Earlier this week, n2k and myself (onni) visited a “Mac Store” and had a little fun yanking their administrator access on the new Mac OSX. Continued will be a tale of adventure and intrigue, as well as an informational document regarding necessity of securing a machine beyond just the user login.
We arrived at the Mac Store on a fateful, chilly winter’s eve around 6pm to be greeted by our loveable apple user. We spent a bit of time scanning for possible weak passwords (as we had found that the apple user’s password wasn’t really a password at all) to no avail, though I personally still assume that root is given a weak pass.
You can read more in the article, but it ends with the following conclusions...
In my opinion, the major accomplishment was not actually getting administrator privs, it was actually the fact that we did all of this while the Mac sales agents were standing right behind us – although n2k was politely asked not to delete “the password file.” We proceeded to giggle like little schoolgirls at the thought that we expected to do something malicious. In fact, we went as far as to document how we did what we did before we left, hopefully they’ll take heed and try and work something into the next Mac OSX patch.
As for the fact that they Mac Store staff didn't do anything, we can't stress enough that it's your responsibility to stop anyone that looks questionable from touching your machines - I don't care if you only get paid minimum wage, it's a moral responsibility to your employer (not to say you can't let us roam free though ;).
They left with this note being displayed on the mac...
News source: NewOrder - Mac Attack Part 1: The Mac Hack
Screenshot: IBook used at Apple Store - store attendants reading our little note
Screenshot: adding my first administrative user - after i've added all the users - neworder on the widescreen g4 laptop!
Screenshot: Preview of hijacked 2mb connection - surfing action outside Apple store and traceroute proving our hijacked network location
We arrived at the Mac Store on a fateful, chilly winter’s eve around 6pm to be greeted by our loveable apple user. We spent a bit of time scanning for possible weak passwords (as we had found that the apple user’s password wasn’t really a password at all) to no avail, though I personally still assume that root is given a weak pass.
You can read more in the article, but it ends with the following conclusions...
In my opinion, the major accomplishment was not actually getting administrator privs, it was actually the fact that we did all of this while the Mac sales agents were standing right behind us – although n2k was politely asked not to delete “the password file.” We proceeded to giggle like little schoolgirls at the thought that we expected to do something malicious. In fact, we went as far as to document how we did what we did before we left, hopefully they’ll take heed and try and work something into the next Mac OSX patch.
As for the fact that they Mac Store staff didn't do anything, we can't stress enough that it's your responsibility to stop anyone that looks questionable from touching your machines - I don't care if you only get paid minimum wage, it's a moral responsibility to your employer (not to say you can't let us roam free though ;).
They left with this note being displayed on the mac...
- so is it still being rooted even if it’s mac osx? thanks for the fun, make sure to remove all of the additional users we added, and remove apple from the admin family!
hugz and kisses, n2k & onni, neworder
ps if Barbie is so popular, how come you have to buy all of her friends? seriously, that’s such a rip off…
News source: NewOrder - Mac Attack Part 1: The Mac Hack Screenshot: IBook used at Apple Store - store attendants reading our little note Screenshot: adding my first administrative user - after i've added all the users - neworder on the widescreen g4 laptop! Screenshot: Preview of hijacked 2mb connection - surfing action outside Apple store and traceroute proving our hijacked network location
To test the software's claims, TechTV Labs installed a recently released key-logging app, WinWhatWhere Investigator 4, an alarmingly solid performer that provides myriad ways to monitor and record keystroke activity. In our test, Anti-keylogger was able to ferret out the software, which was buried in an obscure file location.
When the software detects a key logger, you'll get the path name for the file and a frightening message:
"Anti-keylogger has detected unauthorized keystroke monitoring programs running on your system. All your passwords, credit card details, and confidential documents (as they are typed) are probably saved in the Log."
In one scan, the program listed a common .dat file (a Windows file that contains user information) as a key logger. The application was technically correct, but you might not want to delete the file. According to a company spokesman, the software uses mathematical calculations to determine the location of a key logger, though when asked precisely how it works he declined to elaborate further, alluding to trade secrets.
There are some un-install issues associated with the application, plus more importantly, the software doesn't offer much beyond detecting and removing key loggers. It doesn't, for instance, leave the offending program on your computer at the same time that it disables its features. The only option is to delete it, a function that's available only to registered users.
Additionally, another drawback is that the software only works with Windows 95/98/Me. Windows NT and NT-based operating systems like Windows 2000 and Windows XP won't be able to use the software.
Meanwhile, a cheaper alternative, Anti-Keylogger 2002 from Centurian Software, is scheduled for release soon.
Conclusions: Anti-Keylogger 1.12 hunts down key logging software so that you can delete it from your computer. Aside from its being a one-trick pony, it's expensive and at times brings back results for software that you might not want to delete.
Last edited by 20694 on 20 Dec 2002 - 00:53
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.