Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
MOAB Fixes
Home
+ new post
Files
About this group
Join this group
Question about these vulnerabilities.
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   6 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
frozenINcarbonite  
View profile  
 More options Feb 3 2007, 11:59 pm
From: "frozenINcarbonite" <adr...@gosquareone.com>
Date: Sat, 03 Feb 2007 20:59:00 -0800
Subject: Question about these vulnerabilities.
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
I was just wondering. If one of these remote vulnerabilities were
exploited on a user's machine, would reinstalling OS X fix the
problem. I guess wiping out everything would be the best thing to do
so that any malicious code or backdoors would be erased.

I understand that the vulnerabilities could still be exploited (until
they are patched) after a fresh install. But I just wanted to know if
that would fix the machine (for that instance) if I were to be
exploited.

I hope you guys and girls understand what I'm saying. If not, I'll try
to clear it up.


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
William A. Carrel  
View profile  
 More options Feb 4 2007, 3:17 am
From: "William A. Carrel" <willia...@carrel.org>
Date: Sun, 4 Feb 2007 00:17:12 -0800
Local: Sun, Feb 4 2007 3:17 am
Subject: Re: [moabfixes] Question about these vulnerabilities.
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
On 2/3/07, frozenINcarbonite <adr...@gosquareone.com> wrote:

> I was just wondering. If one of these remote vulnerabilities were
> exploited on a user's machine, would reinstalling OS X fix the
> problem. I guess wiping out everything would be the best thing to do
> so that any malicious code or backdoors would be erased.

Not unless by "reinstall" you mean formatting the drive. Just
overwriting the OS X files wouldn't be sufficient to clean the system
off. As long as the home directory is in tact, the user account will
still be just as compromised as it was before, and commands can be
executed to try to escalate privilege again.

There are a variety of methods for the escalation, one that has been
mentioned recently is putting a directory of malware in $PATH before
the normal directories and replacing "sudo" or "ssh" with something
that steals the credentials while otherwise behaving normally.

All this should just serve as additional caution to be careful what
you click on and download since it may not always be trustworthy.

--
wac


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
frozenINcarbonite  
View profile  
 More options Feb 4 2007, 1:46 pm
From: "frozenINcarbonite" <adr...@gosquareone.com>
Date: Sun, 04 Feb 2007 10:46:37 -0800
Local: Sun, Feb 4 2007 1:46 pm
Subject: Re: Question about these vulnerabilities.
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
What I mean by "reinstall" is erasing the drive by zeroing out the
data. Would that be sufficient?

On Feb 4, 3:17 am, "William A. Carrel" <willia...@carrel.org> wrote:


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Finlay Dobbie  
View profile  
 More options Feb 4 2007, 4:24 pm
From: "Finlay Dobbie" <finlay.dob...@gmail.com>
Date: Sun, 4 Feb 2007 21:24:49 +0000
Local: Sun, Feb 4 2007 4:24 pm
Subject: Re: [moabfixes] Re: Question about these vulnerabilities.
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
On 04/02/07, frozenINcarbonite <adr...@gosquareone.com> wrote:

> What I mean by "reinstall" is erasing the drive by zeroing out the
> data. Would that be sufficient?

More than. You wouldn't have to zero. Just make sure you erase/format the drive.

 -- Finlay


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
shawnce  
View profile  
 More options Feb 5 2007, 2:51 pm
From: "shawnce" <shaw...@gmail.com>
Date: Mon, 05 Feb 2007 19:51:45 -0000
Local: Mon, Feb 5 2007 2:51 pm
Subject: Re: Question about these vulnerabilities.
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

On Feb 4, 1:24 pm, "Finlay Dobbie" <finlay.dob...@gmail.com> wrote:

> On 04/02/07, frozenINcarbonite <adr...@gosquareone.com> wrote:

> > What I mean by "reinstall" is erasing the drive by zeroing out the
> > data. Would that be sufficient?

> More than. You wouldn't have to zero. Just make sure you erase/format the drive.

Ideally boot such a system from a read-only (e.g. CD, DVD) Mac OS X
install disk and use that to reformat the drive, then install Mac OS
X. Basically you don't want to reinstall from a source that
potentially was compromised.

(ignoring the extreme case of firmware re-flashing)

-Shawn


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
OldMacFan  
View profile  
 More options Feb 5 2007, 3:00 pm
From: "OldMacFan" <niatpaceta...@gmail.com>
Date: Mon, 05 Feb 2007 20:00:50 -0000
Local: Mon, Feb 5 2007 3:00 pm
Subject: Re: Question about these vulnerabilities.
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
An added question about these vulnerabilities in general.

In a case where a group of Macs on a network with internet access uses
non-addressable IP's, is it possible for someone, outside the network
to gain access to individual machines? I guess I am lacking a
comprehensive knowledge of how some of these exploits work.  In
general how port specific are these exploits?

I am sure I am missing something, so feel free to point it out.


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2010 Google