Re: Intrusion Suspected, Advice Sought

From: Mark Stanislav (KryptoBSD_at_uncompiled.com)
Date: 01/07/05

  • Next message: Steven Alexander: "Missing functionality in Blowfish for crypt(3)"
    Date: Fri, 07 Jan 2005 08:45:40 -0500
    To: freebsd-security@freebsd.org
    
    

    I guess I fail to see where your actual evidence for concern is? Can
    you specifically tell us what you have seen with reason to believe it
    was caused by
    some form of an intruder? Permission problems can occur on their own
    with OS X. And never forget about programs doing their own bidding
    after you authenticate.
    If there was a violation of your wanted effects, I would believe it was
    a program you installed personally and not an outside intruder.

     From your scenario, I really doubt you have been compromised, and
    unless you have a very important computer, I don't think you would be
    getting attacked
    to begin with on an OS like this. I haven't heard of any Mac OS X worms
    or anything like that.

    -Mark

    On Jan 6, 2005, at 11:29 PM, JohnG wrote:

    > I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband
    > connection. I have reason to think my system has been tampered with.
    > Security features in Mac OS X have been left unlocked (Preference Pane
    > - Users) even though a master lock has always been set in the Security
    > Preference Pane. This locks all other important preference panes which
    > could be tampered with. Also permissions have been reset at every boot
    > in my working directory. I've worked on this machine for about 17
    > months, and I know its rhythms and what should be what. The
    > permissions problem is persistent and new. I do not think I am being
    > paranoid or alarmist. I have always had a NAT router, commercial
    > firewall, and virus protection.
    >
    > The only thing I can think of is a hidden *nix program from a
    > downloaded program (shareware/freeware) (I have scanned all packages
    > for viruses). I am almost positive it did not come via e-mail. I say
    > almost because I have been receiving odd e-mails that are totally
    > blank and have no information I can find. Conceivably, it could have
    > been a hacker. If so, that person was very skillful in getting in and
    > only left small traces of poking around.
    >
    > I assume your advice will be to do a clean re-install of both system
    > and programs. My question is how do I re-import the data from full
    > backup (probably also containing whatever it is) without further
    > jeopardizing my system? Any other advice, tips, or pointers to FreeBSD
    > programs I could run on Mac would be greatly appreciated.
    >
    > John Scherb
    >
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to
    > "freebsd-security-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Steven Alexander: "Missing functionality in Blowfish for crypt(3)"

    Relevant Pages

    • Re: Macs no longer overpriced - InfoWorld
      ... There was absolutely no relevance or reason for him to have divulged ... generic Windows box...or scrimping longer for the Mac Pro box. ... Mac by running it in Windows, ... gap between machines and a number of people would like to be somewhere in ...
      (comp.sys.mac.advocacy)
    • Re: NetSurf 1.0 released
      ... that I had bought a Mac on the strength of reading about VRPC ... reason for buying a Mac. ... But then we know about journalists, ... sad indeed; you must be a really sad, embittered person, and I feel ...
      (comp.sys.acorn.apps)
    • Re: Amazon MP3 Store is pretty damn good, but of course theres _always_ a catch :-(
      ... MacOS 10.3 on my Macs and Linux on my PCs. ... I didn't say there was a concrete technical reason, ... Every major revision of Mac OS X adds new ... Tom "Tom" Harrington ...
      (comp.sys.mac.system)
    • 3 Reasons I Use a Mac
      ... Still, that's not the reason why I am writing, but rather in response to ... And Mac OS X is the biggest commercially viable alternative to Windows ... Linux: Ah, now here is a bone of contention. ...
      (comp.sys.mac.advocacy)
    • Re: Mac Hacked by QuickTime Bug "As Serious as ANI"
      ... that the lower market share is a vastly more significant reason for no ... It means that Mac users don't have to worry. ... these are considered less serious because the Java virtual machine provides ... A JavaScript exploit is far more dangerous than a java exploit simply ...
      (comp.sys.mac.advocacy)