SecurityResEdit is a utility intended for use by developers to manipulate resources within a file. Use of this application is not recommended unless you have a strong knowledge of how the Macintosh operating system functions. NOTE: if this software is improperly used, it is possible to incur data loss and/or render your Macintosh computer unusable, thus requiring you to reinstall the Mac OS
ResEdit WebSite
ResEdit is an Apple product and is currently at version 2.1.3.
Access on:
Apple Software Update Page
This software is Free.
ResEdit Uses
As stated above, ResEdit is useful for editing resources …
June 2, 2001 •
2 min read
SecurityInformation
NetShred provides an easy, permanent way to destroy web browser cache, web browser history and email trash.
When you access Internet web sites using a web browser, copies of the images and text that you see are saved in a cache folder on your hard disk. Some web browsers even keep a list of the sites that you have visited in a history file. Anyone with access to your computer can look through the contents of your cache folder and history file. They can see which web pages you have visited …
June 2, 2001 •
3 min read
SecurityPowerOn Software, INC has many offices throughout the United States. The company was formed in 1993 and is still kicking with new products. on April 15th 1999 they purchased Nortins Disk Lock. So it shows they are wanting to make a secure product by keeping on top of the new programs.
Views
I have worked with PowerOn Software in the school environment. It can be made very secure. The software can disable shift down on startup, disable disk-startup, allow multiple users, groups etc. OnGuard is made for PC and Mac computers so …
June 2, 2001 •
16 min read
SecurityInformation
Deus Lock Master is an easy-to-use utility which offers password protection for your system. All you have to do is give it a Master Password which will enable you to edit settings and create other accounts (with their own passwords and backup passwords, incase they forgot the first one). You can access the settings only by entering the correct Master Password. You can enter that password from any account name. If you enter one of the passwords from the user you selected, Lock Master will quit (enabling the user to …
June 2, 2001 •
1 min read
Securityby CodeSamurai of SecureMac.com
Disclaimer & Warning
Enabling the Open Firmware password protection feature is done so at your own risk; the author of this article and/or SecureMac will NOT be held accountable or responsible for whatever you do. Changes to Open Firmware that have not been explicitly endorsed by Apple may damage your computer’s logic board. Any repairs that are necessary because of this damage would not be covered under the terms of the Apple One-Year Limited Warranty, AppleCare Protection Plan, or other AppleCare agreement.
Also, updating the Open Firmware with security …
June 2, 2001 •
4 min read
SecurityWhether your neighbor is nosy, your roommate is curious, your sister is prying, or you’re just plain paranoid, Private Eye can help. Using a master password and tricky file-hiding techniques, you can virtually make your files disappear at the touch of a button and, with your password make them reappear again at once. It’s simple, safe, and effective.
When you start Private Eye, you are prompted for a password. If you enter the password correctly, you are greeted by the main window which lists your files and folders, whether they’re visible, …
June 2, 2001 •
2 min read
SecurityInformation
FoolProof was established by a company in Oregon called SmartStuff in 1992, throughout the years the software has grown to be a secure product for Macintosh computers.
Views
The macintosh underground security team has done extensive research on foolproof, throughout the years finding ways to bypass it. The software itself is not insecure. Infact it is a great product when used to its full extent. Schools use FoolProof a lot. Infact more of the schools if they are secure use this program. So if you think your school needs some security, or …
June 2, 2001 •
4 min read
SecurityInformation
Free Guard is a utility to hide files and folders. It is password protected at application startup. Nothing is encrypted, and someone could still make the files and folders visible without too much trouble.
It is based on the “if they do not know its there, they wont look for it” theory.
Views
This is another application to hide/unhide programs, files and folders. Free of cost makes this one of the best applications of its class. Remember that hiding a file with this application actually makes its invisible from everyone, just the people …
June 2, 2001 •
1 min read
Security“Where do you keep your confidential data?
Like most people these days, you’ve probably got a growing number of user IDs, passwords, registration keys, PINs, serial numbers, and the like, stored in various places on your Mac or scribbled on miscellaneous pieces of paper around your home or office. When you stop and think about it, you probably have more of these pesky bits of information scattered about than you realize.
The proliferation of the Internet is exacerbating this situation. Increasing numbers of commercially-oriented sites, such as the NY Times, require some …
June 2, 2001 •
3 min read
SecurityInformation
SuperLock Pro is the most secure and full-featured version of SuperLock. Unlike SuperLock Lite, which is designed primarily for single-user machines, SuperLock Pro was designed specifically for machines with multiple users, such as those in labs, computer stores, and many offices.
SuperLock Pro is split into three parts. Admin is where all administrative functions are performed, including editing the user list, setting client preferences, and setting security preferences. Client is what users use to log in. Overseer is a background application that runs all the time and performs various tasks for …
June 2, 2001 •
4 min read
SecurityWhat is Malevolence?
Malevolence is a simple application created by Marukka which extracts login/password information from the system in a unshadowed format. It has been discovered there a numerous ways to obtain the passwd information from netinfo including simply typing the command command “nidump passwd .”
Once you have the encrypted password file it may be decrypted with a method refered to as cracking or using a bruteforce attack.
Directions
Malevolence is very easy to use, in either Terminal.app or though a telnet session just run Malevolence and it will create a file called …
June 2, 2001 •
1 min read
SecurityMarukka, a programmer at MSEC (Macintosh Security Group) has created a modified version of the mach_init that will make it so Mac OS X does not have the ability to boot into single user mode.
The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup.
However, if you are not worried about someone having console …
June 2, 2001 •
2 min read
SecurityWhat is sudo?
Sudo (superuser do) is a piece of software that allows a system admin to give certain users/groups the ability to run commands as root or another user
Sudo is available with most all unix based operating systems including Mac OS X.
The Problem
On 4.23.2K1 FreeBSD, Inc. released a security advisory warning users that all version of sudo prior to version 1.6.3.7 contains a local command-line buffer overflow allowing a local user to potentially gain increased privileges on the local system.
Mac OS X 10.0.4 DOES included a fixed version of sudo …
June 2, 2001 •
2 min read
SecurityInformation
Password Protect Folders (PPF) is designed to password protect personal folders on local or remote disks. One or more folders are dragged and dropped onto the AppleScript, assigned a user defined password and then made invisible. Folders are restored by relaunching the application, selecting one or more folders in a dialog box and then entering the correct password. A text file is maintained to keep track of the locations of all currently hidden folders.
Views
PPF is a a low level security program which runs as an AppleScript to toggle the visibility …
June 2, 2001 •
2 min read
SecurityA fatal bug in MacOS X Server renders Apple’s new operating system practically useless as a web server. The problem is particularly critical since it affects MacOS Server X release 1.0 in one of its key features.
During a server load test at c’t Labs, the Apache web server built into the OS caused the machine to halt with a fatal “System Panic” error following successive CGI script queries.
CGI scripts (Common Gateway Interface) are a common server extension, frequently used for web queries. The test stopped the system cold whenever 32 …
June 2, 2001 •
2 min read
SecurityWhat is GnuPG?
GnuPG is a cost free replacement for PGP. Because GnuPG does not use the patented algorithm (IDEA), it can be freely used without restrictions. GnuPG application is fully RFC2440 (OpenPGP) compliant.
GPGMail is the front-end for GnuPG adding PGP functionality to Mac OS X’s MailViewer.app and Mail.app. Once installed you will see a menu containing the PGP functions, from there you may encrypt, decrypt, compose and digitally sign a message.
With this extended version of Apple’s MailViewer/Mail application you may read, and send PGP authenticated/encrypted messages.
GPGMail does not work at …
June 2, 2001 •
2 min read
SecurityImportant Notice!
How safe is your virus protection software?
Not safe enough, rumor had it that the software company Fan Software released a defunct virus protection application called Insecticide priced @ 25.00 shareware . SecureMac.com ran Insecticide through the 3 point virus inspection test against 3 top viruses (AIDS, ANTI A Variant, Hpat) downloaded from Freaks Macintosh Archives Virus area. The program showed that all three files contained no viruses. These files were then checked with a freeware virus protection software Disinfectant and all three showed VIRUS and were then disinfected.
To ensure …
June 2, 2001 •
1 min read
SecurityTHIS IS SAMPLE CODE!
———————————————
This is the first public release, It is pretty stable for everyday use, but I am aware of a few bugs. I have listed them below..
This sample is a good example of what can be done with the AppleShare IP UAM sdk and also provides some useful authentication on the Macintosh.
WHAT IS IT?
———————————————
PGPuam is an enhancement to the standard AppleShare IP User Access Methods (UAM) that enables a user to perform two-way strongly authenticated logins to an AppleShare IP server from a Mac OS client. The PGPuam …
June 2, 2001 •
10 min read
SecurityInformation
A lot of this information was gathered from other sources on the Internet. This flaw is old. Just not well publicized. Now that it is, we can cover it a little more and explain why it happens, and what damage it can cause. This is a Denial of Service attack in most cases. There are a lot of scripts out there to execute this DoS attack. So watch out.
A excellent source for more information is the Macintouch ModemSecurity Page.
Views
This effects more than Macintosh Modems. Linux dialup users have seen this …
June 2, 2001 •
6 min read
SecurityDecrypt-a-tron is a application to decrypt the Apple password algorithm, created by System Coyboy.
macfspwd.c is a .c script to decrypt the apple password algorithm. Created by Nate Pierce. This is a .c document. You can use a compiler or a unix machine to execute it.
Nate Pierce has written a second edition to his macfspwd.c, the apple encryption algorithm. the 2nd revision adds the possibility of running like grep: macfspwd2 [accountname] [users & groups db filename] It currently pulls out all occurrences of the account name in the file, but I’ll …
June 2, 2001 •
4 min read