Maximum Security:
A Hacker's Guide to Protecting Your Internet Site
and Network
20
Macintosh
The Macintosh platform is not traditionally known for being a cracking
platform. It is far more suited to hacking. Programming for the Mac is
every bit as challenging as programming for any other environment. Knowledge
of C is generally a requisite. For that reason, hacking on the Mac platform
can be fun (and occasionally frustrating).
Cracking (with respect
to the Internet anyway) on the Mac platform, however, is another matter
entirely.
First, early TCP/IP implementations on the Mac platform were primarily
client oriented. Many server packages do now exist for the Mac, but until
recently, TCP/IP was not what I would call an "integrated" part of the
traditional MacOS. Today, the situation is vastly different. The advancement
of integrated TCP/IP in the MacOS has grown tremendously.
Apple has taken special steps to ensure that the MacOS TCP/IP support
is superb. These efforts have manifested through the development of Open
Transport technology. Open Transport is an implementation that provides
high-level control at the network level. For example, Open Transport allows
multiple, simultaneous TCP/IP connections, the number of which is limited
only by memory and processor power. Inherent within the system is automated
flow control, which detects the need for fragmentation of IP datagrams.
That means when a network segment is encountered that cannot handle large
packets, Open Transport automatically reverts to fragmentation.
Open Transport has completely integrated MacOS with both TCP/IP and
AppleTalk, making it one of the most flexible networking implementations
currently available. It now comes stock in System 7.5.3 and above.
Cross Reference: You can get libraries,
include files, and utilities for the Mac platform, as you'll learn later
in this chapter. Some great sources, though, can be found at http://www.metrowerks.com/tcpip/lib/c-libs.html.
These sources include real-life examples of Mac TCP/IP programming, complete
with C source code.
Many examples for those programming in C++ are also available. Find
them online at http://www.metrowerks.com/tcpip/lib/cpp-libs.html.
Pascal gurus can find Mac TCP/IP source and libraries at http://www.metrowerks.com/tcpip/lib/pascal-libs.html.
Programming on the Mac is a challenge. However, most Macintosh users are
not so intensely preoccupied with the inner workings of their operating
system as users of UNIX systems or even IBM compatibles. The reason has
nothing to do with the level of proficiency of Mac users. It has to do
with the design of the MacOS itself. The MacOS was conceived with ease
of use in mind. Many tasks that are grueling under other operating systems
are only a click away on the modern Macintosh. Take, for example, getting
connected to the Internet. Only in the last few years have UNIX systems
made this process simple. Prior to that, many different files had to be
edited correctly and the user had to have some knowledge of UUCP. In contrast,
the Mac user is rarely confronted with special configuration problems that
call for tweaking the operating system. Therefore, there are few Mac Internet
crackers.
For those planning to use the Macintosh platform for hacking or cracking,
however, there are plenty of resources. For programming, there are a staggering
number of choices beyond the traditional C that you normally associate
with Mac development. Some of these are ports of languages from other platforms
and others are development tools written specifically for the Macintosh.
Unfortunately, there are not yet as many free tools for use on Macs as
there are for other platforms.
Nevertheless, Mac users take a lot of abuse on the Internet. Users who
enjoy other platforms often make fun of Mac users, telling them to get
a "real" operating system. Well, before we get into what tools are available
for cracking on a Mac, I would like to take a moment to offer the Mac community
a little vindication. First of all, the number of development tools available
for Macintosh is staggering. Rather than list them all here, I have picked
a few interesting ones. They are listed in Table 20.1.
Table 20.1. Interesting Mac development tools.
| Tool |
Description |
| Prograph CPX |
An awesome, object-oriented tool by Pictorius
that allows complex manipulation of data structures through an entirely
visual interface. It works through the use of visualization of data flow.
It allows you to seamlessly integrate code previously written in C. Moreover,
it will soon include cross-platform support. Check it out at http://192.219.29.95/home.html. |
| Mac Common LISP |
The MCL development environment by Digitool,
Inc. It gives you true object-oriented development with perhaps the most
powerful object-oriented language currently available. Distributions are
available for both 68K and PPC (Power PC). You can get a full-featured
evaluation version at http://www.digitool.com/MCL-demo-version.html. |
| Dylan |
Dylan is a special object-oriented language that
was developed primarily from efforts at Apple. There are many benefits
to this new and curious language, the most incredible of which is automatic
memory management. Memory management has traditionally been a problem to
be addressed by the programmer. Not any more. There are a number of free
compilers for Dylan, including but not limited to Thomas (witty name),
which is located at http://www.idiom.com/free-compilers/TOOL/Dylan-1.html. |
In addition to these, there are many interesting (traditional and nontraditional)
development tools for Mac, including the following:
Password Crackers and Related Utilities
The utilities described in the following sections are popular password
crackers or related utilities for use on Macintosh. Some are made specifically
to attack Mac-oriented files. Others are designed to crack UNIX password
files. This is not an exhaustive list, but rather a sample of the more
interesting tools freely available on the Internet.
PassFinder
PassFinder is a password cracking utility used to crack the administrator
password on FirstClass systems. This is an important utility. The program
suite FirstClass is a gateway system, commonly used for serving e-mail,
UUCP, and even news (NNTP). In essence, FirstClass (which can be found
at http://www.softarc.com/)
is a total solution for mail, news, and many other types of TCP/IP-based
communication systems. It is a popular system on the MacOS platform. (It
even has support for Gopher servers and FTP and can be used to operate
a full-fledged BBS.) Because FirstClass servers exist not only on outbound
Internet networks, but also on intranets, PassFinder is a critical tool.
By cracking the administrator password, a user can seize control of the
system's incoming and outgoing electronic communications. (However, this
must be done on the local machine. That is, the user must have access to
the console of the instant machine. This is not a remote cracking utility.)
Cross Reference: PassFinder is
available at http://www.yatho.com/weasel/files/PassFinder.sit.bin.
TIP: Apparently, FirstClass 2.7
does not provide a facility for recording or logging IP addresses. (Reportedly,
this simple hole exists in earlier versions.) Therefore, an attack on such
a server can be performed in a fairly liberal fashion.
FirstClass Thrash!
This is an interesting collection of utilities, primarily designed for
the purpose of conducting warfare over (or against) a FirstClass BBS. It
has features that could be easily likened to Maohell. These include mailbombing
tools, denial-of-service tools, and other, assorted scripts useful in harassment
of one's enemies. It's primarily used in warfare.
Cross Reference: FirstClass Thrash!
is located at http://www.i1.net/~xplor216/FCThrash.hqx.
FMProPeeker 1.1
This utility cracks FileMaker Pro files. FileMaker Pro is a database solution
from Claris, (http://www.claris.com).
While more commonly associated with the Macintosh platform, FileMaker Pro
now runs on a variety of systems. It is available for shared database access
on Windows NT networks, for example. In any event, FMProPeeker subverts
the security of FileMaker Pro files.
Cross Reference: FMProPeeker is
available at http://www.netaxs.com/~hager/mac/cracking/FMProPeeker1.1.sit.bin.
FMP Password Viewer Gold 2.0
FMP Password Viewer Gold 2.0 is another utility for cracking FileMaker
Pro files. It offers slightly more functionality (and is certainly newer)
than FMProPeeker 1.1.
Cross Reference: FMP Password Viewer
Gold 2.0 is available at http://www.yatho.com/weasel/files/FMP3.0ViewerGold2.0.sit.hqx.
MasterKeyII
MasterKeyII is yet another FileMaker Pro cracking utility.
Cross Reference: MasterKey II is
available at the following site in Japan. Have no fear: This site is so
fast, it is screaming. The location is http://www.plato-net.or.jp/usr/vladimir/undergroundmac/Cracking/MasterKeyII.1.0b2.sit.bin.
Password Killer
Password Killer is designed to circumvent the majority of PowerBook security
programs.
Cross Reference: Password Killer
(also referred to as PowerBook Password Killer) can be found online at
http://www.plato-net.or.jp/usr/vladimir/undergroundmac/Cracking/PowerBookPwd%20killer.sit.bin.
Killer Cracker
Killer Cracker is a Macintosh port of Killer Cracker, a password cracker
formerly run only on DOS and UNIX-based machines. (You can find a lengthy
description of Killer Cracker in Chapter 10, "Password Crackers." Thankfully,
the Mac version is distributed as a binary; that means you do not need
a compiler to build it.)
Cross Reference: Killer Cracker
can be found at ftp://whacked.l0pht.com/pub/Hacking/KillerCrackerv8.sit.
MacKrack
MacKrack is a port of Muffet's famous Crack 4.1. It is designed to crack
UNIX passwords. It rarely comes with dictionary files, but works quite
well. Makes cracking UNIX /etc/passwd files a cinch. (It has support
for both 68K and PPC.)
Cross Reference: MacKrack is located
at http://www.yatho.com/weasel/files/MacKrack2.01b1.sit.bin.
Unserialize Photoshop
Unserialize Photoshop is a standard serial number-killing utility, designed
to circumvent serial number protection on Adobe Photoshop. This utility
really falls into the traditional cracking category. I don't think that
this type of activity does much to shed light on security issues. It is
basically a tool to steal software. Therefore, I will refrain from offering
any locations here. Adobe is a good company--perhaps the only company ever
to get the best of Microsoft. My position on stealing software (though
I've stated it before) is this: You want free software? Get FreeBSD or
Linux and go GNU. This way, you get quality software for free and still
maintain extreme cool.
NOTE: A large portion of the Macintosh
community that label themselves "hackers" engage in piracy and unlawful
use of copyrighted software. Newsletters and other documents containing
serial numbers of all manners of software are posted monthly. (These documents
often exceed 300KB in length and include hundreds of serial numbers. The
most famed such distribution is called "The Hacker's Helper," which typically
comes out once a month.) While this is their own affair, I should relate
here that this type of activity is the precise antithesis of hacking. The
only thing worse than this (and more removed from hacking) would be to
steal such software and claim that you wrote it.
WordListMaker
WordListMaker is a utility designed to manage dictionary files. This is
invaluable if you plan to crack password files of any size, or files on
which the users may speak more than one language (forcing you to use not
only American English dictionaries, but perhaps others, including British
English, Italian, French, German, and so forth). The utility is designed
to merge dictionary files, a function that on a UNIX system takes no more
than a brief command line but that, on many other platforms, can be a laborious
task.
Cross Reference: WordListMaker
is located at ftp://whacked.l0pht.com/pub/Hacking/WordListMaker1.5.sit.
Remove Passwords
Remove Passwords is a nifty utility that removes the password protection
on Stuffit archives. Stuffit is an archiving utility much like PKZIP or
GZIP. It is more commonly seen on the Macintosh platform, but has since
been ported to others, including Microsoft Windows. You can acquire Stuffit
at ftp://ftp.aladdinsys.com/.
Remove Passwords bypasses password protection on any archive created (and
password protected) with Stuffit.
Cross Reference: Remove Passwords
is available at http://www.yatho.com/weasel/files/RemovePasswords.sit.
RemoveIt
RemoveIt is a utility almost identical to Remove Passwords. It strips the
passwords from Stuffit archives.
Cross Reference: RemoveIt is available
at http://www.yatho.com/weasel/files/RemoveIt.sit.bin.
Tools Designed Specifically for America Online
The tools described in the following sections are designed primarily to
subvert the security of America Online. Specifically, the majority of applications
in this class steal service from AOL by creating free accounts that last
for several weeks. Use of most of these tools is illegal.
Maohell.sit
Currently available at 13 sites on the Net, Maohell.sit is the Macintosh
port (or rather, equivalent) of the famous program AOHELL. AOHELL allows
you to obtain free access to America Online services. It can create bogus
accounts that are good for several weeks at a time. The utility also comes
with various tools for harassment, including an automated mailbombing utility
and some chat room utilities.
Cross Reference: Maohell.sit is
available at ftp://whacked.l0pht.com/pub/AOLCrap/Maohell.sit.
NOTE: AOHELL and Maohell may soon
be entirely worthless. America Online has made extensive inroads in eliminating
this type of activity. For example, it was once a simple task to use nonexistent
but "valid" credit card numbers to register with AOL. You could use an
algorithm that would generate mathematically sound credit card numbers.
Cursory checks then performed by AOL were insufficient to prevent such
activity. That climate has since changed.
AOL4FREE2.6v4.sit
AOL4FREE2.6v4.sit, which manipulates the AOL system, forcing it to interpret
you as always occupying the "free" or demo section of AOL, has caused quite
a controversy. The author was arrested by the United States Secret Service
after being identified as the creator of the software. He currently faces
very heavy fines and perhaps a prison sentence. Here's a report from a
recent news article:
-
Known online as Happy Hardcore, 20-year-old Nicholas Ryan of Yale University
entered his plea in federal district court in Alexandria, Virginia. The
felony offense carries a fine of up to $250,000 and five years in prison.
Sentencing is set for March. Ryan used his illegal software, dubbed "AOL4Free"
between June and December 1995. He also made it available to others. The
investigation was carried out by the Secret Service and Justice Department's
computer crime section.
Cross Reference: The preceding
paragraph is excerpted from the article "Hacker Admits to AOL Piracy" by
Jeff Peline. It can be found online at http://www.news.com/News/Item/0,4,6844,00.html.
One interesting document regarding the whole affair is located at wku.edu.
The author shows a series of messages between AOL personnel discussing
the AOL4FREE problem. (These messages were intercepted from e-mail accounts.)
The communication between AOL's inner staff discussed various signatures
that AOL4FREE would leave on the system during a sign-on. Having identified
these sign-on signatures, the staff were ready to "...get verification
from TOS and then hand [the crackers] over to the Secret Service."
Cross Reference: The quote in the
previous paragraph is excerpted from a message from MayLiang that was forwarded
to Barry Appelman regarding AOL4FREE. That message can be found online
at http://www.cs.wku.edu/~kat/files/CRNVOL3.
However, things did not go as well as the internal staff of AOL had hoped.
Since their e-mail was intercepted, a new version of AOL4FREE was created
that fixed the problem. Thus, the new version would continue to work, even
after AOL had installed their "AOL4FREE Detector." This is discussed in
the document:
-
Looks pretty bad, doesn't it, with the Secret Service and everything. But
not to worry...with v4 of AOL4Free, you are much harder to detect! You
see, what AOL4Free does is send the free token after every real token.
When you are signing on, you send the "Dd" token with you screen name and
password, and a free "K1" token is sent afterward. However, because you
aren't really signed on yet, AOL sees the K1 token as a bug and records
it in a log. All the Network Ops people had to do is search their logs
for this bug and voilà, they had their AOL4Free users. v4 is modified
so that it doesn't send the free token after "Dd".
Cross Reference: The previous paragraph
is excerpted from an article titled "AOL4FREE--Can I Get Caught?" which
ran in Cyber Rights Now!. The article, by Sloan Seaman (seaman@pgh.nauticom.net),
can be found online at http://www.cs.wku.edu/~kat/files/CRNVOL3.
It will be interesting to see what happens. I have a strong feeling that
new versions of AOL4FREE are about to be released. (Don't ask me why. Call
it a premonition.) From my point of view, this would not be so bad. In
my not-so-humble-opinion, AOL has, until very recently, engaged in Information
Superhighway robbery. However, that opinion has not enough weight for me
to print the location of version 4 in this book.
The WebStar Controversy
On October 15, 1995, a challenge was posted to the Internet: A Macintosh
Web server running WebStar was established and offered as a sacrificial
host on the Net. If anyone could crack that server, that person would be
awarded $10,000.00. The challenge was a demonstration of the theory that
a Mac would be more secure than a UNIX box as a Web server platform. Did
anyone collect that 10 grand? No.
Chris Kilbourn, the president and system administrator for digital.forest,
an Internet service provider in Seattle, Washington, posted a report about
that challenge. (I will be pointing you there momentarily.) In it, he explains
-
In the 45 days the contest ran, no one was able to break through the security
barriers and claim the prize. I generally ran the network packet analyzer
for about 3-5 hours a day to check for interesting packets destined for
the Challenge server. I created packet filters that captured all TCP/IP
network traffic in or out of the Challenge server. One of the more amusing
things was that even with all the information about the technical specifications
of the Challenge server posted on the server itself, most of the people
who tried to bypass the security thought that the server was a UNIX box!
TCP/IP services on a Macintosh lack the low-level communications that is
available on UNIX systems, which provides additional security. If you are
careful to keep your mail, FTP, and HTTP file spaces from overlapping,
there is no way to pipe data from one service to another and get around
security in that manner.
Cross Reference: The previous paragraph
is excerpted from Chris Kilbourn's article titled "The $10,000 Macintosh
World Wide Web Security Challenge: A Summary of the Network and the Attacks,"
and can be found online at http://www.forest.net/advanced/securitychallenge.html.
So what really happened here? Did the challenge ultimately prove that a
Mac is more secure than a UNIX box as a Web server platform? Yes and no.
To understand why both answers are valid, you need to have a few particulars.
First, the machine included in the challenge was running only a Web
server. That is, it did not run any other form of TCP/IP server or process.
(How realistic that would be in a Mac serving as anything other than exclusively
a Web server is an area of some dispute. However, for the moment, we are
dealing with a simple Web server.)
Therefore, the simple answer is yes, a standalone Mac Web server is
more secure than a full-fledged UNIX server running a Web daemon. However,
that is not the end of the story. For example, the UNIX server can do things
that the Mac server cannot. That includes file transfers by a dozen or
more different protocols. It also includes handling file sharing with more
than a dozen platforms. The key here is this: For a sacrificial Web server,
the Mac is a better choice (that is, unless your system administrator is
very well versed in security). UNIX has just too many protocols that are
alive by default. Part of the security gained by the Mac is in the fact
that there is no command interpreter that is well known by UNIX or IBM
users behind the Web server. However, there is a way to crack such
a server. Here's a report from an Apple Technical article:
-
Through the power of AppleScript and Apple events, WebSTAR can communicate
with other applications on your Macintosh to publish any information contained
in those programs. For example, if your company information is in a FileMaker
Pro database, Web client users can query it via HTML forms to get the data
using the FileMaker CGI (Common Gateway Interface) for WebSTAR. It's powerful
and easy to use.
The AppleScript engine is indeed an interpreter; it's just not one known
intimately by a large population of non-MacOS users. The problem must therefore
be approached by someone who is deeply familiar with TCP/IP, AppleScript,
and cracking generally. I would imagine that the list of such persons is
fairly short. However, these are the elements that would be required. So
know that it is not impossible. It is simply that the majority of cracking
knowledge has been UNIX-centric. This will change rapidly now that the
Internet is becoming so incredibly popular. Apple experts advise that security
issues should remain a constant concern if you are providing remote services.
In a document designed to provide guidance in setting up an Internet server,
the folks at Apple offer this:
-
Although Mac OS-based services present a much lower security risk than
services run on UNIX machines, security considerations can never be taken
too seriously on the Internet. Many routers have a number of "firewall"
features built in, and these features should be carefully considered, especially
for larger networks. Although most Mac OS security issues can be addressed
simply by ensuring that access privileges are set correctly, investigating
additional security options is always a good idea.
Cross Reference: The previous paragraph
is excerpted from an article by Alan B. Oppenheimer titled "Getting Your
Apple Internet Server Online: A Guide to Providing Internet Services."
This article can be found online at http://product.info.apple.com/productinfo/tech/wp/aisswp.html.
TIP: The previously excerpted article
("Getting Your Apple Internet Server Online: A Guide to Providing Internet
Services") is truly invaluable. I endorse it here as the definitive document
currently available online that discusses establishing an Apple Internet
server. It is based largely on the real-life experiences of technicians
(primarily Oppenheimer and those at Open Door) in establishing a large
server. The technical quality of that paper is nothing short of superb
(and far exceeds the quality of most online presentations with similar
aspirations).
Certainly, it has already been proven that a Mac Web server can be vulnerable
to denial-of-service attacks, including the dreaded Sequence of Death.
In a recent article by Macworld, the matter is discussed:
-
...for Mac Webmaster Jeff Gold, frustration turned to alarm when he realized
that a mere typo caused his entire Mac-served site to crash. Gold's crash
occurred while he was using StarNine's WebStar Web server software and
the plug-in version of Maxum Development's NetCloak 2.1, a popular WebStar
add-on. Adding certain characters to the end of an URL crashes NetCloak,
bringing down the server. To protect the thousands of sites using NetCloak,
neither Gold nor Macworld will publicly reveal the character sequence,
but it's one that wouldn't be too difficult to enter. After further investigation,
Macworld discovered that the problem surfaces only when a server runs the
plug-in version of NetCloak. When we removed the plug-in and used the NetCloak
CGI instead, the Sequence of Death yielded only a benign error message.
Cross Reference: The previous paragraph
is excerpted from an article by Jim Heid titled "Mac Web-Server Security
Crisis: Specific Character Sequence Crashes Servers." It can be found online
at http://www.macworld.com/daily/daily.973.html.
Note that this problem was unrelated to Apple. This brings back the point
that I have made many times: When software developers and engineers are
developing packages at different times, in different places, and within
the confines of different companies, security holes can and do surface.
This is because acquiring the API is sometimes not enough. Here is a great
example of such a situation: Have you ever used version 1.5.3 of ASD's
DiskGuard? If you have, I'll bet you were a bit confused when you couldn't
access your own hard disk drive:
-
Security software is supposed to keep the bad guys out, but let you in.
In some cases, version 1.5.3 of ASD software's DiskGuard was preventing
even a system's owner from accessing their machine. This week the company
posted a patch for its security software application; version 1.5.4 fixes
several compatibility problems--including locked and inaccessible hard
drives--between DiskGuard 1.5.3 and several Mac systems. If you use DiskGuard
on a PowerMac 7200, 7500, 8500, or a PowerBook 5300/5300c, ASD's technical
support recommends you upgrade. The patch is available directly from ASD
Software (909/624-2594) or from the ASD forum on CompuServe (Go ASD).
Cross Reference: The previous paragraph
is excerpted from an article by Suzanne Courteau titled "ASD Fixes DiskGuard
Bugs. Problem with Locked Drives Corrected." It can be found online at
http://www.macworld.com/daily/daily.6.html.
TIP: This reminds me of the version
of Microsoft Internet Explorer that forced a password check on most sites
(and to boot, refused to authenticate anything the user attempted to use
as a password).
However, all this discussion is really immaterial. Average Macintosh users
are not security fanatics and therefore, their personal machines are probably
subject to at least minimal attack. This will depend on whether they have
their disk and resources shared out. The Macintosh file sharing system
is no less extensive (nor much more secure) than that employed by Microsoft
Windows 95. The only significant difference is that in the Mac environment,
you can not only turn off file sharing, but also pick and choose which
files you want to share. This is done by going to the Sharing Options panel
and making the appropriate settings.
Cross Reference: You can find an
excellent quick tutorial of how to manipulate the sharing settings at http://bob.maint.alpine.k12.ut.us/ASD/Security/MacSecurity.html#Sys7Sharing.
Macintosh Network Security. Alpine School District Network Security Guidelines.
(I have been unable to ascertain the author of this document. Too bad.
They did a wonderful job.) Last apparent date of modification January 29,
1997.
Naturally, in a network, this may be a complex matter. Your choices will
be made depending on the trust relationships in your organization. For
example, if you are in a publishing department of a magazine, perhaps you
take commercial advertisements but the copy for these is generated in another
portion of the building (or at the very least, another portion of the network).
It may require that you share a series of folders so that you can conveniently
traffic ad copy between your department and the advertising department.
The file sharing hole is a matter of extreme concern. At the very least,
every Mac user should establish a password for himself as the owner of
the machine. Furthermore, that password should be carefully considered.
Mac passwords are subject to attack, the same as any other password on
every password system ever created. Care should be taken to choose a characteristically
"strong" password. If this term
strong password is a foreign concept
to you, please review Chapter 10, which contains a series of references
to reports or technical white papers that discuss the difference between
weak and strong password choices and how to make them. Finally (and perhaps
most importantly), guest access privileges should be set to inactive.
But, then, as most experienced Mac users know, file sharing is not the
only security hole in the Macintosh environment. There are obscure holes
and you have to dig very deep to find them. Apple (much like Microsoft)
is not nearly as gung-ho about advertising vulnerabilities on their platform
as, say, the average UNIX vendor. Typically, they keep the matter a bit
more isolated to their particular community.
Naturally, MacOS holes are like holes on any other operating system.
Today, if you purchase a brand new Mac with the latest distribution of
MacOS, you have a guarantee of good security. However, again, not everyone
uses the latest and the greatest. For example, do you remember Retrospect?
If you have used it (or are now using it) have you ever seen this advisory:
-
When you install the Retrospect Remote Control Panel and restart, Remote
is activated and waits for the server to download a security code and serial
number. If the server does not do this, anyone with a copy of Retrospect
and a set of serial numbers can initialize your system, backup your hard
drive to theirs, and then de-initialize your system without you noticing.
Cross Reference: The preceding
paragraph is excerpted from an article titled "Retrospect Remote Security
Issue" (ArticleID: TECHINFO-0016556; 19960724. Apple Technical Info Library,
February 1995). It can be found on the Web at http://cgi.info.apple.com/cgi-bin/read.wais.doc.pl?/wais/TIL/DataComm!Neting&Cnct/Apple!Workgroup!
Servers/Retrospct!Remote!Security!Issue.
Cross Reference: Apple's white
papers (which admittedly shed little light on security, but are of some
value in identifying sources on the subject) can be accessed at http://product.info.apple.com/productinfo/tech/
or at http://til.info.apple.com/til/til.html.
Anti-Cracker Tools
So much for programs that help crackers gain unauthorized access to your
system. Now I would like to detail a few programs that will keep those
curious folks out.
StartUpLog
Created by Aurelian Software and Brian Durand, StartUpLog is a snooper
application. It begins logging access (and a host of other statistics)
from the moment the machine boots. Using this utility is very easy. It
ships as a Control Panel. You simply install it as such and it will run
automatically, logging the time, length, and other important information
of each access of your Mac. It's good for parents or employers.
Cross Reference: StartUpLog is
available at http://cdrom.amug.org/http/bbs/148690-3.desc.html#startuplog-2.0.1.sit.
Super Save
For the ultimate paranoiac, Super Save is truly an extraordinary utility.
This utility will record every single keystroke forwarded to the console.
However, in a thoughtful move, the author chose to include an option with
which you can disable this feature whenever passwords are being typed in,
thus preventing the possibility of someone else later accessing your logs
(through whatever means) and getting that data. Although not expressly
designed for security's sake (more for data crash and recovery), this utility
provides the ultimate in logging.
Cross Reference: Super Save is
available at ftp://ftp.leonardo.net/claireware/SuperSave.v200.sit.hqx.
BootLogger
BootLogger is a little less extreme than either StartUpLog or Super Save.
It basically reads the boot sequence and records startups and shutdowns.
It is a less resource-consuming utility. I suggest using this utility first.
If evidence of tampering or unauthorized access appears, then I would switch
to Super Saver.
Cross Reference: BootLogger is
available at ftp://ftp.amug.org/bbs-in-a-box/files/util/security/bootlogger-1.0.sit.hqx.
DiskLocker
DiskLocker is a utility that write protects your local hard disk drive.
Disks are managed through a password-protect mechanism. (In other words,
you can only unlock the instant disk if you have the password. Be careful
not to lock a disk and later lose your password.) The program is shareware
(written by Olivier Lebra in Nice, France) and has a licensing fee of $10.
Cross Reference: DiskLocker is
available for download from ftp://ftp.amug.org/bbs-in-a-box/files/util/security/disklocker-1.3.sit.hqx.
FileLock
FileLock is a little more incisive than DiskLocker. This utility actually
will do individual files or groups of files or folders. It supports complete
drag-and-drop functionality and will work on both 68K and PPC architectures.
It's a very handy utility, especially if you share your machine with others
in your home or office. It was written Rocco Moliterno (Italy).
Cross Reference: FileLock is available
from http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/disk/filelock-132.hqx.
Sesame
Sesame is likely to become an industry standard (much as Mac Password has).
Sesame offers full-fledged password protection for the MacOS. First, the
utility offers several levels of protection. For example, you can create
an administrator password and then individual user passwords beneath it.
Moreover, Sesame will actually protect against a floppy boot attack. In
other words, whatever folders or files you hide or password protect with
this utility, those options will still be evident (and the controls still
present) even if a local user attempts to bypass security measures by booting
with a floppy disk. This is shareware with a $10 licensing fee and was
written by Bernard Frangoulis (France).
Cross Reference: Sesame is available
at http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/disk/sesame-211.hqx.
MacPassword
The industry standard for full password protection on MacOS, MacPassword
is a fully developed commercial application. It provides not only multiple
levels of password protection (for both disk and screen), but it also incorporates
virus scanning technology. It's definitely worth the money. However, you
can always check it out for free. The demo version is available at many
locations across the Internet. Here's an excerpt from Tom Gross's copy
of the Mac FAQ:
-
Art Schumer's MacPassword is the cheapest ($35) program worthy of consideration
in this category. A demo version which expires after sixty days and isn't
as secure is available from http://www.macworld.com/cgi-bin/download?package=utilities/MacPassword.4.1.1.Demo.sit.hqx.
Cross Reference: The previous excerpt
is from Tom Gross's copy of Mac FAQ, Austria, http://witiko.ifs.uni-linz.ac.at/~tom/mac_FAQ.html.
Cross Reference: I actually prefer
this location for MacPassword, however: ftp://ftp.amug.org/bbs-in-a-box/files/util/security/macpassword-4.11-demo.sit.hqx.
Summary
Although the Mac platform is not known for being a cracking platform, it
is well suited for hacking. Hacking on the Mac platform can be fun; cracking
is another matter entirely. This chapter covers a multitude of utilities
for hacking and cracking using the Macintosh platform, and also discusses
ways to keep hackers and crackers out.
Resources
The following list of resources contains important links related to Macintosh
security. You'll find a variety of resources, including books, articles,
and Web sites.
Books and Reports
Getting Your Apple Internet Server Online: A Guide to Providing Internet
Services. Alan B. Oppenheimer of Open Door Networks and Apple.
Security Ports on Desktop Macs. A discussion of physical security
on a Mac using various security ports and cable locking mechanisms. ArticleID:
TECHINFO-0017079; 19960724 15:55:27.00.
The $10,000 Macintosh World Wide Web Security Challenge: A Summary of
the Network and the Attacks. Chris Kilbourn, digital.forest. (Formatting
provided by Jon Wiederspan.)
The Mac History Page by United Computer Exchange Corporation. This
is an
amazing pit stop on the Internet. If you want to instantly
identify older Mac hardware and its configuration limitations, this is
the site for you. Displayed in table format. A great resource, especially
for students who are in the market for an inexpensive, older Mac.
How Macs Work. John Rizzo and K. Daniel Clark. Ziff-Davis Press.
ISBN 1-56276-146-3.
Voodoo Mac. Kay Yarborough Nelson. Ventana Press. ISBN 1-56604-028-0.
Sad Macs, Bombs, and Other Disasters. Ted Landau. Addison-Wesley
Publishing Company. ISBN 0-201-62207-6.
The Power Mac Book. Ron Pronk. Coriolis Group Books. ISBN 1-883577-09-8.
Macworld Mac OS 7.6 Bible. Lon Poole. IDG Books. ISBN 0-7645-4014-9.
Macworld Mac SECRETS, 4th Edition. David Pogue and Joseph Schorr.
IDG Books. ISBN 0-7645-4006-8.
The Whole Mac Solutions for the Creative Professional. Daniel
Giordan et al. Hayden Books. ISBN 1-56830-298-3. 1996.
Guide to Macintosh System 7.5.5. Don Crabb. Hayden Books. ISBN
1-56830-109-X. 1996.
Building and Maintaining an Intranet with the Macintosh. Tobin
Anthony. Hayden Books. ISBN 1-56830-279-7. 1996.
Using the Internet with Your Mac. Todd Stauffer. QUE. ISBN 0-78970-665-2.
1995.
Simply Amazing Internet for Macintosh. Adam Engst. Hayden Books.
ISBN 1-56830-230-4. 1995.
Sites with Tools and Munitions
Granite Island Group and Macintosh Security.
ClaireWare Software. Macintosh applications, security.
Macintosh Security Tools. CIAC. (U.S. Department of Energy.)
The Ultimate Hackintosh Linx. Warez, security, cracking, hacking.
AoHell Utilities at Aracnet. Hacking and cracking utilities for
use on America Online.
Hacking Mac's Heaven! Hacking and cracking tools and links from
the Netherlands.
Lord Reaper's Hacking Page. Cracking and hacking utilities for use
on MacOS.
Files for Your Enjoyment. UK site with Mac hacking and cracking
utilities.
The Grouch's Page. The ultimate list of Mac hacking and cracking
software.
Guide to Cracking Foolproof. Quite complete.
Vladimir's Archive. Good, quick-loading archive of some baseline
Mac hacking and cracking tools from Japan.
Treuf's Mac SN# Archive. Serial number archive for those who refuse
to pay for software, use free software, or write their own.
The Mac Hack Page. A very large collection of strange and often
unique utilities. This site also has links to many of the major Mac hacking
and cracking tools, text files, and other assorted underground materials.
DArKmAc'S pHiLeZ. Yet another archive of baseline Mac hacking and
cracking utilities.
Ziggiey's Hack Hut for Macs. Extraordinary, dynamic list for "warez"
sites, the majority of which are reachable via FTP or Telnet.
Zines and Electronic Online Magazines
MacUser On-Line Magazine.
MacCentral. Extensive and very well-presented online periodical
about Macintosh.
Macworld Daily. The latest and greatest in Macintosh news.
MacSense Online. Good resource for quick newsbytes on the current
state of the art with Macintosh.
MacHome Journal Online. Good, solid Internet mag on Macintosh issues.
Core! Online. Electronic Journal in the UK.
The Internet Roadstop. Online periodical addressing Macintosh Internet
issues.
MacAssistant Tips and Tutorial Newsletter and User Group. Very cool,
useful, and perhaps most importantly, brief newsletter that gives tips
and tricks for Mac users. Commercial, but I think it is well worth it.
A lot of traditional hacking tips on hardware, software, and special, not-often-seen
problems. These are collected from all over the world. $12 per year.
MacTech. Well-presented and important industry and development news.
You will likely catch the latest dope on new security releases here first.
Also, some very cool technical information (for example, the development
of the new, high-end "SuperMacs," which are ultra-high- performance Macs
that offer UNIX workstation power and even multiprocessor support).
The Underground Informer. E-zine that concentrates on the often
eclectic and creative BBS underground out there.
© Copyright, Macmillan Computer Publishing.
All rights reserved.