favorite unix based application to run on Mac OS X just give the programmers remote root so they don’t have to buy expensive hardware and they can do all the work from your box. 0.6.0 adds more support for Mac OS X!
Tools like this come in handy when programming, when you believe their is foul play happening, …
August 3, 2001 •
3 min read
SecurityWhat is Firewalk?
Firewalk is a Mac OS X configuration utility for the built in firewall. While you are running Mac OS X you should be aware that you are running on a BSD/Mach kernal. The built in firewall that Mac OS X offers is rather dirty, some like to get into the unix part of the operating system others still prefer the nice Macintosh GUI. This application makes it possible for you to configure the firewall properly with the graphical user interface that Macintosh users are used to.
Firewalk X 2 …
July 12, 2001 •
2 min read
SecurityInformation
Agax is an extensible free Mac anti-virus program. It offers both standard virus-scanning facilities and more advanced background protection – so you don’t get infected in the first place. Click on one of the links below to download Agax.
Views
Excellent free program. Protects against SevenDust, Autostart, and CODE9811. So this isn’t a full blown virus protection program yet; they are definitely adding the most current virus definitions!
Download Version
You can download Agax 1.3 from:
SecureMac – 1.3 version
Or try Downloading From:
Agax’s Website
Features
This is a snippet from the manual:
Agax is an anti-virus application. It …
July 11, 2001 •
9 min read
SecurityWhat is Secure FTP Wrapper
Secure FTP Wrapper is a Java based program designed to easily make your existing FTP server compatible with Glub Tech’s Secure FTP client. In this release the wrapper allows for a Secure Sockets Layer, or SSL, connection to be made to your FTP server.
This Wrapper is supported by Mac OS X, Windows, and Linux running the Java 2 runtime environment
Instead of using the standard FTP Protocal transfering data in plain text you are using a enhanced version which offers encryption. If someone is watching (sniffing) your …
July 11, 2001 •
1 min read
SecurityInformation
Password Key was designed to provide a limited amount of security to your Macintosh system with emphasis on “security without modification” in its processes. Even though it offers a fairly high level of security to the average “looker”, it does not in any way, affect either the hardware configuration, system software, or any of your files.
When used properly, Password Key should provide you with at least the knowledge of “illegal attempts” to enter your system, and at best, with a system that is left alone with its integrity kept complete.
Password …
July 9, 2001 •
3 min read