Maximum Security -- Ch 20 -- Macintosh Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network 20 Macintosh The Macintosh platform is not traditionally known for being a cracking platform. It is far more suited to hacking. Programming for the Mac is every bit as challenging as programming for any other environment. Knowledge of C is generally a requisite. For that reason, hacking on the Mac platform can be fun (and occasionally frustrating). Cracking (with respect to the Internet anyway) on the Mac platform, however, is another matter entirely. First, early TCP/IP implementations on the Mac platform were primarily client oriented. Many server packages do now exist for the Mac, but until recently, TCP/IP was not what I would call an "integrated" part of the traditional MacOS. Today, the situation is vastly different. The advancement of integrated TCP/IP in the MacOS has grown tremendously. Apple has taken special steps to ensure that the MacOS TCP/IP support is superb. These efforts have manifested through the development of Open Transport technology. Open Transport is an implementation that provides high-level control at the network level. For example, Open Transport allows multiple, simultaneous TCP/IP connections, the number of which is limited only by memory and processor power. Inherent within the system is automated flow control, which detects the need for fragmentation of IP datagrams. That means when a network segment is encountered that cannot handle large packets, Open Transport automatically reverts to fragmentation. Open Transport has completely integrated MacOS with both TCP/IP and AppleTalk, making it one of the most flexible networking implementations currently available. It now comes stock in System 7.5.3 and above. Cross Reference: You can get libraries, include files, and utilities for the Mac platform, as you'll learn later in this chapter. Some great sources, though, can be found at http://www.metrowerks.com/tcpip/lib/c-libs.html. These sources include real-life examples of Mac TCP/IP programming, complete with C source code. Many examples for those programming in C++ are also available. Find them online at http://www.metrowerks.com/tcpip/lib/cpp-libs.html. Pascal gurus can find Mac TCP/IP source and libraries at http://www.metrowerks.com/tcpip/lib/pascal-libs.html. Programming on the Mac is a challenge. However, most Macintosh users are not so intensely preoccupied with the inner workings of their operating system as users of UNIX systems or even IBM compatibles. The reason has nothing to do with the level of proficiency of Mac users. It has to do with the design of the MacOS itself. The MacOS was conceived with ease of use in mind. Many tasks that are grueling under other operating systems are only a click away on the modern Macintosh. Take, for example, getting connected to the Internet. Only in the last few years have UNIX systems made this process simple. Prior to that, many different files had to be edited correctly and the user had to have some knowledge of UUCP. In contrast, the Mac user is rarely confronted with special configuration problems that call for tweaking the operating system. Therefore, there are few Mac Internet crackers. For those planning to use the Macintosh platform for hacking or cracking, however, there are plenty of resources. For programming, there are a staggering number of choices beyond the traditional C that you normally associate with Mac development. Some of these are ports of languages from other platforms and others are development tools written specifically for the Macintosh. Unfortunately, there are not yet as many free tools for use on Macs as there are for other platforms. Nevertheless, Mac users take a lot of abuse on the Internet. Users who enjoy other platforms often make fun of Mac users, telling them to get a "real" operating system. Well, before we get into what tools are available for cracking on a Mac, I would like to take a moment to offer the Mac community a little vindication. First of all, the number of development tools available for Macintosh is staggering. Rather than list them all here, I have picked a few interesting ones. They are listed in Table 20.1. Table 20.1. Interesting Mac development tools. Tool Description Prograph CPX An awesome, object-oriented tool by Pictorius that allows complex manipulation of data structures through an entirely visual interface. It works through the use of visualization of data flow. It allows you to seamlessly integrate code previously written in C. Moreover, it will soon include cross-platform support. Check it out at http://192.219.29.95/home.html. Mac Common LISP The MCL development environment by Digitool, Inc. It gives you true object-oriented development with perhaps the most powerful object-oriented language currently available. Distributions are available for both 68K and PPC (Power PC). You can get a full-featured evaluation version at http://www.digitool.com/MCL-demo-version.html. Dylan Dylan is a special object-oriented language that was developed primarily from efforts at Apple. There are many benefits to this new and curious language, the most incredible of which is automatic memory management. Memory management has traditionally been a problem to be addressed by the programmer. Not any more. There are a number of free compilers for Dylan, including but not limited to Thomas (witty name), which is located at http://www.idiom.com/free-compilers/TOOL/Dylan-1.html. In addition to these, there are many interesting (traditional and nontraditional) development tools for Mac, including the following: GNU C and C++ (ftp://ftp.cs.purdue.edu/pub/gb/) Perl (http://mors.gsfc.nasa.gov/MacPerl.html) Password Crackers and Related Utilities The utilities described in the following sections are popular password crackers or related utilities for use on Macintosh. Some are made specifically to attack Mac-oriented files. Others are designed to crack UNIX password files. This is not an exhaustive list, but rather a sample of the more interesting tools freely available on the Internet. PassFinder PassFinder is a password cracking utility used to crack the administrator password on FirstClass systems. This is an important utility. The program suite FirstClass is a gateway system, commonly used for serving e-mail, UUCP, and even news (NNTP). In essence, FirstClass (which can be found at http://www.softarc.com/) is a total solution for mail, news, and many other types of TCP/IP-based communication systems. It is a popular system on the MacOS platform. (It even has support for Gopher servers and FTP and can be used to operate a full-fledged BBS.) Because FirstClass servers exist not only on outbound Internet networks, but also on intranets, PassFinder is a critical tool. By cracking the administrator password, a user can seize control of the system's incoming and outgoing electronic communications. (However, this must be done on the local machine. That is, the user must have access to the console of the instant machine. This is not a remote cracking utility.) Cross Reference: PassFinder is available at http://www.yatho.com/weasel/files/PassFinder.sit.bin. TIP: Apparently, FirstClass 2.7 does not provide a facility for recording or logging IP addresses. (Reportedly, this simple hole exists in earlier versions.) Therefore, an attack on such a server can be performed in a fairly liberal fashion. FirstClass Thrash! This is an interesting collection of utilities, primarily designed for the purpose of conducting warfare over (or against) a FirstClass BBS. It has features that could be easily likened to Maohell. These include mailbombing tools, denial-of-service tools, and other, assorted scripts useful in harassment of one's enemies. It's primarily used in warfare. Cross Reference: FirstClass Thrash! is located at http://www.i1.net/~xplor216/FCThrash.hqx. FMProPeeker 1.1 This utility cracks FileMaker Pro files. FileMaker Pro is a database solution from Claris, (http://www.claris.com). While more commonly associated with the Macintosh platform, FileMaker Pro now runs on a variety of systems. It is available for shared database access on Windows NT networks, for example. In any event, FMProPeeker subverts the security of FileMaker Pro files. Cross Reference: FMProPeeker is available at http://www.netaxs.com/~hager/mac/cracking/FMProPeeker1.1.sit.bin. FMP Password Viewer Gold 2.0 FMP Password Viewer Gold 2.0 is another utility for cracking FileMaker Pro files. It offers slightly more functionality (and is certainly newer) than FMProPeeker 1.1. Cross Reference: FMP Password Viewer Gold 2.0 is available at http://www.yatho.com/weasel/files/FMP3.0ViewerGold2.0.sit.hqx. MasterKeyII MasterKeyII is yet another FileMaker Pro cracking utility. Cross Reference: MasterKey II is available at the following site in Japan. Have no fear: This site is so fast, it is screaming. The location is http://www.plato-net.or.jp/usr/vladimir/undergroundmac/Cracking/MasterKeyII.1.0b2.sit.bin. Password Killer Password Killer is designed to circumvent the majority of PowerBook security programs. Cross Reference: Password Killer (also referred to as PowerBook Password Killer) can be found online at http://www.plato-net.or.jp/usr/vladimir/undergroundmac/Cracking/PowerBookPwd%20killer.sit.bin. Killer Cracker Killer Cracker is a Macintosh port of Killer Cracker, a password cracker formerly run only on DOS and UNIX-based machines. (You can find a lengthy description of Killer Cracker in Chapter 10, "Password Crackers." Thankfully, the Mac version is distributed as a binary; that means you do not need a compiler to build it.) Cross Reference: Killer Cracker can be found at ftp://whacked.l0pht.com/pub/Hacking/KillerCrackerv8.sit. MacKrack MacKrack is a port of Muffet's famous Crack 4.1. It is designed to crack UNIX passwords. It rarely comes with dictionary files, but works quite well. Makes cracking UNIX /etc/passwd files a cinch. (It has support for both 68K and PPC.) Cross Reference: MacKrack is located at http://www.yatho.com/weasel/files/MacKrack2.01b1.sit.bin. Unserialize Photoshop Unserialize Photoshop is a standard serial number-killing utility, designed to circumvent serial number protection on Adobe Photoshop. This utility really falls into the traditional cracking category. I don't think that this type of activity does much to shed light on security issues. It is basically a tool to steal software. Therefore, I will refrain from offering any locations here. Adobe is a good company--perhaps the only company ever to get the best of Microsoft. My position on stealing software (though I've stated it before) is this: You want free software? Get FreeBSD or Linux and go GNU. This way, you get quality software for free and still maintain extreme cool. NOTE: A large portion of the Macintosh community that label themselves "hackers" engage in piracy and unlawful use of copyrighted software. Newsletters and other documents containing serial numbers of all manners of software are posted monthly. (These documents often exceed 300KB in length and include hundreds of serial numbers. The most famed such distribution is called "The Hacker's Helper," which typically comes out once a month.) While this is their own affair, I should relate here that this type of activity is the precise antithesis of hacking. The only thing worse than this (and more removed from hacking) would be to steal such software and claim that you wrote it. WordListMaker WordListMaker is a utility designed to manage dictionary files. This is invaluable if you plan to crack password files of any size, or files on which the users may speak more than one language (forcing you to use not only American English dictionaries, but perhaps others, including British English, Italian, French, German, and so forth). The utility is designed to merge dictionary files, a function that on a UNIX system takes no more than a brief command line but that, on many other platforms, can be a laborious task. Cross Reference: WordListMaker is located at ftp://whacked.l0pht.com/pub/Hacking/WordListMaker1.5.sit. Remove Passwords Remove Passwords is a nifty utility that removes the password protection on Stuffit archives. Stuffit is an archiving utility much like PKZIP or GZIP. It is more commonly seen on the Macintosh platform, but has since been ported to others, including Microsoft Windows. You can acquire Stuffit at ftp://ftp.aladdinsys.com/. Remove Passwords bypasses password protection on any archive created (and password protected) with Stuffit. Cross Reference: Remove Passwords is available at http://www.yatho.com/weasel/files/RemovePasswords.sit. RemoveIt RemoveIt is a utility almost identical to Remove Passwords. It strips the passwords from Stuffit archives. Cross Reference: RemoveIt is available at http://www.yatho.com/weasel/files/RemoveIt.sit.bin. Tools Designed Specifically for America Online The tools described in the following sections are designed primarily to subvert the security of America Online. Specifically, the majority of applications in this class steal service from AOL by creating free accounts that last for several weeks. Use of most of these tools is illegal. Maohell.sit Currently available at 13 sites on the Net, Maohell.sit is the Macintosh port (or rather, equivalent) of the famous program AOHELL. AOHELL allows you to obtain free access to America Online services. It can create bogus accounts that are good for several weeks at a time. The utility also comes with various tools for harassment, including an automated mailbombing utility and some chat room utilities. Cross Reference: Maohell.sit is available at ftp://whacked.l0pht.com/pub/AOLCrap/Maohell.sit. NOTE: AOHELL and Maohell may soon be entirely worthless. America Online has made extensive inroads in eliminating this type of activity. For example, it was once a simple task to use nonexistent but "valid" credit card numbers to register with AOL. You could use an algorithm that would generate mathematically sound credit card numbers. Cursory checks then performed by AOL were insufficient to prevent such activity. That climate has since changed. AOL4FREE2.6v4.sit AOL4FREE2.6v4.sit, which manipulates the AOL system, forcing it to interpret you as always occupying the "free" or demo section of AOL, has caused quite a controversy. The author was arrested by the United States Secret Service after being identified as the creator of the software. He currently faces very heavy fines and perhaps a prison sentence. Here's a report from a recent news article: Known online as Happy Hardcore, 20-year-old Nicholas Ryan of Yale University entered his plea in federal district court in Alexandria, Virginia. The felony offense carries a fine of up to $250,000 and five years in prison. Sentencing is set for March. Ryan used his illegal software, dubbed "AOL4Free" between June and December 1995. He also made it available to others. The investigation was carried out by the Secret Service and Justice Department's computer crime section. Cross Reference: The preceding paragraph is excerpted from the article "Hacker Admits to AOL Piracy" by Jeff Peline. It can be found online at http://www.news.com/News/Item/0,4,6844,00.html. One interesting document regarding the whole affair is located at wku.edu. The author shows a series of messages between AOL personnel discussing the AOL4FREE problem. (These messages were intercepted from e-mail accounts.) The communication between AOL's inner staff discussed various signatures that AOL4FREE would leave on the system during a sign-on. Having identified these sign-on signatures, the staff were ready to "...get verification from TOS and then hand [the crackers] over to the Secret Service." Cross Reference: The quote in the previous paragraph is excerpted from a message from MayLiang that was forwarded to Barry Appelman regarding AOL4FREE. That message can be found online at http://www.cs.wku.edu/~kat/files/CRNVOL3. However, things did not go as well as the internal staff of AOL had hoped. Since their e-mail was intercepted, a new version of AOL4FREE was created that fixed the problem. Thus, the new version would continue to work, even after AOL had installed their "AOL4FREE Detector." This is discussed in the document: Looks pretty bad, doesn't it, with the Secret Service and everything. But not to worry...with v4 of AOL4Free, you are much harder to detect! You see, what AOL4Free does is send the free token after every real token. When you are signing on, you send the "Dd" token with you screen name and password, and a free "K1" token is sent afterward. However, because you aren't really signed on yet, AOL sees the K1 token as a bug and records it in a log. All the Network Ops people had to do is search their logs for this bug and voilà, they had their AOL4Free users. v4 is modified so that it doesn't send the free token after "Dd". Cross Reference: The previous paragraph is excerpted from an article titled "AOL4FREE--Can I Get Caught?" which ran in Cyber Rights Now!. The article, by Sloan Seaman (seaman@pgh.nauticom.net), can be found online at http://www.cs.wku.edu/~kat/files/CRNVOL3. It will be interesting to see what happens. I have a strong feeling that new versions of AOL4FREE are about to be released. (Don't ask me why. Call it a premonition.) From my point of view, this would not be so bad. In my not-so-humble-opinion, AOL has, until very recently, engaged in Information Superhighway robbery. However, that opinion has not enough weight for me to print the location of version 4 in this book. The WebStar Controversy On October 15, 1995, a challenge was posted to the Internet: A Macintosh Web server running WebStar was established and offered as a sacrificial host on the Net. If anyone could crack that server, that person would be awarded $10,000.00. The challenge was a demonstration of the theory that a Mac would be more secure than a UNIX box as a Web server platform. Did anyone collect that 10 grand? No. Chris Kilbourn, the president and system administrator for digital.forest, an Internet service provider in Seattle, Washington, posted a report about that challenge. (I will be pointing you there momentarily.) In it, he explains In the 45 days the contest ran, no one was able to break through the security barriers and claim the prize. I generally ran the network packet analyzer for about 3-5 hours a day to check for interesting packets destined for the Challenge server. I created packet filters that captured all TCP/IP network traffic in or out of the Challenge server. One of the more amusing things was that even with all the information about the technical specifications of the Challenge server posted on the server itself, most of the people who tried to bypass the security thought that the server was a UNIX box! TCP/IP services on a Macintosh lack the low-level communications that is available on UNIX systems, which provides additional security. If you are careful to keep your mail, FTP, and HTTP file spaces from overlapping, there is no way to pipe data from one service to another and get around security in that manner. Cross Reference: The previous paragraph is excerpted from Chris Kilbourn's article titled "The $10,000 Macintosh World Wide Web Security Challenge: A Summary of the Network and the Attacks," and can be found online at http://www.forest.net/advanced/securitychallenge.html. So what really happened here? Did the challenge ultimately prove that a Mac is more secure than a UNIX box as a Web server platform? Yes and no. To understand why both answers are valid, you need to have a few particulars. First, the machine included in the challenge was running only a Web server. That is, it did not run any other form of TCP/IP server or process. (How realistic that would be in a Mac serving as anything other than exclusively a Web server is an area of some dispute. However, for the moment, we are dealing with a simple Web server.) Therefore, the simple answer is yes, a standalone Mac Web server is more secure than a full-fledged UNIX server running a Web daemon. However, that is not the end of the story. For example, the UNIX server can do things that the Mac server cannot. That includes file transfers by a dozen or more different protocols. It also includes handling file sharing with more than a dozen platforms. The key here is this: For a sacrificial Web server, the Mac is a better choice (that is, unless your system administrator is very well versed in security). UNIX has just too many protocols that are alive by default. Part of the security gained by the Mac is in the fact that there is no command interpreter that is well known by UNIX or IBM users behind the Web server. However, there is a way to crack such a server. Here's a report from an Apple Technical article: Through the power of AppleScript and Apple events, WebSTAR can communicate with other applications on your Macintosh to publish any information contained in those programs. For example, if your company information is in a FileMaker Pro database, Web client users can query it via HTML forms to get the data using the FileMaker CGI (Common Gateway Interface) for WebSTAR. It's powerful and easy to use. The AppleScript engine is indeed an interpreter; it's just not one known intimately by a large population of non-MacOS users. The problem must therefore be approached by someone who is deeply familiar with TCP/IP, AppleScript, and cracking generally. I would imagine that the list of such persons is fairly short. However, these are the elements that would be required. So know that it is not impossible. It is simply that the majority of cracking knowledge has been UNIX-centric. This will change rapidly now that the Internet is becoming so incredibly popular. Apple experts advise that security issues should remain a constant concern if you are providing remote services. In a document designed to provide guidance in setting up an Internet server, the folks at Apple offer this: Although Mac OS-based services present a much lower security risk than services run on UNIX machines, security considerations can never be taken too seriously on the Internet. Many routers have a number of "firewall" features built in, and these features should be carefully considered, especially for larger networks. Although most Mac OS security issues can be addressed simply by ensuring that access privileges are set correctly, investigating additional security options is always a good idea. Cross Reference: The previous paragraph is excerpted from an article by Alan B. Oppenheimer titled "Getting Your Apple Internet Server Online: A Guide to Providing Internet Services." This article can be found online at http://product.info.apple.com/productinfo/tech/wp/aisswp.html. TIP: The previously excerpted article ("Getting Your Apple Internet Server Online: A Guide to Providing Internet Services") is truly invaluable. I endorse it here as the definitive document currently available online that discusses establishing an Apple Internet server. It is based largely on the real-life experiences of technicians (primarily Oppenheimer and those at Open Door) in establishing a large server. The technical quality of that paper is nothing short of superb (and far exceeds the quality of most online presentations with similar aspirations). Certainly, it has already been proven that a Mac Web server can be vulnerable to denial-of-service attacks, including the dreaded Sequence of Death. In a recent article by Macworld, the matter is discussed: ...for Mac Webmaster Jeff Gold, frustration turned to alarm when he realized that a mere typo caused his entire Mac-served site to crash. Gold's crash occurred while he was using StarNine's WebStar Web server software and the plug-in version of Maxum Development's NetCloak 2.1, a popular WebStar add-on. Adding certain characters to the end of an URL crashes NetCloak, bringing down the server. To protect the thousands of sites using NetCloak, neither Gold nor Macworld will publicly reveal the character sequence, but it's one that wouldn't be too difficult to enter. After further investigation, Macworld discovered that the problem surfaces only when a server runs the plug-in version of NetCloak. When we removed the plug-in and used the NetCloak CGI instead, the Sequence of Death yielded only a benign error message. Cross Reference: The previous paragraph is excerpted from an article by Jim Heid titled "Mac Web-Server Security Crisis: Specific Character Sequence Crashes Servers." It can be found online at http://www.macworld.com/daily/daily.973.html. Note that this problem was unrelated to Apple. This brings back the point that I have made many times: When software developers and engineers are developing packages at different times, in different places, and within the confines of different companies, security holes can and do surface. This is because acquiring the API is sometimes not enough. Here is a great example of such a situation: Have you ever used version 1.5.3 of ASD's DiskGuard? If you have, I'll bet you were a bit confused when you couldn't access your own hard disk drive: Security software is supposed to keep the bad guys out, but let you in. In some cases, version 1.5.3 of ASD software's DiskGuard was preventing even a system's owner from accessing their machine. This week the company posted a patch for its security software application; version 1.5.4 fixes several compatibility problems--including locked and inaccessible hard drives--between DiskGuard 1.5.3 and several Mac systems. If you use DiskGuard on a PowerMac 7200, 7500, 8500, or a PowerBook 5300/5300c, ASD's technical support recommends you upgrade. The patch is available directly from ASD Software (909/624-2594) or from the ASD forum on CompuServe (Go ASD). Cross Reference: The previous paragraph is excerpted from an article by Suzanne Courteau titled "ASD Fixes DiskGuard Bugs. Problem with Locked Drives Corrected." It can be found online at http://www.macworld.com/daily/daily.6.html. TIP: This reminds me of the version of Microsoft Internet Explorer that forced a password check on most sites (and to boot, refused to authenticate anything the user attempted to use as a password). However, all this discussion is really immaterial. Average Macintosh users are not security fanatics and therefore, their personal machines are probably subject to at least minimal attack. This will depend on whether they have their disk and resources shared out. The Macintosh file sharing system is no less extensive (nor much more secure) than that employed by Microsoft Windows 95. The only significant difference is that in the Mac environment, you can not only turn off file sharing, but also pick and choose which files you want to share. This is done by going to the Sharing Options panel and making the appropriate settings. Cross Reference: You can find an excellent quick tutorial of how to manipulate the sharing settings at http://bob.maint.alpine.k12.ut.us/ASD/Security/MacSecurity.html#Sys7Sharing. Macintosh Network Security. Alpine School District Network Security Guidelines. (I have been unable to ascertain the author of this document. Too bad. They did a wonderful job.) Last apparent date of modification January 29, 1997. Naturally, in a network, this may be a complex matter. Your choices will be made depending on the trust relationships in your organization. For example, if you are in a publishing department of a magazine, perhaps you take commercial advertisements but the copy for these is generated in another portion of the building (or at the very least, another portion of the network). It may require that you share a series of folders so that you can conveniently traffic ad copy between your department and the advertising department. The file sharing hole is a matter of extreme concern. At the very least, every Mac user should establish a password for himself as the owner of the machine. Furthermore, that password should be carefully considered. Mac passwords are subject to attack, the same as any other password on every password system ever created. Care should be taken to choose a characteristically "strong" password. If this term strong password is a foreign concept to you, please review Chapter 10, which contains a series of references to reports or technical white papers that discuss the difference between weak and strong password choices and how to make them. Finally (and perhaps most importantly), guest access privileges should be set to inactive. But, then, as most experienced Mac users know, file sharing is not the only security hole in the Macintosh environment. There are obscure holes and you have to dig very deep to find them. Apple (much like Microsoft) is not nearly as gung-ho about advertising vulnerabilities on their platform as, say, the average UNIX vendor. Typically, they keep the matter a bit more isolated to their particular community. Naturally, MacOS holes are like holes on any other operating system. Today, if you purchase a brand new Mac with the latest distribution of MacOS, you have a guarantee of good security. However, again, not everyone uses the latest and the greatest. For example, do you remember Retrospect? If you have used it (or are now using it) have you ever seen this advisory: When you install the Retrospect Remote Control Panel and restart, Remote is activated and waits for the server to download a security code and serial number. If the server does not do this, anyone with a copy of Retrospect and a set of serial numbers can initialize your system, backup your hard drive to theirs, and then de-initialize your system without you noticing. Cross Reference: The preceding paragraph is excerpted from an article titled "Retrospect Remote Security Issue" (ArticleID: TECHINFO-0016556; 19960724. Apple Technical Info Library, February 1995). It can be found on the Web at http://cgi.info.apple.com/cgi-bin/read.wais.doc.pl?/wais/TIL/DataComm!Neting&Cnct/Apple!Workgroup! Servers/Retrospct!Remote!Security!Issue. Cross Reference: Apple's white papers (which admittedly shed little light on security, but are of some value in identifying sources on the subject) can be accessed at http://product.info.apple.com/productinfo/tech/ or at http://til.info.apple.com/til/til.html. Anti-Cracker Tools So much for programs that help crackers gain unauthorized access to your system. Now I would like to detail a few programs that will keep those curious folks out. StartUpLog Created by Aurelian Software and Brian Durand, StartUpLog is a snooper application. It begins logging access (and a host of other statistics) from the moment the machine boots. Using this utility is very easy. It ships as a Control Panel. You simply install it as such and it will run automatically, logging the time, length, and other important information of each access of your Mac. It's good for parents or employers. Cross Reference: StartUpLog is available at http://cdrom.amug.org/http/bbs/148690-3.desc.html#startuplog-2.0.1.sit. Super Save For the ultimate paranoiac, Super Save is truly an extraordinary utility. This utility will record every single keystroke forwarded to the console. However, in a thoughtful move, the author chose to include an option with which you can disable this feature whenever passwords are being typed in, thus preventing the possibility of someone else later accessing your logs (through whatever means) and getting that data. Although not expressly designed for security's sake (more for data crash and recovery), this utility provides the ultimate in logging. Cross Reference: Super Save is available at ftp://ftp.leonardo.net/claireware/SuperSave.v200.sit.hqx. BootLogger BootLogger is a little less extreme than either StartUpLog or Super Save. It basically reads the boot sequence and records startups and shutdowns. It is a less resource-consuming utility. I suggest using this utility first. If evidence of tampering or unauthorized access appears, then I would switch to Super Saver. Cross Reference: BootLogger is available at ftp://ftp.amug.org/bbs-in-a-box/files/util/security/bootlogger-1.0.sit.hqx. DiskLocker DiskLocker is a utility that write protects your local hard disk drive. Disks are managed through a password-protect mechanism. (In other words, you can only unlock the instant disk if you have the password. Be careful not to lock a disk and later lose your password.) The program is shareware (written by Olivier Lebra in Nice, France) and has a licensing fee of $10. Cross Reference: DiskLocker is available for download from ftp://ftp.amug.org/bbs-in-a-box/files/util/security/disklocker-1.3.sit.hqx. FileLock FileLock is a little more incisive than DiskLocker. This utility actually will do individual files or groups of files or folders. It supports complete drag-and-drop functionality and will work on both 68K and PPC architectures. It's a very handy utility, especially if you share your machine with others in your home or office. It was written Rocco Moliterno (Italy). Cross Reference: FileLock is available from http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/disk/filelock-132.hqx. Sesame Sesame is likely to become an industry standard (much as Mac Password has). Sesame offers full-fledged password protection for the MacOS. First, the utility offers several levels of protection. For example, you can create an administrator password and then individual user passwords beneath it. Moreover, Sesame will actually protect against a floppy boot attack. In other words, whatever folders or files you hide or password protect with this utility, those options will still be evident (and the controls still present) even if a local user attempts to bypass security measures by booting with a floppy disk. This is shareware with a $10 licensing fee and was written by Bernard Frangoulis (France). Cross Reference: Sesame is available at http://hyperarchive.lcs.mit.edu/HyperArchive/Archive/disk/sesame-211.hqx. MacPassword The industry standard for full password protection on MacOS, MacPassword is a fully developed commercial application. It provides not only multiple levels of password protection (for both disk and screen), but it also incorporates virus scanning technology. It's definitely worth the money. However, you can always check it out for free. The demo version is available at many locations across the Internet. Here's an excerpt from Tom Gross's copy of the Mac FAQ: Art Schumer's MacPassword is the cheapest ($35) program worthy of consideration in this category. A demo version which expires after sixty days and isn't as secure is available from http://www.macworld.com/cgi-bin/download?package=utilities/MacPassword.4.1.1.Demo.sit.hqx. Cross Reference: The previous excerpt is from Tom Gross's copy of Mac FAQ, Austria, http://witiko.ifs.uni-linz.ac.at/~tom/mac_FAQ.html. Cross Reference: I actually prefer this location for MacPassword, however: ftp://ftp.amug.org/bbs-in-a-box/files/util/security/macpassword-4.11-demo.sit.hqx. Summary Although the Mac platform is not known for being a cracking platform, it is well suited for hacking. Hacking on the Mac platform can be fun; cracking is another matter entirely. This chapter covers a multitude of utilities for hacking and cracking using the Macintosh platform, and also discusses ways to keep hackers and crackers out. Resources The following list of resources contains important links related to Macintosh security. You'll find a variety of resources, including books, articles, and Web sites. Books and Reports Getting Your Apple Internet Server Online: A Guide to Providing Internet Services. Alan B. Oppenheimer of Open Door Networks and Apple. http://product.info.apple.com/productinfo/tech/wp/aisswp.html Security Ports on Desktop Macs. A discussion of physical security on a Mac using various security ports and cable locking mechanisms. ArticleID: TECHINFO-0017079; 19960724 15:55:27.00. http://cgi.info.apple.com/cgi-bin/read.wais.doc.pl?/wais/TIL/Macintosh!Hardware/Security!Ports!on!Desktop!Macs The $10,000 Macintosh World Wide Web Security Challenge: A Summary of the Network and the Attacks. Chris Kilbourn, digital.forest. (Formatting provided by Jon Wiederspan.) http://www.forest.net/advanced/securitychallenge.html The Mac History Page by United Computer Exchange Corporation. This is an amazing pit stop on the Internet. If you want to instantly identify older Mac hardware and its configuration limitations, this is the site for you. Displayed in table format. A great resource, especially for students who are in the market for an inexpensive, older Mac. http://www.uce.com/machist.html How Macs Work. John Rizzo and K. Daniel Clark. Ziff-Davis Press. ISBN 1-56276-146-3. Voodoo Mac. Kay Yarborough Nelson. Ventana Press. ISBN 1-56604-028-0. Sad Macs, Bombs, and Other Disasters. Ted Landau. Addison-Wesley Publishing Company. ISBN 0-201-62207-6. The Power Mac Book. Ron Pronk. Coriolis Group Books. ISBN 1-883577-09-8. Macworld Mac OS 7.6 Bible. Lon Poole. IDG Books. ISBN 0-7645-4014-9. Macworld Mac SECRETS, 4th Edition. David Pogue and Joseph Schorr. IDG Books. ISBN 0-7645-4006-8. The Whole Mac Solutions for the Creative Professional. Daniel Giordan et al. Hayden Books. ISBN 1-56830-298-3. 1996. Guide to Macintosh System 7.5.5. Don Crabb. Hayden Books. ISBN 1-56830-109-X. 1996. Building and Maintaining an Intranet with the Macintosh. Tobin Anthony. Hayden Books. ISBN 1-56830-279-7. 1996. Using the Internet with Your Mac. Todd Stauffer. QUE. ISBN 0-78970-665-2. 1995. Simply Amazing Internet for Macintosh. Adam Engst. Hayden Books. ISBN 1-56830-230-4. 1995. Sites with Tools and Munitions Granite Island Group and Macintosh Security. http://www.tscm.com/mac02SW.html ClaireWare Software. Macintosh applications, security. http://www.leonardo.net/kamprath/claireware.html Macintosh Security Tools. CIAC. (U.S. Department of Energy.) http://ciac.llnl.gov/ciac/ToolsMacVirus.html The Ultimate Hackintosh Linx. Warez, security, cracking, hacking. http://krypton.org.chemie.uni-frankfurt.de/~jj/maclinks.html AoHell Utilities at Aracnet. Hacking and cracking utilities for use on America Online. http://www.aracnet.com/~gen2600/aoh.html Hacking Mac's Heaven! Hacking and cracking tools and links from the Netherlands. http://www.xs4all.nl/~bido/main.html Lord Reaper's Hacking Page. Cracking and hacking utilities for use on MacOS. http://www.themacpage.simplenet.com/hacking.html Files for Your Enjoyment. UK site with Mac hacking and cracking utilities. http://www.gmtnet.co.uk/simmnet/files.htm The Grouch's Page. The ultimate list of Mac hacking and cracking software. http://www.faroc.com.au/~botoole/phun.html Guide to Cracking Foolproof. Quite complete. guidhttp://www.yatho.com/weasel/files/FoolProofHack.txt Vladimir's Archive. Good, quick-loading archive of some baseline Mac hacking and cracking tools from Japan. http://www.plato-net.or.jp/usr/vladimir/undergroundmac/Cracking Treuf's Mac SN# Archive. Serial number archive for those who refuse to pay for software, use free software, or write their own. http://www.mygale.org/02/treuf/underground.html The Mac Hack Page. A very large collection of strange and often unique utilities. This site also has links to many of the major Mac hacking and cracking tools, text files, and other assorted underground materials. http://members.tripod.com/~Buzzguy/The_Mac_Hack_Page DArKmAc'S pHiLeZ. Yet another archive of baseline Mac hacking and cracking utilities. http://www.geocities.com/SiliconValley/Heights/3921/Philez.html Ziggiey's Hack Hut for Macs. Extraordinary, dynamic list for "warez" sites, the majority of which are reachable via FTP or Telnet. http://www.geocities.com/SiliconValley/5701/ Zines and Electronic Online Magazines MacUser On-Line Magazine. http://web1.zdnet.com/macuser/ MacCentral. Extensive and very well-presented online periodical about Macintosh. http://www.maccentral.com/ Macworld Daily. The latest and greatest in Macintosh news. http://www.macworld.com/daily/ MacSense Online. Good resource for quick newsbytes on the current state of the art with Macintosh. http://www.macsense.com/ MacHome Journal Online. Good, solid Internet mag on Macintosh issues. http://www.machome.com/ Core! Online. Electronic Journal in the UK. http://www.duxx.demon.co.uk/core/main.htm The Internet Roadstop. Online periodical addressing Macintosh Internet issues. http://www.macstop.com/ MacAssistant Tips and Tutorial Newsletter and User Group. Very cool, useful, and perhaps most importantly, brief newsletter that gives tips and tricks for Mac users. Commercial, but I think it is well worth it. A lot of traditional hacking tips on hardware, software, and special, not-often-seen problems. These are collected from all over the world. $12 per year. http://www.users.mis.net/~macasst/ MacTech. Well-presented and important industry and development news. You will likely catch the latest dope on new security releases here first. Also, some very cool technical information (for example, the development of the new, high-end "SuperMacs," which are ultra-high- performance Macs that offer UNIX workstation power and even multiprocessor support). http://web.xplain.com/mactech.com/ The Underground Informer. E-zine that concentrates on the often eclectic and creative BBS underground out there. http://www.primenet.com/~lonnie/ui/ui.html © Copyright, Macmillan Computer Publishing. All rights reserved.