Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symptoms of Mac OS X Hack?

Posted by Cliff on from the darwinism-and-computer-forensics dept.

goatbar asks: "Many of you have probably dealt with computer intrusion before, but this is the first time for me with Mac OS X. I've got a machine where the passwords have been altered. If this were Linux, I would drop in Knoppix, figure out which way I got hacked, backup the system, reinstall, secure it and be back up in a couple hours. However, with OSX what can I do? Does anyone have strategies for regaining access to the machine and doing a post-mortem? I'm going to bring up the system drive on a laptop, but then what? I can back it up, but other than the system logs, where to look beyond the usual '.BitchX' and '...' directories. How do I easily tell what other annoying little things have been installed?"

2 of 135 comments (clear)

  1. call apple customer support by chris_mahan · · Score: 1, Troll

    you bought a proprietary software system on a proprietary hardware platform.

    Dust off your SLA and call Apple.

    Don't have a SLA? Dang, you're FUBARed.

    --

    "Piter, too, is dead."

  2. Re:It's UNIX, do what you usually do in Linux by prockcore · · Score: 0, Troll

    Reset password via the InstallCD and boot it into normal singleuser. Can't remember the key-combo now, but it should be something like Apple+s.

    There's an rpm -Va command for OSX?

    Changing your root password back isn't going to help if a backdoor has been installed. You need a way to verify that none of your files have been modified. Under redhat, rpm -Va will verify the md5sum, permissions, timestamp of all your installed packages.

    For the extra paranoid, put your /var/cache/rpm onto a keychain.