Go Back   Hardware Canucks > Mac, iPhone & iPod > Mac

    
Reply
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old March 12, 2013, 04:03 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,509
Default

heh.

Mac OSX version 10.5.8
Dual 2Ghz PowerPC g5's
6 Gb ddr2

Open admin password
Firewall set to allow all
WOL admin active
Full share allow to guests
Guest account half open....

Sheesh....yea more secure BS.This can't be the default settings....wow.....I havnt even opened the BT.

Mebbie this IS the problem , I'm scanning it now with diff stuff , and writing down what I find....

hmmm....

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #12 (permalink)  
Old March 12, 2013, 04:56 PM
MVP
 
Join Date: Mar 2010
Location: Ottawa
Posts: 447
Default

I know that when a unix machine is compromised by a decent root kit, even experienced admins have problems tracking it down within the OS itself. Same with Windows, of course; but there's so much poorly implemented malware for windows, many tend to forget this.

As for what's possible, once compromised, the sky is the limit. I imagine most unix exploit tools can be compiled in OSX. That is, for scanning and attacking other systems within the network.

Why don't you start with the evidence that your IT team is basing their assessment on? Or are they just making an assumption?

As for the security of the G4 OSX platform, it's definitely extremely vulnerable. Two minutes of research on Google can verify this. The safe way to continue using that hardware is a Linux distro. Even if it wasn't used in this particular incident, it's idiotic to continue using an unsupported OS in a business environment. Someone should be flayed for that.
Reply With Quote
  #13 (permalink)  
Old March 13, 2013, 01:09 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,509
Default

Sounds like good advice.

Here's the score :

We are a company going from 'hobby' to 'professional corporation ' . In every aspect... I'm not even the IT guy , I'm just helping out , I'm a fabricator/maintenance guy.

I'm not sure if this mac is rooted or not ,still checking ....all I know , is , every single setting related to being secure was wiiiiiiide open.Ugly.I'd personally never allow that kinda $hit on MY network....but anyways , It's the evidence I'm looking for.Apparently , there's no infections on the other 15 pc's , but this mac had those settings and Vuze wide open..

sheesh.

I know the IT guy , he's working his ass off too , we are getting shit squared away.

----

This mac will never be allowed into our building again I'm afraid , ain't my decision....but it's owned by a friend tho , so I want to help em out....it's got a massive collection of music....

Save/nuke/pave ?
__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #14 (permalink)  
Old March 13, 2013, 01:54 PM
MVP
 
Join Date: Mar 2010
Location: Ottawa
Posts: 447
Default

It's been a long time since I was actively interested in network security, so this is extremely far from professional advice, but here's what I might do in your situation:

- I wouldn't spend much time in the OS itself, especially if you're not familiar with it. If the logs don't reveal anything, and there's no obvious signs such as recently modified executables or changes to users, I'd move on to external detection
- some of this *might* be relevant: Intrusion Discovery Cheat Sheet (Linux) | My Stupid Forensic Blog
- for external detection, I might connect it directly to a linux system via a crossover cable to an adapter set to promiscuous mode and monitor its activity through something like Wireshark - Wikipedia, the free encyclopedia
- I might do the same for each of the Windows systems considering there are so few
- If the source of the intrusion cannot be confirmed, I'd reimage everything
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
New PCs coming with pre-installed malware PerryC Reviews & Articles from the Web 17 May 13, 2013 11:54 PM
RIM Admits to Being Behind Samsung-Esque Anti-Apple Publicity Stunt Sam_Reynolds Press Releases & Tech News 0 May 1, 2012 05:49 PM
Anti-Bacteria / Anti-Algae products in Canada? demonsblood Water Cooling 15 July 5, 2010 11:19 PM
Apple Adds Malware Blocker to Snow Leopard Unknownm Press Releases & Tech News 4 August 26, 2009 08:03 PM
My Favourite Anti Malware Tools clickright O/S's, Drivers & General Software 7 May 13, 2007 05:59 PM