SecurityInformation:
This concerns Macs connected to NT servers using Service Pack 4. If a Mac changes its password when connected to NT SP4, from that point on, PCs can log into that user account with NO password (a null password.) – contributed by John Wolf
Views:
This can be a serious bug. Its not well known, and when an Appleshare Client is added, not many people think to check for security issues because, well, it’s APPLESHARE! This causes a problem on the network.
Reasonings and Technical How-SO
snip-it from ms99-004 advisory Issue
The Windows NT Security …
June 2, 2001 •
3 min read
SecurityInformation
Fairly Good Privacy (also known as FGP) is a text-encryption program that’s easy enough for anyone to use. It is most useful for generating encrypted email messages that aren’t mean to be read by others. Using FGP, documents can be encoded multiple times, and then decoded by someone else who knows the passwords used in the encoding process.
Fixed a major memory-stomping bug that was the source of (hopefully) all of FGP’s crashes (thanks Spotlight!)
There are no longer separate 68k and PPC applications, only one “FAT” app that will run native …
June 2, 2001 •
2 min read
SecurityThe Internet will seem like a calm environment until you get hit by one of those nasty viruses. If your not using anti virus software then you wont know your computer is infected until it is too late. So many people are POSITIVE they do not need virus protection software because they only download shareware from sites like download.com or large companies and they only open attachments from their friends or family.
Those who already have experience with a virus know that this is one of the most common ways viruses …
June 2, 2001 •
3 min read
SecurityInformation
It is sophisticated software to do encryption. Built as a “Scripting Addition”, EnScrypt is an indispensable tool for software developers, script writers and anyone needing to provide encryption security on the Macintosh platform. Encryption is provided for EnScrypt by the “Blowfish” algorithm. “Blowfish” is one of several very secure and well-known symmetric encryption algorithm.
Views
The demo version of Enigma uses a very weak (32 bit) encryption key and limits vaults to only 5 files. A 32 bit key is sufficient to keep casual snoopers and unsophisticated thieves from your data, it …
June 2, 2001 •
2 min read
SecurityNew Mac OS X version of MacAnalysis 2.2.4
MacAnalysis is a security auditing suite for your Macintosh to perform and help implement a security standard for your computer/network by performing a full security check of network protocols, open services, port scans, vulnerable CGI scripts and much more. There has never been such a complete package to help maintain a secure network by running security audits for the MacOS! This will scan your Macintosh, Unix, Windows, and Hardware for any vulnerable security holes!
What is security auditing? Quick and simple, security auditing is …
June 2, 2001 •
7 min read
SecurityInformation
‘Enigma is a low cost, easy to use application designed to completely protect your privacy. If you would prefer your neighbors not see your personal financial data, your coworkers not see your performance appraisal, or your competitors see your trade secrets then Enigma is an application you will find valuable.
Enigma supports both the Macintosh and Window’s platforms. Encrypted documents can be exchanged between the two operating systems. (Note that at this time, vaults can not be used with the Window’s version).’
Views
The demo version of Enigma uses a very weak (32 …
June 2, 2001 •
2 min read
SecurityInformation
An AppleShare Auditing tool which displays server information such as:
Server Name
Machine Type
AFP protocol versions supported
UAM:s supported
Server settings and features
Server signature (if supported)
Network addresses assigned to the server; both TCP/IP- and AppleTalk addresses.
Views
Excellent Auditing tool for AppleShare Servers on the network. Get a view of what is configured.
VERSION HISTORY
Fixed bug in DoGetAllZones when checking len in TNetbuf structure.
Fixed bug in calculation of offset to network addresses and server signature.
Fixed drawing of icon for MacServerIP-servers on NT that seem to store icon and mask in long Intel-byteorder form.
Fixed drawing of server list …
June 2, 2001 •
2 min read
SecurityAppleTalk is a network protocol. A lot of schools and businesses use this protocal as a cheap alternative to ethernet connections. The programs listed on this page may help you out. Listed below are a description and download area.
For more specifics on AppleTalk information
Advisory entitled Penetrating an AppleShare IP Network has been added. Admins READ, this will help you understand your security better.
AppleShare Mail server, howto secure it from SPAM RELAY.
AppleShare Server Information is an auditing tool for AppleShare Servers. Read up on it
PGPuam is used to encrypt data between …
June 2, 2001 •
2 min read
SecurityResEdit is a utility intended for use by developers to manipulate resources within a file. Use of this application is not recommended unless you have a strong knowledge of how the Macintosh operating system functions. NOTE: if this software is improperly used, it is possible to incur data loss and/or render your Macintosh computer unusable, thus requiring you to reinstall the Mac OS
ResEdit WebSite
ResEdit is an Apple product and is currently at version 2.1.3.
Access on:
Apple Software Update Page
This software is Free.
ResEdit Uses
As stated above, ResEdit is useful for editing resources …
June 2, 2001 •
2 min read
SecurityInformation
NetShred provides an easy, permanent way to destroy web browser cache, web browser history and email trash.
When you access Internet web sites using a web browser, copies of the images and text that you see are saved in a cache folder on your hard disk. Some web browsers even keep a list of the sites that you have visited in a history file. Anyone with access to your computer can look through the contents of your cache folder and history file. They can see which web pages you have visited …
June 2, 2001 •
3 min read
SecurityPowerOn Software, INC has many offices throughout the United States. The company was formed in 1993 and is still kicking with new products. on April 15th 1999 they purchased Nortins Disk Lock. So it shows they are wanting to make a secure product by keeping on top of the new programs.
Views
I have worked with PowerOn Software in the school environment. It can be made very secure. The software can disable shift down on startup, disable disk-startup, allow multiple users, groups etc. OnGuard is made for PC and Mac computers so …
June 2, 2001 •
16 min read
SecurityInformation
Deus Lock Master is an easy-to-use utility which offers password protection for your system. All you have to do is give it a Master Password which will enable you to edit settings and create other accounts (with their own passwords and backup passwords, incase they forgot the first one). You can access the settings only by entering the correct Master Password. You can enter that password from any account name. If you enter one of the passwords from the user you selected, Lock Master will quit (enabling the user to …
June 2, 2001 •
1 min read
Securityby CodeSamurai of SecureMac.com
Disclaimer & Warning
Enabling the Open Firmware password protection feature is done so at your own risk; the author of this article and/or SecureMac will NOT be held accountable or responsible for whatever you do. Changes to Open Firmware that have not been explicitly endorsed by Apple may damage your computer’s logic board. Any repairs that are necessary because of this damage would not be covered under the terms of the Apple One-Year Limited Warranty, AppleCare Protection Plan, or other AppleCare agreement.
Also, updating the Open Firmware with security …
June 2, 2001 •
4 min read
SecurityWhether your neighbor is nosy, your roommate is curious, your sister is prying, or you’re just plain paranoid, Private Eye can help. Using a master password and tricky file-hiding techniques, you can virtually make your files disappear at the touch of a button and, with your password make them reappear again at once. It’s simple, safe, and effective.
When you start Private Eye, you are prompted for a password. If you enter the password correctly, you are greeted by the main window which lists your files and folders, whether they’re visible, …
June 2, 2001 •
2 min read
SecurityInformation
FoolProof was established by a company in Oregon called SmartStuff in 1992, throughout the years the software has grown to be a secure product for Macintosh computers.
Views
The macintosh underground security team has done extensive research on foolproof, throughout the years finding ways to bypass it. The software itself is not insecure. Infact it is a great product when used to its full extent. Schools use FoolProof a lot. Infact more of the schools if they are secure use this program. So if you think your school needs some security, or …
June 2, 2001 •
4 min read
SecurityInformation
Free Guard is a utility to hide files and folders. It is password protected at application startup. Nothing is encrypted, and someone could still make the files and folders visible without too much trouble.
It is based on the “if they do not know its there, they wont look for it” theory.
Views
This is another application to hide/unhide programs, files and folders. Free of cost makes this one of the best applications of its class. Remember that hiding a file with this application actually makes its invisible from everyone, just the people …
June 2, 2001 •
1 min read
Security“Where do you keep your confidential data?
Like most people these days, you’ve probably got a growing number of user IDs, passwords, registration keys, PINs, serial numbers, and the like, stored in various places on your Mac or scribbled on miscellaneous pieces of paper around your home or office. When you stop and think about it, you probably have more of these pesky bits of information scattered about than you realize.
The proliferation of the Internet is exacerbating this situation. Increasing numbers of commercially-oriented sites, such as the NY Times, require some …
June 2, 2001 •
3 min read
SecurityInformation
SuperLock Pro is the most secure and full-featured version of SuperLock. Unlike SuperLock Lite, which is designed primarily for single-user machines, SuperLock Pro was designed specifically for machines with multiple users, such as those in labs, computer stores, and many offices.
SuperLock Pro is split into three parts. Admin is where all administrative functions are performed, including editing the user list, setting client preferences, and setting security preferences. Client is what users use to log in. Overseer is a background application that runs all the time and performs various tasks for …
June 2, 2001 •
4 min read
SecurityWhat is Malevolence?
Malevolence is a simple application created by Marukka which extracts login/password information from the system in a unshadowed format. It has been discovered there a numerous ways to obtain the passwd information from netinfo including simply typing the command command “nidump passwd .”
Once you have the encrypted password file it may be decrypted with a method refered to as cracking or using a bruteforce attack.
Directions
Malevolence is very easy to use, in either Terminal.app or though a telnet session just run Malevolence and it will create a file called …
June 2, 2001 •
1 min read
SecurityMarukka, a programmer at MSEC (Macintosh Security Group) has created a modified version of the mach_init that will make it so Mac OS X does not have the ability to boot into single user mode.
The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup.
However, if you are not worried about someone having console …
June 2, 2001 •
2 min read
