There is no antivirus against stupidity, this is all I can say after reading news about a trojan horse being distributed in illegal copies of the new Apple iWork 09. It is better to think about trustworthiness of the source of software before running it, than to worry about removing some nasty trojan after having run it. Also, it is apparent that OS X platform no longer sneaks under a radar of attackers.
Showing posts with label Apple. Show all posts
Showing posts with label Apple. Show all posts
Tuesday, January 27, 2009
Tuesday, December 18, 2007
Change Default SSHD Port Number In Mac OS X
I wanted to configure a sshd on my home Mac recently to be able to access it remotely and decided to follow best practice and change port from default value 22/tcp, which is quite an easy task to do on any *nix system.
It turned out that Apple changed service startup process in Mac OS X 10.4 (Tiger) to what is called launchd. So you may guess that changing port number in /etc/sshd_config didn't help and there was no /etc/inetd.conf or xinetd equivalent. At this point it became more interesting.
Finally I've come to the following procedure:
- Add a new service to the /etc/services file. I've called it ssh-NNNN, where NNNN is desired port number (this name is not a requirement and is only for clarity). So I've got a new line like:
ssh-NNNN NNNN/tcp
in /etc/services.
- Find a file named ssh.plist in /System/Library/LaunchDaemons. In this file find the following text:
<key>SockServiceName</key> <string>ssh</string> and change ssh to a new service name ssh-NNNN.
- That's it. Now just start or restart SSH service from the System Preferences. Also, don't forget to open required port on the firewall (I leave this up to you)!
Thursday, November 1, 2007
Mac Malware
We've been expecting this for a long time, and at last Mac OS X trojan was found in the wild by a security research company Intego. OSX.RSPlug.A (name of the trojan) is a simple one and was hosted by several pornographic web sites. It requires user interaction - disguises itself as a multimedia codec installer and asks for admin password, so nothing new in terms of technology. Welcome to real world, mac users :).
Also in Macworld.
UPD: SANS ISC, SecurityFocus
UPD: Symantec Security Response Blog:
Symantec Security Response has also confirmed this, and added detection for the threat as OSX.RSPlug.A. It appears that the Mac is becoming popular enough that the "bad guys" think it is worth spending time and effort in developing malware for the Mac OS. If we see a rise in Mac malware, then we will have to assume that there are profits to be made in malware for Macs as well. Stay tuned.
Subscribe to:
Posts (Atom)