First off, because most mac users rarely see the term 'security concern' in the same sentence as OS X, let me preface this post by saying when it comes to macs, I'm not a 'noob'. 
I like to think I know my stuff. I have programmed exclusivey on the mac platform for 13 years, I'm pretty familiar with the system.
However, in all the years of using macs (long time), I have never been as freaked out as I currently am because of what happened tonight. I do realize that there are very few security concerns on OS X in terms of remote hacking. Saying you think your OS X system has been remotely hacked is kind of like saying you saw yeti, you're sort of just laughed at.
Anyhow, long story short, I've had a few strange things happen recently, and in response I've done a bit of surface research on UNIX-based rootkits, checking system permissions, the existance of any mac trojans. I've gone to securemac.com and read all the info I could find. But then tonight when I was logging out, it appeared to be going slower than normal, and instead of seeing the usual user login screen pop up afterwards, all of a sudden the screen went black, and a single white line of text appeared. It listed the Darwin kernel version, asked for my login and password, and gave a prompt sign.
At first I thought my system had crashed or something (kernel panic, maybe?) and this was the command line for Darwin- thats what it seemed to be. So I entered my information, the screen flickered, I caught a glimpse of my login panel behind that black window, and then black window once again took control and told me 'incorrect password'. Never in all my years of mac using have I had that happen. I've booted into single user mode before- this was not it. I'm fairly comfy in the terminal - this was not a bash shell.
So when the screen appeared a second time, saying my password was incorrect, I unplugged my ethernet cable from the mac. Instantly a line of text printed out, saying something along the lines of UIEth0Disconnect or some such thing. And then the screen appeared again, locking me out of my own system. I tried my login and password for the third time, and of course it just said 'incorrect'
Subsequently, I did a hard reboot of the mac, and upon restarting, I was presented with my normal login screen. I entered the same ol' password i've always had, and my mac launched as usual. I changed my password to a new one, but I can't help but be a little freaked out by this, simply because with all my experience on macs, something just does not seem right here.
maybe I'm just flipping out and being paranoid. And please don't give me the usual 'macs are secure, don't worry' response but if anyone has any feedback in terms of recent security notices about some kind of trojan daemon or startup app, or if they have had this happen to them as well, please let me know, it would make me a little less paranoid.
Thanks~
I like to think I know my stuff. I have programmed exclusivey on the mac platform for 13 years, I'm pretty familiar with the system.However, in all the years of using macs (long time), I have never been as freaked out as I currently am because of what happened tonight. I do realize that there are very few security concerns on OS X in terms of remote hacking. Saying you think your OS X system has been remotely hacked is kind of like saying you saw yeti, you're sort of just laughed at.
Anyhow, long story short, I've had a few strange things happen recently, and in response I've done a bit of surface research on UNIX-based rootkits, checking system permissions, the existance of any mac trojans. I've gone to securemac.com and read all the info I could find. But then tonight when I was logging out, it appeared to be going slower than normal, and instead of seeing the usual user login screen pop up afterwards, all of a sudden the screen went black, and a single white line of text appeared. It listed the Darwin kernel version, asked for my login and password, and gave a prompt sign.
At first I thought my system had crashed or something (kernel panic, maybe?) and this was the command line for Darwin- thats what it seemed to be. So I entered my information, the screen flickered, I caught a glimpse of my login panel behind that black window, and then black window once again took control and told me 'incorrect password'. Never in all my years of mac using have I had that happen. I've booted into single user mode before- this was not it. I'm fairly comfy in the terminal - this was not a bash shell.
So when the screen appeared a second time, saying my password was incorrect, I unplugged my ethernet cable from the mac. Instantly a line of text printed out, saying something along the lines of UIEth0Disconnect or some such thing. And then the screen appeared again, locking me out of my own system. I tried my login and password for the third time, and of course it just said 'incorrect'
Subsequently, I did a hard reboot of the mac, and upon restarting, I was presented with my normal login screen. I entered the same ol' password i've always had, and my mac launched as usual. I changed my password to a new one, but I can't help but be a little freaked out by this, simply because with all my experience on macs, something just does not seem right here.
maybe I'm just flipping out and being paranoid. And please don't give me the usual 'macs are secure, don't worry' response
but if anyone has any feedback in terms of recent security notices about some kind of trojan daemon or startup app, or if they have had this happen to them as well, please let me know, it would make me a little less paranoid. Thanks~
