SecurityInformation
FoolProof was established by a company in Oregon called SmartStuff in 1992, throughout the years the software has grown to be a secure product for Macintosh computers.
Views
The macintosh underground security team has done extensive research on foolproof, throughout the years finding ways to bypass it. The software itself is not insecure. Infact it is a great product when used to its full extent. Schools use FoolProof a lot. Infact more of the schools if they are secure use this program. So if you think your school needs some security, or …
June 2, 2001 •
4 min read
SecurityInformation
Free Guard is a utility to hide files and folders. It is password protected at application startup. Nothing is encrypted, and someone could still make the files and folders visible without too much trouble.
It is based on the “if they do not know its there, they wont look for it” theory.
Views
This is another application to hide/unhide programs, files and folders. Free of cost makes this one of the best applications of its class. Remember that hiding a file with this application actually makes its invisible from everyone, just the people …
June 2, 2001 •
1 min read
Security“Where do you keep your confidential data?
Like most people these days, you’ve probably got a growing number of user IDs, passwords, registration keys, PINs, serial numbers, and the like, stored in various places on your Mac or scribbled on miscellaneous pieces of paper around your home or office. When you stop and think about it, you probably have more of these pesky bits of information scattered about than you realize.
The proliferation of the Internet is exacerbating this situation. Increasing numbers of commercially-oriented sites, such as the NY Times, require some …
June 2, 2001 •
3 min read
SecurityInformation
SuperLock Pro is the most secure and full-featured version of SuperLock. Unlike SuperLock Lite, which is designed primarily for single-user machines, SuperLock Pro was designed specifically for machines with multiple users, such as those in labs, computer stores, and many offices.
SuperLock Pro is split into three parts. Admin is where all administrative functions are performed, including editing the user list, setting client preferences, and setting security preferences. Client is what users use to log in. Overseer is a background application that runs all the time and performs various tasks for …
June 2, 2001 •
4 min read
SecurityWhat is Malevolence?
Malevolence is a simple application created by Marukka which extracts login/password information from the system in a unshadowed format. It has been discovered there a numerous ways to obtain the passwd information from netinfo including simply typing the command command “nidump passwd .”
Once you have the encrypted password file it may be decrypted with a method refered to as cracking or using a bruteforce attack.
Directions
Malevolence is very easy to use, in either Terminal.app or though a telnet session just run Malevolence and it will create a file called …
June 2, 2001 •
1 min read
SecurityMarukka, a programmer at MSEC (Macintosh Security Group) has created a modified version of the mach_init that will make it so Mac OS X does not have the ability to boot into single user mode.
The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup.
However, if you are not worried about someone having console …
June 2, 2001 •
2 min read
SecurityWhat is sudo?
Sudo (superuser do) is a piece of software that allows a system admin to give certain users/groups the ability to run commands as root or another user
Sudo is available with most all unix based operating systems including Mac OS X.
The Problem
On 4.23.2K1 FreeBSD, Inc. released a security advisory warning users that all version of sudo prior to version 1.6.3.7 contains a local command-line buffer overflow allowing a local user to potentially gain increased privileges on the local system.
Mac OS X 10.0.4 DOES included a fixed version of sudo …
June 2, 2001 •
2 min read
SecurityInformation
Password Protect Folders (PPF) is designed to password protect personal folders on local or remote disks. One or more folders are dragged and dropped onto the AppleScript, assigned a user defined password and then made invisible. Folders are restored by relaunching the application, selecting one or more folders in a dialog box and then entering the correct password. A text file is maintained to keep track of the locations of all currently hidden folders.
Views
PPF is a a low level security program which runs as an AppleScript to toggle the visibility …
June 2, 2001 •
2 min read
SecurityA fatal bug in MacOS X Server renders Apple’s new operating system practically useless as a web server. The problem is particularly critical since it affects MacOS Server X release 1.0 in one of its key features.
During a server load test at c’t Labs, the Apache web server built into the OS caused the machine to halt with a fatal “System Panic” error following successive CGI script queries.
CGI scripts (Common Gateway Interface) are a common server extension, frequently used for web queries. The test stopped the system cold whenever 32 …
June 2, 2001 •
2 min read
SecurityWhat is GnuPG?
GnuPG is a cost free replacement for PGP. Because GnuPG does not use the patented algorithm (IDEA), it can be freely used without restrictions. GnuPG application is fully RFC2440 (OpenPGP) compliant.
GPGMail is the front-end for GnuPG adding PGP functionality to Mac OS X’s MailViewer.app and Mail.app. Once installed you will see a menu containing the PGP functions, from there you may encrypt, decrypt, compose and digitally sign a message.
With this extended version of Apple’s MailViewer/Mail application you may read, and send PGP authenticated/encrypted messages.
GPGMail does not work at …
June 2, 2001 •
2 min read
SecurityImportant Notice!
How safe is your virus protection software?
Not safe enough, rumor had it that the software company Fan Software released a defunct virus protection application called Insecticide priced @ 25.00 shareware . SecureMac.com ran Insecticide through the 3 point virus inspection test against 3 top viruses (AIDS, ANTI A Variant, Hpat) downloaded from Freaks Macintosh Archives Virus area. The program showed that all three files contained no viruses. These files were then checked with a freeware virus protection software Disinfectant and all three showed VIRUS and were then disinfected.
To ensure …
June 2, 2001 •
1 min read
SecurityTHIS IS SAMPLE CODE!
———————————————
This is the first public release, It is pretty stable for everyday use, but I am aware of a few bugs. I have listed them below..
This sample is a good example of what can be done with the AppleShare IP UAM sdk and also provides some useful authentication on the Macintosh.
WHAT IS IT?
———————————————
PGPuam is an enhancement to the standard AppleShare IP User Access Methods (UAM) that enables a user to perform two-way strongly authenticated logins to an AppleShare IP server from a Mac OS client. The PGPuam …
June 2, 2001 •
10 min read
SecurityInformation
A lot of this information was gathered from other sources on the Internet. This flaw is old. Just not well publicized. Now that it is, we can cover it a little more and explain why it happens, and what damage it can cause. This is a Denial of Service attack in most cases. There are a lot of scripts out there to execute this DoS attack. So watch out.
A excellent source for more information is the Macintouch ModemSecurity Page.
Views
This effects more than Macintosh Modems. Linux dialup users have seen this …
June 2, 2001 •
6 min read
SecurityDecrypt-a-tron is a application to decrypt the Apple password algorithm, created by System Coyboy.
macfspwd.c is a .c script to decrypt the apple password algorithm. Created by Nate Pierce. This is a .c document. You can use a compiler or a unix machine to execute it.
Nate Pierce has written a second edition to his macfspwd.c, the apple encryption algorithm. the 2nd revision adds the possibility of running like grep: macfspwd2 [accountname] [users & groups db filename] It currently pulls out all occurrences of the account name in the file, but I’ll …
June 2, 2001 •
4 min read
SecurityHave you ever had to call for tech support on a product only for them to ask you for your serial number or registration code or when you bought it? Have you ever visited a website where you needed to enter a user name and password to access some feature only to return at a later date and not remember what information you provided?
iKeeper enables you to quickly enter, view, or modify internet and product information and quickly search through your records to find the information you need, when you …
June 2, 2001 •
2 min read
SecurityOperating System Affected: MacOS 8.6 and below
Software: ALL versions of FileGuard
Threat: medium
The computer protection software “FileGuard” is renowned for its excellent ability of keeping people off your box. While playing around with the latest version, I started playing with the logs. I got to fooling around with file names and realized that you can change the name of a file without it being logged.
Take this scenario. Someone gets onto your computer and they are restricted from all of your Internet applications. They bring a copy of “ferret” (http://jindel.cjb.net), a notorious …
June 2, 2001 •
1 min read
SecurityFileGuard Security Advisory – Disengage 1.0
OS 9.1 Ready, Now fully being developed and supported by Intego
Information
FileGuard has been a trusted program amongst Mac users who have searched for a way to keep their computers and data secure, in most recent news Intego purchased the software and will continue to make improvements and develop the software for both Macintosh and PC platform. FileGuard now fully works with Mac OS 9.1 and has many bug fixes as well as feature advancements.
Brief rundown on the functionality of FileGuard 4.0. Allow multiple users to …
June 2, 2001 •
9 min read
SecurityBrickHouse (Mac OS X Firewall Configuration)
BrickHouse was developed by Brian Hill to ease the process of configuring MacOS X’s built-in Firewall.
His hard work has paid off; hundreds of OS X owners use his program. Changing Firewall settings manually without a GUI can be tedious and confusing for unexperianced users; this program removes those barriers.
By using BrickHouse to configure your computer’s firewall, you can more effectively keep unauthorized users from gaining access to your computer via your internet connection.
BrickHouse makes it easy to use your firewall to guard against denial of …
June 2, 2001 •
2 min read
SecurityInformation
Empower Professional is a comprehensive security system, chosen by many large corporations, and featuring multi-level/multi-user access controls, enabling management of both folders and programs.
Whats New in 5.6.2:
Resolved conflict with the Mac OS 8.6 USB Iomega Driver
Resolved conflict TechTool, Protection version 2.5.1 Control Panel
Fixed freeze during Shutdown or Restart with File Sharing enabled
The Trial Remover is now built in to Trial software to make it faster and easier to evaluate
Other minor bug fixes and fine tuning
Views
Empower Pro has long realized that efficient, transparent data security plays a vital role in the …
June 2, 2001 •
2 min read
SecurityInformation
Virex has been a leader in Anti-Virus solutions for the MacOS. This is the first beta for Mac OS X and only contains the command line scanner, we are assured in the near future we will see the familiar Virex interface.
Because this is a early beta there is no charge for this product. This Beta has been designed to run only on the Released version of OSX. It is not recommend running this product on previous releases of OS X, including the Public Beta of OSX, as this product uses …
June 2, 2001 •
1 min read