Could my Mac have been hacked

[Chappers]

My Mac and modem had easy passwords and I noticed someone connected to me in the attached servers list. At one point my wifes PC announced that the modem had no password . I checked my firewall that was not on and allowıng all connections. Need help as I do banking online etc and did turn on Console logs but to be honest I dont understand it all and only turned it on when I thought I had a problem.

Any help would be gratefully received.

 

[GGJstudios]

... I dont understand it all and only turned it on when I thought I had a problem.

... do you only lock your house or car after someone breaks into them, as well? I say that to illustrate that it's important to implement security features BEFORE you need them, not after you think you have a problem. Change all your passwords to something complex, make sure you have password protection on your network, enable your firewall, etc. There is no way to know if someone accessed your computer and stole information, since stealing info doesn't involve changing it. I'd change all your passwords to email, online financial sites, etc. as well.

 

[patrick0brien]

-Chappers

Its important to mention you are speaking of several layers of security in your abode. Your modem, your computer, your session in the computer, and your browser session, each layer is unique to itself and enhances the previous one.

So yes, the modem, and therefor LAN could have had a freeloader (Wardriver), and that means that person could use your connection for access to the internet. They could browse, check email - send SPAM...

Could he connect to a computer, well, he now has LAN access based on the previous condition, it is indeed possible he could hack the PCs on the LAN like your Wife's PC or you Mac, though that is a whole new level of sophistication - and if he hacked your Mac, rather groundbreaking. No, I think the breach is contained to the LAN only.

As for your user sessions in your computer or the browsers, you are fine. If you are concerned about your banking, don't be - banking sessions are encrypted at 128 bits. Governments can't break that. So even if the hacker can see the information you are transmitting to the bank, he can't read it.

What has happened is you have a thief who has broken into the museum, but can't get into the cases, so he's stuck.

Lock down that modem, and you should be fine.

 

[RvMan56]

I have just been HACKED!

I have just been HACKED! Gmail was full of sent spam which means they got my passwords, how? Firewall was on. I found many downloaded files mostly exe's which shouldn't run since I don't use windows on my mac. There are ports being used I don't understand about those things, I tracked isp # to The Netherlands and somewhere in Mexico. Also found an interesting article.


Computerworld - The security researcher who walked away with $10,000 yesterday by hacking a MacBook Air in less than two minutes said he chose to attack Apple Inc.'s operating system for one simple reason.

"It was the easiest one of the three," said Charlie Miller, an analyst at Independent Security Evaluators (ISE), a Baltimore-based security consultancy. "We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X."

On Thursday afternoon, Miller breached a MacBook Air, one of three laptops up for grabs in the "PWN to OWN" hacker challenge at CanSecWest, a security conference that wraps up today in Vancouver, British Columbia. For his efforts, he got the computer and a $10,000 cash prize.

The MacBook Air was running the current version of Mac OS X, 10.5.2, with all the latest security patches applied. The other two computers, a Sony Vaio VGN-TZ37CN running Ubuntu 7.10 and a Fujitsu U810 notebook running Windows Vista Ultimate SP1, were also up to date and fully patched.

 

[GGJstudios]

I have just been HACKED! Gmail was full of sent spam which means they got my passwords, how?

There's no need to hack or even gain access to your computer for that. They simply guessed your Gmail password. It has nothing to do with your computer. Change your Gmail password to something complex.

 

[RvMan56]

I understand but you didn't explain how I got the exe's files download!

 

[patrick0brien]

I have just been HACKED! Gmail was full of sent spam which means they got my passwords, how? Firewall was on. I found many downloaded files mostly exe's which shouldn't run since I don't use windows on my mac. There are ports being used I don't understand about those things, I tracked isp # to The Netherlands and somewhere in Mexico. Also found an interesting article.

-RvMan56

Dude, then stop wasting your time with us! Take screenshots and call the newspapers because you are the first Mac to be hacked in the real world.

 

[GGJstudios]

I understand but you didn't explain how I got the exe's files download!

It's possible to click on a website and have files automatically download. However, since they're .exe files, you have nothing to worry about, since they have no effect on Mac OS X.

 

[chown33]

... Also found an interesting article.


Computerworld - The security researcher who walked away with $10,000 yesterday by hacking a MacBook Air in less than two minutes said he chose to attack Apple Inc.'s operating system for one simple reason.

"It was the easiest one of the three," said Charlie Miller, an analyst at Independent Security Evaluators (ISE), a Baltimore-based security consultancy. "We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X."

On Thursday afternoon, Miller breached a MacBook Air, one of three laptops up for grabs in the "PWN to OWN" hacker challenge at CanSecWest, a security conference that wraps up today in Vancouver, British Columbia. For his efforts, he got the computer and a $10,000 cash prize.

The MacBook Air was running the current version of Mac OS X, 10.5.2, with all the latest security patches applied. The other two computers, a Sony Vaio VGN-TZ37CN running Ubuntu 7.10 and a Fujitsu U810 notebook running Windows Vista Ultimate SP1, were also up to date and fully patched.

That hack was done in 2008. The vulnerability was then submitted to Apple, under the contest rules, who later fixed it.

Unless you're running 10.5.2, it almost certainly doesn't apply to you. If you are running 10.5.2, it probably still doesn't apply to you, because I don't recall ever hearing of this being exploited in the wild. And if you are running 10.5.2, you're suffering a self-inflicted problem, because the upgrade to 10.5.8 is free, and it has security updates issued for it.

This is a notice of the 2008 contest. Note the Mac prize and its OS version:
http://dvlabs.tippingpoint.com/blog/2008/03/19/cansecwest-pwn-to-own-2008

2009 and 2010 contests:
http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

 

[RvMan56]

Okay got it, hack proof, self inflicted, it was self, found a trojan back door which came from a site I went too to get free smilie's for email.

So PatrickOBrien I wish to offer an apology, public apology that is, I thought you were being rude to me. Sorry..

 

[Washac]

Okay got it, hack proof, self inflicted, it was self, found a trojan back door which came from a site I went too to get free smilie's for email.

So PatrickOBrien I wish to offer an apology, public apology that is, I thought you were being rude to me. Sorry..

Hi

Trojan on Mac, well unless you run Winblows under bootcamp, but then it would be restricted to that partition/drive....

 

[RvMan56]

Sorry I thought I said I found them in the download files, not running cause I don't use Bootcamp, that post was deleted so you missed that. I did some checking and digging and found out the file name is listed as a backdoor trogan which would run under window. As for gmail folks have made it clear here that my password was guessed, end of story.
instead of a 8 char pass it is now 20 letters and numbers plus I have bought Norton for Mac to help.

 

[GGJstudios]

instead of a 8 char pass it is now 20 letters and numbers plus I have bought Norton for Mac to help.

Norton for Mac is a huge resource drain and quite unnecessary. ClamAV isn't as much of a drain, but even with that, you don't need to run it all the time... simply scan occasionally.

As for passwords, the more complex, the better. Use a combination of uppercase and lowercase letters, numbers and special characters, if possible.

Mac Virus/Malware Info

 

[RvMan56]

GG
I read the article you enclosed by link and it is helpful, I was stupid and already bought Norton. I still can't believe someone guessed that password to gmail but they will have to work hard now, they will have to break in my rv and steal it being 20 random char, a pain for me to type but oh well.

 

[Tumbleweed666]

Sorry I thought I said I found them in the download files, not running cause I don't use Bootcamp, that post was deleted so you missed that. I did some checking and digging and found out the file name is listed as a backdoor trogan which would run under window. As for gmail folks have made it clear here that my password was guessed, end of story.
instead of a 8 char pass it is now 20 letters and numbers plus I have bought Norton for Mac to help.

Norton for Mac wont help whether someone can guess your password or not ! Norton for Mac, will just empty your wallet a teeny bit.

Here's how it works re guessing passwords - instead of trying to guess *your* password, say 1,000 times (when they will probably find the account locked after 5 or 10 wrong attempts) , what they will do given say 1,000 email addresses, is try and guess *each* emails password a few times using obvious passwords like 'password', secret', '1234' and so on on. A decent proportion of those will be correct. You dont even need the 20 characters to be safe, just something with some numbers in it and one non numeric.