Intrusion Suspected, Advice Sought
JohnG
mcsjgs at cox.net
Thu Jan 6 20:29:24 PST 2005
I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection.
I have reason to think my system has been tampered with. Security
features in Mac OS X have been left unlocked (Preference Pane - Users)
even though a master lock has always been set in the Security
Preference Pane. This locks all other important preference panes which
could be tampered with. Also permissions have been reset at every boot
in my working directory. I've worked on this machine for about 17
months, and I know its rhythms and what should be what. The permissions
problem is persistent and new. I do not think I am being paranoid or
alarmist. I have always had a NAT router, commercial firewall, and
virus protection.
The only thing I can think of is a hidden *nix program from a
downloaded program (shareware/freeware) (I have scanned all packages
for viruses). I am almost positive it did not come via e-mail. I say
almost because I have been receiving odd e-mails that are totally blank
and have no information I can find. Conceivably, it could have been a
hacker. If so, that person was very skillful in getting in and only
left small traces of poking around.
I assume your advice will be to do a clean re-install of both system
and programs. My question is how do I re-import the data from full
backup (probably also containing whatever it is) without further
jeopardizing my system? Any other advice, tips, or pointers to FreeBSD
programs I could run on Mac would be greatly appreciated.
John Scherb
More information about the freebsd-security
mailing list