Blog Archives

how to easily spoof a user’s password





Spoofing or phishing – presenting a user with fake authentication requests – is a common email tactic, but it’s not the only vector where you need to be on your guard. Every version of macOS is vulnerable to a very simple phishing attack right on your desktop that doesn’t require admin privileges to run, would not be detected by GateKeeper or XProtect, and which could easily be placed on your mac by any of the nefarious malware / adware installer scripts that come with some less reputable software downloads.

This attack isn’t new, but it’s not often talked about. The easiest way to see how it works is in this quick 4-minute demo:

As you can see, it’s easy to grab the icon of any Application and put it in the script; it doesn’t even have to be the icon of an app that’s running. The simple demo I gave above could easily launch iTunes first to increase the coherence of the attack, or it could use a completely different icon, including the icon of security programs you may have running on your mac.

How can you check?

If you were presented with a password request like this and wanted to check whether it’s legitimate or not, an easy way would be to use my free utility DetectX Swift’s Profiler. Click the Profiler function, and search for ‘osascript’ within the Running Processes section. Note how DetectX Swift shows you the text of the script being run, confirming that this dialog is up to no good:


creating secure folders and files



With FileVault 2 having a number of drawbacks, a common question I’m seeing is how best to secure data on Lion and Mountain Lion without using FV2.

There’s a number of tricks on offer, from making transparent folders, excluding folders from Spotlight, or using Terminal to make them invisible or hidden.

However, all of these methods suffer from one inevitable drawback: anyone who knows their way around Terminal can open, read, copy or delete your folders as if you had never employed any of the above tricks at all. Well, not many people know their way around Terminal you say? But everyone knows their way around Google, and learning how to find files via the Terminal is information easily found, even on Applehelpwriter! In short, all those methods listed above are really a waste of time if it’s security that you’re after.

Fortunately, there is a simple answer to securing localised files or folders, and that’s to make a local encrypted disk image with Disk Utility and then move your data into it. To do so, follow this procedure:

1. Open Disk Utility (Applications/Utilities/Disk Utility.app)

2. Click near the bottom of the sidebar in empty space to make sure none of the disks in the sidebar are selected.

3. Click the New Image icon in the task bar.

4. Give the image a name and choose a location to store it. Storing it in the User Library is not a bad idea. Give it a boring name like ‘old system’, ‘old data’ or something like that, but don’t hit ‘Create’ just yet.

5. At the bottom of the dialogue box is a field for encryption. Click on the option button and choose either 128-bit or 256-bit (the second choice is the strongest but also slower. 128-bit is still so strong that almost no-one save the CIA will be able to crack it!)

6. Create a password that you’re not going to forget. Do NOT use the same password that you use for your Admin account or for anything else for maximum security. Uncheck the ‘save in my keychain’ option.

Warning!

if you forget the password don't waste time seeking help trying to break it. The system is designed to be uncrackable. If you forget the password, your data is lost for good.

PRO TIP: For that reason, you might like to use a password manager like ‘1Password‘ for this and all your other passwords. The main reason people forget passwords is infrequency of use. With 1Password you use a single password to unlock all your other passwords and to have them entered automatically into web pages and other fields.


7. Set up the rest of the options as in the screenshot below.




8. When you’re ready, press ‘Create’ to make the disk image.

9. Once the image has been created, copy the files you want to protect into the disk image window, just like you would a hard disk or other connected device. Now, whenever you want to access your protected data, just click on the disk image and enter the password and your data is ready to be used.

10. Test mounting and ejecting the disk image a few time. Open a few files and save your changes. After you’re sure everything is working as expected, delete the files from the original location that you copied them from. Also, don’t forget to eject the disk image in Finder’s sidebar each time when you’re done using it to prevent anyone else accessing your protected files.

🙂


how to fix permissions (Permissions Pt 2)


(This post continues from here on file permission problems.)

Did you know there are two levels of permissions on your mac? User level and system level. Most discussions of fixing permissions only discuss the latter, but you may also need to fix the former (also sometimes called ‘ACLs’) for some problems caused by upgrading Lion on top of Snow Leopard.

4. System Level Permissions
You can safely repair your system level permissions at any time, and doing it once in a while is a good maintenance activity even if you’re not experiencing any problems. It’s also the first thing to do as soon as you notice any problems with apps launching, file access problems, or your computer seems to be running unusually slow.

How to do it:
— 1. Go to Applications > Utilities > Disk Utility.app and double click the app to open it.

— 2. Click your HDD icon in the left column (if you have more than one, click the one that contains your startup disk).

— 3. If it is not already selected, click on the ‘First Aid’ tab. Choose the ‘Repair Disk Permissions’ button near the bottom of the window (see the larger of the two windows in the screenshot above).

— 4. Wait for the process to finish (it could take ten minutes or more), then quit Disk Utility. You can ignore most of the error messages that appear unless they’re in red.

5. User Level Permissions (ACLs)
These permissions apply only to your ‘Home’ folder and its contents, and if you have more than one user you will need to do this procedure for any user experiencing a problem. However, unlike system level permissions, repairing ACLs isn’t something you should do unless there is a specific issue to be solved. Problems that this repair might help with include permission conflicts inherited from an earlier Snow Leopard or Leopard installation, such as Finder always asking for your password when you try to delete, move or copy a file.

To reset the ACLs in Lion: (To reset the ACLs in Leopard/Snow Leopard have a look here.)

— 1. Remove the current ACLs by opening Terminal.app (Applications > Utilities > Terminal.app) and copy and pasting this command:

sudo chmod -RN ~

Press return. You’ll be asked for your password. Notice that when you type it in you won’t see anything on the screen. Press return again. If you get an error message, you probably didn’t type in your password correctly. Repeat this step till its accepted. It will take some time to complete. Then paste this command into Terminal also:

sudo chown -R `id -un` ~

and press return. Enter your password again if necessary.

— 2. Press the Power button on the computer and choose ‘Restart’. When the screen goes blank, hold down the ‘command’ and ‘R’ keys on the keyboard until you hear the start up chime. In the menu bar at the top, choose Utilities > Terminal

— 3. At the Terminal prompt type

resetpassword

Then hit ‘Return’

— 4. Forget about resetting your password; what you’re looking for is your hard disk icon at the top. Hit that, and then from the drop-down menu select your user account.

— 5. Go to the bottom of the dialogue window – leaving all password fields blank – and choose ‘Reset’ under ‘Reset Home Folder Permissions and ACLs’ (see the smaller of the two windows in the screenshot above, inside the red dotted line).

— 6. When the process finishes, quit everything and restart your Mac. 🙂


Related Posts
How to Troubleshoot Your Mac with FT2
can’t create kext cache error
FastTasks – download the free OS X utility app from Applehelpwriter


why does Trash ask for a password? (Permissions Pt 1)



There are several reasons why Trash may ask for your password. Let’s deal with the obvious ones first:

1. FileVault is turned on
Solution: either turn FileVault off, or put up with the behaviour.

2. If you are using an account with ‘Parental Controls’ enabled, the person who set up your account may have denied you permission to delete, modify or move some or all files.
Solution: Speak to mom!

If 1 and 2, aren’t your problem, then you may have some permissions errors.

3. Check Permissions on .Trash
— 1. Open a Terminal window (Applications >Utilities > Terminal.app) and check the permissions by typing/pasting in the following:

ls -al

You should end up with a long list, among which will be the permissions for your .Trash folder. Mine looks like this:

drwx—— 2 SnowLpd staff 68 29 Nov 15:33 .Trash

— 2. What’s important here that the name after the series of ‘drwx’ letters is the same as your user name (my user name, as you can see, is ‘SnowLpd’). If it is, then ignore the rest of this post and go to the post Permissions Pt2.

If the name is not the same, then you need to type this command into Terminal:

sudo chown -R your_username .Trash

Where you replace your_username with (surprise…) your user name, which is also the name of your home folder (note there’s a space both before and after your_username). Thus, for example, if in the previous step it said ‘root’ instead of my username, then I’d type in ‘sudo chown -R SnowLpd .Trash’.

—3. Now press ‘Return’. You will be prompted for your admin password. Type it in, but notice that you won’t see anything as you type, so type carefully. Hit ‘Return’ again. You should be returned to the Terminal prompt pretty quickly. Quit Terminal.app and see if your problems are solved.

4. If your .Trash permissions were OK, then you may need to fix either system permissions or ACL permissions. To do that, go to the next post.



Related Posts
how to fix permissions (Permissions Pt 2)
‘delete’ doesn’t send files to Trash

%d bloggers like this: