[macosx-unix] Re: Re: scanning a mac for compromise
George Georgalis
george at galis.org
Sat Feb 17 11:13:53 EST 2007
On Fri, Feb 16, 2007 at 02:37:58PM -0800, Bob Ippolito wrote:
>On 2/16/07, George Georgalis <george at galis.org> wrote:
>>On Fri, Feb 16, 2007 at 04:41:17PM -0500, Peter Booth wrote:
>>>Which of the sharing options was enabled ? remote login? Was the XP
>>>VM running in the background? presumably its much easier to compromise.
>>
>>I think they have a shared directory, doubt remote login on either
>>OS. XP was running or sleeping (not sure) in the background.
>>
>>
>>>You can use last and XP eventvwr to check for remote logons to either
>>>OSX or XP at the time in question. It would be hard to leave no
>>>trace. Check all of the logs in /var/log
>>
>>Even if XP was fully compromised, you think there is a way to hit
>>on the mac? It seems most likely this was a hardware glitch but
>>while I've heard of phish software to send home tiles of graphic
>>near the cursor, I've never heard of hard/soft/static/temp problem
>>to cause a "tile" of bus noise or whatever on the display. Maybe
>>it was just temp changes getting the video card upset?
>>
>>Any other non-intrusion hypothesis?
>
>My bet is on driver bug or hardware glitch. You'd really have to go
>out of your way to screw with the cursor, I can't imagine an exploit
>would do that.
Good point about the mouse. I've seen weird things in 'tiles'
too so I tend to favor the Occam's razor perspective. Especially
considering this laptop has been sleeping through airports,
x-rays, weather, hotel static etc.
Thanks for the feedback.
// George
--
George Georgalis, systems architect, administrator <IXOYE><
More information about the macosx-unix
mailing list