Keyloggers
i use mac osx 10.4.4 with an imac. i use intego netbarrier and virusbarrier programs for computer security, in addition to the mac os firewall.
my concern is that some future keylogger or trojan may be able to detect my login password. i am not aware of any keyloggers for mac osx. i have heard that numberous trojans and keyloggers exist for wintel (even one which can provide a screenshot). however, i would like to protect my passwords from any potential keylogger trojan. my question is: does the potential exist for a future keylogger to detect my log-in password? or is it technically impossible for a trojan to detect a password during log-in because the internet connection is not online?
imac Mac OS X (10.4.4) use intego netbarrier and virusbarrier
sure it's possible to get a trojan with a keylogger, but it's far more likely that if it's a trojan it'll just use your password within the system rather than sending it back to anyone, here is a good program for scanning for keyloggers, spyware and other such gunk http://macscan.securemac.com/
1.3ghz iBook G4 80G HD 512MB RAM Mac OS X (10.4.3)
Similar Messages
-
What should I use to scan for Trojans or Keyloggers?
I've heard conflicting conversations about not using anti-virus or that OS X has built in protection, but I wanted to know what the best way to check for Trojans or Keyloggers is so I can give my computer a looking-over before backing it up.
I'm using OS X 10.6.8Conversations? There have been a few of those.
I'm not aware of a tool that's particularly reliable about detecting malware, nor one that might (for instance) catch hardware keyloggers.
The usual questions around your situation apply; I don't know how you use the system, nor what exposures or risks you might have or might face. For instance, how sensitive is your information, who has had access, and what are the circumstances associated with the access, and what's been loaded onto the system?
If you're incautious or blasé about your computing practices and fond of downloading from torrents or acquiring cracked software or downloads from sketchy sites, then the anti-malwaretools generally won't save you.
In general: just back it up, back it up regularly, and keep various copies of the backups offline or remote, or both. Backups and caution are among the best available anti-malware tools.
If you're fond of installing random stuff and particularly of entering your administrative password when prompted — that password is the proverbial keys to the security kingdom, to your address book, etc — or if your login passwords have been compromised (or have kids around that install all sorts of Free Stuff! and Free Games!), then change all your passwords, and install Little Snitch or equivalent, or implement and use network perimeter monitoring. These monitoring tools catch (unexpected) outbound network connections, such as that Facebook watering hole attack.
Better still: upgrade to 10.7 or 10.8 as your hardware permits, as 10.6 is rather old and lacking some of the newer capabilities here, such as Gatekeeper. Disable the Java web start plug-in to disable Java (and don't install Java after you upgrade to 10.7 or 10.8), and remove Adobe Flash Player, and disable the "open safe attachments" setting. And if you're (necessarily, or otherwise) paranoid, install Little Snitch or network perimeter monitoring.
If you feel obligated to use a malware scanner (the hit rates on the malware-scanning tools are far from great, and the implementations of most aren't that much different from the malware itself in terms of how the scanning software can insinuate itself into the system and can sometimes then trigger issues with stability and operations), then ClamAV is the usual recommendation around the forums. OS X Server includes that, and there are various discussions around getting ClamAV going on OS X client.
Once your operating system software has been compromised, the usual path is a wipe and reinstall, or a wipe and install of a backup prior to the breach, followed by steps to prevent a reoccurance. Decontamination of a system is difficult, at best. If your hardware has been compromised, you're in deep sneakers.
If you want to be or need to be paranoid due to the information involved or folks that have had unfettered access to your system hardware, then check for dongles or other unexpected external devices, and start replacing your equipment. The "better grade" keyloggers can be stored in USB devices, and can be mounted within your hardware. The better-grade gear can be difficult to locate, short of disassembly. Also check your local network, as it's feasible to monitor traffic there, whether within a modem, or within a device added to your network.
Again, how paranoid you wanr or need be here depends highly on what you've been up to, and who might be after you, and a whole host of other details... -
Hi there,
I have a few questions. My windows PC is connected to my router. However, my PC has viruses/keyloggers on it. If I let my Mac on my network, will the Mac get a virus/keylogger? Is it possible?
Also, is Sophos a good anti-virus software and do you recommend getting it?Yes, the PC has the password access to the router and can perform a DNS change, directing your Mac to a fake site to install software with your help.
Take the PC offline, reset your router and update it's firmware using the Mac,
Don't let the PC have the admin password to the router EVER, not your Mac either in a permanent fashion (as a keychain)
Give all devices ONLY guest access to the router, this way they can't make changes through malware or malicious person.
Setting up a wifi router
there is really only one secure way left to make sure your not hacked. WEP and WPA are both cracked. A too small of a password is easily brute forced by new graphics based cracking software and worldwide botnets.
1: Update your router firmware. For Airport it's easy, just use Software Update and/or update in Airport Utility.
2: WPA2 (AES) Personal easier (or Enterprise)
3: 2 - Random 20+ letter, number, character, symbol, case passwords. One for the Admin use of the router only, kept off the machine and locked in a safe, the other for Internet Access only used on all devices. A password this strong will take until the next Big Bang to crack, perhaps a quarter of that as technology improves. Certainly not in your lifetime.
4: MAC address filtering and invisible networks are no match for hackers. Don't bother.
5: Rotate the Internet Access password to keep people you don't want back on, from coming back. Once they have the password it's logged permanently into their machines. They could delete it, but most don't know they can or won't.
Use the Mac to clean up and reset the router properly, then allow both only Guest access to the router for Internet access only.
Clean up the PC or take it to someone who can or just recover files and trash it. -
So yesterday I found out that my email address password had been changed. I don't remember doing this, but it is possible I changed it a while back and considering I keep my email constantly logged in. But at the same time, two of my apps were trying to access their "store". I play a game called League of Legends, which has an online store, and it randomly came up with the message "Could not connect to Maestro" (credit card). Then, Itunes (which I rarely use) came up with "sorry, we could not continue with your purchase". I think it's very strange that all of this happened at the same time, but hopefully it's a case of a forgotten password and two games bugging/crashing. I scanned my entire computer with iantivirus and it hasn't found anything, but I've heard keyloggers can be a bit hard to detect. Does anybody have any experience with keyloggers and if so, what program did you use to detect and destroy it?
If you think that a keylogger has been installed the only safe thing you can do is erase your drive and reinstall.
I don't think that is the case however. -
I have exchanged email with this person, so my IPS is known? There is no visible device attached to my laptop. A keylogger could be installed electronically?
I have not given my password or key to my home, but there might have been entry/direct access to my laptop (any place can be entered if there is sufficient skill and motivation). I cannot lock up my laptop every time I leave home, but I always log out before leaving.
It seems that something like Zemantec would be ideal, but apparently it is only available for Windows. Is there something suitable for Mac? There are keylogger apps specifically for Mac, so what are the anti keylogger apps? I have spent hours searching this matter, but reviews conflict, and product information is not entirely clear.
What would be the advantage of installing OS X.8? I don't understand Apple's explanation of the advantages of Gatekeeper. I would reinstall the OS or upgrade the OS at this time only if there were considerable protection from keyloggers.
I am sending this from a different computer that I have access to only twice per week, so I do not want to discuss what makes me think that someone has installed a keylogger . . . . and I am not looking for reassurances that I should not worry about it. I am looking for factual information, so I can make a decision based on what is possible/feasible, including the possibility that there is nothing I can do about it, or that I should not send some kinds of information from my laptop (extremely inconvenient!).
I hope an IT sophisticate who is patient with an IT illiterate can help.There are essentially three ways that a malicious hacker can "get into" your system (whether we're talking about keyloggers, malware, whatever)
- physical access
- persuading you to install software which gives them access (this could be disguised as something else)
- obtaining remote access by "hacking in through the internet"
Unless you have a file-sharing tunnel set up through your router, and your computer's file sharing is turned on, and you have no password (all these things seem unlikely based on your email), the third option is so unlikely that you can effectively ignore it. Having said that, if you have not checked those things recently, you should do so. Post back if you want help figuring out how to do that.
The latest versions of OS X are always recommended for people who are concerned with security. Not only because of the major features like Gatekeeper (prevents non-signed code from running, which effectively stops you accidentally running a malicious script) and XProtect (built in malware-checking), but because of the other security patches to the operating system and compatibility with third-party components like Java and Flash, which actually tend to have more known vulnerabilities.
Wiping the hard drive and reinstalling OS X, preferably updating to the latest version, turning on FileVault (the current version requires OS X 10.7 or later), seetting a strong login password, and setting a firmware password, would go a long way to setting a good level of security on your machine. Write down the passwords and hide them somewhere that you'll remember, or keep them on your person if you feel secure doing that.
Having said all that, if you don't trust the physical security of your house, then all this is largely academic.
Matt -
Safe keyboard - protection against keyloggers when typing in username and password.
In addition to the banking protection that pop ups every time browsing to a banking site, there could be a protection against keyloggers (e.g safe keyboard) that pop ups every time doing online shopping and banking. A safe keyboard could protect from malware that trys to spy out user names and passwords. Regards.
Hello, Sorry also for reply. But do you know any good software with protection against keyloggers?? And here I also mean something like: -> Good software - trusted software. -> Good protection - without a lot of false-positives or prevented valid actions (such as - it's not hard.. "block all" and user should to think... allow it or not).... but also with protection against "valid" keyloggers too (such as valid remote administrator tools, business keyloggers and other... which can be "valid" for any security-software and be ignored). also... like example.. software... which able to detect Microsoft Windows 10 Technology Preview default "keylogger". With other meanings... potentially F-Secure should to detect any malicious "keyloggers" (which able to collect and transfer it) as Trojan-files. Or any other malicious, suspicious.... spyware, riskware or other. Related with sample. It's mean - if here keylogger - F-Secure should to prevent/detect it before... And if here to add something specific against keyloggers. It's should be totally cool and powerful. And not just as "something about protection against keyloggers". Which already long time in use as default part of protection. Sorry for reply again. I just mean... that some of other Security Companies... have security feature as "protection against keyloggers" - but it's not always work best (such as protection... and such as worry-free for user)... or just part of "default steps", which F-Secure already have. With target attacks.. potentially on current time without good examples as one security suite (which will be not always too much angry).
-
Programs to catch for keyloggers and other non-OS specific malware
Just curious:
Despite Mac's strength against malicious software, there are some things that are not affected by hardware, such as keyloggers and the like.
What type of software is there that can protect against this or detect it for Macs?
Thankskp606,
The Mac's strength against malicious software has nothing to do with Apple's hardware, but rather OS X. Keep in mind that Apple's current hardware is now exactly the same as any other manufacturer's.
There are keyloggers that will run in OS X, but the only way to have them running on your machine is to install them yourself. In order to install any of these applcations and have them run in a manner that would put other accounts on your machine at risk, one would have to install them as an admin user, and this would necessitate authenticating as such.
In other words, you are your own best protection against malicious software. Just don't install it.
There are many people researching potential vulnerabilities in OS X which would allow a non-admin user to install and run malicious software, either locally or over a network (or the internet). As soon as potential vulnerabilities are found, they are reported, and Apple soon after releases an update to "plug the hole." Note that there are no known cases of these vulnerabilities ever being exploited.
Scott -
Security. Keyloggers, Monitoring Software, iSight
I'm pretty sure that my roommates installed something on my computer. I have heard full conversations about things that I have done online, someone has been reading my email for a while now, and It seems that they can see my desktop, also I have been doing thing in my computer to make sure they have done it. I'm 100% sure that there is something installed that makes them see my screen, and I'm scared that they also have control of the iSight of my MacBook Pro. I just wanna uninstall the software and avoid having to restore the computer. I'm no longer living with them cause of this and some other problems. It seems that they can only see things while we were in the same network.
Thanks,
PID TTY TIME CMD
1 ?? 0:03.53 /sbin/launchd
10 ?? 0:00.80 /usr/libexec/kextd
11 ?? 0:01.89 /usr/sbin/notifyd
12 ?? 0:05.91 /usr/sbin/syslogd
14 ?? 0:01.12 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g
15 ?? 0:00.22 /usr/sbin/cupsd -l
16 ?? 0:00.03 /usr/sbin/cron
17 ?? 0:12.44 /usr/sbin/update
18 ?? 0:00.01 /sbin/SystemStarter
21 ?? 0:00.53 /usr/sbin/securityd -i
23 ?? 0:26.44 /System/Library/Frameworks/CoreServices.framework/Fram
24 ?? 0:00.47 /usr/sbin/mDNSResponder -launchd
25 ?? 1:37.35 /System/Library/CoreServices/loginwindow.app/Contents/
26 ?? 0:00.01 /usr/sbin/KernelEventAgent
28 ?? 0:00.01 /usr/libexec/hidd
29 ?? 0:03.72 /System/Library/Frameworks/CoreServices.framework/Vers
31 ?? 0:00.02 /sbin/dynamic_pager -F /private/var/vm/swapfile
33 ?? 0:00.66 /usr/sbin/diskarbitrationd
34 ?? 0:07.36 /usr/sbin/DirectoryService
36 ?? 0:24.46 /usr/sbin/configd
39 ?? 0:00.03 autofsd
41 ?? 0:12.86 /usr/libexec/ApplicationFirewall/socketfilterfw
43 ?? 0:04.73 /usr/sbin/distnoted
48 ?? 0:01.78 /usr/sbin/blued
49 ?? 0:04.11 /System/Library/CoreServices/coreservicesd
53 ?? 8:35.35 /System/Library/Frameworks/ApplicationServices.framewo
79 ?? 0:00.32 /System/Library/StartupItems/NMPCCardDaemonVMC/NMPCCar
81 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosA
82 ?? 0:00.29 /Library/Application Support/Sophos Update Manager/Sop
85 ?? 0:03.83 /System/Library/StartupItems/NMPPPMonitor/nmpppstatsd
90 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosA
94 ?? 1:32.20 /Library/Application Support/Sophos Anti-Virus/InterCh
108 ?? 0:03.19 /sbin/launchd
114 ?? 0:12.11 /Applications/Vodafone Mobile Connect/Vodafone Mobile
116 ?? 0:00.51 /Library/Application Support/Vodafone/NovamediaDiskSup
117 ?? 0:00.39 /System/Library/CoreServices/AirPort Base Station Agen
121 ?? 0:03.59 /System/Library/CoreServices/Spotlight.app/Contents/Ma
122 ?? 0:00.42 /usr/sbin/UserEventAgent -l Aqua
125 ?? 0:00.00 /usr/sbin/pboard
126 ?? 0:32.98 /System/Library/CoreServices/Dock.app/Contents/MacOS/D
127 ?? 0:42.09 /System/Library/Frameworks/ApplicationServices.framewo
128 ?? 0:00.74 /usr/sbin/coreaudiod
130 ?? 0:25.91 /System/Library/CoreServices/SystemUIServer.app/Conten
131 ?? 1:11.04 /System/Library/CoreServices/Finder.app/Contents/MacOS
141 ?? 0:00.15 /Library/Application Support/Sophos Anti-Virus/SophosU
144 ?? 0:00.27 /Applications/iTunes.app/Contents/Resources/iTunesHelp
145 ?? 0:01.82 /Library/Application Support/EyeTV/EyeTV Helper.app/Co
146 ?? 0:00.97 /Applications/Microsoft AutoUpdate.app/Contents/MacOS/
151 ?? 0:03.91 /System/Library/PrivateFrameworks/MobileDevice.framewo
154 ?? 0:00.12 /Users/Alonso/Library/Caches/Cleanup At Startup/CrossO
156 ?? 0:00.37 /System/Library/Frameworks/InstantMessage.framework/iC
349 ?? 0:48.66 /System/Library/CoreServices/Dock.app/Contents/Resourc
350 ?? 1:04.48 /System/Library/CoreServices/Dock.app/Contents/Resourc
351 ?? 0:00.90 /System/Library/CoreServices/Dock.app/Contents/Resourc
352 ?? 0:05.17 /System/Library/CoreServices/Dock.app/Contents/Resourc
398 ?? 0:00.32 /System/Library/Services/AppleSpell.service/Contents/M
2744 ?? 0:07.57 /System/Library/Frameworks/CoreServices.framework/Fram
3325 ?? 0:08.56 /System/Library/Frameworks/ApplicationServices.framewo
3525 ?? 0:00.16 /System/Library/Frameworks/CoreServices.framework/Fram
3566 ?? 0:00.20 /System/Library/CoreServices/System Events.app/Content
3569 ?? 0:28.52 /Applications/Safari.app/Contents/MacOS/Safari -psn0
3574 ?? 0:00.67 /System/Library/Frameworks/PubSub.framework/Versions/A
3575 ?? 0:00.03 /usr/sbin/ocspd
3576 ?? 0:00.86 /System/Library/Frameworks/SyncServices.framework/Vers
3628 ?? 0:07.01 /System/Library/CoreServices/Software Update.app/Conte
3631 ?? 0:00.07 /System/Library/PrivateFrameworks/DiskManagement.frame
3632 ?? 0:00.07 /System/Library/PrivateFrameworks/Install.framework/Re
3634 ?? 0:00.06 /System/Library/Frameworks/QuickLook.framework/Resourc
3647 ?? 0:00.20 /Applications/Utilities/Terminal.app/Contents/MacOS/Te
3649 ttys000 0:00.23 login -pf Alonso
3650 ttys000 0:00.01 -bash
3660 ttys000 0:00.01 ps -APID TTY TIME CMD
1 ?? 0:04.01 /sbin/launchd
10 ?? 0:00.81 /usr/libexec/kextd
11 ?? 0:02.07 /usr/sbin/notifyd
12 ?? 0:06.68 /usr/sbin/syslogd
14 ?? 0:01.29 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift
15 ?? 0:00.23 /usr/sbin/cupsd -l
16 ?? 0:00.04 /usr/sbin/cron
17 ?? 0:14.63 /usr/sbin/update
18 ?? 0:00.01 /sbin/SystemStarter
21 ?? 0:00.57 /usr/sbin/securityd -i
23 ?? 0:29.66 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Support/mds
24 ?? 0:00.48 /usr/sbin/mDNSResponder -launchd
25 ?? 1:39.29 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
26 ?? 0:00.01 /usr/sbin/KernelEventAgent
28 ?? 0:00.01 /usr/libexec/hidd
29 ?? 0:04.27 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/Support
31 ?? 0:00.02 /sbin/dynamic_pager -F /private/var/vm/swapfile
33 ?? 0:00.70 /usr/sbin/diskarbitrationd
34 ?? 0:08.00 /usr/sbin/DirectoryService
36 ?? 0:26.91 /usr/sbin/configd
39 ?? 0:00.03 autofsd
41 ?? 0:14.22 /usr/libexec/ApplicationFirewall/socketfilterfw
43 ?? 0:05.21 /usr/sbin/distnoted
48 ?? 0:01.78 /usr/sbin/blued
49 ?? 0:04.48 /System/Library/CoreServices/coreservicesd
53 ?? 9:22.88 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphic s.framework/Resources/WindowServ
79 ?? 0:00.32 /System/Library/StartupItems/NMPCCardDaemonVMC/NMPCCardDemonVMC
81 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosAntiVirus.app/Contents/MacOS/SophosAntiVirus
82 ?? 0:00.32 /Library/Application Support/Sophos Update Manager/SophosUpdateManager.app/Contents/MacOS/SophosUpdateManager
85 ?? 0:04.43 /System/Library/StartupItems/NMPPPMonitor/nmpppstatsd
90 ?? 0:00.01 /Library/Application Support/Sophos Anti-Virus/SophosAutoUpdate.app/Contents/MacOS/SophosAutoUpdate
94 ?? 1:35.39 /Library/Application Support/Sophos Anti-Virus/InterCheck.app/Contents/MacOS/InterCheck
108 ?? 0:03.63 /sbin/launchd
114 ?? 0:13.92 /Applications/Vodafone Mobile Connect/Vodafone Mobile Connect.app/Contents/Resources/Specific/Mac_SwapperDemon.
116 ?? 0:00.53 /Library/Application Support/Vodafone/NovamediaDiskSupressor
117 ?? 0:00.41 /System/Library/CoreServices/AirPort Base Station Agent.app/Contents/MacOS/AirPort Base Station Agent -launchd
121 ?? 0:04.39 /System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
122 ?? 0:00.43 /usr/sbin/UserEventAgent -l Aqua
125 ?? 0:00.00 /usr/sbin/pboard
126 ?? 0:34.30 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock -psn040970
127 ?? 0:42.66 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/ATSServer
128 ?? 0:00.79 /usr/sbin/coreaudiod
130 ?? 0:27.48 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer -psn049164
131 ?? 1:12.00 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder -psn053261
141 ?? 0:00.16 /Library/Application Support/Sophos Anti-Virus/SophosUIServer.app/Contents/MacOS/SophosUIServer -psn065552
144 ?? 0:00.28 /Applications/iTunes.app/Contents/Resources/iTunesHelper.app/Contents/MacOS/iTu nesHelper -psn069649
145 ?? 0:02.06 /Library/Application Support/EyeTV/EyeTV Helper.app/Contents/MacOS/EyeTV Helper -psn073746
146 ?? 0:01.00 /Applications/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app/Contents/MacOS/Microsoft AU Daemo
151 ?? 0:03.91 /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Resources/u sbmuxd -launchd
154 ?? 0:00.13 /Users/Alonso/Library/Caches/Cleanup At Startup/CrossOver CD Helper.app/Contents/MacOS/CrossOver CD Helper -psn
156 ?? 0:00.41 /System/Library/Frameworks/InstantMessage.framework/iChatAgent.app/Contents/Mac OS/iChatAgent -psn098328
349 ?? 0:52.24 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
350 ?? 1:07.21 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
351 ?? 0:00.97 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
352 ?? 0:05.52 /System/Library/CoreServices/Dock.app/Contents/Resources/DashboardClient.app/Co ntents/MacOS/DashboardClient
398 ?? 0:00.84 /System/Library/Services/AppleSpell.service/Contents/MacOS/AppleSpell -psn0172074
2744 ?? 0:08.43 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker MDS
3325 ?? 0:08.56 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ATS.framewo rk/Support/ATSServer
3851 ?? 0:52.89 /Applications/Safari.app/Contents/MacOS/Safari -psn0803012
3991 ?? 0:00.16 /System/Library/Frameworks/CoreServices.framework/Frameworks/Metadata.framework /Versions/A/Support/mdworker MDS
3993 ?? 0:24.01 /System/Library/CoreServices/Software Update.app/Contents/MacOS/Software Update -psn0815303
3995 ?? 0:00.06 /System/Library/PrivateFrameworks/DiskManagement.framework/Resources/DiskManage mentTool -uuid BF77035C-C895-484
4018 ?? 0:00.02 /System/Library/CoreServices/SecurityAgent.app/Contents/Resources/authorization host
4019 ?? 0:00.33 /System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/SecurityAgent
4021 ?? 0:00.00 (suapphelper)
4022 ?? 0:00.17 /System/Library/CoreServices/System Events.app/Contents/MacOS/System Events -psn0823497
4026 ?? 0:00.44 /System/Library/Frameworks/SyncServices.framework/Versions/Current/Resources/Sy ncServer.app/Contents/MacOS/Sync
4040 ?? 0:00.35 /System/Library/Frameworks/PubSub.framework/Versions/A/Resources/PubSubAgent.ap p/Contents/MacOS/PubSubAgent
4089 ?? 0:00.06 /System/Library/Frameworks/QuickLook.framework/Resources/quicklookd.app/Content s/MacOS/quicklookd
4091 ?? 0:00.79 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn0843982
4092 ttys000 0:00.06 login -pf Alonso
4093 ttys000 0:00.01 -bash
4107 ttys000 0:00.00 ps -A -
Does the OS X firewall protect from wireless keyloggers?
I'm trying to ensure security while using public wireless networks. Does anyone know if the built-in firewall in OS X prevents access by keylogger software which might be trying to get info from my computer wirelessly?
Thanks!Here's a recently published article that should be right on target:
http://www.macdevcenter.com/pub/a/mac/2006/06/20/wireless-security.html -
Help Needed for Internet Security Driving Test!
Hi I came up with a few basic rules for family and friends
that I put together in order to try to prevent them from
continually installing spyware, toolbars, keyloggers and viruses on
their computers (and as a result, to try to prevent them from
continually calling me and asking for my help and advice when they
did this and things went wrong).
To all intents and purposes the rules worked well - for a
while. I set it up as a simple RTF document and I added this to the
start up folder of Windows XP, so that it started every time the PC
started. However, over time some of them simply learned to ignore
the rules and to close the RTF document as soon as it opened
without paying any attention to it at all - and then they went
about their merry business of installing spyware, keyloggers and
viruses etc. just as they had in the past.
So OK, I have to admit I found this deeply frustrating - but
I also realise that this is the same position that many of us geeks
are in in that on the whole, most average everyday computer users
don't have a clue about Internet security.
Now however things have become a lot more serious for me, as
I have been asked by a local charity to administer a total of 60
machines over 2 different sites - and I have also been asked if I
could provide some form of training with regard to basic personal
Internet security.
With this in mind I came up with the idea of an interactive
CDROM, or Flash based Internet security driving test/tutorial that
basically covers all of the scenarios I touch on in my rules.
This tutorial would cover basic things like, if you got an
email from a representative ex President of an African country
offering you a share in millions of dollars of stolen money, or if
you got an email from your bank asking you to verify your security
details and so on, what would you do? Additionally it would cover
such things as the abundance of viruses that infest many of the
porn sites on the net, the way that many games on the Internet that
are listed as being 'free' (particularly those which are in
executable file format) are often just vehicles for more spyware
and viruses also - and about the dangers of chat lines, of spoof
security warnings on web sites and so on.
I have included my list of rules below which should hopefully
give you an idea of what I'm trying to do. Be warned though, the
wording is deliberately harsh and perhaps a little extreme (and as
a result maybe not entirely 100% accurate) but you must realize
that I am, or was trying to give myself the easiest time possible
and the least possible problems. So you may well find things you
disagree with in it - but overall if someone followed these rules,
they probably would be less likely to run into problems than
someone who did not follow them might.
The thing is however that (as I said) I would like to
formalise these rules somewhat in the format of some kind of
interactive tutorial/web security driving test. Unfortunately I
have no experience with flash - and little knowledge of HTML or
anything like that. I also know that the language for these rules
isn't quite right, in that it probably isn't suitable for a formal
office type environment.
I had in mind that the tutorial would show some realtime
examples of some of the things I have been talking about (which I
assume would only be possible in Flash?) or perhaps rather like a
readers digest multiple choice type thing, with screenshots
depicting the various scenarios in question. (Like a screenshot of
a flash animation on a web page saying 'You have won a prize!!!'
What would you do? a) click on the ad, b, ignore it, or c) phone
all of your family and friends informing them of your good fortune
before doing anything.' etc.
So I was wondering, are there any good hearted charitable
souls out there who might be willing to help out to put a tutorial
like this together?
Again I remind you that it really is for a charity
(specifically the Depaul Trust in the UK, which helps young
vulnerable people find secure accommodation, provides educational
opportunities and helps them to find employment). The requirement
would be that all staff and students pass the Internet security
test before being granted Internet access.
I know this might be time consuming - but again all I can do
is appeal to the sense of kindness and helpfulness of this
community and hope that someone who does have some experience in
these maters might be willing to help.
Alternatively could anyone suggest a simple easy to use
software package that would allow a relative n00b like me to put
together a tutorial like this on my own? Or perhaps it is possible
that some free online tutorial like this already exists?
In any case, any help at all would be appreciated.
PS,
Here are the rules I have that I referred to above.
http://download305.mediafire.com/b6ndmljht1bg/29bbnnbz2uz/internet+rules.rtfDennis, when I look at the subject three clips (EI 1250, EI 640, and EI 320, respectively, and in that order) as presented in the camera, I see exactly what I have expected all along -- three different-brightness images that are progressively brighter from the EI 1250 exposure to the EI 320 exposure. So, am mystified why when I open these images (clips), say, in RAW Viewer, wherein I have thought that I would see the same progressive brightness differences allowing me to experiment with reducing brightness to deal with noise reduction, all three of the images present completely alike in brightness.
-
Is there a keylogger or tracker on my computer?
Hi, I have reason to belive there might be some sort of spying software/keylogger installed on my computer without my consent. I am 18 and the laptop I'm using was purchased for me by my mother about a year or two ago. She's one of those paranoid mothers who logged all my aim chats and stuff as a child and I'm afraid she is still set in those ways. I think, however, at 18 I deserve my privacy on my computer. Sometimes when I'm talking to her she likes to joke that she should go through my laptop and see what I'm drawing (I do alot of art on my laptop that I don't like to show people cause I'm self-concious about my work.) and when I tell her she couldn't get on if she tried she makes this mocking face like she knows something I don't. This has made me very paranoid as I really don't like the idea of her snooping through my files and stuff. Shes always boasting about how good she is with computers, but I once made up a bunch of computer gibberish non-sense and she tried to look like she knew what I was talking about...So maybe she is just bluffing? I was looking though /Library/LaunchDaemons and found the .plist file relating to the program Undercover which moniters your laptop in case it's stolen, sends screenshots and takes photos with the webcam. I never installed this program. I DID install the program PREY just in case someone ran off with my laptop in Starbucks or something. What I want to know is if there are any other keyloggers or trackers installed on my computer so I can get rid of them. I ran some commands in terminal and these were my results-
new-host-4:~ KellieCruz$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
com.metakine.handsoff.driver (2.0.8)
com.rogueamoeba.InstantOn (6.0.2)
com.rogueamoeba.InstantOnCore (6.0.2)
com.manycamllc.driver.ManyCamDriver (0.0.9)
com.protech.NoSleep (1.3.3)
com.Cycling74.driver.Soundflower (1.6.2)
com.cleverandson.driver.XAerial (1.0.0)
new-host-4:~ KellieCruz$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'
com.oracle.java.Java-Updater
com.oracle.java.Helper-Tool
com.autodesk.backburner_server
com.autodesk.backburner_manager
org.tcpdump.chmod_bpf
org.gpgtools.gpgmail.uuid-patcher
com.torch.update.agent
com.orbicule.uclocator
com.metakine.handsoff.daemon
com.macpaw.CleanMyMac2.Agent
com.luthresearch.scservice
com.disc-soft.DAEMONTools.PrivilegedHelper
com.daz3d.content_management_service
com.autodesk.backburner_start
com.adobe.fpsaud
new-host-4:~ KellieCruz$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
com.macpaw.CleanMyMac2Helper.diskSpaceWatcher
com.macpaw.CleanMyMac2Helper.trashWatcher
com.macpaw.CleanMyMac2Helper.scheduledScan
com.tuneupmedia.TuneUpHelper
org.gpgtools.macgpg2.updater
org.gpgtools.macgpg2.shutdown-gpg-agent
org.gpgtools.macgpg2.fix
org.gpgtools.Libmacgpg.xpc
org.gpgtools.gpgmail.user-uuid-patcher
org.gpgtools.gpgmail.enable-bundles
com.wacom.wacomtablet
com.wacom.pentablet
com.protech.NoSleep
com.metakine.handsoff.agent
com.spotify.webhelper
com.google.keystone.user.agent
com.divx.agent.postinstall
com.akamai.single-user-client
com.adobe.AAM.Scheduler-1.0
new-host-4:~ KellieCruz$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
/Library/Components:
/Library/Extensions:
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adlm.framework
Adobe AIR.framework
AudioMixEngine.framework
DivX Toolkit.framework
Libmacgpg.framework
NyxAudioAnalysis.framework
PluginManager.framework
TSLicense.framework
WacomMultiTouch.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
AdobeAAMDetect.plugin
DirectorShockwave.plugin
DivXBrowserPlugin.plugin
Flash Player.plugin
Flip4Mac WMV Plugin.plugin
JavaAppletPlugin.plugin
OVSHelper.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
Silverlight.plugin
Unity Web Player.plugin
Unused
WacomNetscape.plugin
WacomTabletPlugin.plugin
flashplayer.xpt
nsIQTScriptablePlugin.xpt
/Library/Keyboard Layouts:
/Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.metakine.handsoff.agent.plist
com.oracle.java.Java-Updater.plist
com.protech.NoSleep.plist
com.wacom.pentablet.plist
com.wacom.wacomtablet.plist
org.gpgtools.Libmacgpg.xpc.plist
org.gpgtools.gpgmail.enable-bundles.plist
org.gpgtools.gpgmail.patch-uuid-user.plist
org.gpgtools.macgpg2.fix.plist
org.gpgtools.macgpg2.shutdown-gpg-agent.plist
org.gpgtools.macgpg2.updater.plist
/Library/LaunchDaemons:
com.adobe.SwitchBoard.plist
com.adobe.fpsaud.plist
com.apple.remotepairtool.plist
com.autodesk.backburner_manager.plist
com.autodesk.backburner_server.plist
com.autodesk.backburner_start.plist
com.daz3d.content_management_service.plist
com.disc-soft.DAEMONTools.PrivilegedHelper.plist
com.macpaw.CleanMyMac2.Agent.plist
com.metakine.handsoff.daemon.plist
com.oracle.java.Helper-Tool.plist
com.torch.update.agent.plist
org.gpgtools.gpgmail.patch-uuid.plist
/Library/Mail/Bundles:
GPGMail.mailbundle
/Library/PreferencePanes:
Flash Player.prefPane
Flip4Mac WMV.prefPane
GPGPreferences.prefPane
JavaControlPanel.prefPane
MacFUSE.prefPane
NoSleep.prefPane
PenTablet.prefPane
WacomTablet.prefPane
/Library/PrivilegedHelperTools:
com.disc-soft.DAEMONTools.PrivilegedHelper
com.macpaw.CleanMyMac2.Agent
/Library/QuickLook:
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
DivX Decoder.component
DivX Encoder.component
Flip4Mac WMV Advanced.component
Flip4Mac WMV Export.component
Flip4Mac WMV Import.component
ManyCamVDig_RGB.component
ManyCamVDig_YCbCr.component
MayaIFF.component
/Library/ScriptingAdditions:
Adobe Unit Types.osax
XtraFinder.osax
/Library/Services:
GPGServices.service
/Library/Spotlight:
Microsoft Office.mdimporter
iWork.mdimporter
/Library/StartupItems:
Sudochmod
/etc/mach_init.d:
/etc/mach_init_per_login_session.d:
/etc/mach_init_per_user.d:
com.adobe.SwitchBoard.monitor.plist
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
YMsgrCallABPlugin.bundle
YMsgrMsnABPlugin.bundle
YMsgrSmsABPlugin.bundle
YMsgrYimABPlugin.bundle
Library/Fonts:
rough_typewriter.otf
rough_typewriter_X_bold.otf
rough_typewriter_bold_itl.otf
rough_typewriter_italic.otf
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
BlueStacks Install Detector.plugin
SOEWebInstaller.plugin
Library/Keyboard Layouts:
Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.akamai.single-user-client.plist
com.divx.agent.postinstall.plist
com.google.keystone.agent.plist
com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist
com.macpaw.CleanMyMac2Helper.scheduledScan.plist
com.macpaw.CleanMyMac2Helper.trashWatcher.plist
com.spotify.webhelper.plist
Library/PreferencePanes:
AkamaiNetSession.prefPane
Growl.prefPane
Perian.prefPane
teleport.prefPane
Library/QuickTime:
AC3MovieImport.component
Perian.component
Library/Services:
ToastIt.service
new-host-4:~ KellieCruz$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
iTunesHelper, Speech Startup, XtraFinder, iAntiVirus, BambooCore
Does any of this look funny to you? Are there any other tests/programs/comands I can run to do a more thorough check? Sorry if this seems like a silly issue but my privacy matters to me. I don't do anything horrible on my computer but I also don't think I should be being watched 24/7 like a child.Hi Linc,
I had the same question as everyone else. Here is my output. Do you know if I have tracking software installed? Thank you so much for your time/help. Your expertise is much appreciated!
Last login: Thu Feb 19 14:11:14 on console
sarahcomputer-3:~ Sarah$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
sarahcomputer-3:~ Sarah$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)
|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
WARNING: Improper use of the sudo command could lead to data loss
or the deletion of important system files. Please double-check your
typing when using sudo. Type "man sudo" for more information.
To proceed, enter your password, or type Ctrl-C to abort.
Password:
com.vmware.launchd.vmware
com.google.keystone.daemon
com.carbonite.daemon
com.adobe.fpsaud
cn.com.zte.PPPMonitor.plist
cn.com.zte.MessageCenter.plist
sarahcomputer-3:~ Sarah$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
com.bittorrent.uTorrent.32592
org.mozilla.firefox.37520
com.box.sync.88912
org.videolan.vlc.37696
com.microsoft.Word.28368
com.microsoft.entourage.database_daemon.29424
com.vmware.fusionStartMenu.41040
com.box.Box-Local-Com-Server.88560
com.Box.Box-Edit.88384
com.skype.skype.31536
com.yahoo.messenger3.32944
com.google.GoogleDrive.65856
com.vmware.fusionDaemon.39808
com.microsoft.autoupdate.fba.39456
jp.co.canon.cijscannerregister.41216
com.evernote.EvernoteHelper
com.hp.help.tocgenerator
com.google.keystone.system.agent
com.divx.update.agent
com.divx.dms.agent
com.carbonite.carbonitestatus
com.carbonite.carbonitealerts
cn.com.zte.usbswapper.plist
com.citrixonline.GoToMeeting.G2MUpdate
sarahcomputer-3:~ Sarah$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null
/Library/Components:
/Library/Extensions:
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
ArcMSR.kext
BJUSBLoad.kext
CIJUSBLoad.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
PromiseSTEX.kext
SoftRAID.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adobe AIR.framework
AudioMixEngine.framework
DivX Toolkit.framework
DivXInstallerUtilities.framework
HPSmartPrint.framework
MacFUSE.framework
NyxAudioAnalysis.framework
OSXFUSE.framework
PluginManager.framework
Snapfish.framework
TSLicense.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Default Browser.plugin
DirectorShockwave.plugin
DivX Web Player.plugin
Flash Player.plugin
Flip4Mac WMV Plugin.plugin
Flip4Mac WMV Plugin.webplugin
Google Earth Web Plug-in.plugin
OVSHelper.plugin
OfficeLiveBrowserPlugin.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
Silverlight.plugin
flashplayer.xpt
googletalkbrowserplugin.plugin
iPhotoPhotocast.plugin
nsIQTScriptablePlugin.xpt
o1dbrowserplugin.plugin
/Library/Keyboard Layouts:
/Library/LaunchAgents:
cn.com.zte.usbswapper.plist
com.carbonite.launchd.carbonitealerts.plist
com.carbonite.launchd.carbonitestatus.plist
com.divx.dms.agent.plist
com.divx.update.agent.plist
com.google.keystone.agent.plist
com.hp.help.tocgenerator.plist
/Library/LaunchDaemons:
cn.com.zte.MessageCenter.plist
cn.com.zte.PPPMonitor.plist
com.adobe.fpsaud.plist
com.carbonite.launchd.carbonitedaemon.plist
com.google.keystone.daemon.plist
com.vmware.launchd.vmware.plist
/Library/PreferencePanes:
Carbonite.prefPane
Flash Player.prefPane
Flip4Mac WMV.prefPane
Perian.prefPane
/Library/PrivilegedHelperTools:
Google Drive Icon Helper
com.box.sync.bootstrapper
com.box.sync.iconhelper
/Library/QuickLook:
GBQLGenerator.qlgenerator
VMware Fusion QuickLook.qlgenerator
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AC3MovieImport.component
AppleIntermediateCodec.component
AppleMPEG2Codec.component
Perian.component
/Library/ScriptingAdditions:
/Library/Spotlight:
GBSpotlightImporter.mdimporter
Microsoft Office.mdimporter
iBooksAuthor.mdimporter
iWork.mdimporter
/Library/StartupItems:
HP Trap Monitor
/etc/mach_init.d:
/etc/mach_init_per_login_session.d:
/etc/mach_init_per_user.d:
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
YMsgrCallABPlugin.bundle
YMsgrMsnABPlugin.bundle
YMsgrSmsABPlugin.bundle
YMsgrYimABPlugin.bundle
Library/Components:
MindVision
Library/Fonts:
Library/Frameworks:
EWSMac.framework
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
CitrixOnlineWebDeploymentPlugin.plugin
Google Earth Web Plug-in.plugin
Library/Keyboard Layouts:
Library/LaunchAgents:
com.apple.SafariBookmarksSyncer.plist
com.citrixonline.GoToMeeting.G2MUpdate.plist
Library/PreferencePanes:
Library/Services:
.localized
sarahcomputer-3:~ Sarah$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
iTunesHelper, VMware Fusion Helper, Skype, Jacquie Lawson London Advent Calendar, Google Drive, uTorrent, Dropbox, Yahoo! Messenger, Skype, Box Sync, Box Edit, Box Local Com Server
sarahcomputer-3:~ Sarah$ -
How to force iOS to ask for S/MIME private key password every time?
Hi, I am using S/MIME signing and encryption on my iOS devices and I am very surprised that the system does not require password for encrypting, decrypting or signing a message when using my cell phone. Everyone with access to it (be it a thief who saw my unlock code or somebody I know personally) will be able to send/read all encrypted messages. That is a deal breaker for me and I hope I am not the only one.
So the question is: I need to be asked for a password everytime I (a) read encrypted message, (b) send a signed message or (c) send an encrypted message.
How can I do that?
I imported my key via iPhone configuration utility, but I was unable to find an option for that.By revealing your unlock code your device is already compromised. Just like revealing your computers login password. Once the computer is compromised, any number of things can be done which render the certificate password useless. Keyloggers can be installed, the kernel can be patched to steal DPAPI keys, etc. Real software companies like Apple and Microsoft don't entertain security through obscurity.
-
Help me catch my hacker...please!
Hi. I have an old Mac Pro 1,1 (2007 I believe), OSX 10.7.5 that has been hacked. I have read some of the questions here so I'll try to include all the necessary info. some of the things that have happened are that a new admin user account is on my computer where I have never created any other account and was using my admin account solely which I now know is not smart. I see the new account at the login screen although it tries to look like it is my account, same icon, but it thankfully can't shut down or restart the computer. I am the sole user of my computer and no one else has access to it physically. also, I can no longer throw anything into the trash. Everything just gets moved somewhere as I can see this from the dialog box that pops up. Also, I have to enter a password just to throw anything away(!), but the trash bin always remains empty so nothing ever makes it there but is obviously going elsewhere. The other thing is all my files are now locked and password protected which of course I didn't do. So, hopefully this all shows my computer has indeed been hacked. In fact, I do know who has done this and he's hacked my iphone as well. He currently lives in another country and when I did wipe my phone and enable location services I started getting ads for the nearest major city of that country where he lives and he is the only person I know who lives in that country. I have other info too as to how I know who it is but won't go into it here. He is some guy I used to know who somehow thinks I'm responsible for him losing his job which is completely preposterous. I know he's gone after my finances but thus far has not been able to access them. My email, which I never check on my home computer or phone anymore, will even on my home computer keep trying to connect to paypal. When I've logged into AppleID on my phone to download apps he has changed my AppleID password & security questions but I was fortunately able to change it and get back into it. He put security questions I would never use like asking something about dates and I never remember dates.
Anyway, I really need to catch this guy as I have info that he has done this to others as well. I know I could just wipe my machine but that is not something I want to do. While my mac tech guy is normally great he doesn't even believe a mac can have a virus and wants to debate that so for him to believe my computer could have been hacked is impossible so he wouldn't help me. I have contacted a couple other techs I know but one was PC-oriented and the other who does some work on macs said he didn't have enough mac experience when I told him the litany of things happening on my computer and phone. So, I am turning to the good people of this forum to help me do this myself as I know you guys are great from past experience with minor computer issues.
What I've done so far, mostly from reading these forums: I ran EtreCheck and the only thing that came up looking off was a version of Adobe Flash Player I downloaded that EtreCheck says was a mismatch in their red type. I believe that is how the hacker got his software on my computer. I made visible all the users/accounts and nothing looked funny but a lot of this stuff is greek to me as I have never used the Terminal before. I did find a root user and so disabled that. I have looked through all the Processes, and ran that 5-step terminal thing you guys recommend here that shows preferences & launch agents, etc. and looked and looked but see nothing off. I unfortunately had my computer rather wide open before and so now have done all the normal user things to tighten my security and have Little Snitch and Avast Security on my computer. Oh, I did find the Genio-L bug through MacScan and deleted that. My computer had been running at a crawl but is now faster. Also, I had read something about hackers getting access through Bluetooth and saw besides my keyboard and mouse (my modem is wired so I don't have WiFi) some third item listed. I deleted it as it looked suspicious with very little info on it compared to my other devices. (I forgot to take a screenshot of it.) I have also made all files visible through the Terminal. I was looking around in the Private/Etc files but I don't really know what i'm looking at. Also, I found 3 applications that were loading automatically on login so I deleted them: Adobe Resource Synchronizer, Optimism Agent (Optimism software I have) and FontExplorer.
Anyway, I would love recommendations for how to find this hacking software which I'm assuming can be found through the Terminal. I did try to use Deeper but when I tried to get it to show all the IP addresses for the users on the login page it had an applescript error come up. It said:
FSPathMakeRef (/System/Library/CoreServices/HelpViewer.app) failed with error -43. (1)
i'm sure this guy probably has some pretty sophisticated hacking software, which I understand can even be parental control software. I have reason to believe he has put a keylogger on my computer. So, if there is a way to catch this guy please, please give me some tips but do explain everything really simply & step by step as I know nothing about using the Terminal despite the few things I've done. I was reading under the ssh and it says something about -x being used to disable keyloggers from forwarding info. I do seem to have the applicaton X11 on my computer which I never noticed before. There was also something under ssh about ~# which can list all forwarded connections. Of course I don't know how or where to do these things but if you guys think it would help then I'd totally appreciate directions on how to do these things.
Sorry for writing an essay but I may not be able to get back to this computer for 3-4 days so wanted to give plenty of info for the questions you guys usually ask. Thanks in advance for any and all help!I went ahead and repaired the permissions and the disk itself didn't need any repairs. I still really don't want to wipe my HD, and haven't yet, because I want to catch this guy. can you guys give me a code to enter into the Terminal to show all hidden admin users? I tried something I found on these forums to unhide all 500users but i'm not sure if it was for Lion. (btw, the descriptions for this forum are off. i have a silver tower, it's definitely a mac pro 1,1 and am running Lion 10.7.5) anyway, the terminal said in response:
sudo: /private/etc/sudoers is mode 0446, should be 0440.
this response was before I repaired the permissions.
to address Kurt's question of why i'm convinced I have a hacker I didn't share everything in my OP partly because it was already so long and party because some info I don't feel comfortable sharing online. suffice it to say I have solid knowledge that I've been hacked. I was 99.9% sure of who it was and when the location-based ad on my iphone came up for the country this person currently lives in I knew I was right. think of it like this, if you knew one person who lived in Latvia and suspected he was for sure the person who hacked your computer/phone because you know he's done it to others you know, and suddenly your phone in the US starts getting ads for the nearest major city to where the person lives in Latvia, right after you enabled location-based ads, you'd be pretty sure you suspect the right person. as to how I know this is for sure a hacking I am not comfortable going into on a public forum. suffice it to say, I know without a shadow of a doubt. obviously, the fact that I have an additional admin account on my computer when I live alone and no one, and I mean no one, has physical access to my computer is quite a good indicator.
just earlier today I had additional problems on my iphone 4. (in the last week I've reset the settings several times whenever I have like one or two bars for my connection which is definitely not normal. resetting the settings seems to be really helping the connection.) this morning I was reading on safari (on the NPR site) and suddenly my phone goes black and the same screen I see when my phone is resetting shows up (all-black screen with white horizontal progress bar). something was being reset so I immediately tried to turn off the phone and it wouldn't turn off, but it did not let the progress bar continue with whatever was happening as long as I held the power button down. then after awhile of doing this, the screen suddenly went back to my usual NPR page. I immediately turned off my phone and will reset it when I turn it back on.
so, my question is how protect my phone? I have erased it previously, but don't want to do that again as I can't risk logging into Apple ID on it again, to download apps, as last time I did that my Apple ID password & security question as got changed and I had a hard time getting back into it. what I have done so far is to use a password, set a restrictions password and I have turned off most locations settings and limited ad tracking. when this all started awhile ago the app I use the most, a newspaper, suddenly popped up with a survey that it tried to force me to click on and take. there was no option not to take the survey and the website address it showed ended in .xyz as if that is a real legitimate site. what I did was close the app and delete it as I knew this had nothing to do with this major newspaper app. it was directly after that that the location-based ad in this guy's country started coming up. so, how the heck can I keep this guy off my phone now? I still want to catch him and am hoping I can somehow do that either on my computer or phone. no one should be allowed to do this to another person. it's been a nightmare. again thanks for any and all help. -
I have a Macbook pro that I suspect my exhusband installed keylogger software on. I followed the keylogger detection instructions posted on an older post, but I do not know how to interpret the Terminal results. What should I be looking for in the strings that result?
You don't have an off-the-shelf commercial keylogger installed. I can't rule out a well-hidden rootkit. That would only be possible If the attacker is a computer expert, or if he had help from an expert. If you suspect that, you'll either have to consult an expert yourself or (less expensively) erase your hard drive, reinstall OS X and all your other software from known-good copies, and restore only your documents and settings from a backup.
I should add that there are hardware keyloggers on the market that don't install any software at all. The cheap ones can't be accessed remotely, but with enough money you can buy pretty much anything. A highly motivated attacker could plant listening devices in your home, your car, or your office. -
Multiple people using same admin account boot each other out
Hello,
One of our clients has a number of trainers that need to use the same admin email address to log in and export reports. It seems like only one person can be logged into the account at a time, which makes sense - but this will cause the trainers that get booted from the CMS to lose their work. Then there will be confusion over whether or not it's safe to log back in because they will boot the person out that just booted them.
Is there a way to lock the login for an admin email so that if Person A is logged into the CMS, Person B won't be able to log into the CMS with the login until Person A logs out?
If that isn't an option, is there a way to display on a web page whether or not the admin login is in use? We just need some kind of automated way to mitigate this. We can't have a shared doc where people can checkout the login because with the number of trainers, people are bound to mess up that kind of manual process.
Any ideas are appreciated.
ThanksThis is 100% a security feature and a must. One of the biggest security issues at a company is when people share passwords. Some of the biggest stories of "hacking" out there in the web - most are not actual true hacks but people gaining access based on bad passwords, keyloggers on someones machine or moreover sharing logins etc.
Change why and how your doing this with any client ASAP!
Maybe you are looking for
-
LaCie 1TB Drive on it's Death Bed?
Hello all, I've got a LaCie 1TB drive that I've had now for about 4 years- It's got a little space left on it ~36GB. I can copy files off of it fine but I can't copy files to it, nothing. Not even a single .jpg file without getting the following mess
-
I am creating an interactive document in InDesign and exporting it as a SWF file. I would like the text in the SWF file to be searchable text. Do I need to set up the document a certain way to achieve this? Can I create a search button within InDe
-
Formula column in XML publisher report
Hi I need to include formula column in my XML publisher report, please any one guide me on this. Thanks in advance
-
Expand the Warehouse tables X adding physical tables and joins
I was questioned about these options: a) Add physical tables (from other DBs) and modifying the physical model with new joins + modifying logical model to include new columns b) Expand warehouse tables to include new columns in the tables. Doing a co
-
Ok.. so if one can't EMAIL them.....
and btw - I sent pages docs/folders, with imported figures and tables (thanks Yvan, for being so knowledgeable and sharing. I learned a lot from reading your replies) from Eudora to Eudora. They opened just fine although the names were somewhat garbl