[Ti] Some one Hacked me!
Chris Olson
chris.olson at astcomm.net
Mon Jan 10 10:51:52 PST 2005
On Jan 10, 2005, at 10:32 AM, Ray M wrote:
> Is there a way to track some hackers infiltration on my system? I m
> using OSX 10.3.7
What do you mean, "infiltration"? The machine got rooted and a rootkit
installed? I'd highly doubt it. The only rootkits I've seen for OS X
are proof-of-concept.
> Some files have been stolen from my system and some open conversations
> (email) tracked!
Files can be "stolen" via file sharing protocols, and email can be
sniffed by any kid with a linux box that knows how to use it. So look
at the system utils to see what the date stamps are, and look at the
system logs. Once you suspect a breakin, it's not too hard to verify
it. But again, highly unlikely with OS X, since it uses NetInfo in
place of traditional Unix flat-files, etc.. An OS X box is not an easy
one to crack. I can crack the default install on most linux boxes in
about 2 hours with direct access to the console. OS X I can't (unless
I boot it with an install CD and reset the passwords). And I have
about the same level of familiarity with both.
> One other question, in the activity monitor the kernel task Kextd is
> running at full capacity taking 60% of my cpu, how to fix that?
That's the daemon that loads kernel extensions. You got buggy driver
on the system.
--
Chris
More information about the Titanium
mailing list