Snow Leopard Security (unwanted snooping)
in [Mac Systems]
|
Prev: Cheap Print Server
Next: Pascal recommendation?
From: Barry Margolin on 17 Mar 2010 11:52 In article <slrnhq0mgf.1t2d.g.kreme(a)cerebus.local>, Lewis <g.kreme(a)gmail.com.dontsendmecopies> wrote: > In message <tom_stiller-76E571.23020816032010(a)news.individual.net> > Tom <tom_stiller(a)yahoo.com> wrote: > > In article <slrnhq08cr.1t2d.g.kreme(a)cerebus.local>, > > Lewis <g.kreme(a)gmail.com.dontsendmecopies> wrote: > > >> In message <36adnbbuSbWJIQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com> > >> Terry <terry(a)cnysupport.com> wrote: > >> > Can anybody point me to a FAQ on Snow Leopard security or toss me a > >> > clue? > >> > >> > I've disabled the guest account, changed the passwords and disabled > >> > anything I can find that isn't necessary, however the snooping > >> > continues, > >> > so I've obviously missed something. > >> > >> How do you know that the snooping continues? > >> > >> > Securing Linux/Unix and even Windows (more or less) isn't a problem, but > >> > there's something on Snow Leopard that I'm apparently missing. There are > >> > log entries indicating a firewire connection, but I'm not sure if this > >> > is > >> > the intrusion method and don't see any way to disable or secure > >> > firewire. > >> > >> You are very confused. Firewire is a method for connecting local hard > >> drives, cameras, and other devices. > > > FireWire will also support a network connection to another FireWire > > device. > > Yes, but that seems unlikely based on what the user was saying and how > he said it. It is also not usually used for anything beyond networking > two machines together. I suspect he saw some generic fw0 messages in the log, and thought that indicated actual Firewire activity. -- Barry Margolin, barmar(a)alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group ***
From: FPP on 19 Mar 2010 01:12 In article <36adnbbuSbWJIQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com>, Terry Carmen <terry(a)cnysupport.com> wrote: > Can anybody point me to a FAQ on Snow Leopard security or toss me a clue? > > I've disabled the guest account, changed the passwords and disabled > anything I can find that isn't necessary, however the snooping continues, > so I've obviously missed something. > > FWIW, this system doesn't need any incoming connections at all. The > firewall is turned on, but apparently not "on enough" since sensitive > information is being leaked. > > Securing Linux/Unix and even Windows (more or less) isn't a problem, but > there's something on Snow Leopard that I'm apparently missing. There are > log entries indicating a firewire connection, but I'm not sure if this is > the intrusion method and don't see any way to disable or secure firewire. > > As long as the machine can find the network printers and the internet, > that would about cover it. > > Is there any (non-gui) way to view the actual firewall rules, and is > there any way to disable or secure firewire? > > Thanks! > > Terry I don't know if this works in Snow Leopard... but I believe you can block startup from outside sources (like DVD's) if you set up a Firmware Password. http://support.apple.com/kb/HT1352 You CAN get around it... but it takes about 13 steps, and requires you to open the machine and fiddle around with it's innards. Not likely in most settings. (For that, I suggest a simple padlock :-) For everything else, I just make locked disk images with Disk Utility for most of my sensitive information. Combine that with Little Snitch (which monitors all OUTGOING info from your machine) - and I feel pretty secure. FPP -- "The difference between genius and stupidity is that genius has it's limits."
From: Wes Groleau on 19 Mar 2010 23:19 FPP wrote: > I don't know if this works in Snow Leopard... but I believe you can > block startup from outside sources (like DVD's) if you set up a Firmware > Password. Doing so prevents Target Disk Mode (if that matters to you). And to nitpick, it doesn't completely block DVD/CD boot, it just makes one know and enter the password to do so. -- Wes Groleau Hostility to TPRS http://Ideas.Lang-Learn.us/barrett?itemid=1596
From: Jeffrey Goldberg on 20 Mar 2010 17:58 On 2010-03-16 2:46 PM, Terry Carmen wrote: > On Tue, 16 Mar 2010 11:13:48 -0800, Doug Anderson wrote: >> Why do you think there is "snooping" and that sensitive information is >> being leaked? > > Because people are talking about things that they should have no > knowledge of. As with others here, I am skeptical of the idea that you have some remote (via the network) intrusion on your system. There are loads of ways that the information can get out, usually through other people being lax with it. Here's a test: Fake some of the information stored on your computer. Put in some false data. Tell no one about it. Don't tell anyone that you've set a trap for the spy, don't even confirm for us here that you are going to try this. Don't share this information with anyone, even your wife or your dog. Then see if the false information leaks. If it does, come back and we'll tell you how to set up intrusion detection systems. But my money is on some some other source of the leak that has nothing to do with your computer's network activity. Once when I was asked to "secure" information stored on a server, I asked how much would an attacker be willing to pay to get at it. I was given an answer like 100,000 GBP. I explained that I could set up encryption that would withstand a 100,000GBP attack, but for 20,000 someone could simply bribe one of our operators to make an extra back-up tape. The point is that if the computer security is reasonably good, people will go around it and get the information through other means. Another example of this is a fact that every security admin knows. Q: What's the easist way to discover someone's password? A: Ask them for it. -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
From: Darrell Greenwood on 20 Mar 2010 20:09
In article <36adnbbuSbWJIQLWnZ2dnUVZ_oOdnZ2d(a)giganews.com>, Terry Carmen <terry(a)cnysupport.com> wrote: > however the snooping continues, You haven't defined the snooping. Post some logs/facts/screen shots and you'll probably get a better answer to what you are seeing. Installation of Little Snitch* can control connections to the most minute detail anyone could ever want. Cheers, Darrell *<http://en.wikipedia.org/wiki/Little_snitch> -- To reply, substitute .net for .invalid in address, i.e., darrell.usenet7 (at) �telus.net |