Snow Leopard Security (unwanted snooping)
in [Mac Systems]
|
Prev: Cheap Print Server
Next: Pascal recommendation?
From: Tom Stiller on 17 Mar 2010 07:49 In article <slrnhq0mgf.1t2d.g.kreme(a)cerebus.local>, Lewis <g.kreme(a)gmail.com.dontsendmecopies> wrote: > In message <tom_stiller-76E571.23020816032010(a)news.individual.net> > Tom <tom_stiller(a)yahoo.com> wrote: > > In article <slrnhq08cr.1t2d.g.kreme(a)cerebus.local>, > > Lewis <g.kreme(a)gmail.com.dontsendmecopies> wrote: > > >> In message <36adnbbuSbWJIQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com> > >> Terry <terry(a)cnysupport.com> wrote: > >> > Can anybody point me to a FAQ on Snow Leopard security or toss me a > >> > clue? > >> > >> > I've disabled the guest account, changed the passwords and disabled > >> > anything I can find that isn't necessary, however the snooping > >> > continues, > >> > so I've obviously missed something. > >> > >> How do you know that the snooping continues? > >> > >> > Securing Linux/Unix and even Windows (more or less) isn't a problem, but > >> > there's something on Snow Leopard that I'm apparently missing. There are > >> > log entries indicating a firewire connection, but I'm not sure if this > >> > is > >> > the intrusion method and don't see any way to disable or secure > >> > firewire. > >> > >> You are very confused. Firewire is a method for connecting local hard > >> drives, cameras, and other devices. > > > FireWire will also support a network connection to another FireWire > > device. > > Yes, but that seems unlikely based on what the user was saying and how > he said it. It is also not usually used for anything beyond networking > two machines together. Maybe so, but the fact does weaken the strong statement you made above. -- Tom Stiller PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3 7BDA 71ED 6496 99C0 C7CF
From: Philo D on 17 Mar 2010 07:50 > > Because people are talking about things that they should have no > knowledge of. > So the sneaky thing to do to test your theory: Put some exciting FALSE information on the machine, and see if THAT becomes known...
From: Doug Anderson on 17 Mar 2010 10:23 Tom Stiller <tom_stiller(a)yahoo.com> writes: > In article <slrnhq08cr.1t2d.g.kreme(a)cerebus.local>, > Lewis <g.kreme(a)gmail.com.dontsendmecopies> wrote: > > > In message <36adnbbuSbWJIQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com> > > Terry <terry(a)cnysupport.com> wrote: > > > Can anybody point me to a FAQ on Snow Leopard security or toss me a clue? > > > > > I've disabled the guest account, changed the passwords and disabled > > > anything I can find that isn't necessary, however the snooping continues, > > > so I've obviously missed something. > > > > How do you know that the snooping continues? > > > > > Securing Linux/Unix and even Windows (more or less) isn't a problem, but > > > there's something on Snow Leopard that I'm apparently missing. There are > > > log entries indicating a firewire connection, but I'm not sure if this is > > > the intrusion method and don't see any way to disable or secure firewire. > > > > You are very confused. Firewire is a method for connecting local hard > > drives, cameras, and other devices. > > FireWire will also support a network connection to another FireWire > device. True, but to do this, one has to be able to control both computers. I don't think you can walk up to a computer without logging into it, or rebooting it from a startup DVD, and then connect another computer via firewire.
From: Doug Anderson on 17 Mar 2010 10:27 Kevin McMurtrie <mcmurtrie(a)pixelmemory.us> writes: > In article <slrnhq08cr.1t2d.g.kreme(a)cerebus.local>, > Lewis <g.kreme(a)gmail.com.dontsendmecopies> wrote: > > > In message <36adnbbuSbWJIQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com> > > Terry <terry(a)cnysupport.com> wrote: > > > Can anybody point me to a FAQ on Snow Leopard security or toss me a clue? > > > > > I've disabled the guest account, changed the passwords and disabled > > > anything I can find that isn't necessary, however the snooping continues, > > > so I've obviously missed something. > > > > How do you know that the snooping continues? > > > > > Securing Linux/Unix and even Windows (more or less) isn't a problem, but > > > there's something on Snow Leopard that I'm apparently missing. There are > > > log entries indicating a firewire connection, but I'm not sure if this is > > > the intrusion method and don't see any way to disable or secure firewire. > > > > You are very confused. Firewire is a method for connecting local hard > > drives, cameras, and other devices. > > Firewire supports direct memory access to maximize performance and to > keep the CPU load low. Some controllers aren't too picky about what a > Firewire device wants to do and they have been exploited. > > Really, once somebody is touching your computer it's all over. The RAM > can be frozen, transported to a reader, and scanned. The data busses > can be recorded. The rule is, don't let anyone touch it. Yes but this is not consistent with what the poster believes. He is asserting that he leaves the computer logged in with the screen locked and someone gets data from the computer and at the end of this he is still logged in with the screen locked. I don't believe this is really what is happening, but if the computer isn't getting rebooted, it is unlikely someone is removing the RAM!
From: Tim Streater on 17 Mar 2010 11:13
On 17/03/2010 14:27, Doug Anderson wrote: > Kevin McMurtrie<mcmurtrie(a)pixelmemory.us> writes: > >> In article<slrnhq08cr.1t2d.g.kreme(a)cerebus.local>, >> Lewis<g.kreme(a)gmail.com.dontsendmecopies> wrote: >> >>> In message<36adnbbuSbWJIQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com> >>> Terry<terry(a)cnysupport.com> wrote: >>>> Can anybody point me to a FAQ on Snow Leopard security or toss me a clue? >>> >>>> I've disabled the guest account, changed the passwords and disabled >>>> anything I can find that isn't necessary, however the snooping continues, >>>> so I've obviously missed something. >>> >>> How do you know that the snooping continues? >>> >>>> Securing Linux/Unix and even Windows (more or less) isn't a problem, but >>>> there's something on Snow Leopard that I'm apparently missing. There are >>>> log entries indicating a firewire connection, but I'm not sure if this is >>>> the intrusion method and don't see any way to disable or secure firewire. >>> >>> You are very confused. Firewire is a method for connecting local hard >>> drives, cameras, and other devices. >> >> Firewire supports direct memory access to maximize performance and to >> keep the CPU load low. Some controllers aren't too picky about what a >> Firewire device wants to do and they have been exploited. >> >> Really, once somebody is touching your computer it's all over. The RAM >> can be frozen, transported to a reader, and scanned. The data busses >> can be recorded. The rule is, don't let anyone touch it. > > Yes but this is not consistent with what the poster believes. He is > asserting that he leaves the computer logged in with the screen > locked and someone gets data from the computer and at the end of this > he is still logged in with the screen locked. > > I don't believe this is really what is happening, but if the computer > isn't getting rebooted, it is unlikely someone is removing the RAM! I take it the OP has checked the uptime to verify that the machine hasn't been rebooted? -- Tim "That the freedom of speech and debates or proceedings in Parliament ought not to be impeached or questioned in any court or place out of Parliament" Bill of Rights 1689 |