XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Thu Dec 12, 2019 6:37 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 22 posts ] 
Author Message
PostPosted: Sat Feb 02, 2019 11:37 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
How to Configure a Backdoor on Anyone's MacBook...

https://null-byte.wonderhowto.com/how-t ... k-0184637/


Top
 Profile  
 
PostPosted: Sat Feb 02, 2019 6:47 pm 
Offline

Joined: Sat Aug 09, 2008 7:00 pm
Posts: 251
Location: Texas
Dang.


Top
 Profile  
 
PostPosted: Sun Feb 03, 2019 3:58 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:07 pm
Posts: 2756
Location: Inside Flatus Maximus
Requires physical access to the computer (this can be done on any Mac, not just an MBP, BTW). Then also requires knowing the IP of the target computer. Risk here is minimal unless you're leaving your machine unattended in public, in which case you have bigger concerns to worry about.

_________________
Official Mac Tech Support Forum Cookie™ (Mint Chocolate Chip)
Guaranteed tasty; Potentially volatile when dipped in WWIII Forum Syrup®
Caution: This cookie bites back.


Top
 Profile  
 
PostPosted: Sun Feb 03, 2019 4:16 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
Thanks ST, I knew it was any Mac & physical access, I was thinking more about the the insipidness of installing something nearly undetectable that uses built in processes, seems such could be snuck in, like with a fake Flash Player update or such?


Top
 Profile  
 
PostPosted: Mon Feb 04, 2019 3:33 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10995
Location: Caught between the moon and NYC
If you set a firmware password single user and a whole host of other startup commands are disabled.

Whole drive encryption is a good idea but on HDs you will want to kill yourself. Every single thing you do will become a glacially slow drive thrashing extravaganza.

Anyone who installs software from random internet sources is going to get compromised eventually. We get around this at work by not giving people admin access.


Top
 Profile  
 
PostPosted: Mon Feb 04, 2019 12:33 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
Thanks MB.


Top
 Profile  
 
PostPosted: Mon Feb 04, 2019 6:57 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10995
Location: Caught between the moon and NYC
There are vulnerabilities in USB, Firewire, and Thunderbolt interfaces that malicious devices can exploit to gain access to the system they're plugged into. DMA is pretty much a given on most which means an attached device has the capability to view portions of the RAM on the system.

When you let an attacker have physical access to your system all bets go out the window. There are steps you can take to make it longer but ultimately its a delaying tactic. A truly skilled intruder is going to get in if you give them access to the hardware. The best you can do is stop the casual idiot from gaining access, like some pawn shop employee who's studiously avoiding questioning whether they're in receipt of stolen property.

The nice thing about the firmware password is that when you attempt to boot into single user it just ignores the keypress, so any script-kiddie following instructions will think he just didn't hit it in time or whatever, so they'll probably try a couple more times. The other blocked keypresses do the same thing. The ones that are enabled display a lock icon on the screen with a password box, so if they're particularly ignorant they'll think they've triggered an iCloud lock and run (iCloud locks will record the location of the device when it was locked).


Top
 Profile  
 
PostPosted: Tue Feb 05, 2019 8:24 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6708
Location: NYC
Evil Maid attack impossible to completely detect:

Quote:
It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out. https://theintercept.com/2018/04/28/com ... tampering/


But maybe detectable, if requires lid opening?

https://objective-see.com/products/dnd.html

with these drive-a-truck-through caveats:

Quote:
As with any security tool, direct or proactive attempts to specifically bypass DND's protections will likely succeed. Also any attack that does not require opening the lid of closed laptop will remain undetected.

Future versions will expand DND's monitoring and detection capabilities (perhaps alerting on power events, USB insertions, etc)


Top
 Profile  
 
PostPosted: Tue Feb 05, 2019 11:34 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
Thanks W, I already use Block-Block by Objective Sea.


Top
 Profile  
 
PostPosted: Tue Feb 05, 2019 1:23 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10995
Location: Caught between the moon and NYC
This is one of the inevitable outcomes.

I feel like a smart case might help secure systems. So put your system in the smart case, leave the room, malicious actor comes in, unlocks case, case sends message, and/or creates log entry, that it was unlocked. It should be possible to create an embedded system that could live within a case that gets triggered when the latch or hinge is opened, then sends signal via cellular network, WiFi, and just plain old internal flash storage.

The trick is for the case to look like any other normal case so the attacker doesn't specifically zoom in on compromising the case before compromising the system.


Top
 Profile  
 
PostPosted: Tue Feb 05, 2019 1:34 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
Safari warning me that site's certificate is invalid.


Top
 Profile  
 
PostPosted: Tue Feb 05, 2019 5:48 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10995
Location: Caught between the moon and NYC
Works fine in Firefox here but I'm also in Windows, I'd have to reboot to test Safari because Apple doesn't make a Windows version anymore. imgur isn't a fly-by-nite site, they used to be the official image host for reddit. (shrug)

Honestly the only people I personally know (physically interact with) who use Safari are people who constantly bring their systems to me because they're always getting infected. Might not be the browser, might just be the person, but the few I steered towards alternatives stopped coming to me all the time.

Its just a cat who got caught attempting to unlock someone's iPhone.


Top
 Profile  
 
PostPosted: Wed Feb 06, 2019 6:59 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
Firefox did the same thing, happened on many sites, turns out I had to get rid of OpenDNS' DNS numbers.


Top
 Profile  
 
PostPosted: Wed Feb 06, 2019 10:34 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10995
Location: Caught between the moon and NYC
Oh. That means OpenDNS was trying to filter your request based on whatever security settings are configured for your IP address. So instead of being sent to a page on imgur you were being sent to an opendns page, which doesn't have the same SSL certificate as imgur, so therefore it pops up the warning. There is an SSL cert you can install from OpenDNS that will allow it to just display their page instead of the warning.

https://support.opendns.com/hc/en-us/ar ... co-Root-CA


Top
 Profile  
 
PostPosted: Wed Feb 06, 2019 3:07 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 10102
Location: North of the State of Jefferson
Yeah, but I wouldn't do that: anyone with their certificate can then impersonate any site. That's probably not the security you were looking for. On the other hand, I also don't use OpenDNS (which isn't open in the Grand sense of the word, and arguably isn't DNS without NXDOMAIN responses -- and yes, I realize you can get NXDOMAIN responses back, but then there's no filtering unless you want to pay for it, and without that there's arguably little point in using OpenDNS).

Of course, I'm also a grumpy old man who just wishes he had a lawn so that I could sit in front of it and shake a stick at all the neighbor kids to keep them off it.

- Anonymous


Top
 Profile  
 
PostPosted: Wed Feb 06, 2019 3:37 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
What's the best DNS?

I've put in 1.1.1.1 & 8.8.8.8


Top
 Profile  
 
PostPosted: Thu Feb 07, 2019 12:10 am 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 10102
Location: North of the State of Jefferson
Oddly enough, I think both of those are pretty good. It wouldn't be hard to argue that Google isn't ideal, since they're an advertising company, but they also have a vested interest in an Internet that works correctly and I haven't seen any evidence to suggest they're harvesting DNS queries in yet another vast data mining operation.

Another alternative is to run your own recursive resolver, but that's not a very good option for most people.

And of course if you trust OpenDNS to filter the Internet for you, or at least DNS queries on the Internet, you can use it as well.

Bear in mind that DNS is, if not the backbone of the modern web, at least a rib and maybe sternum.

- Anonymous


Top
 Profile  
 
PostPosted: Thu Feb 07, 2019 7:47 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10995
Location: Caught between the moon and NYC
8.8.8.8 is Google, with all that it entails, but 1.1.1.1 is Cloudflare, whose main business appears to be accepting money from individuals who run sites that cause people to need to use Cloudflare.

I like 9.9.9.9, it does at least some of the security filtering OpenDNS ostensibly does.

I don't know if I'm grandfathered into the plan or what but I do have a free account that does security filtering through OpenDNS for free. I have the "web filtering" options disabled because that's the part that breaks NXDOMAINs on free accounts, but I have all the other security options turned on. I probably should wander through trying to create a new account and see if I can mirror its setup.


Top
 Profile  
 
PostPosted: Thu Feb 07, 2019 8:14 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
Thanks to both. :)

Used to have a free DNS account but no idea of my login credentials.


Top
 Profile  
 
PostPosted: Thu Feb 07, 2019 8:44 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6708
Location: NYC
re. Quad 9

https://arstechnica.com/information-tec ... -everyone/

https://www.quad9.net/

https://www.quad9.net/faq/

Looks good. If I didn't have DNSCrypt.eu running out of the router, probably what I'd be using. Plus uMatrix and uBO with all the filter lists, some overlapping, but doesn't seem to hurt.


Top
 Profile  
 
PostPosted: Thu Feb 07, 2019 9:07 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 16757
Thanks W. :)


Top
 Profile  
 
PostPosted: Thu Feb 07, 2019 11:58 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10995
Location: Caught between the moon and NYC
I have a paid account at my workplace and it's amazing to log in with my personal account because the personal site is basically OpenDNS prior to them being acquired by Cisco. The new site looks wildly different, the personal account is just the old OpenDNS site. Part of why I was thinking I might be grandfathered in, but maybe personal accounts are just that way.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 22 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group