Mac computer hacked or not?

[animaxcg]

Macs cannot be "hacked" without user going to malicious sites or installing trojans.



WRONG. Pure speculation. Why don't you list your source?

macs can be hacked fairly easily (not as easy as windows) but most attacks require either physical access or on the same network (router) or the user types the password into something you downloaded (like pirated software for mac).


this is so an April fools joke
what's your cell phone provider?

 

[Eraserhead]

Macs cannot be "hacked" without user going to malicious sites or installing trojans.

How do you know he hasn't gone for a direct vulnerability?

WRONG. Pure speculation. Why don't you list your source?

Take a look at the following: http://blogs.zdnet.com/security/?p=2941

Why Safari? Why didn’t you go after IE or Safari?

It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it.

[ SEE: 10 questions for MacBook hacker Dino Dai Zovi ]

With my Safari exploit, I put the code into a process and I know exactly where it’s going to be. There’s no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don’t know where it is. Even if I get to the code, it’s not executable. Those are two hurdles that Macs don’t have.

It’s clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that’s only half the equation. The other half is exploiting it. There’s almost no hurdle to jump through on Mac OS X.

(got from here)

 

[Eraserhead]

The first step in getting a keylogger on your Mac is to write the keylogger for the Mac. This has yet to be done. If it had, then the security vendors would have been all over the media proclaiming it.

What about http://mac.softpedia.com/get/Security/logKext.shtml

 

[joojooyoufather]

Is my mac hacked or not?

I posted a month ago with this question and downloaded a program called little snitch so I can monitor my computer. The problem is I have been noticing some strange goings on over the last couple of days. E.g pictures on my desktop 3 in fact have been duplicated and renamed, for example the picture is called brush.jpg and now there is a brush-1.jpg a duplicate of that picture. Then the next day one picture was duplicated instead of cat.jpg there was now a very small sized picture called cat-thumbnail.jpg

Then I had my bookmarks 3 duplicated so 'arty things' bookmark is now called 'arty things-1'. Given that in the past my stalker who hacked my pc changed pictures on my desktop and my bookmarks I am concerned. Also I was just typing something in word normal text and it all of a sudden changed to a completely different font and became red. Can anyone explain what is going on? Do mac's have errors occuring like this?

 

[gnasher729]

That would happen if you download the same image twice. Or if you downloaded a cat image, and a thumbnail of that same image later. You have easily done that yourself without thinking about it. And let's just say this is not something that would happen if _I_ was stalking you.

 

[joojooyoufather]

Why, what would you do if you were stalking me?
I didn't download the image twice. They just appeared out of nowhere. I dragged the image off a web page onto my desktop. The duplicates were never there before.

 

[Peace]

Why, what would you do if you were stalking me?
I didn't download the image twice. They just appeared out of nowhere. I dragged the image off a web page onto my desktop. The duplicates were never there before.

If you simply "dragged" an image from a webpage it most likely could be an actual "thumbnail". And you might even have the actual sized image there as well.

 

[joojooyoufather]

Hi there,
How? one day there was nothing then after a couple of days there were 3 duplicates and then a few days later a thumbnail. It doesn't make any sense to me.

 

[Peace]

Hi there,
How? one day there was nothing then after a couple of days there were 3 duplicates and then a few days later a thumbnail. It doesn't make any sense to me.

Ask your stalker.

 

[Consultant]

Someone who knows how to infiltrate computers would spend their time messing with some random person on the web, Instead of stealing the said person identity and have a field day with it, the "hacker" does the menial thing?

Personal example: a new immature roommate once said, oh let me show you what WE (translate: you) are doing wrong to my TV. The thing is, I never used his TV. He thought what he did himself was done by someone else. Perhaps that's what's happening here.

Ever saw the movie Fight Club? You are saying there are no hard evidence?

How do you know he hasn't gone for a direct vulnerability?

Take a look at the following: http://blogs.zdnet.com/security/?p=2941

What I mentioned is still correct.
http://www.appleinsider.com/article...ntest_winner_macs_are_safer_than_windows.html

 

[joojooyoufather]

Consultant, please don't patronise me, I find it rather tiresome. You obviously don't know how what I have explained has happened - why not try being honest?

 

[hustlr]

I really am not a mean person but I get angry reading this. Where is your logical thinking in all of this? Why the hell would someone get into your computer just to duplicate or rename a file on the desktop? Do you realize how incredibly stupid that sounds?

As for the phone stuff theirs countless other solutions more probable than "someone is listening to my phone conversations." And "I heard weird noises"

As for your passwords being hacked I highly doubt it. Its more likely you change them so often you cant remember them from day to day.

 

[joojooyoufather]

You haven't been through what I have been through so you actually do not have a clue. I asked for a simple explanation for what has occured on my computer, again you are unable to provide me with any answers. I have actually meticulously written down all passwords etc. Please don't waste my time. I asked a sincere question. You should be thankful nothing like this has happened to you yet.

Why would someone do this to me? I WISH I knew. Maybe you should read more about the horrors people have experienced with cyber stalking then you would not dismiss my questions, it is easy to tap a phone landline or mobile, it is easy to hack into an email account if you know the person's username. Why do you 'highly doubt it'? You just ASSUME it cannot happen because you do not have sufficient knowledge of what online stalkers are capable of.

 

[hopefull]

You haven't been through what I have been through so you actually do not have a clue. I asked for a simple explanation for what has occured on my computer, again you are unable to provide me with any answers. I have actually meticulously written down all passwords etc. Please don't waste my time. I asked a sincere question. You should be thankful nothing like this has happened to you yet.

Why would someone do this to me? I WISH I knew. Maybe you should read more about the horrors people have experienced with cyber stalking then you would not dismiss my questions, it is easy to tap a phone landline or mobile, it is easy to hack into an email account if you know the person's username. Why do you 'highly doubt it'? You just ASSUME it cannot happen because you do not have sufficient knowledge of what online stalkers are capable of.

Whilst this is very likely to be a hoax, if it is true then I would suggest you take a written log of the incidents to the police - hacking can be classified as an act of terrorism under certain circumstances, from your situation it seems that your case should be treated rather seriously. Make sure to report the situation formally, use written correspondence where necessary

I would also recommend that you do the following in order:

1. Change your WPA password (router) using a DIRECT ethernet connection] (i.e. don't connect to it wirelessly to change the password) Choose a new STRONG password (a mixture of uppercase and lowercase characters, and digits) and be sure to change the password every 30 - 60 days.
2. Make sure that your router uses an encrypted connection, chose the highest possible.
3. If possible, use MAC filtering[/B[, this will mean that unless you register the MAC address of any device against the routers firewall then it will ignore them. Of course only add new devices MAC addresses when physically connected to the router using a machines and its ETHERNET connection
   [*]Check that your personal services use valid up-to-date certificates, at least make sure they show 'https' as the address when you are logging in.
   [*]Write down and use a list of different passwords for each online service you use. Make sure that these are as strong as possible, i.e. as LONG as possible, and using a mixture of uppercase, lowercase and numerical digits (including special characters if posible). Make sure that you change these regularly every 30 days should suffice initially, then you can work it up to 90 days or so.
   [*]Encrypt personal information. IF you must store sensitive personal information on your computer then make sure it is encrypted / password protected (store it on an external hard drive if possible).
   [*]Phone your internet service provider and explain to them what has happened to you (obviously use another phone). In addition, request that they change your IP address
   

Hopefully this should help, but the key parts are writing down the information, and reporting the incidents formally, as well as regular rotation of strong passwords.

This site should help you get ideas for good passwords, obviously don't use the same ones generated (if you fear that you are experiencing a man-in-the-middle attack): http://www.pctools.com/guides/password/

 

[terramir]

nothing is total secure

I read this thread and yes the april fool's notion comes to mind, however let's get serious.
#1 using a wireless router is inherently insecure and wpa is hackable although in order for someone to hack it they would need a certain wireless card and alot of processing power. But that processing power would not necessarily have to be on site they could simple record all packets and hand off sections to a beowulf cluster more about that later.
#2 cell phones have never been secure, unless you count the goverment secure telephone units (and again they are not 100% but then again those secrets they talk are usually time sensitive so by the time the otherside encrypts it it's yesterday's news)
#3 it is also possible to hack into your connection physically if someone really wanted to do it they could record every packet coming out of your dsl/cable internet connection, which would be less conspcious than having a directional antenna pointed at your house.
#4 Apple OSX is more secure than most but not really, if someone is truly out to get you. Because Apple's OS is based on darwin it enjoy's pretty much the same immunity as the linux community. But it's really not all that secure just too obsure for most script kiddies to bother. Viruses and worms as well as trojans are pretty much just as easy to write for OSX than any other unix OS And unix worms and viruses were out there before the slick dropout proposed to license DOS (he didn't even own yet ) to IBM

Nothing is hacker proof it's just the cost benefit ratio that is in question here. If someone really wanted to go at it they could feed a bunch of code into a beowulf cluster (a bunch of computers networked to make one giant one) and analyse the code for backdoors/ insecurities) it is unlikley that someone would bruteforce the internet traffic that is sent via ssl-128 (which is what browsers usually use to connect to sites like paypal) but there are backdoors that people could use, for example did you use your mothers maidenname for password recovery? Your birth certificate is a public record and your mother's maiden name would be on it if you were born in the US (at least in most states). If you ever saw the movie hackers, digging in the trash is how they got in. The internet is not as secure as one might think, as far as people know the RSA protocol is secure,(backbone of encrypting internet traffic) but then again no body would really broadcast if they had found a backdoor.

terramir
PS: Keyloggers also can be "digital" or "analog"
Digital in this case would mean:
Someone installed a keylogger program in your mac and guess what sometimes code like that could be hidden in a picture if they knew some sort of unpublished exploit. Or just some direct access but that would require a break-in into your apartment house etc.
Analog: If someone puts a small chip inside your keyboard that transmits every keystroke, or hides a camera somewhere that is pointed at your keyboard they got ya. But hey that would only be possible if they break into your house or get access to your keyboard (is your computer a laptop then they could plant a chip while your in the restroom at work)
But then again all this requires a great deal of skill which would be wasted on the regular joe schmoo, unless you got a really high security clearance or you really pissed off the wrong geek this sounds like paranoia to me.
PSS: the pay-pal account thing sounds to me like you clicked on the wrong e-mail and got spoofed (tricked into giving out your password on a look alike site.)
PSSS: BTW if you have enough packets you should be able to hack any encryption through some sort of heuristic analysis, I mean hello most Mac's are set by default to go to the apple start page in safari if you have enough sections of packets that are the same (like the start of a browsing session always going to that page first) and you have the cluster compare it to that known site you should have the key in no time. BTW that would work for other start pages too because of the known length even msn, yahoo, google or cnn or some othersite could work of you cached all the common Start pages and compared sizes at given dates that way you could find out someone's home page in no time even with changing content. And then have the cluster figure out the WPA pass in no time. Brute force is not the only way to go content based heuristic analysis should give much faster results Hey wait I'm giving hackers ideas here

 

[Guiyon]

#1 using a wireless router is inherently insecure and wpa is hackable although in order for someone to hack it they would need a certain wireless card and alot of processing power. But that processing power would not necessarily have to be on site they could simple record all packets and hand off sections to a beowulf cluster more about that later.

Depending on the length of the password and the key size, it rapidly becomes infeasible unless you are a target of some sort of clandestine organization with dedicated access to billions of dollars worth of hardware, at which point I really wouldn't be concerned about a mere WiFi key; a password consisting of 16+ psuedorandom alphanumeric and symbolic characters should be more than enough (probably bordering on overkill). As for specifics, WEP is out; this algorithm was broken to begin with. WPA-TKIP has also had an attack published. There are no known attacks against WPA/WPA2 using AES encryption. If you are changing the wireless passwords on the router, do it using the https interface (most routers support secure access now) and use a hardwired connection.

#3 it is also possible to hack into your connection physically if someone really wanted to do it they could record every packet coming out of your dsl/cable internet connection, which would be less conspcious than having a directional antenna pointed at your house.

Doesn't really require that much on shared connections such as cable. Generally I assume that unless I have an end-to-end encrypted connection some third party somewhere is going to see the cleartext data. Using HTTPS and SSL/TLS on your mail connections helps with this (at least on the first hop).

Nothing is hacker proof; it's just the cost benefit ratio that is in question here.

Quoted simply to repeat it!

BTW if you have enough packets you should be able to hack any encryption through some sort of heuristic analysis, I mean hello most Mac's are set by default to go to the apple start page in safari if you have enough sections of packets that are the same (like the start of a browsing session always going to that page first) and you have the cluster compare it to that known site you should have the key in no time.

This was true with some earlier encryption algorithms but it cannot be said about any modern ones especially as nearly every algorithm now incorporates data from a system's PRNG in the initial handshaking along with most other stages. If the session keys are reused too often then such an attack would succeed but most algorithms will try to change any data like that as quickly as possible. The PRNG then in turn, pulls in data from entropy pools (delay between keystrokes, clock jitter, the cosmic ray that just caused a voltage spike in sensor D, etc). If an attacker could control this entropy then yes, they would be able to predict future valued but at that point you're screwed anyway. A flaw in the implementation of the PRNG could definitely cause a massive hole but the Yarrow algorithm used in Mac OS X and FreeBSD was designed to be a cryptographic-grade PRNG and, as far as I know, there are no glaring flaws in the implementation and most of the more minor ones (although with CSPRNG no flaw is minor) have been patched.

 

[terramir]

This was true with some earlier encryption algorithms but it cannot be said about any modern ones especially as nearly every algorithm now incorporates data from a system's PRNG in the initial handshaking along with most other stages. If the session keys are reused too often then such an attack would succeed but most algorithms will try to change any data like that as quickly as possible. The PRNG then in turn, pulls in data from entropy pools (delay between keystrokes, clock jitter, the cosmic ray that just caused a voltage spike in sensor D, etc). If an attacker could control this entropy then yes, they would be able to predict future valued but at that point you're screwed anyway. A flaw in the implementation of the PRNG could definitely cause a massive hole but the Yarrow algorithm used in Mac OS X and FreeBSD was designed to be a cryptographic-grade PRNG and, as far as I know, there are no glaring flaws in the implementation and most of the more minor ones (although with CSPRNG no flaw is minor) have been patched.

Handshake and jitter will add a few bytes here and there however the length of the entire transmission will pretty much be the same once you figure out the known data (based on data length) let's say user X over wifi WPA-PSK always loads CNN first and you have a copy of the cnn's website for every time he has logged on over the last month you also have his packets for the same time period if you can figure out when the loading of the home page (CNN in this case)
Starts and stops and compare those packets (as a whole) to the known data over a longer period (let's say 100 loads of the home page you'll be able to filter out the uncertainties and just be left with the encrypted data vs the raw unencrypted. Then you should be able to have the WPA/PSK which you then should be able to use the decrypt the rest of the data stream. Well it also can give you access the the router the piggy back opackets for neferious reasons. Anyway I'm not a coder my beginning class in C++ didn't stick I just like theoretical discussions
terramir

 

[petermcphee]

You haven't been through what I have been through so you actually do not have a clue. I asked for a simple explanation for what has occured on my computer, again you are unable to provide me with any answers. I have actually meticulously written down all passwords etc. Please don't waste my time. I asked a sincere question. You should be thankful nothing like this has happened to you yet.

Why would someone do this to me? I WISH I knew. Maybe you should read more about the horrors people have experienced with cyber stalking then you would not dismiss my questions, it is easy to tap a phone landline or mobile, it is easy to hack into an email account if you know the person's username. Why do you 'highly doubt it'? You just ASSUME it cannot happen because you do not have sufficient knowledge of what online stalkers are capable of.

To be fair, it doesn't sound like you are experiencing "the horrors people have experienced with cyberstalking" either. It sounds like you are accidentally creating duplicate files, freaking out, and posting on the internet about it.

Tell me, why haven't they changed your forum password yet?

 

[Guiyon]

The problem is your argument is based on the false assumption that the key never changes. The random data is used to augment some base key or form some temporary shared secret that exists only for that single connection. You could track the page load thousands of time but each time the session keys will be different; you would have to work on breaking the key for each individual connection and that key would only be good for that single chunk of data. Algorithms have been abandoned, extremely rapidly, specifically because of a vulnerability to cryptanalysis, a recent example being the WEP algorithm.

 

[Jethryn Freyman]

WPA2-AES is absolutely secure. There is no way to "crack" it, the only way to recover the password is through brute force.

WPA-TKIP is also secure, the attack published against it can only add traffic to the network, it can't actually decrypt and read traffic (basically.)

There are no viruses for OS X, and they would be extremely difficult to write.

 

[terramir]

WPA2-AES is absolutely secure. There is no way to "crack" it, the only way to recover the password is through brute force.

WPA-TKIP is also secure, the attack published against it can only add traffic to the network, it can't actually decrypt and read traffic (basically.)

There are no viruses for OS X, and they would be extremely difficult to write.

No such thing as absolute security just because it hasn't been published yet doesn't mean it's not being done.
and well viruses for mac osx do exists it's just they can't do much damage (being non root services and all) the admin would have to type his password to do damage LOL, but I bet if the script kiddies really wanted to they could find some exploits to get around that(but most script kiddies can't afford a mac) LOL
As for WPA2 and WPA heres a thought if you have enough data sets you can find X mathamatically (X being the WPA-PSK) regardless if you know Y1,y2,y3,.......y20533 Y being the random data injected into the handshake. Once you have X you should be able to analyse what y1,y2,y3 is for every given dataset on the basis of having known data for the first load (homepage). I know it is difficult but it is not impossible and it would not require a brute force attack however it would require quite a bit of computing power. once someone has X and heuristcally extracts y1,y2,y3 if they do it often enough they'll be able to analyse the handshake and it's all over from there. Nothing is uncrackable and anything can be undone if humans created it in the first place.
Gee heck were starting to hack DNA and that is far more complicated.
well
terramir
over and out for today

 

[Jethryn Freyman]

No such thing as absolute security just because it hasn't been published yet doesn't mean it's not being done.
and well viruses for mac osx do exists it's just they can't do much damage (being non root services and all) the admin would have to type his password to do damage

True, but at the moment, WPA2 is 100% secure.

There aren't any viruses for OS X, there are only trojans. If you have to type your password, it's a trojan (usually.)

 

[Jethryn Freyman]

As for WPA2 and WPA heres a thought if you have enough data sets you can find X mathamatically (X being the WPA-PSK) regardless if you know Y1,y2,y3,.......y20533 Y being the random data injected into the handshake. Once you have X you should be able to analyse what y1,y2,y3 is for every given dataset on the basis of having known data for the first load (homepage). I know it is difficult but it is not impossible and it would not require a brute force attack however it would require quite a bit of computing power. once someone has X and heuristcally extracts y1,y2,y3 if they do it often enough they'll be able to analyse the handshake and it's all over from there. Nothing is uncrackable and anything can be undone if humans created it in the first place.

What you're describing there is a plaintext attack against AES.

The XLS attack can be used against AES, but with current technology, takes more computing power than a brute force attack (it needs to resolve a huge simultaneous quadratic equation with many many variables.)

 

[joojooyoufather]

Thank you so much for your kind comments. Unfortunately, I am not that clued up as to what to do. It is very technical what you are talking about I hope you don't mind me saying. I will do as you say 'nuke and pave' and change the router password settings to WPA2-AES, change my computer name, file vault, firewall. Do you think little snitch the program I have for monitoring is doing it's job properly. I cannot understand how it has not picked up on these changes that I talked about in the computer. Is it fool proof. As for April Fool's - does that mean people are banned from submitting posts on that day, that was just a coincidence.

 

[VPrime]

When you said you went and changed your email accounts, did you reuse your old password?
Are any of your passwords the same? How about the security questions/answers that most places require.

IF some one hacked your accounts the first time around, then you using any of the same info just gives them a pattern to work with... So it would not be that hard to just go and steal all your new accounts..

As for what is happening on the computer/phone... It is probably all paranoia... You say you got a mac because of your hacker issues with a 'PC'.. How familiar are you with keyboard shortcuts/hotkeys?
When I first got my mac I was always accidently renaming things and not knowing it until later (Damn you "enter" key!)... As the others have said some one is not going to go through all of the trouble of hacking your computer to *just* copy a picture or rename a file..
Once you have money missing from your bank account, or have your ISP contacting you about traffic loads or some thing similar then you probably have nothing to worry about.