security issue

Discussion in 'Community Discussion' started by anyechka, Jan 16, 2008.

  1. anyechka macrumors newbie

    Joined:
    Jan 16, 2008
    #1
    Dear All - just a quick security question. I've been going through a veryn asty experience the past months. Someone is coming up with the content of my web-mails, messenger chats and - worse still - even usernames and passwords I entered at https sites.
    I'm using Macs only, two, both running on Tiger, and as far as I know there are no trojan horses spywares or anything out there that could have creeped into my system to spy me from "within". Mac are also unhackable, so that's also not an option...
    Internet traffic intercept remains the only logical possibility - so I was wondering just how difficult would it be to intercept internet traffic if you know somebody's exact IP address? And especially https sites... Would a change of IP address be a good solution to this abuse?
    Many thanks!
     
  2. r1ch4rd macrumors 6502a

    r1ch4rd

    Joined:
    Aug 5, 2005
    Location:
    Manchester UK
    #2
    Macs are not unhackable. Make sure you have your firewall turned on (or turn on the firewall in your router). Intercepting your web traffic is possible but I don't think anyone would really go to the effort to read your messenger conversations. Who exactly has been coming up with this stuff?
     
  3. anyechka thread starter macrumors newbie

    Joined:
    Jan 16, 2008
    #3
    don't know exactly who, but i suspect it may have to do with my political engagement, reserach i am doing and views expressed on some fora (all non-US related - local European stuff ;) ) also the conversations intercepted are with a selected group of people, not with all my contacts (though my stalker might be sending me only the "relevant" bits...). That's why I thought someone might have tracked down my IP address, while I was discussing these issues, hacked my hotmail account etc. What worries me the most is the breach of security on https sites - if my phone cell phone bills are so easy to get access to, how am i to protect my sources?

    so... do you think that someone might have actually acquired access to my harddrive rather than intercepted my traffic? the main reason why i'm trying to udnerstand the minutiae is in order to know how best to protect myself: by reinstalling my drive, putting up the firewall, changing my IP address...

    many thanks!
     
  4. r1ch4rd macrumors 6502a

    r1ch4rd

    Joined:
    Aug 5, 2005
    Location:
    Manchester UK
    #4
    https is designed to prevent people from being able to read any packets that you send over the internet. However, if your computer is compromised then it's not really all that much use as people can get at the information before it is sent. The same applies if the server that you are sending things to is compromised, they can just get the information once it has arrived! Also, stealing your packets while they travel through the internet is not easy. They all take different routes and maybe not all of them will pass by the person eavesdropping.


    If someone has got your plain text passwords then the problem is likely at the computer that you are logged into as passwords are hashed (encrypted) even when they arrive at the server. Amazon, for instance, will have no idea what your password is in plain text, they only know the hashed version of it. Have you logged on from any public computers or ones that don't belong to you? Another possibility is that you have been a victim of Phishing, have you followed any links in suspicious emails?

    Changing your IP address probably won't do anything (if they found you the first time then they can find you again) especially if your computer is compromised.

    I would definitely turn on your firewall (it can't hurt) but I'm unsure about the possibility of keyloggers or other nasties on your Mac. Maybe someone else knows some more.
     
  5. anyechka thread starter macrumors newbie

    Joined:
    Jan 16, 2008
    #5
    Thanks for this - if I understand you well, your guess is that I might have caught a bug after all, since https sites are basically uncrackable. So wiping the computer clean and re-installing the system may not be such a bad idea... If anyone knows anything about possible maleware keyloggers having been created for Mac - and programs to keep me safe, I'd be mcuh obliged! Thanks again! A.
     
  6. Stampyhead macrumors 68020

    Stampyhead

    Joined:
    Sep 3, 2004
    Location:
    London, UK
    #6
    They are not uncrackable, but they are certainly difficult enough to crack that someone wouldn't go to the trouble of attempting it just for some malicious behaviour. Also, security certificates come in different levels of security depending on what you need them to do. There are the low security ones that are simply used to make sure the site is who it says it is, and then higher security bit rates are used when you need more security, i.e. financial transactions or transmitting of other sensitive information.
    Keyloggers for Mac do exist but unlike with Windows they can't be installed unless the installer enters the password for your computer's account. Therefore someone installing this sort of malware on your computer would have to know your password for the computer in order to do it.
     
  7. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #7
    If they are getting your passwords for sites using SSL a local keylogger is by far the most likely. Can you take a screen shot of what's running on your machine from Activity Monitor and either post the pic or a link to it here? Please don't wipe the machine before doing this, as it might help others if we can identify what's running.
     
  8. eric55lv Guest

    eric55lv

    Joined:
    Aug 5, 2007
    Location:
    Las Vegas,NV
  9. anyechka thread starter macrumors newbie

    Joined:
    Jan 16, 2008
    #9
    I will do so as soo as back home behind my Mac tonight (in Europe we're already full speed into another workday ;). You guys say that someone must have known my admin password in order to install a keylogger on my computer - does this mean that this someone must have been physically behind my computer, or that I could have inadvertently installed a keylogger thinking I'm installing an update or an application needed to use features of certain sites etc.? I was so sure of Macs being imprevious to hacks and cracks that I never really thought twice before installing anything offered to me by any site. Ungh.

    Once again many many thanks for all the help!
     
  10. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #10
    No worries. Another thing you might want to check is to open up a terminal and type

    cat /etc/resolv.conf

    The output should either match the address of your DNS servers or your home router if you have one. Anything else could be suspect.
     
  11. anyechka thread starter macrumors newbie

    Joined:
    Jan 16, 2008
    #11
    Here comes. Donnow if this is what you had in mind... Tomorrow I'll send the shot from the desktop computer. Many thanks!

    209 pmTool root 2,30 1 3,64 MB 37,39 MB PowerPC
    208 Activity Monitor ana 4,30 2 21,57 MB 100,04 MB PowerPC
    198 Safari ana 0,00 7 58,04 MB 141,88 MB PowerPC
    186 Mail ana 0,00 5 21,13 MB 140,79 MB PowerPC
    185 mdimport ana 0,00 4 3,61 MB 39,73 MB PowerPC
    184 usbmuxd nobody 0,00 2 564,00 KB 26,98 MB PowerPC
    183 UniversalAccessApp ana 0,00 1 3,38 MB 78,61 MB PowerPC
    182 System Events ana 0,00 1 2,88 MB 79,97 MB PowerPC
    181 iTunes Helper ana 0,00 2 1,89 MB 69,27 MB PowerPC
    180 Microsoft AU Daemon ana 0,00 1 1,88 MB 68,38 MB PowerPC
    177 Finder ana 0,00 4 12,36 MB 104,86 MB PowerPC
    176 SystemUIServer ana 0,00 2 6,37 MB 95,38 MB PowerPC
    175 Dock ana 0,00 2 2,79 MB 56,54 MB PowerPC
    172 mdimport nobody 0,00 3 2,20 MB 38,58 MB PowerPC
    169 pbs ana 0,00 2 1,89 MB 54,12 MB PowerPC
    168 cupsd root 0,00 2 1,42 MB 27,84 MB PowerPC
    157 mds root 0,00 8 4,65 MB 44,04 MB PowerPC
    132 crashreporterd root 0,00 1 200,00 KB 26,61 MB PowerPC
    121 automount root 0,00 3 1,05 MB 28,73 MB PowerPC
    117 automount root 0,00 5 1,21 MB 29,63 MB PowerPC
    114 rpc.lockd root 0,00 1 196,00 KB 26,67 MB PowerPC
    105 nfsiod root 0,00 5 184,00 KB 28,62 MB PowerPC
    91 ntpd root 0,00 1 376,00 KB 26,86 MB PowerPC
    77 lookupd root 0,00 3 1,30 MB 29,04 MB PowerPC
    67 loginwindow ana 0,00 3 3,99 MB 76,58 MB PowerPC
    66 ATSServer ana 0,00 2 2,95 MB 64,48 MB PowerPC
    65 coreservicesd root 0,00 3 5,46 MB 35,23 MB PowerPC
    59 WindowServer windowserver 0,30 2 15,14 MB 83,19 MB PowerPC
    56 DirectoryService root 0,00 3 2,50 MB 30,41 MB PowerPC
    55 distnoted root 0,00 1 776,00 KB 27,02 MB PowerPC
    49 update root 0,00 1 220,00 KB 26,61 MB PowerPC
    46 notifyd root 0,00 2 460,00 KB 27,21 MB PowerPC
    44 securityd root 0,00 1 1,73 MB 28,52 MB PowerPC
    43 memberd root 0,00 3 592,00 KB 27,66 MB PowerPC
    42 diskarbitrationd root 0,00 1 1.024,00 KB 27,13 MB PowerPC
    41 coreaudiod root 0,00 1 1,70 MB 30,66 MB PowerPC
    40 configd root 0,00 3 1,75 MB 29,23 MB PowerPC
    39 xinetd root 0,00 1 600,00 KB 26,76 MB PowerPC
    36 syslogd root 0,00 1 408,00 KB 26,64 MB PowerPC
    35 netinfod root 0,00 1 560,00 KB 26,95 MB PowerPC
    34 mDNSResponder root 0,00 2 1.024,00 KB 27,37 MB PowerPC
    33 KernelEventAgent root 0,00 2 596,00 KB 27,19 MB PowerPC
    29 kextd root 0,00 2 1.008,00 KB 27,55 MB PowerPC
    25 dynamic_pager root 0,00 1 164,00 KB 26,63 MB PowerPC
    1 launchd root 0,00 3 360,00 KB 27,68 MB PowerPC
    0 kernel_task root 0,20 35 48,66 MB 649,89 MB PowerPC
     

Share This Page