System compromised by Choqok

Similar Messages

• Is System Compromised?

  Sorry for cross post - I posted this in Apple Remote Desktop, but not sure it's an ARD issue and that forum is not highly frequented so wonder if someone here can shed some light and stem my paranoia.
  Came back into house to find G5 approaching lift off with full fans gunning and blank screen. After re-boot looked in system.log and it is head to tail (including after reboot) with these lines:
  Jan 8 22:46:45 David-Thorpes-Computer ARDAgent [383]: UDPWritePacket error 65 No route to host for -64.168.1.103
  Jan 8 22:49:05 David-Thorpes-Computer ARDAgent [383]: UDPWritePacket error 65 No route to host for -64.168.1.103
  Jan 8 22:51:05 David-Thorpes-Computer ARDAgent [383]: UDPWritePacket error 65 No route to host for -64.168.1.103
  Don't have a clue what that IP address is. I pinged it and this is what I got:
  PING 64.168.1.103 (64.168.1.103): 56 data bytes
  36 bytes from rback12-g1-0.scrmca.sbcglobal.net (64.171.152.68): Time to live exceeded
  Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
  4 5 00 0054 278e 0 0000 00 01 8f00 192.168.1.100 64.168.1.103
  36 bytes from rback12-g1-0.scrmca.sbcglobal.net (64.171.152.68): Time to live exceeded
  Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
  4 5 00 0054 2791 0 0000 00 01 8efd 192.168.1.100 64.168.1.103
  36 bytes from rback12-g1-0.scrmca.sbcglobal.net (64.171.152.68): Time to live exceeded
  Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
  4 5 00 0054 2793 0 0000 00 01 8efb 192.168.1.100 64.168.1.103
  36 bytes from rback12-g1-0.scrmca.sbcglobal.net (64.171.152.68): Time to live exceeded
  Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
  4 5 00 0054 279d 0 0000 00 01 8ef1 192.168.1.100 64.168.1.103
  Don't know what that means - unlike anything I've seen on a ping before. The paranoid in me wonders if my system is being compromised in some way? Can anyone shed light?
  David

  I make no claims to know just what-all some of those applications do. However I to would be paranoid to see entries like that.
  It looks to me (as an only slightly above average OSX user) that some one managed to enter ARD and tell your computer to do "something." It also kinda looks like it was "unable" to do that, the port it was trying to send to was Overloaded or something. May have even caused some kind of Kernel panic?? One of the others might better know that though.
  Do you use SETI? or some other kind of Shared Computing?
  Unless needed, Disable the ARD in your Sharing settings, and Up your Firewall. Only enable services you need. This closes ports to the web and even saves system resources like RAM.
  -Though getting the Firewall set just right may take some tinkering. I pop mine up (default) to irritate would be hackers bashing my ports (shows in the logs). But it often creates issues with other software and networking, so its "as needed" for me. -Ive never gotten my Firewall to a one size fits all scenario yet.
  In your Console there are other logs that might yield interesting data as well:
  console.log system.log asl.log ftp.log secure.log
  httpd> access_log error_log
  of course if you dont use "Personal Web Sharing" (httpd logs) or "Personal File Sharing" (ASL.log) those logs may be empty.
  But I am sure that IF some one did instruct your computer remotely, there is sure to be allot more in your logs Someplace.
  Quicksilver G4   Mac OS X (10.4.8)   733mhz, 768 SDRAM, ATA133, 380GB, 2X Net, WiFi-G, DSL, etc.

• System compromised?

  Hey,
  I'm not sure what I should think of this, so I'm posting here and asking about it... I've gotten G-lined from QuakeNet twice now, with the following message:
  You are infected with a trojan, please clean your PC.
  I guess it's certainly plausible, but I doubt it. The first time it happened they cancelled it quickly and when I went and asked about it, they said it was a mistake. I guess having it happen once is all fine and dandy, but yesterday it happened for the second time.
  I'm having a hard time believing it though, since (I'm no expert... But...) I have no services running except mpd, that listen on any ports... No ssh etc. Though I don't have iptables dropping packets, my ports are all simply closed. Having inbound packets dropped is sometimes an inconvenience and I see no added benefit in it. Except that port scanners and whatnot wouldn't get a response..
  My system is up to date, except that I'm running on an older kernel since my uptime is a tad over 40 days.
  So, should I worry or not? I've been thinking about it, and maybe the previous owner of my IP (dynamic) had a virus-laden computer and they're still kicking me out because of that or something. But then again, I've had this ip for as long as my computer has been up, so..

  Daenyth wrote:You say they cleared it the first time. Maybe ask them what could trigger it?
  Well it's supposed to happen when people spam some virus urls on the network. I guess it should also happen if some botnet/whatever system uses their network for remote controlling.
  But I know I'm not doing it myself, so either I'm compromised or their system fails.

• Spotlight not working...other important systems compromised.

  Hello, I have a slightly older MacBook.  It was purchased when leopard was out, but has been upgraded to lion, with ram added.
  Had no problems with the OS until I installed the seagate diagnostics software about a week ago at their recommendation.
  During the install, the computer hung during the shutdown of the mandatory restart.  It took me a pram reset to get the machine to start up again.  Since then, the following has been a problem:
  -Spotlight has no index and won't search.
  -The computer will not shut down, have to pull the plug.
  -Finale (which uses java runtime) doesn't work, and the auto install of java run time won't go in.
  -Software update starts, but the percentage bar freezes after a moment.
  I have run the system restore partition, which went in okay, but did not change anything.  I have also followed the steps to uninstall the seagate diagnostic software.  However the problem still persists.  I'm guessing there is some sort of shut down script that is hanging the system, and preventing indexing from happening which prevents all of these other processes from happening.  Does anyone have any ideas for what to do next?
  Thanks,
  Chris Roode

  Hey, that's some handy software.  It found everything except for two files that were located in the /System/Library/Extensions folder.  I guess that was out of the search scope.
  Basically, I observed the startup screen and noticed that even with all of the files out, the system was still calling seagate objects on startup.  I read this helpful article:
  http://osxdaily.com/2007/01/22/what-happens-in-the-mac-os-x-boot-process/
  I followed step by step until I found the additional files in the /System/Library/Extensions folder.  I'm hoping that this is all the troubleshooting I need to do.

• I believe my browser has been comprimised --how can I know it is secure?

  When I use the gmail link newly provided from the "new" google tool bar along the top of my browser window -- the gmail log-in screen is different from the log-in screen as it normally present's itself.
  This change occurred after this new set of links started appearing above the browser window -- this set of links appears only on the google home page.
  I did not install or accept the installation of any new tools or link add-on's for my Firefox browser.
  After this a hostile user has started logging in to political sites I frequent and is falsely using my name & identity -- as accessed through my gmail account.
  I have changed the passwords on my accounts but I still get the phoney looking gmail log-in from the new selection of links which recently began appearing a few weeks ago.
  When I access gmail from a google search I do not get this same log-in screen -- it is the older more familiar screen.
  Is my browser or system compromised?

  See:
  *http://www.google.com/support/accounts/bin/answer.py?answer=1401722&topic=14129&hl=en

• Why are some web sites that i have been using for years now all the sudden changing themselves from Standards compliance mode to Quirks mode? How do I change them back to Standards compliance mode?

  Like I will be checking on an account { page is fine} go to a different screen then go back.... This is the fun part. The page starts off normal then all the sudden it shrinks and moves to the right side of the page with out me touching anything. I have had this happen to me a few different times and could not seem to get the help I needed. I bring up another page, look at page info and it says Rendering mode - Standards compliance mode, but on the messed up page it says Quirks mode. How do I get it back to Standards compliance mode?

  Good day ... As I leave California I am still very puzzled at how Yahoo can hijack my pages while on the internet ...? A friend of mine who lives here is also puzzled at how this is happening. I have taken screen grabs and would video it if that is possible ...? The screen grabs have the time taken on each grab, so one can see how fast this happens .. in a matter of seconds Yahoo jumps in with no relevance to my link I was trying to get to or the last hit or any thing stored in my history ... Is this possible ..? As I said I use a Macbook Pro 17", Os X 10.9.5, firefox 33.0.0 ..... Where is the fault ... Is my system compromised ..?
  I am now in South Africa and the problem still exists ... Please see screen grabs that I took and uploaded before ... Please help as I like Firefox over Safari, and do not wish to change ....

• QUICKTIME 7.1.3 SECURITY UPDATE FOR WINDOWS? Where is it?

  How do I get the security update (2007-001) for the WINDOWS version of QuickTime? Do I just download and install the standalone player again?
  As an IT professional who is constantly trying to stick up for apple in a pro-Microsoft world, I find it ridiculous that there is no mention of how windows users can protect themselves from this security flaw, at: http://docs.info.apple.com/article.html?artnum=304989
  It only talks about the OSX version, and the updater in the windows quicktime player just tells me it's up to date with 7.1.3... but 7.1.3 is the only version affected by the security flaw!
  The bug:
  http://projects.info-pull.com/moab/MOAB-01-01-2007.html

  The solution for Windows clients is un-acceptable. This is a critical security flaw that could result of remote code execution and possible system compromise.
  We cannot sit back and expect thousands of enterprise users to manually go out and update QuickTime. Worse yet if they didn't enable the updater when they installed QuickTime.
  A separate downloadable patch for QuickTime for Windows needs to be made available ASAP whereas it can be deployed via existing distribution methods just like we do all other "Critical" security updates.
  When will a downloadable patch be available?
  If not, our only recourse may be to force the un-install of QuickTime as an unmanageable product.

• [SOLVED] Is using AUR safe? (particularly using yaourt )

  Hi,
  I've been using AUR to compile certain packages, such as psad, lynis, and I often use youart to achieve that.
  I recognize there's an array of hashes in PKGBUILD which ensures the integrity of downloaded files,
  but I don't see any mechanism to ensure the PKGBUILD is intact during transfer, unlike official packages
  which are signed by keys.
  So are you guys concerned about PKGBUILD being corrupted or modified, and as a conseqence leading your
  system compromised?
  Last edited by darrenldl (2013-08-28 09:45:36)

  darrenldl wrote:
  Hi,
  I've been using AUR to compile certain packages, such as psad, lynis, and I often use youart to achieve that.
  I recognize there's an array of hashes in PKGBUILD which ensures the integrity of downloaded files,
  but I don't see any mechanism to ensure the PKGBUILD is intact during transfer, unlike official packages
  which are signed by keys.
  So are you guys concerned about PKGBUILD being corrupted or modified, and as a conseqence leading your
  system compromised?
  If you're really that concerned about PKGBUILDs being intact when you install something from the AUR, you should be checking the PKGBUILD yourself.

• TCP Hijack - Insight required to investigate

  Event ID          1363209060027941200
  Severity          high
  Host ID          XXXX-IPS
  Application Name          sensorApp
  Event Time          04/03/2013 16:56:55
  Sensor Local Time          04/03/2013 11:26:55
  Signature ID          3250
  Signature Sub-ID          0
  Signature Name          TCP Hijack
  Signature Version          S667
  Signature Details          TCP Hijack
  Interface Group          vs0
  VLAN ID          20
  Interface          ge0_0
  Attacker IP          AAAA
  Protocol          tcp
  Attacker Port          61952
  Attacker Locality          OUT
  Target IP          BBBB
  Target Port          80
  Target Locality          OUT
  Target OS          unknown unknown (relevant)
  Actions          ipLoggingActivated+denyPacketRequestedNotPerformed+logAttackerPacketsActivated+logVictimPacketsActivated
  Risk Rating          TVR=medium ARR=relevant
  Risk Rating Value          100
  Threat Rating          100
  Reputation
  Context Data
  Packet Data          Ether: ---- Ethernet2 OSI=2 Frame #1 Captured on 2013-04-03 16:56:55.962 ----
  Ether:
  Ether:   dst =  0:0:c:7:ac:5
  Ether:   src =  0:13:c4:4e:2d:bf
  Ether: proto =  0x8100 "(VLAN) IEEE 802.1q"
  Ether:
  VLAN: ---- IEEE802dot1q IEEE=802.1q OSI=2 ----
  VLAN:
  VLAN: flags = 0000000000010100 20
  VLAN:         000............. 0x0 = [priority]
  VLAN:         ...0............ 0x0 = [cfi]
  VLAN:         ....000000010100 20 = [id]
  VLAN:  type =  0x800 "(IP) Internet protocol (v4 or v6)"
  VLAN:
  IPv4: ---- IPv4 RFC=791 OSI=3 ----
  IPv4:
  IPv4:      ver =  4 "Internet Protocol version 4"
  IPv4:     hlen =  5 (20 bytes) "No IP options present"
  IPv4:      tos = 00000000 0x0
  IPv4:            000..... 0x0 = [precedence] "Routine"
  IPv4:            ...0.... 0x0 = [delay] "Normal delay"
  IPv4:            ....0... 0x0 = [throughput] "Normal throughput"
  IPv4:            .....0.. 0x0 = [reliability] "Normal reliability"
  IPv4:            ......00 0x0 = [reserved]
  IPv4:      len =  52 (32 bytes of data)
  IPv4:       id =  0x6c1
  IPv4:    flags = 010 0x2 (bit fields)
  IPv4:            0.. 0x0 = [reserved]
  IPv4:            .1. 0x1 = [df] "Do not fragment"
  IPv4:            ..0 0x0 = [mf] "no more fragments"
  IPv4:   offset =  0 (0 bytes)
  IPv4:      ttl =  127 (hops)
  IPv4: protocol =  6 "(TCP) Transmition Control Protocol (RFC793)"
  IPv4: checksum =  0x40ff
  IPv4:    saddr =  AAAA
  IPv4:    daddr =  BBBB
  IPv4:
  TCP: ---- TCP RFC=793 OSI=4 ----
  TCP:
  TCP: sport =  61952
  TCP: dport =  80
  TCP:   seq =  2512247734
  TCP:   ack =  2410330435
  TCP:  hlen =  8 (32 bytes)
  TCP:   res =  0
  TCP:  code = 010000 0x10
  TCP:         0..... 0x0 = [urg]
  TCP:         .1.... 0x1 = [ack] "Acknowledgement Field Significant"
  TCP:         ..0... 0x0 = [psh]
  TCP:         ...0.. 0x0 = [rst]
  TCP:         ....0. 0x0 = [syn]
  TCP:         .....0 0x0 = [fin]
  TCP:   win =  65205 (bytes)
  TCP:   crc =  0xb0d2 (CRC-16)
  TCP:   urg =  0 (byte offset)
  TCP:
  TCP: Options: (12 bytes)
  TCP:   Opt #1: NOP(1) skipped 1 byte
  TCP:   Opt #2: NOP(1) skipped 1 byte
  TCP:   Opt #3: SACK Option(5) contains 0 blocks
  TCP:
  Data: 0000  8f aa be a7 8f ab 8b 7f               ........
  Data:
  Event Summary          0
  Initial Alert
  Summary Type
  Final Alert
  Event Status          New
  Event Notes
  We got an alert like this. But struggling to find out whether its malignant traffic. Any help would be deeply appreciated

  Unfortunately this signature in particular cannot be easily determined from the information in the alert alone.
  From the sig description:
  "Triggers when both streams of data within a TCP connection indicate that a TCP hijacking may have occurred. The current implementation of this signature does not detect all types of TCP hijacking and false positives may occur. Even when hijacking is discovered, little information is available to the operator other than the source and destination addresses and ports of the systems being affected.  TCP Hijacking may be used to gain illegal access to system resources.
  This signature fires upon detecting old, out of sequence ack packets. The most common network event that may trigger this signature is an idle telnet session. The TCP Hijack attack is a low-probability, high level-of-effort event. If it is successfully launched it could lead to serious consequences, including system compromise. The source of these alarms should be investigated thoroughly before any actions are taken. Recommend security professional consultation to assist in the investigation.
  This signature functions in promiscuous mode. However, while monitoring utilizing in-line mode, this signature is automatically disabled due to the protection provided by 1300 series of signatures."
  More information is needed to take any action here such as the type of the two machines involved (how are they typically used, are they end user/server machines, etc) and if this attack makes sense in that scenario or if it is likely a false positive from telnet or some sort of other network anomaly.

• Labview installer creates bad permissions

  On Mac OS X, I just installed LV 8.20, VISA 4.0.1 and NI-DAQmx Base 2.1.
  After this process one of the installers changed the owner, group and permissions of /Library/Frameworks. This creates a potential security problem. Repair permissions will fix this, but it is wrong for the installer to do this. The permissions were correct just before I did the installation. I am not sure which of the installers did this, but I will post later as I figure this out.
  User differs on ./Library/Frameworks, should be 0, owner is 501
  Group differs on ./Library/Frameworks, should be 80, group is 501
  Permissions differ on ./Library/Frameworks, should be drwxrwxr-x , they are drwxr-xr-x
  Owner and group corrected on ./Library/Frameworks
  Permissions corrected on ./Library/Frameworks

  Roy F wrote:
  The CAR # is actually 43CFE91J.
  For search purposes, I'll add our standard text: This was reported to R&D (CAR # 43CFE91J) for further investigation.
  Wow, I just installed 8.5 and it does essentially the same thing. It is really nasty changing the /Library permissions. But also having the LabVIEW directory wide open is not good either!
  There is write permission to everything!!! This is great for mass compiles, but a wide open attack vector for anyone trying to install a trojan horse. Having your entire system compromised by this install is sort of annoying. There are some simple find commands that can fix most of this. The problem is sorting out the actual executables vs the VIs that should not have executable privelege.
  Do a Mass Compile from an admin account. Then do
  cd /Applications/National\ Instruments/LabVIEW\ 8.5
  find . \( ! -user root -o ! -group admin \) -type f -exec chmod 0664 \{\} \;
  find . \( ! -user root -o ! -group admin \) -type d -exec chmod 0775 \{\} \;
  Maybe fixed in LV 8.6??
  -Scott

• Adobe PDF Nonfunctional

  Since the Adobe system compromise and after changing my password, Adobe PDF Pack no longer converts documents to PDF.
  What's the solution?

  Hi Hal,
  Yes - my apologizes for not being more clear.
  Now when you log into here, on the right hand side you will see Convert to PDF, Export to PDF, Combine files, Create a form. You should not be seeing Acrobat Plus.
  If you wouldn't mind, please take a screen shot and send it to me directly: [email protected]
  Looking forward to hearing back from you!
  Stacy

• Safari phishing vulnerability

  This was just made public yesterday. Basically Safari (among some other browsers) appears to mishandle certain unicoded URLs, which can result in phishing attacks (i.e. presenting you with a webpage you believe to be something, for example, paypal, which it is really not). In fact the examples given by the author of the advisory use PayPal, and it definitely appears to work (I used Safari 1.2.4, but the paper claims 1.2.5 is vulnerable as well). Hopefully Apple will release a security update, or a workaround, for this soon - it is quite scary. I haven't looked to see if there is a way to disable this behaviour (evidently, other browsers have this capability) - I'll repost if I find anything.
  Here is the link with the full explanation and examples:
  http://www.shmoo.com/idn/homograph.txt
  Very scary.

  Be aware that the reason this exploit doesn't work in Internet Explorer is >because IE doesn't even support IDN, not because IE is somehow correctly >implements the spec.
  Actually, it's because the plugins aren't installed by default.
  And finally, as an earlier poster stated, you're own vulnerability is low or nil.
  I think that depends on who you are. My degree of vulnerability is pretty low - mainly because I'm a paranoid freak. However, people get involved in phishing scams all the time, and this just makes it easier.
  My post was not intended to knock Apple, but to increase awareness. And as far as "chicken-littles scream holy murder" - I have but one question to ask. Have you ever seen an OS X system compromised? I have. Maybe it's not "holy murder", but "Hey, didja ever consider this..." Maybe you think I'm yelling "holy murder", but I believe I'm just increasing awareness...
  And I quite disagree with your line of "logic" based on previously announced exploits. That's like people who used to say the same thing about Linux when they wanted it to beat M$, and there are plenty of exploits for Linux now. My experience tells me that it is inevitable that something will be created specifically for OS X. I'd love to be wrong, but I doubt it.

• Byte.toString() Encoder..................Seeking advice

  Greetings folks,
  I am currently workin on a small project (details given below) and was wondering whether y'all could give me some advice on the effectiveness / usefulness of the encoder I have devised.
  - You see to store cipher text to a table or even to parse it as string (eg. in the URL of a web based app. for further processing) most people have opted to use the Base64 encoder. This Base64 encoder (converts the cipher text from byte.toString() and conducts low-level encoding on it)..................Problem : This low-level encoding is easily decoded to reveal the cryptic information. The pattern of Base64 is easily recognizable and upon decoding if the attacker can recognize the pattern you used to encrypt, you may consider your system compromised.
  - What I have done : I have devised my own encoder (code named Kryptonite to support the cryptic process)..............The premise is to make it as easily implementable as the Base64 encoder but a whole lot more secure. It not only converts the cipher from byte.toString() but also gets the value of the chars (using CharAt()) and further manipulates it according to a self-devised calculation.
  - As I am a novice in the field of cyptography, it would be helpful to know the advantageous and drawbacks of the approach I have taken........
  Do you think that such a tool is a useful addition to the field or otherwise ???
  Dont hesitate to be cruel (criticism is most welcomed)............. Your feedback on this matter is most appreciated and I do hope to hear from y'all soon.....
  RGDS
  DAZZ_MAN

  tinbot -
  I was fortune telling given restraints with the
  intention of exploring new ideas in crypto education. Yeah, possibly. No offense - it's possible you're really one of the one-in-a-trillion innovators who can make significant strides without being "steeped in history". But my experience of the last 25 years is that the rhetoric you're spouting is invariably used as an excuse by and for people who are too damn lazy to do the hard work of innovation - they just want to be "the light bulb guys". "Oh, I don't need to look at anything that's Come Before - I'm Innovating," they cry, while recreating a bad, buggy version of code that Knuth described perfectly in a set of books printed in the '60s.
  Those who don't know the past are not only doomed to repeat it - they're doomed to look like pretentious, ignorant idiots while doing so.
  Processor speed WILL outrun today's cryptography IFF
  The New Cryptographers are steeped in history to the point
  of drowning.The New Cryptographers don't "drown". The real article revels in history, because it gives them reams of bad examples to avoid. Only the inexperienced, the lame, and the incompetent are incapable of dealing with and building upon previous work in any given field. I no longer fall for the "I'm so revolutionary, The Establishment fears me - look how critical They are of my simplest proposals!" Invariably, it's turned out that that's because those proposals are complete and utter hogwash. Yeah, they laughed at Galileo. But, as Carl Sagan noted - they laughed at Chuckles the Clown, too. You need to work pretty hard to convince me you're not the one wearing the funny nose...
  As CS matures it will require innovations in education. CS will never mature so long as it refuses to learn from its own past. I've spent the last few years watching too many twenty-somethings recreate in exact, excruciating detail the same mistakes that computer companies were making IN THE SIXTIES, all the while crowing about how "cutting edge" it all was.
  Buffer overflows. Unit mismatches. Formatting errors. Timing windows. Deadlocks. Resource allocation. These are FORTY YEAR OLD PROBLEMS, and most or all of them have well-known and well-understood solutions.
  And every batch of New Age Programmers comes out of the gate and promptly trips over every single one of them. And then they spend man-years coming up with flawed analogs to the existing solutions. "Oh, that's not a relevant piece of technical literature - it's twenty years old!" Of course, the problem is THIRTY years old, and the solution works today...
  I'm
  hear to watch people teach and learn one of the sciences tougher domains.We're all here to help each other learn - but that's different than being here to teach. This is not a college classroom. This is a professional developer's forum. The expected cost-of-entry here is that you've done at least a modicum of research on your own. If you haven't, we're likely to be...rude. I'm going to continue to point people to what I consider to be appropriate sources for them to use to further their own careers/education. I am NOT here to use Socratic dialogue to lead the student to rediscovering old chestnuts.
  Life is too damn short, and the field of comupting is too damn important for me to be patient any more with people who don't want to do anything RIGHT, they just want to do some half-assed blecherous hackery that occasionally kinda works if you don't look at it too hard. We have no more TIME for every programmer/software engineer/computer scientist out there to keep making the same tired old mistakes. Learn from what came before AND MOVE FORWARD, please - get off the freakin' treadmill.
  And yeah, it's been One Of Those Days. I don't usually flame on these boards - but sometimes, you just have to say what needs to be said.
  Grant

• Accessing work Mac from home

  I currently work from home as a brand designer. I'm thinking of moving away (turning the home into a business and buying another home) - What's the best way to still have access to my main (work) Mac from home and what hardware is involved? I need to be able to work on the same files and not worry about having multiple versions on 2 different computers which will obviously create probs! Being a designer I work on large image files - something to bear in mind I think?
  Thx 4 any help.

  The technical is easy. The practical is not. First the technical. Assuming that you will have an office LAN with your workstation, server, etc. the best method of connecting is a VPN. This is safe (read secure) and is generally pretty simple to set up. Assuming you have a Firewall/VPN in place, the cost to configure for your Mac should be trivial. On the high end, < $100 for a vpn client like VPN Tracker. Check your Firewall/VPN vendor for a Mac client. If they have one than no need to pay for a client. Other method include port maps but they are less secure and can result in system compromise when poor passwords are used.
  But now for the practical. As a designer, you files are large. Attempting to open a Photoshop document across the internet is a exercise in pain and heartache. You would need a really fast connection (> 50 Mb/sec synchronous) on both ends and you still will be susceptible to loss of data and problems. (Recall that most LANs today are 1000Base (1000Mb/sec., and those that are not are 100). I would instead recommend doing a remote control of your work machine with ARD or Screen Share (VNC) or looking at Aqua Connect (http://www.aquaconnect.net/?page_id=26). The idea here is that your work machine remains running and you make a secure connection over VPN. Then you remote control your work machine and it is doing all the opening, saving, and communication with shared resources. All your home machine is doing is getting the screen updates.
  Hope that helps.

• Boot device option problem in HP Probook 4540s Laptop..

  Hi,
  I have installed Fedora20 in my Laptop in a separate partition. After installing it is showing
  "Boot loader has not verified loaded image"
  "System compromise hault"
  error and system went to power off state.
  To recover this I need to choos the Boot device in the Boot device option in BIOS as Fedora then it is booting Fedora20 OS.
  But in this case, in Boot device option I am getting more Fedora option with the Windows Boot Manager, Boot from EFI options.
  Please suggest what is the issue with my Lap and what I  need to do to recover this problem.
  Best Regards,
  Paulpandian M.,

  Hi Paulpandian,
  I saw two unanswered posts and as I mentioned in the other thread your Probook is a commercial product and you will get more exposure for your issues. Here is a link to the Commercial Notebook forum.  I suggest that you post all of your issues in one post so that the experts there can assist you better.
  Thank you,
  Please click “Accept as Solution ” if you feel my post solved your issue.
  Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
  Thank you,
  BHK6
  I work on behalf of HP