Snow Leopard Security (unwanted snooping)
in [Mac Systems]
|
Prev: Cheap Print Server
Next: Pascal recommendation?
From: nospam on 16 Mar 2010 17:10 In article <36adnbLuSbVAcwLWnZ2dnUVZ_oOsnZ2d(a)giganews.com>, Terry Carmen <terry(a)cnysupport.com> wrote: > Yes, someone sits there (not me) and enters data on the keyboard, there's your leak.
From: Tom Stiller on 16 Mar 2010 17:18 In article <michelle-EA857B.12534916032010(a)nothing.attdns.com>, Michelle Steiner <michelle(a)michelle.org> wrote: > In article <36adnbDuSbW-fQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com>, > Terry Carmen <terry(a)cnysupport.com> wrote: > > > > Why do you think there is "snooping" and that sensitive information is > > > being leaked? > > > > Because people are talking about things that they should have no > > knowledge of. > > There could be leaks elsewhere than by snooping on the computer. > > > > If you are trying to secure firewire, that implies that someone you > > > don't trust has physical access to the machine. It is virtually > > > impossible to prevent someone with physical access from getting > > > information. After all, they can put in a DVD, boot from the DVD and > > > have admin access. > > > > I don't believe a reboot is involved since the screen is still locked > > (screensaver) when the user returns. > > The can reboot from the DVD, snoop; reboot from the hard disk, and invoke > the screensaver. They can't invoke the screensaver if there is no auto-login account. They could sleep the machine, but that's not the same thing. > > I'd be willing to bet that the leak is a human one, and not a computer one. Me too. -- Tom Stiller PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3 7BDA 71ED 6496 99C0 C7CF
From: Doug Anderson on 16 Mar 2010 17:22 Terry Carmen <terry(a)cnysupport.com> writes: > On Tue, 16 Mar 2010 11:13:48 -0800, Doug Anderson wrote: > > > Terry Carmen <terry(a)cnysupport.com> writes: > > > >> Can anybody point me to a FAQ on Snow Leopard security or toss me a > >> clue? > >> > >> I've disabled the guest account, changed the passwords and disabled > >> anything I can find that isn't necessary, however the snooping > >> continues, so I've obviously missed something. > >> > >> FWIW, this system doesn't need any incoming connections at all. The > >> firewall is turned on, but apparently not "on enough" since sensitive > >> information is being leaked. > >> > >> Securing Linux/Unix and even Windows (more or less) isn't a problem, > >> but there's something on Snow Leopard that I'm apparently missing. > >> There are log entries indicating a firewire connection, but I'm not > >> sure if this is the intrusion method and don't see any way to disable > >> or secure firewire. > >> > >> As long as the machine can find the network printers and the internet, > >> that would about cover it. > >> > >> Is there any (non-gui) way to view the actual firewall rules, and is > >> there any way to disable or secure firewire? > > > > Why do you think there is "snooping" and that sensitive information is > > being leaked? > > Because people are talking about things that they should have no > knowledge of. And the _only_ way for them to get that information is to peek into your machine? You've told no one else, and you produced that information from data that no one else has access to? To me, security breaches of the sort you are suspecting violate Occam's razor. I'm not saying they are impossible, nor am I saying they never happen, but they seem less likely than most alternatives. I assume you don't have either file sharing or remote login turned on. > > If you are trying to secure firewire, that implies that someone you > > don't trust has physical access to the machine. It is virtually > > impossible to prevent someone with physical access from getting > > information. After all, they can put in a DVD, boot from the DVD and > > have admin access. > > I don't believe a reboot is involved since the screen is still locked > (screensaver) when the user returns. > > > > System Preferences -> Security -> Firewall -> Advanced gives you some > > information, but not a list of all the rules. > > Yeah, I've been there. Nothing too impressive, since according to Apple > it still leaves holes. > > > If you want to look at actual firewall rules, you could simply use ipfw > > list (from the terminal) right? > > I'll check that next. I only recently learned that the application > firewall was in addition to ipfw and not a replacement. > > Are any inbound network connections (not associated with an existing > outbound connection) actually necessary for the machine to operate? The most secure machine is off, and locked into a room which only you have the keys for, right? You never have good security from folks who have physical access to the machine, and it may be that any firewall stuff you do is irrelevant. But the machine works perfectly fine as a computer if you simply unplug the ethernet cable, and turn off the airport card and bluetooth, right? So no, no network connection (at all) is necessary for the machine to operate, but I think this means I simply don't understand your question as you must already know this. You could also use Filevault to encrypt your data.
From: John Varela on 16 Mar 2010 17:47 On Tue, 16 Mar 2010 17:12:52 UTC, Terry Carmen <terry(a)cnysupport.com> wrote: > Can anybody point me to a FAQ on Snow Leopard security or toss me a clue? > > I've disabled the guest account, changed the passwords and disabled > anything I can find that isn't necessary, however the snooping continues, > so I've obviously missed something. > > FWIW, this system doesn't need any incoming connections at all. The > firewall is turned on, but apparently not "on enough" since sensitive > information is being leaked. Why don't you encrypt the data? -- John Varela
From: Tom Harrington on 16 Mar 2010 18:52
In article <36adnbLuSbVAcwLWnZ2dnUVZ_oOsnZ2d(a)giganews.com>, Terry Carmen <terry(a)cnysupport.com> wrote: > On Tue, 16 Mar 2010 14:23:39 -0600, Tom Harrington wrote: > > > In article <36adnbHuSbUESALWnZ2dnUVZ_oMAAAAA(a)giganews.com>, > > Terry Carmen <terry(a)cnysupport.com> wrote: > > > >> That's the problem. I don't know what's happening, except that > >> financial information entered and stored only on that machine is > >> becoming known to people in the company who supposedly have no access > >> to it. > > > > Nobody else ever has access to that machine except you? > > > > Even after hours? > > > > And this data is not something you retrieved from somewhere-- it's > > something you came up with on the spot, typed into the computer, and > > told nobody else about? > > > > And the data is not backed up anywhere? > > > > Physical security is the most important aspect of keeping data private, > > and the most common point of failure. > > Yes, someone sits there (not me) and enters data on the keyboard, and > it's in a locked office. And there's no chance that this person might have something to do with it, or that somebody else might have a key to this office? -- Tom "Tom" Harrington Independent Mac OS X developer since 2002 http://www.atomicbird.com/ |