Lion OS X Security & Stability Questions
Hi,
My mac was hacked before and somehow they had remote access to my macbook pro. I was using snow leopard.
I have Lion OS X now,but I am seeing the rainbow wheel (busy) too much. The kernel_task is using 508MB out of 4GB while I am only using Chrome & Firefox without any extensions and no heavy software installed.
I have an up to date ClamXav antivirus,it shows that there are no infected files, but I am worried that I might have a newer version of this trojan: http://www.net-security.org/malware_news.php?id=953
Do you recommend any anti spyware software to make sure I dont have any trojans or keylogers?
Is it normal that kernel_task uses between 300 & 508MB of the memory at any time?
There are more than one Google Chrome Renderer and Google Chrome Helper in Activity Monitor, is that normal?
The VDCAssistant is running, when I terminated it in Activity Monitor, it starts again. Does that mean someone has remote access to my isight cam?
Is there a way to make sure that my system has not been modified by a developer? I mean that they did not install a trojan but changed the behaviour of the operating system.
Finally, can they do that by simply sending me a link or a pdf file even if I don't install anything?
Thanks
That trojan you link to was used an exploit that Apple patched back in 2008 (Apple security update 2008-005). So no, I would not worry about having that.
In order for things like the AsTHT to do anything (it was an AppleScript, BTW) system wide they need to be run with admin privileges, which means you would have to execute the file, and enter your admin password. So no, simple downloading a pdf or other file will not infect your system.
Similar Messages
-
Not able to get rid of security-related questions in runtime
Hi,
I am simply using NetBeans 6.0.1 and the emulator QwertyDevice and the emulator platform WTK 2.5.2 for CLDC.
I have chosen Alias as trusted in the signing option in the project configuration page. however still I am getting security confirmation questions in runtime to access the local files for instance.
Would anyone please advise me how to get rid of that?
Also I have deployed the application on SonyEricsson k800i and would like to get rid of the security confirmations on that device as well. What is the guideline?
Thank youRight clicking on it is not even an option, just hovering over it seems to induce a "nuclear" reset of the whole desktop and graphic card on the iMac.
Have meanwhile found a possible solution by erasing the dock preference file in the user/library/preferences folder to reset the dock to it's default state. Will try this out through a Skype conversation with that Buddy.
Was seen here :
https://discussions.apple.com/message/16447109#16447109
Thank you for stepping in. Good to know that people are still willing to help in this community.
Greetz to the UK from France -
Security upgrade question - Getting 6.1.6 downloaded to iphone.
Security upgrade question - I have a 4S phone v6.01 with an upgrade to IOS 7.04 already downloaded and ready for install. I would like to install the 6.1.6 security upgrade instead. How do I delete the ios7 in the queue or have the 6.1.1 pushed as an option to the phone?
You can't install iOS 6.1.6 on that device and must update it to 7.0.6.
(101120) -
I foreget my security answer questions. --app store
I foreget my security answer questions . --app store
I can not buy any thing without answeing this questions
Pls help me to repair this problemQ - Can I change the answers to the security questions for my Apple ID?
A - Yes. You can change the answers to the security questions provided when you originally signed up for your Apple ID. Go to My Apple ID and click Manage your account.
http://support.apple.com/kb/he37
Manage your Apple ID -
https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/ -
Security/session questions
Hi,
I have some security/session questions for you guys.
My application uses flex, blazeds and spring. I use RemoteObjects to initiate calls from flex to java. The application consists of a login screen and 'other screens' available only to authenticated users after login. When the user logs in the server stores user credentials on the FlexContext (FlexContext.getFlexSession().setAttribute). So if the server timeout is reached and the user presses 'refresh' the user is thrown out and the login screen appears.
Question 1: How can I check if the timeout is reached when the user makes a call to the server, without checking manually against the FlexContext. Are there any config parameters to set?
Question 2: Is it necesssary to check against the user credentials in the session for every flex-to-server call? (I guess someone can omit the login screen and do a manual call)
Question 3: If the answer to question 2 is yes, how can I check against the session credentials? The only way I can think of is calling a method which checks the session attribute manually, but then I have to remember to add this method call to each of the methods called from flex through Blazeds. Is it, for example, possible to call the user-logged-in method before the method given in the RemoteObject is called? (If not authenticated, do not run method).
Hope someone got the time to help me out.I appreciate your answer, but as you yourself write, I think there must be a blazeDS way. But as nobody with extensive BlazeDS knowledge answers this post, I probably have to google this topic even more.
Following are the main changes in my application: (Introducing spring security)
Everything seems to be working as it should. But as already stated, I'm a newbie. So if anybody see something suspicious, let me know.
The main problem I had implementing Spring Security was something that should be easy, but somehow it was not: the loading of the context files. Before introducing the spring security I only had one application-context file, and this was loaded by the DispatcherServlet. When introducing security I tried to add this to the same file. It did not work. Then I tried splitting up the files, and loading both using DispatcherServlet. It did not work. Then I tried loading both using ContextLoaderListener. It did not work. Finally I found the solution. Flex settings must be loaded by the DispatcherServlet, and spring security settings must be loaded by ContextLoaderListener. This work. I don't know if this is the only solution.
On the server:
web-xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/web-application-config.xml
/WEB-INF/config/web-application-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/flex-application-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
flex-application-context:
<flex:message-broker>
<flex:secured/>
</flex:message-broker>
web-application-context:
I had to implement my own authentication mechanism. Had to compare the username/password against an object attribute. So this bean is not mandatory, but I think you have to write down username/password/role in flex-application-context if not provided.
<bean id="customAuthenticationProvider" class="packagename.CustomAuthenticationProvider">
<security:custom-authentication-provider/>
</bean>
web-application-security:
<http entry-point-ref="preAuthenticatedEntryPoint" />
<beans:bean id="preAuthenticatedEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint " />
<!-- Securing the service layer -->
<global-method-security>
<protect-pointcut expression="execution(*package.ServiceImpl.*(..))" access="ROLE_USER"/>
</global-method-security>
On the client:
private function login():void {
var cs:ChannelSet = ServerConfig.getChannelSet(loginRemoteObject.destination);
var token:AsyncToken;
token = cs.login(username, password);
// Add result and fault handlers.
token.addResponder(new AsyncResponder(loginResultHandler, loginFaultHandler));
private function logout():void {
var cs:ChannelSet = ServerConfig.getChannelSet(loginRemoteObject.destination);
var token:AsyncToken = cs.logout();
// Add result and fault handlers.
token.addResponder(new AsyncResponder(logoutResultHandler, logoutResultHandler)); -
Forget security answer question
im forget the security answer question
If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then go to https://appleid.apple.com/ and click 'Manage your Apple ID' on the right-hand side of that page and log into your account. Then click on 'Password and Security' on the left-hand side of that page and on the right-hand side you should see an option to send security question reset info to your rescue email address.
If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
Contacting Apple about account security : http://support.apple.com/kb/HT5699
When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down this page to add a rescue email address for potential future use : http://support.apple.com/kb/HT5312 -
HT201413 forgot my itunes security secret questions for purchase music
Iforgot my itunes security secret questions for to purshase music how do i get to redo it again plz
same thing is happening to me aswell please i dont know what to do
-
HT5699 I forgot my security support question and answer, what should i do?
I forgot my security support question and answer, what should i do
See Kappy's great User Tips.
See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities https://discussions.apple.com/docs/DOC-4551
Rescue email address and how to reset Apple ID security questions
http://support.apple.com/kb/HT5312
Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
Cheers, Tom -
HT5312 i forgot my security my question . i need to send my security a gain .
i forgot my security my question . i need to send my security a gain .
Try calling your country number from http://support.apple.com/kb/HE57 and ask to speak with Account Security.
-
I am not receiving security rest question from apple
i am not receiving security rest question from apple, i need to buy some app. please help
Read here > Apple ID: All about Apple ID security questions
If necessary
1) See Here > Apple ID: Contacting Apple for help with Apple ID account security
Ask to speak with the Account Security Team...
2) Or Email Here > Apple Support iTunes Store Contact
Note:
You can only set up a Rescue Email BEFORE you forget the questions/answers. -
I forget security info question, i forget security info question
i forget security info question, i forget security info question
The Three Best Alternatives for Security Questions and Rescue Mail
1. Use Apple's Express Lane.
Go to https://expresslane.apple.com ; click 'See all products and services' at the
bottom of the page. In the next page click 'More Products and Services, then
'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
ID security questions' and click 'Continue'. Please be patient waiting for the return
phone call. It will come in time depending on how heavily the servers are being hit.
2. Call Apple Support in your country: Customer Service: Contact Apple support.
3. Rescue email address and how to reset Apple ID security questions.
A substitute for using the security questions is to use 2-step verification:
Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID. -
HT1689 How Do You Change Security Confirmation Questions/Answers?
I am trying to purchase from my new iPod Touch. It keeps asking for answers to security confirmation questions. I have forgotten the answers. How do I change my security confirmation answers/questions?
Try:
https://discussions.apple.com/message/18401752#18401752
https://discussions.apple.com/thread/3955432?tstart=0 -
HT204088 I forgot the security conformation question
I forgot my security conformation question answer. What can I do?
That email option is not there anymore. I found out the other day when I tired.
Happened to me the other day. I went to https://expresslane.apple.com/Issues.action and asked what to do there. Less that 24 hours later I got a response to go to the account management on the page linked above, select lost or forgotten password, and then you will have the option to have an apple rep call you back. Most times there is an option to have them call you immediately. From there they will reset your questions if you can prove a few thing to them. Give it a try, it is fast!
Oh... answers are case sensitive. Rep I spoke to suggested to use one word answers to the questions and use all upper or lower case. When you answer the questions again it is probably best to just write them down EXACTLY as written put it in a safe place. -
Question regarding Lion's Versions security
I am wondering if whether a potential security issue affects Versions.
Let's say I have a encrypted text file (maintained with TrueCrypt) that I use to store all of my passwords. The list starts out with a single entry, but over time I add more information, until I have a few dozen edits. I use Lion's TextEdit app to edit the document. Each time I save the document the versions information being stored outside my encrypted file, in the DocumentRevisions-V100 folder now holds information from the saved versions. Question: is this Versions information in "cleartext" (unencrypted), and therefore my passwords are essentially being stored two places? One place in an encrypted text file, and in the DocumentRevisions-V100 folder open to anyone who obtains root access? After all, root access is exceedingly easy on Lion.
I suppose the easy answer, just to be safe is to never use a Versions enabled app to edit an encrypted file. But is it really necessary?Linc Davis wrote:
If you're serious about encryption, you need FDE. If you're not serious, don't use it at all.
Really?
http://news.techworld.com/security/3228701/fbi-hackers-fail-to-crack-truecrypt/
http://www.macworld.com/article/165202/2012/02/apple_filevault_2_encryption_crac ked_by_forensic_software.html
I think TrueCrypt is at least as safe as FDE.
Upon further investigation, nothing is saved outside the container, as Lion treats the container as an external drive, wherein Versions is not applicable. -
ASA 5505 Interface Security Level Question
I am wondering if someone can shed some light on this for me. I have a new ASA 5505 with a somewhat simple config. I want to set up a guest VLAN on it for a guest wireless connection.
I set up the ASA with the VLAN, made a trunk port, set up DHCP (on the ASA) on the guest VLAN, configured NAT, etc. Everything seem to be working with that. Guests are getting address on the correct subnet, etc.
The only issue I have is that the Guest VLAN (192.168.22.0) can get to the secure (VLAN1 - 172.16.0.0). I set up the guest VLAN (VLAN 5) with a security level of 10, the secure with a level of 100. I figured that would be enough. To stop the guest from accessing the secure, I had to throw on an ACL (access-list Guest-VLAN_access_in line 1 extended deny ip any 172.16.0.0 255.255.255.0)
Can someone show me what I did wrong?
Thank you for any help!
To create the VLAN, I did the following:
int vlan5
nameif Guest-VLAN
security-level 10
ip address 192.168.22.1 255.255.255.0
no shutdown
int Ethernet0/1
switchport trunk allowed vlan 1 5
switchport trunk native vlan 1
switchport mode trunk
no shutdown
below is the whole config.
Result of the command: "sho run"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password zGs7.eQ/0VxLuSIs encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport trunk allowed vlan 1,5
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address <External IP/Mask>
interface Vlan5
nameif Guest-VLAN
security-level 10
ip address 192.168.22.1 255.255.255.0
boot system disk0:/asa913-k8.bin
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network Inside_Server1_80
host <Inside_server1_IP>
object network Inside_Server1_25
host <Inside_server1_IP>
object network Inside_Server1_443
host <Inside_server1_IP>
object network Inside_Server1_RDP
host <Inside_server1_IP>
object service RDP
service tcp destination eq 3389
object network Outside_Network1
host <Outside_Network_IP>
object network Outside_Network2
host <Outside_Network_IP>
object network Outside_Network2
host <Outside_Network_IP>
object network TERMINALSRV_RDP
host <Inside_server2_IP>
object network Inside_Server2_RDP
host <Inside_Server2_IP>
object-group network Outside_Network
network-object object Outside_Network1
network-object object Outside_Network2
object-group network RDP_Allowed
description Group used for hosts allowed to RDP to Inside_Server1
network-object object <Outside_Network_3>
group-object Outside_Network
object-group network SBS_Services
network-object object Inside_Server1_25
network-object object Inside_Server1_443
network-object object Inside_Server1_80
object-group service SBS_Service_Ports
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq smtp
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit object-group SBS_Service_Ports any object-group SBS_Services
access-list outside_access_in extended permit object RDP any object TERMINALSRV_RDP
access-list outside_access_in extended permit object RDP object-group RDP_Allowed object Inside_Server1_RDP
access-list outside_access_in extended permit object RDP object-group RDP_Allowed object Inside_Server2_RDP
access-list Guest-VLAN_access_in extended deny ip any 172.16.0.0 255.255.255.0
access-list Guest-VLAN_access_in extended permit ip any any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu Guest-VLAN 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-714.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (inside,outside) dynamic interface
object network Inside_Server1_80
nat (inside,outside) static interface service tcp www www
object network Inside_Server1_25
nat (inside,outside) static interface service tcp smtp smtp
object network Inside_Server1_443
nat (inside,outside) static interface service tcp https https
object network Inside_Server1_RDP
nat (inside,outside) static interface service tcp 3389 3389
object network TERMINALSRV_RDP
nat (inside,outside) static <TerminalSRV_outside)IP> service tcp 3389 3389
object network Inside_Server2_RDP
nat (inside,outside) static interface service tcp 3389 3390
nat (Guest-VLAN,outside) after-auto source dynamic obj_any interface
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group Guest-VLAN_access_in in interface Guest-VLAN
route outside 0.0.0.0 0.0.0.0 <Public_GW> 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 172.16.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.22.50-192.168.22.100 Guest-VLAN
dhcpd dns 8.8.8.8 4.2.2.2 interface Guest-VLAN
dhcpd lease 43200 interface Guest-VLAN
dhcpd enable Guest-VLAN
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 129.6.15.30 prefer
username <Username> VAn7VeaGHX/c7zWW encrypted privilege 15
class-map global-class
match default-inspection-traffic
policy-map global-policy
class global-class
inspect icmp
inspect icmp error
inspect pptp
service-policy global-policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:7f5d70668ebeb94f49f312612f76c943
: endHi,
To my understanding they should not be able to connect to the more secure network IF you DONT have an interface ACL configured.
One very important thing to notice and which I think is the most likely reason this happened is the fact that as soon as you attach an interface ACL to an interface then the "security-level" looses its meaning. The "security-level" has meaning as long as the interface is without an ACL. This makes the "security-level" only usable in very simple setups.
What I think happend is that you have "permit ip any any" ACL on the interface that allowed all the traffic.
Your option is to either remove the interface ACL completely or have the ACL configured like you have now. I mean first block traffic to your secure LAN and then allow all other traffic which would allow the traffic to Internet
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed.
- Jouni
Maybe you are looking for
-
Help needed with audio files in pdf
I added mp3 audio files to a multi page pdf document via Acrobat Pro and the files play fine for me when I open the pdf. My client, however, doesn't even see the audio player rectangles after opening the pdf. Is there something I'm missing to make th
-
PSE 10 tossing images in trash after I change the date on a mac
Is it normal for PSE 10 to throw images in the trash after I change the date of a image? I have a bunch of images that came in with the wrong date from my camera, I decided finally to correct the date. I noticed my trash can suddenly with content, I
-
Overlapping data when more data column chart SSRS
Hi guys, In my ssrs report the column chart display is not good when more number of datas are viewed.How to overcum this issue I searched more on this issue no good solution found. I attached screenshot for this report, any suggestions pls Thanks, R
-
Decode inside xmlelement???!!!!
hello guys I have little bit problem by using XML inside sql query. XMLELEMENT("XXX", case r_econ_info_comp.country when lStateLocation then rr_econ_info_comp.juridical_form else null end), XMLELEMENT("YYY", case rr_econ_info_comp.country when lState
-
Hi, can I get the substitution tags value used by template and assign this to a variable defined in a Unstructured template? My problem is to manage a conditioned exit action from a reports chain called by several Dynamic Pages thanks Giovanna