Maximum Security:
A Hacker's Guide to Protecting Your Internet Site and Network
20
Macintosh
The Macintosh platform is not traditionally known for being a cracking platform.
It is far more suited to hacking. Programming for the Mac is every bit as challenging
as programming for any other environment. Knowledge of C is generally a requisite.
For that reason, hacking on the Mac platform can be fun (and occasionally frustrating).
Cracking (with respect to the Internet anyway) on the Mac platform, however,
is another matter entirely.
First, early TCP/IP implementations on the Mac platform were primarily client
oriented. Many server packages do now exist for the Mac, but until recently, TCP/IP
was not what I would call an "integrated" part of the traditional MacOS.
Today, the situation is vastly different. The advancement of integrated TCP/IP in
the MacOS has grown tremendously.
Apple has taken special steps to ensure that the MacOS TCP/IP support is superb.
These efforts have manifested through the development of Open Transport technology.
Open Transport is an implementation that provides high-level control at the network
level. For example, Open Transport allows multiple, simultaneous TCP/IP connections,
the number of which is limited only by memory and processor power. Inherent within
the system is automated flow control, which detects the need for fragmentation of
IP datagrams. That means when a network segment is encountered that cannot handle
large packets, Open Transport automatically reverts to fragmentation.
Open Transport has completely integrated MacOS with both TCP/IP and AppleTalk,
making it one of the most flexible networking implementations currently available.
It now comes stock in System 7.5.3 and above.
Cross Reference: You can get libraries,
include files, and utilities for the Mac platform, as you'll learn later in this
chapter. Some great sources, though, can be found at http://www.metrowerks.com/tcpip/lib/c-libs.html.
These sources include real-life examples of Mac TCP/IP programming, complete with
C source code.
Many examples for those programming in C++ are also available. Find them online
at http://www.metrowerks.com/tcpip/lib/cpp-libs.html.
Pascal gurus can find Mac TCP/IP source and libraries at http://www.metrowerks.com/tcpip/lib/pascal-libs.html.
Programming on the Mac is a challenge. However, most Macintosh users are not so
intensely preoccupied with the inner workings of their operating system as users
of UNIX systems or even IBM compatibles. The reason has nothing to do with the level
of proficiency of Mac users. It has to do with the design of the MacOS itself. The
MacOS was conceived with ease of use in mind. Many tasks that are grueling under
other operating systems are only a click away on the modern Macintosh. Take, for
example, getting connected to the Internet. Only in the last few years have UNIX
systems made this process simple. Prior to that, many different files had to be edited
correctly and the user had to have some knowledge of UUCP. In contrast, the Mac user
is rarely confronted with special configuration problems that call for tweaking the
operating system. Therefore, there are few Mac Internet crackers.
For those planning to use the Macintosh platform for hacking or cracking, however,
there are plenty of resources. For programming, there are a staggering number of
choices beyond the traditional C that you normally associate with Mac development.
Some of these are ports of languages from other platforms and others are development
tools written specifically for the Macintosh. Unfortunately, there are not yet as
many free tools for use on Macs as there are for other platforms.
Nevertheless, Mac users take a lot of abuse on the Internet. Users who enjoy other
platforms often make fun of Mac users, telling them to get a "real" operating
system. Well, before we get into what tools are available for cracking on a Mac,
I would like to take a moment to offer the Mac community a little vindication. First
of all, the number of development tools available for Macintosh is staggering. Rather
than list them all here, I have picked a few interesting ones. They are listed in
Table 20.1.
Table 20.1. Interesting Mac development tools.
Tool |
Description |
Prograph CPX |
An awesome, object-oriented tool by Pictorius that allows complex manipulation of
data structures through an entirely visual interface. It works through the use of
visualization of data flow. It allows you to seamlessly integrate code previously
written in C. Moreover, it will soon include cross-platform support. Check it out
at http://192.219.29.95/home.html. |
Mac Common LISP |
The MCL development environment by Digitool, Inc. It gives you true object-oriented
development with perhaps the most powerful object-oriented language currently available.
Distributions are available for both 68K and PPC (Power PC). You can get a full-featured
evaluation version at http://www.digitool.com/MCL-demo-version.html. |
Dylan |
Dylan is a special object-oriented language that was developed primarily from efforts
at Apple. There are many benefits to this new and curious language, the most incredible
of which is automatic memory management. Memory management has traditionally been
a problem to be addressed by the programmer. Not any more. There are a number of
free compilers for Dylan, including but not limited to Thomas (witty name), which
is located at http://www.idiom.com/free-compilers/TOOL/Dylan-1.html. |
In addition to these, there are many interesting (traditional and nontraditional)
development tools for Mac, including the following:
Password Crackers and Related Utilities
The utilities described in the following sections are popular password crackers
or related utilities for use on Macintosh. Some are made specifically to attack Mac-oriented
files. Others are designed to crack UNIX password files. This is not an exhaustive
list, but rather a sample of the more interesting tools freely available on the Internet.
PassFinder
PassFinder is a password cracking utility used to crack the administrator password
on FirstClass systems. This is an important utility. The program suite FirstClass
is a gateway system, commonly used for serving e-mail, UUCP, and even news (NNTP).
In essence, FirstClass (which can be found at http://www.softarc.com/)
is a total solution for mail, news, and many other types of TCP/IP-based communication
systems. It is a popular system on the MacOS platform. (It even has support for Gopher
servers and FTP and can be used to operate a full-fledged BBS.) Because FirstClass
servers exist not only on outbound Internet networks, but also on intranets, PassFinder
is a critical tool. By cracking the administrator password, a user can seize control
of the system's incoming and outgoing electronic communications. (However, this must
be done on the local machine. That is, the user must have access to the console of
the instant machine. This is not a remote cracking utility.)
Cross Reference: PassFinder is available
at http://www.yatho.com/weasel/files/PassFinder.sit.bin.
TIP: Apparently, FirstClass 2.7 does not
provide a facility for recording or logging IP addresses. (Reportedly, this simple
hole exists in earlier versions.) Therefore, an attack on such a server can be performed
in a fairly liberal fashion.
FirstClass Thrash!
This is an interesting collection of utilities, primarily designed for the purpose
of conducting warfare over (or against) a FirstClass BBS. It has features that could
be easily likened to Maohell. These include mailbombing tools, denial-of-service
tools, and other, assorted scripts useful in harassment of one's enemies. It's primarily
used in warfare.
Cross Reference: FirstClass Thrash! is
located at http://www.i1.net/~xplor216/FCThrash.hqx.
FMProPeeker 1.1
This utility cracks FileMaker Pro files. FileMaker Pro is a database solution
from Claris, (http://www.claris.com).
While more commonly associated with the Macintosh platform, FileMaker Pro now runs
on a variety of systems. It is available for shared database access on Windows NT
networks, for example. In any event, FMProPeeker subverts the security of FileMaker
Pro files.
Cross Reference: FMProPeeker is available
at http://www.netaxs.com/~hager/mac/cracking/FMProPeeker1.1.sit.bin.
FMP Password Viewer Gold 2.0
FMP Password Viewer Gold 2.0 is another utility for cracking FileMaker Pro files.
It offers slightly more functionality (and is certainly newer) than FMProPeeker 1.1.
Cross Reference: FMP Password Viewer Gold
2.0 is available at http://www.yatho.com/weasel/files/FMP3.0ViewerGold2.0.sit.hqx.
MasterKeyII
MasterKeyII is yet another FileMaker Pro cracking utility.
Cross Reference: MasterKey II is available
at the following site in Japan. Have no fear: This site is so fast, it is screaming.
The location is http://www.plato-net.or.jp/usr/vladimir/undergroundmac/Cracking/MasterKeyII.1.0b2.sit.bin.
Password Killer
Password Killer is designed to circumvent the majority of PowerBook security programs.
Cross Reference: Password Killer (also
referred to as PowerBook Password Killer) can be found online at http://www.plato-net.or.jp/usr/vladimir/undergroundmac/Cracking/PowerBookPwd%20killer.sit.bin.
Killer Cracker
Killer Cracker is a Macintosh port of Killer Cracker, a password cracker formerly
run only on DOS and UNIX-based machines. (You can find a lengthy description of Killer
Cracker in Chapter 10, "Password Crackers." Thankfully, the Mac version
is distributed as a binary; that means you do not need a compiler to build it.)
Cross Reference: Killer Cracker can be
found at ftp://whacked.l0pht.com/pub/Hacking/KillerCrackerv8.sit.
MacKrack
MacKrack is a port of Muffet's famous Crack 4.1. It is designed to crack UNIX
passwords. It rarely comes with dictionary files, but works quite well. Makes cracking
UNIX /etc/passwd files a cinch. (It has support for both 68K and PPC.)
Cross Reference: MacKrack is located at
http://www.yatho.com/weasel/files/MacKrack2.01b1.sit.bin.
Unserialize Photoshop
Unserialize Photoshop is a standard serial number-killing utility, designed to
circumvent serial number protection on Adobe Photoshop. This utility really falls
into the traditional cracking category. I don't think that this type of activity
does much to shed light on security issues. It is basically a tool to steal software.
Therefore, I will refrain from offering any locations here. Adobe is a good company--perhaps
the only company ever to get the best of Microsoft. My position on stealing software
(though I've stated it before) is this: You want free software? Get FreeBSD or Linux
and go GNU. This way, you get quality software for free and still maintain extreme
cool.
NOTE: A large portion of the Macintosh
community that label themselves "hackers" engage in piracy and unlawful
use of copyrighted software. Newsletters and other documents containing serial numbers
of all manners of software are posted monthly. (These documents often exceed 300KB
in length and include hundreds of serial numbers. The most famed such distribution
is called "The Hacker's Helper," which typically comes out once a month.)
While this is their own affair, I should relate here that this type of activity is
the precise antithesis of hacking. The only thing worse than this (and more removed
from hacking) would be to steal such software and claim that you wrote it.
WordListMaker
WordListMaker is a utility designed to manage dictionary files. This is invaluable
if you plan to crack password files of any size, or files on which the users may
speak more than one language (forcing you to use not only American English dictionaries,
but perhaps others, including British English, Italian, French, German, and so forth).
The utility is designed to merge dictionary files, a function that on a UNIX system
takes no more than a brief command line but that, on many other platforms, can be
a laborious task.
Cross Reference: WordListMaker is located
at ftp://whacked.l0pht.com/pub/Hacking/WordListMaker1.5.sit.
Remove Passwords
Remove Passwords is a nifty utility that removes the password protection on Stuffit
archives. Stuffit is an archiving utility much like PKZIP or GZIP. It is more commonly
seen on the Macintosh platform, but has since been ported to others, including Microsoft
Windows. You can acquire Stuffit at ftp://ftp.aladdinsys.com/.
Remove Passwords bypasses password protection on any archive created (and password
protected) with Stuffit.
Cross Reference: Remove Passwords is available
at http://www.yatho.com/weasel/files/RemovePasswords.sit.
RemoveIt
RemoveIt is a utility almost identical to Remove Passwords. It strips the passwords
from Stuffit archives.
Cross Reference: RemoveIt is available
at http://www.yatho.com/weasel/files/RemoveIt.sit.bin.
Tools Designed Specifically for America Online
The tools described in the following sections are designed primarily to subvert
the security of America Online. Specifically, the majority of applications in this
class steal service from AOL by creating free accounts that last for several weeks.
Use of most of these tools is illegal.
Maohell.sit
Currently available at 13 sites on the Net, Maohell.sit is the Macintosh port
(or rather, equivalent) of the famous program AOHELL. AOHELL allows you to obtain
free access to America Online services. It can create bogus accounts that are good
for several weeks at a time. The utility also comes with various tools for harassment,
including an automated mailbombing utility and some chat room utilities.
Cross Reference: Maohell.sit is available
at ftp://whacked.l0pht.com/pub/AOLCrap/Maohell.sit.
NOTE: AOHELL and Maohell may soon be entirely
worthless. America Online has made extensive inroads in eliminating this type of
activity. For example, it was once a simple task to use nonexistent but "valid"
credit card numbers to register with AOL. You could use an algorithm that would generate
mathematically sound credit card numbers. Cursory checks then performed by AOL were
insufficient to prevent such activity. That climate has since changed.
AOL4FREE2.6v4.sit
AOL4FREE2.6v4.sit, which manipulates the AOL system, forcing it to interpret you
as always occupying the "free" or demo section of AOL, has caused quite
a controversy. The author was arrested by the United States Secret Service after
being identified as the creator of the software. He currently faces very heavy fines
and perhaps a prison sentence. Here's a report from a recent news article:
- Known online as Happy Hardcore, 20-year-old Nicholas Ryan of Yale University
entered his plea in federal district court in Alexandria, Virginia. The felony offense
carries a fine of up to $250,000 and five years in prison. Sentencing is set for
March. Ryan used his illegal software, dubbed "AOL4Free" between June and
December 1995. He also made it available to others. The investigation was carried
out by the Secret Service and Justice Department's computer crime section.
Cross Reference: The preceding paragraph
is excerpted from the article "Hacker Admits to AOL Piracy" by Jeff Peline.
It can be found online at http://www.news.com/News/Item/0,4,6844,00.html.
One interesting document regarding the whole affair is located at wku.edu.
The author shows a series of messages between AOL personnel discussing the AOL4FREE
problem. (These messages were intercepted from e-mail accounts.) The communication
between AOL's inner staff discussed various signatures that AOL4FREE would leave
on the system during a sign-on. Having identified these sign-on signatures, the staff
were ready to "...get verification from TOS and then hand [the crackers] over
to the Secret Service."
Cross Reference: The quote in the previous
paragraph is excerpted from a message from MayLiang that was forwarded to Barry Appelman
regarding AOL4FREE. That message can be found online at http://www.cs.wku.edu/~kat/files/CRNVOL3.
However, things did not go as well as the internal staff of AOL had hoped. Since
their e-mail was intercepted, a new version of AOL4FREE was created that fixed the
problem. Thus, the new version would continue to work, even after AOL had installed
their "AOL4FREE Detector." This is discussed in the document:
- Looks pretty bad, doesn't it, with the Secret Service and everything. But not
to worry...with v4 of AOL4Free, you are much harder to detect! You see, what AOL4Free
does is send the free token after every real token. When you are signing on, you
send the "Dd" token with you screen name and password, and a free "K1"
token is sent afterward. However, because you aren't really signed on yet, AOL sees
the K1 token as a bug and records it in a log. All the Network Ops people had to
do is search their logs for this bug and voilà, they had their AOL4Free users.
v4 is modified so that it doesn't send the free token after "Dd".
Cross Reference: The previous paragraph
is excerpted from an article titled "AOL4FREE--Can I Get Caught?" which
ran in Cyber Rights Now!. The article, by Sloan Seaman (seaman@pgh.nauticom.net),
can be found online at http://www.cs.wku.edu/~kat/files/CRNVOL3.
It will be interesting to see what happens. I have a strong feeling that new versions
of AOL4FREE are about to be released. (Don't ask me why. Call it a premonition.)
From my point of view, this would not be so bad. In my not-so-humble-opinion, AOL
has, until very recently, engaged in Information Superhighway robbery. However, that
opinion has not enough weight for me to print the location of version 4 in this book.
The WebStar Controversy
On October 15, 1995, a challenge was posted to the Internet: A Macintosh Web server
running WebStar was established and offered as a sacrificial host on the Net. If
anyone could crack that server, that person would be awarded $10,000.00. The challenge
was a demonstration of the theory that a Mac would be more secure than a UNIX box
as a Web server platform. Did anyone collect that 10 grand? No.
Chris Kilbourn, the president and system administrator for digital.forest, an
Internet service provider in Seattle, Washington, posted a report about that challenge.
(I will be pointing you there momentarily.) In it, he explains
- In the 45 days the contest ran, no one was able to break through the security
barriers and claim the prize. I generally ran the network packet analyzer for about
3-5 hours a day to check for interesting packets destined for the Challenge server.
I created packet filters that captured all TCP/IP network traffic in or out of the
Challenge server. One of the more amusing things was that even with all the information
about the technical specifications of the Challenge server posted on the server itself,
most of the people who tried to bypass the security thought that the server was a
UNIX box! TCP/IP services on a Macintosh lack the low-level communications that is
available on UNIX systems, which provides additional security. If you are careful
to keep your mail, FTP, and HTTP file spaces from overlapping, there is no way to
pipe data from one service to another and get around security in that manner.
Cross Reference: The previous paragraph
is excerpted from Chris Kilbourn's article titled "The $10,000 Macintosh World
Wide Web Security Challenge: A Summary of the Network and the Attacks," and
can be found online at http://www.forest.net/advanced/securitychallenge.html.
So what really happened here? Did the challenge ultimately prove that a Mac is
more secure than a UNIX box as a Web server platform? Yes and no. To understand why
both answers are valid, you need to have a few particulars.
First, the machine included in the challenge was running only a Web server. That
is, it did not run any other form of TCP/IP server or process. (How realistic that
would be in a Mac serving as anything other than exclusively a Web server is an area
of some dispute. However, for the moment, we are dealing with a simple Web server.)
Therefore, the simple answer is yes, a standalone Mac Web server is more secure
than a full-fledged UNIX server running a Web daemon. However, that is not the end
of the story. For example, the UNIX server can do things that the Mac server cannot.
That includes file transfers by a dozen or more different protocols. It also includes
handling file sharing with more than a dozen platforms. The key here is this: For
a sacrificial Web server, the Mac is a better choice (that is, unless your system
administrator is very well versed in security). UNIX has just too many protocols
that are alive by default. Part of the security gained by the Mac is in the fact
that there is no command interpreter that is well known by UNIX or IBM users behind
the Web server. However, there is a way to crack such a server. Here's a report
from an Apple Technical article:
- Through the power of AppleScript and Apple events, WebSTAR can communicate with
other applications on your Macintosh to publish any information contained in those
programs. For example, if your company information is in a FileMaker Pro database,
Web client users can query it via HTML forms to get the data using the FileMaker
CGI (Common Gateway Interface) for WebSTAR. It's powerful and easy to use.
The AppleScript engine is indeed an interpreter; it's just not one known intimately
by a large population of non-MacOS users. The problem must therefore be approached
by someone who is deeply familiar with TCP/IP, AppleScript, and cracking generally.
I would imagine that the list of such persons is fairly short. However, these are
the elements that would be required. So know that it is not impossible. It is simply
that the majority of cracking knowledge has been UNIX-centric. This will change rapidly
now that the Internet is becoming so incredibly popular. Apple experts advise that
security issues should remain a constant concern if you are providing remote services.
In a document designed to provide guidance in setting up an Internet server, the
folks at Apple offer this:
- Although Mac OS-based services present a much lower security risk than services
run on UNIX machines, security considerations can never be taken too seriously on
the Internet. Many routers have a number of "firewall" features built in,
and these features should be carefully considered, especially for larger networks.
Although most Mac OS security issues can be addressed simply by ensuring that access
privileges are set correctly, investigating additional security options is always
a good idea.
Cross Reference: The previous paragraph
is excerpted from an article by Alan B. Oppenheimer titled "Getting Your Apple
Internet Server Online: A Guide to Providing Internet Services." This article
can be found online at http://product.info.apple.com/productinfo/tech/wp/aisswp.html.
TIP: The previously excerpted article
("Getting Your Apple Internet Server Online: A Guide to Providing Internet Services")
is truly invaluable. I endorse it here as the definitive document currently available
online that discusses establishing an Apple Internet server. It is based largely
on the real-life experiences of technicians (primarily Oppenheimer and those at Open
Door) in establishing a large server. The technical quality of that paper is nothing
short of superb (and far exceeds the quality of most online presentations with similar
aspirations).
Certainly, it has already been proven that a Mac Web server can be vulnerable
to denial-of-service attacks, including the dreaded Sequence of Death. In a recent
article by Macworld, the matter is discussed:
- ...for Mac Webmaster Jeff Gold, frustration turned to alarm when he realized
that a mere typo caused his entire Mac-served site to crash. Gold's crash occurred
while he was using StarNine's WebStar Web server software and the plug-in version
of Maxum Development's NetCloak 2.1, a popular WebStar add-on. Adding certain characters
to the end of an URL crashes NetCloak, bringing down the server. To protect the thousands
of sites using NetCloak, neither Gold nor Macworld will publicly reveal the character
sequence, but it's one that wouldn't be too difficult to enter. After further investigation,
Macworld discovered that the problem surfaces only when a server runs the plug-in
version of NetCloak. When we removed the plug-in and used the NetCloak CGI instead,
the Sequence of Death yielded only a benign error message.
Cross Reference: The previous paragraph
is excerpted from an article by Jim Heid titled "Mac Web-Server Security Crisis:
Specific Character Sequence Crashes Servers." It can be found online at http://www.macworld.com/daily/daily.973.html.
Note that this problem was unrelated to Apple. This brings back the point that
I have made many times: When software developers and engineers are developing packages
at different times, in different places, and within the confines of different companies,
security holes can and do surface. This is because acquiring the API is sometimes
not enough. Here is a great example of such a situation: Have you ever used version
1.5.3 of ASD's DiskGuard? If you have, I'll bet you were a bit confused when you
couldn't access your own hard disk drive:
- Security software is supposed to keep the bad guys out, but let you in. In some
cases, version 1.5.3 of ASD software's DiskGuard was preventing even a system's owner
from accessing their machine. This week the company posted a patch for its security
software application; version 1.5.4 fixes several compatibility problems--including
locked and inaccessible hard drives--between DiskGuard 1.5.3 and several Mac systems.
If you use DiskGuard on a PowerMac 7200, 7500, 8500, or a PowerBook 5300/5300c, ASD's
technical support recommends you upgrade. The patch is available directly from ASD
Software (909/624-2594) or from the ASD forum on CompuServe (Go ASD).
Cross Reference: The previous paragraph
is excerpted from an article by Suzanne Courteau titled "ASD Fixes DiskGuard
Bugs. Problem with Locked Drives Corrected." It can be found online at http://www.macworld.com/daily/daily.6.html.
TIP: This reminds me of the version of
Microsoft Internet Explorer that forced a password check on most sites (and to boot,
refused to authenticate anything the user attempted to use as a password).
However, all this discussion is really immaterial. Average Macintosh users are
not security fanatics and therefore, their personal machines are probably subject
to at least minimal attack. This will depend on whether they have their disk and
resources shared out. The Macintosh file sharing system is no less extensive (nor
much more secure) than that employed by Microsoft Windows 95. The only significant
difference is that in the Mac environment, you can not only turn off file sharing,
but also pick and choose which files you want to share. This is done by going to
the Sharing Options panel and making the appropriate settings.
Cross Reference: You can find an excellent
quick tutorial of how to manipulate the sharing settings at http://bob.maint.alpine.k12.ut.us/ASD/Security/MacSecurity.html#Sys7Sharing.
Macintosh Network Security. Alpine School District Network Security Guidelines. (I
have been unable to ascertain the author of this document. Too bad. They did a wonderful
job.) Last apparent date of modification January 29, 1997.
Naturally, in a network, this may be a complex matter. Your choices will be made
depending on the trust relationships in your organization. For example, if you are
in a publishing department of a magazine, perhaps you take commercial advertisements
but the copy for these is generated in another portion of the building (or at the
very least, another portion of the network). It may require that you share a series
of folders so that you can conveniently traffic ad copy between your department and
the advertising department.
The file sharing hole is a matter of extreme concern. At the very least, every
Mac user should establish a password for himself as the owner of the machine. Furthermore,
that password should be carefully considered. Mac passwords are subject to attack,
the same as any other password on every password system ever created. Care should
be taken to choose a characteristically "strong" password. If this term
strong password is a foreign concept to you, please review Chapter 10, which
contains a series of references to reports or technical white papers that discuss
the difference between weak and strong password choices and how to make them. Finally
(and perhaps most importantly), guest access privileges should be set to inactive.
But, then, as most experienced Mac users know, file sharing is not the only security
hole in the Macintosh environment. There are obscure holes and you have to dig very
deep to find them. Apple (much like Microsoft) is not nearly as gung-ho about advertising
vulnerabilities on their platform as, say, the average UNIX vendor. Typically, they
keep the matter a bit more isolated to their particular community.
Naturally, MacOS holes are like holes on any other operating system. Today, if
you purchase a brand new Mac with the latest distribution of MacOS, you have a guarantee
of good security. However, again, not everyone uses the latest and the greatest.
For example, do you remember Retrospect? If you have used it (or are now using it)
have you ever seen this advisory:
- When you install the Retrospect Remote Control Panel and restart, Remote is activated
and waits for the server to download a security code and serial number. If the server
does not do this, anyone with a copy of Retrospect and a set of serial numbers can
initialize your system, backup your hard drive to theirs, and then de-initialize
your system without you noticing.
Cross Reference: The preceding paragraph
is excerpted from an article titled "Retrospect Remote Security Issue"
(ArticleID: TECHINFO-0016556; 19960724. Apple Technical Info Library, February 1995).
It can be found on the Web at http://cgi.info.apple.com/cgi-bin/read.wais.doc.pl?/wais/TIL/DataComm!Neting&Cnct/Apple!Workgroup!
Servers/Retrospct!Remote!Security!Issue.
Cross Reference: Apple's white papers
(which admittedly shed little light on security, but are of some value in identifying
sources on the subject) can be accessed at http://product.info.apple.com/productinfo/tech/
or at http://til.info.apple.com/til/til.html.
Anti-Cracker Tools
So much for programs that help crackers gain unauthorized access to your system.
Now I would like to detail a few programs that will keep those curious folks out.
StartUpLog
Created by Aurelian Software and Brian Durand, StartUpLog is a snooper application.
It begins logging access (and a host of other statistics) from the moment the machine
boots. Using this utility is very easy. It ships as a Control Panel. You simply install
it as such and it will run automatically, logging the time, length, and other important
information of each access of your Mac. It's good for parents or employers.
Cross Reference: StartUpLog is available
at http://cdrom.amug.org/http/bbs/148690-3.desc.html#startuplog-2.0.1.sit.
Super Save
For the ultimate paranoiac, Super Save is truly an extraordinary utility. This
utility will record every single keystroke forwarded to the console. However, in
a thoughtful move, the author chose to include an option with which you can disable
this feature whenever passwords are being typed in, thus preventing the possibility
of someone else later accessing your logs (through whatever means) and getting that
data. Although not expressly designed for security's sake (more for data crash and
recovery), this utility provides the ultimate in logging.
Cross Reference: Super Save is available
at ftp://ftp.leonardo.net/claireware/SuperSave.v200.sit.hqx.
BootLogger
BootLogger is a little less extreme than either StartUpLog or Super Save. It basically
reads the boot sequence and records startups and shutdowns. It is a less resource-consuming
utility. I suggest using this utility first. If evidence of tampering or unauthorized
access appears, then I would switch to Super Saver.
Cross Reference: BootLogger is available
at ftp://ftp.amug.org/bbs-in-a-box/files/util/security/bootlogger-1.0.sit.hqx.
DiskLocker
DiskLocker is a utility that write protects your local hard disk drive. Disks
are managed through a password-protect mechanism. (In other words, you can only unlock
the instant disk if you have the password. Be careful not to lock a disk and later
lose your password.) The program is shareware (written by Olivier Lebra in Nice,
France) and has a licensing fee of $10.
Cross Reference: DiskLocker is available
for download from ftp://ftp.amug.org/bbs-in-a-box/files/util/security/disklocker-1.3.sit.hqx.
FileLock
FileLock is a little more incisive than DiskLocker. This utility actually will
do individual files or groups of files or folders. It supports complete drag-and-drop
functionality and will work on both 68K and PPC architectures. It's a very handy
utility, especially if you share your machine with others in your home or office.
It was written Rocco Moliterno (Italy).
Cross Reference: FileLock is available
from http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/disk/filelock-132.hqx.
Sesame
Sesame is likely to become an industry standard (much as Mac Password has). Sesame
offers full-fledged password protection for the MacOS. First, the utility offers
several levels of protection. For example, you can create an administrator password
and then individual user passwords beneath it. Moreover, Sesame will actually protect
against a floppy boot attack. In other words, whatever folders or files you hide
or password protect with this utility, those options will still be evident (and the
controls still present) even if a local user attempts to bypass security measures
by booting with a floppy disk. This is shareware with a $10 licensing fee and was
written by Bernard Frangoulis (France).
Cross Reference: Sesame is available at
http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/disk/sesame-211.hqx.
MacPassword
The industry standard for full password protection on MacOS, MacPassword is a
fully developed commercial application. It provides not only multiple levels of password
protection (for both disk and screen), but it also incorporates virus scanning technology.
It's definitely worth the money. However, you can always check it out for free. The
demo version is available at many locations across the Internet. Here's an excerpt
from Tom Gross's copy of the Mac FAQ:
- Art Schumer's MacPassword is the cheapest ($35) program worthy of consideration
in this category. A demo version which expires after sixty days and isn't as secure
is available from http://www.macworld.com/cgi-bin/download?package=utilities/MacPassword.4.1.1.Demo.sit.hqx.
Cross Reference: The previous excerpt
is from Tom Gross's copy of Mac FAQ, Austria, http://witiko.ifs.uni-linz.ac.at/~tom/mac_FAQ.html.
Cross Reference: I actually prefer this
location for MacPassword, however: ftp://ftp.amug.org/bbs-in-a-box/files/util/security/macpassword-4.11-demo.sit.hqx.
Summary
Although the Mac platform is not known for being a cracking platform, it is well
suited for hacking. Hacking on the Mac platform can be fun; cracking is another
matter entirely. This chapter covers a multitude of utilities for hacking and cracking
using the Macintosh platform, and also discusses ways to keep hackers and crackers
out.
Resources
The following list of resources contains important links related to Macintosh
security. You'll find a variety of resources, including books, articles, and Web
sites.
Books and Reports
Getting Your Apple Internet Server Online: A Guide to Providing Internet Services.
Alan B. Oppenheimer of Open Door Networks and Apple.
Security Ports on Desktop Macs. A discussion of physical security on a
Mac using various security ports and cable locking mechanisms. ArticleID: TECHINFO-0017079;
19960724 15:55:27.00.
The $10,000 Macintosh World Wide Web Security Challenge: A Summary of the Network
and the Attacks. Chris Kilbourn, digital.forest. (Formatting provided by Jon
Wiederspan.)
The Mac History Page by United Computer Exchange Corporation. This is an
amazing pit stop on the Internet. If you want to instantly identify older
Mac hardware and its configuration limitations, this is the site for you. Displayed
in table format. A great resource, especially for students who are in the market
for an inexpensive, older Mac.
How Macs Work. John Rizzo and K. Daniel Clark. Ziff-Davis Press. ISBN 1-56276-146-3.
Voodoo Mac. Kay Yarborough Nelson. Ventana Press. ISBN 1-56604-028-0.
Sad Macs, Bombs, and Other Disasters. Ted Landau. Addison-Wesley Publishing
Company. ISBN 0-201-62207-6.
The Power Mac Book. Ron Pronk. Coriolis Group Books. ISBN 1-883577-09-8.
Macworld Mac OS 7.6 Bible. Lon Poole. IDG Books. ISBN 0-7645-4014-9.
Macworld Mac SECRETS, 4th Edition. David Pogue and Joseph Schorr. IDG Books.
ISBN 0-7645-4006-8.
The Whole Mac Solutions for the Creative Professional. Daniel Giordan et
al. Hayden Books. ISBN 1-56830-298-3. 1996.
Guide to Macintosh System 7.5.5. Don Crabb. Hayden Books. ISBN 1-56830-109-X.
1996.
Building and Maintaining an Intranet with the Macintosh. Tobin Anthony.
Hayden Books. ISBN 1-56830-279-7. 1996.
Using the Internet with Your Mac. Todd Stauffer. QUE. ISBN 0-78970-665-2.
1995.
Simply Amazing Internet for Macintosh. Adam Engst. Hayden Books. ISBN 1-56830-230-4.
1995.
Sites with Tools and Munitions
Granite Island Group and Macintosh Security.
ClaireWare Software. Macintosh applications, security.
Macintosh Security Tools. CIAC. (U.S. Department of Energy.)
The Ultimate Hackintosh Linx. Warez, security, cracking, hacking.
AoHell Utilities at Aracnet. Hacking and cracking utilities for use on
America Online.
Hacking Mac's Heaven! Hacking and cracking tools and links from the Netherlands.
Lord Reaper's Hacking Page. Cracking and hacking utilities for use on MacOS.
Files for Your Enjoyment. UK site with Mac hacking and cracking utilities.
The Grouch's Page. The ultimate list of Mac hacking and cracking
software.
Guide to Cracking Foolproof. Quite complete.
Vladimir's Archive. Good, quick-loading archive of some baseline Mac hacking
and cracking tools from Japan.
Treuf's Mac SN# Archive. Serial number archive for those who refuse to
pay for software, use free software, or write their own.
The Mac Hack Page. A very large collection of strange and often unique
utilities. This site also has links to many of the major Mac hacking and cracking
tools, text files, and other assorted underground materials.
DArKmAc'S pHiLeZ. Yet another archive of baseline Mac hacking and cracking
utilities.
Ziggiey's Hack Hut for Macs. Extraordinary, dynamic list for "warez"
sites, the majority of which are reachable via FTP or Telnet.
Zines and Electronic Online Magazines
MacUser On-Line Magazine.
MacCentral. Extensive and very well-presented online periodical about Macintosh.
Macworld Daily. The latest and greatest in Macintosh news.
MacSense Online. Good resource for quick newsbytes on the current state
of the art with Macintosh.
MacHome Journal Online. Good, solid Internet mag on Macintosh issues.
Core! Online. Electronic Journal in the UK.
The Internet Roadstop. Online periodical addressing Macintosh Internet
issues.
MacAssistant Tips and Tutorial Newsletter and User Group. Very cool, useful,
and perhaps most importantly, brief newsletter that gives tips and tricks for Mac
users. Commercial, but I think it is well worth it. A lot of traditional hacking
tips on hardware, software, and special, not-often-seen problems. These are collected
from all over the world. $12 per year.
MacTech. Well-presented and important industry and development news. You
will likely catch the latest dope on new security releases here first. Also, some
very cool technical information (for example, the development of the new, high-end
"SuperMacs," which are ultra-high- performance Macs that offer UNIX workstation
power and even multiprocessor support).
The Underground Informer. E-zine that concentrates on the often eclectic
and creative BBS underground out there.
© Copyright, Macmillan Computer Publishing. All
rights reserved.
|