[macosx-unix] Re: scanning a mac for compromise
Bob Ippolito
bob at redivi.com
Fri Feb 16 17:37:58 EST 2007
On 2/16/07, George Georgalis <george at galis.org> wrote:
> On Fri, Feb 16, 2007 at 04:41:17PM -0500, Peter Booth wrote:
> >Which of the sharing options was enabled ? remote login? Was the XP
> >VM running in the background? presumably its much easier to compromise.
>
> I think they have a shared directory, doubt remote login on either
> OS. XP was running or sleeping (not sure) in the background.
>
>
> >You can use last and XP eventvwr to check for remote logons to either
> >OSX or XP at the time in question. It would be hard to leave no
> >trace. Check all of the logs in /var/log
>
> Even if XP was fully compromised, you think there is a way to hit
> on the mac? It seems most likely this was a hardware glitch but
> while I've heard of phish software to send home tiles of graphic
> near the cursor, I've never heard of hard/soft/static/temp problem
> to cause a "tile" of bus noise or whatever on the display. Maybe
> it was just temp changes getting the video card upset?
>
> Any other non-intrusion hypothesis?
My bet is on driver bug or hardware glitch. You'd really have to go
out of your way to screw with the cursor, I can't imagine an exploit
would do that.
-bob
More information about the macosx-unix
mailing list