SecurityWhat is sudo?
Sudo (superuser do) is a piece of software that allows a system admin to give certain users/groups the ability to run commands as root or another user
Sudo is available with most all unix based operating systems including Mac OS X.
The Problem
On 4.23.2K1 FreeBSD, Inc. released a security advisory warning users that all version of sudo prior to version 1.6.3.7 contains a local command-line buffer overflow allowing a local user to potentially gain increased privileges on the local system.
Mac OS X 10.0.4 DOES included a fixed version of sudo …
June 2, 2001 •
2 min read
SecurityInformation
Password Protect Folders (PPF) is designed to password protect personal folders on local or remote disks. One or more folders are dragged and dropped onto the AppleScript, assigned a user defined password and then made invisible. Folders are restored by relaunching the application, selecting one or more folders in a dialog box and then entering the correct password. A text file is maintained to keep track of the locations of all currently hidden folders.
Views
PPF is a a low level security program which runs as an AppleScript to toggle the visibility …
June 2, 2001 •
2 min read
SecurityA fatal bug in MacOS X Server renders Apple’s new operating system practically useless as a web server. The problem is particularly critical since it affects MacOS Server X release 1.0 in one of its key features.
During a server load test at c’t Labs, the Apache web server built into the OS caused the machine to halt with a fatal “System Panic” error following successive CGI script queries.
CGI scripts (Common Gateway Interface) are a common server extension, frequently used for web queries. The test stopped the system cold whenever 32 …
June 2, 2001 •
2 min read
SecurityWhat is GnuPG?
GnuPG is a cost free replacement for PGP. Because GnuPG does not use the patented algorithm (IDEA), it can be freely used without restrictions. GnuPG application is fully RFC2440 (OpenPGP) compliant.
GPGMail is the front-end for GnuPG adding PGP functionality to Mac OS X’s MailViewer.app and Mail.app. Once installed you will see a menu containing the PGP functions, from there you may encrypt, decrypt, compose and digitally sign a message.
With this extended version of Apple’s MailViewer/Mail application you may read, and send PGP authenticated/encrypted messages.
GPGMail does not work at …
June 2, 2001 •
2 min read
SecurityImportant Notice!
How safe is your virus protection software?
Not safe enough, rumor had it that the software company Fan Software released a defunct virus protection application called Insecticide priced @ 25.00 shareware . SecureMac.com ran Insecticide through the 3 point virus inspection test against 3 top viruses (AIDS, ANTI A Variant, Hpat) downloaded from Freaks Macintosh Archives Virus area. The program showed that all three files contained no viruses. These files were then checked with a freeware virus protection software Disinfectant and all three showed VIRUS and were then disinfected.
To ensure …
June 2, 2001 •
1 min read
SecurityTHIS IS SAMPLE CODE!
———————————————
This is the first public release, It is pretty stable for everyday use, but I am aware of a few bugs. I have listed them below..
This sample is a good example of what can be done with the AppleShare IP UAM sdk and also provides some useful authentication on the Macintosh.
WHAT IS IT?
———————————————
PGPuam is an enhancement to the standard AppleShare IP User Access Methods (UAM) that enables a user to perform two-way strongly authenticated logins to an AppleShare IP server from a Mac OS client. The PGPuam …
June 2, 2001 •
10 min read
SecurityInformation
A lot of this information was gathered from other sources on the Internet. This flaw is old. Just not well publicized. Now that it is, we can cover it a little more and explain why it happens, and what damage it can cause. This is a Denial of Service attack in most cases. There are a lot of scripts out there to execute this DoS attack. So watch out.
A excellent source for more information is the Macintouch ModemSecurity Page.
Views
This effects more than Macintosh Modems. Linux dialup users have seen this …
June 2, 2001 •
6 min read
SecurityDecrypt-a-tron is a application to decrypt the Apple password algorithm, created by System Coyboy.
macfspwd.c is a .c script to decrypt the apple password algorithm. Created by Nate Pierce. This is a .c document. You can use a compiler or a unix machine to execute it.
Nate Pierce has written a second edition to his macfspwd.c, the apple encryption algorithm. the 2nd revision adds the possibility of running like grep: macfspwd2 [accountname] [users & groups db filename] It currently pulls out all occurrences of the account name in the file, but I’ll …
June 2, 2001 •
4 min read
SecurityHave you ever had to call for tech support on a product only for them to ask you for your serial number or registration code or when you bought it? Have you ever visited a website where you needed to enter a user name and password to access some feature only to return at a later date and not remember what information you provided?
iKeeper enables you to quickly enter, view, or modify internet and product information and quickly search through your records to find the information you need, when you …
June 2, 2001 •
2 min read
SecurityOperating System Affected: MacOS 8.6 and below
Software: ALL versions of FileGuard
Threat: medium
The computer protection software “FileGuard” is renowned for its excellent ability of keeping people off your box. While playing around with the latest version, I started playing with the logs. I got to fooling around with file names and realized that you can change the name of a file without it being logged.
Take this scenario. Someone gets onto your computer and they are restricted from all of your Internet applications. They bring a copy of “ferret” (http://jindel.cjb.net), a notorious …
June 2, 2001 •
1 min read
SecurityFileGuard Security Advisory – Disengage 1.0
OS 9.1 Ready, Now fully being developed and supported by Intego
Information
FileGuard has been a trusted program amongst Mac users who have searched for a way to keep their computers and data secure, in most recent news Intego purchased the software and will continue to make improvements and develop the software for both Macintosh and PC platform. FileGuard now fully works with Mac OS 9.1 and has many bug fixes as well as feature advancements.
Brief rundown on the functionality of FileGuard 4.0. Allow multiple users to …
June 2, 2001 •
9 min read
SecurityBrickHouse (Mac OS X Firewall Configuration)
BrickHouse was developed by Brian Hill to ease the process of configuring MacOS X’s built-in Firewall.
His hard work has paid off; hundreds of OS X owners use his program. Changing Firewall settings manually without a GUI can be tedious and confusing for unexperianced users; this program removes those barriers.
By using BrickHouse to configure your computer’s firewall, you can more effectively keep unauthorized users from gaining access to your computer via your internet connection.
BrickHouse makes it easy to use your firewall to guard against denial of …
June 2, 2001 •
2 min read
SecurityInformation
Empower Professional is a comprehensive security system, chosen by many large corporations, and featuring multi-level/multi-user access controls, enabling management of both folders and programs.
Whats New in 5.6.2:
Resolved conflict with the Mac OS 8.6 USB Iomega Driver
Resolved conflict TechTool, Protection version 2.5.1 Control Panel
Fixed freeze during Shutdown or Restart with File Sharing enabled
The Trial Remover is now built in to Trial software to make it faster and easier to evaluate
Other minor bug fixes and fine tuning
Views
Empower Pro has long realized that efficient, transparent data security plays a vital role in the …
June 2, 2001 •
2 min read
SecurityInformation
Virex has been a leader in Anti-Virus solutions for the MacOS. This is the first beta for Mac OS X and only contains the command line scanner, we are assured in the near future we will see the familiar Virex interface.
Because this is a early beta there is no charge for this product. This Beta has been designed to run only on the Released version of OSX. It is not recommend running this product on previous releases of OS X, including the Public Beta of OSX, as this product uses …
June 2, 2001 •
1 min read
SecuritySymantecs’ Norton AntiVirus (NAV) 7 has become a trusted name amongst Macintosh users for virus protection over the past few years. SecureMac put this program through our five lock testing and the results came out rather interesting.
During installation we were greeted with a screen asking us what type of protection we wanted, none, moderate, most, and too much. After install we rebooted and started the application. The program is easy to follow with a nice classic navigation.
After installation it is recommended you run the LiveUpdate feature that will download the …
June 2, 2001 •
3 min read
SecurityInformation
All Apple Powerbook have the option of setting up a security control panel, making it so when you boot you must enter a password before it mounts the drive. Good security for a laptop!
Views
Good security for those LapTop Users. At lease this program can fool an idiot!
Insecurity
Security Breaches in the Password Security Control Panel: Owners of Powerbook have the option of using the Control Panel “Password Security”. With Password Security turned on the owner of the PowerBook can password-protect his/her computer. This involves a password dialog asking for a password …
June 2, 2001 •
4 min read
SecurityInformation
Easy, Foolproof protection. DiskLock sets up much faster than other security programs. Instead of having to select each file, you can choose entire folders with a single click. And DiskLock is virtually impossible to bypass–it loads before the system software, so unauthorized users can’t start up your system, even from a floppy disk.
IDE Drive Support: Supports IDE drives as well as Macintosh-standard SCSI drives
Multiple User Support: Set up as many users as you want, with an individual password and access levels for each.
DiskLock loads before the system software, so unauthorized …
June 2, 2001 •
2 min read
SecurityInformation
At Ease popularity has kind of died down. I remember schools using it but now they don’t seem to. It’s a product I never liked. Found it rather insecure. Millions of ways to hack around it.
Views
The New Version, Well You need to email me with information on it. I couldn’t find any on Apples website, so if you run it, Email me! I guess this product would be good for Jr High or Elementary schools.
Insecurity
At Ease Files + Hacks + Fixes:
Research Papers/Instructions:
Open Other peoples files is a email submitted from …
June 2, 2001 •
2 min read
SecurityEmail encryption problems should be solved in Sonata
by Dennis Sellers, dsellers@maccentral.com
June 15, 1999, 9:45 am ET
If you’re using a free Mac email application, you inherently have a lack of secure encryption as Andrew Jung, a computer science student at Camosun College (Victoria BC, Canada), recently discovered. Jung was using Outlook Express 4.5 on the family iMac when he came upon what he described a “disturbing bug.”
Jung attempted to use the “Change Current User” menu item of Outlook Express to access his personal email account (three separate email accounts were on …
June 2, 2001 •
4 min read
SecurityInformation
NetBus is a remote administration tool for the Windows Operating system. When this program was first released it was known as a ‘hacker tool’ where a user can gain remote access to a computer with the program installed. This program is like the CDC Back Orifice application commonly known as BO2K.
Virus protection vendors categorized this program as a trojan horse but many insist it is a legit remote administration tool. NetBus is on SecureMac.com so Macintosh users will know their computer CAN NOT be infected by this program. However a …
June 2, 2001 •
1 min read
