 My name is Space Rogue. Freaky asked me to get up there and say a few words this morning before he spoke. Some of you may know me, some of you may not. I'm a former loft member, former editor of Hacker News Network, and a former maintainer of the Rachmanach Archives, which hopefully all of you have heard about. Anyway, one thing I wanted to mention was about four years ago, the Mackintosh Security and Mackintosh Hacking was pretty much nonexistent. I ran a site called the Rachmanach Archives, and I collected just about, I like to think, all of the Mackintosh Security Hacking programs that were available and made them available via FTP, started back in 1991. At that point, there really hadn't been any big conglomeration of these sorts of software programs, and they sort of just scattered all over the map. So, I put them all together, one big site, nobody loved it, it was great, and at one point I made a CD. Now, I have a standard one-off, you know, Burnett near CD Recorder CD, but a well-good, professionally-mastered color-printed whole nine yards. It was well-received, a lot of people liked it. I made 1,000 CDs, that's all I made, and they sold out pretty quickly, and I never made any more. So, if you have one, consider yourself lucky. People continuously ask me for new CDs, I never have one. Well, Freaky called me a couple of months ago, and he said, I'm going to make a CD, and I want to put your shit on it. And I'm like, cool, man, go ahead. So, he's got Freak's Macintosh archives, which has all of the WAC Mac archives, plus all the shit he's collected in the last three or four years since I stopped doing it. So, I think he's going to have some here after his talk. Definitely something to look for if you wanted a WAC, and you couldn't get it, and you want what Freaky has with how it is cool shit. So, anyway, Macintosh security. What is it? Does it exist, et cetera? That's what Freak's going to talk about here in a minute. A lot of people don't think that, you know, it's a Mac, so there's nothing on it, or you can't get into it. There's no way to bypass whatever passwords are set up. I wrote, I don't know if it was three or four years ago, an advisory on application, FWB toolkit, hard drive, driver replacement program that had a password and a driver that supposedly prevented people from accessing your data. Well, I found that if you take a different driver program and replace the FWB driver, you will get rid of the password, maintain all your data, and have full access to all your stuff. Pretty cool. But there are a lot of other stuff like that out there for the Mac. You've got Macs now running web servers, DNS servers, lots of stuff they never ran before that had never been poked at or looked at in sort of a security standpoint. So it's really, I want to say important to sort of look at those sorts of things, to try to make a better security, better programs and software for the rest of us to use. I know there aren't many of us Mac users left us. We can tell by people in this room. Hopefully we'll get more as our numbers will increase once again, but even I am being drugged into the windows as well. So, oh, we got the screen working. You got it over here, dude. You can't see over here. You can't see over there. You can't see right here. You can't see there. I'm not a thing to say. So, while you've got the screen working or not, what I'll fit it or do, I'm going to introduce you to Freaky, who is going to give you the talk today. And he runs Freaky's Macintosh Archives. And he's sort of the man now. So take it away, man. Thanks. Alright, I don't have a display, so this isn't going to work out very well. Well, this year we planned on covering the basics of OSX. Everything was sent to Kinkos to be printed this morning. The person who bought the keg last night had the car keys, so I wasn't able to pick anything up. So if he's here, which he's not. Anyway, we're going to skip OSX. A lot of different companies have given us software to give out as prizes and just free registration numbers. We'll be distributing those up here after the speech. The CDs that Space Rogue spoke about, we only made a thousand of them. They're $20. It has the full archives. It has the speech from last year on it for everyone who missed it. If you were here, you guys are so lucky. Last year we mentioned, as far as security, we mentioned Net Barrier as the firewall software. This year we're going to cover something else called Open. Open, it's created by Open Door. It's called Doorstop. It's firewall software. It's just software. It has built-in security. It works on the Doorstop firewall software. It's pretty cheap. We're going to be giving away two copies of it. Sign the mailing list. We'll mail you the registration code. They didn't have box software, so it's just electronic download. It's just software-based firewall. It stops packets from coming to your machine. When someone starts flooding you, it automatically blocks the port. You can configure it in many different ways. I don't have it installed here. Viacom Soft, we're just covering some of the networking software out there to make your Mac secure. They've given us a couple copies of Soft Router. Soft Router lets you connect multiple computers using the same phone line or DSL, cable mode on whatever you have. It also has packet filtering. It has web cache server. It's basically the best software out there that lets you connect multiple computers to the Internet. It's quick, it's easy, it's simple. It also lets you have remote dial-in. Someone could dial up your computer and your computer could dial back out and connect them to the Internet. Freedom Software, by zero knowledge, if any of you have ever heard of it, it provides crypto with security. What they're doing is it's only been for the PC in the past. It lets you use your ISP and connect through multiple servers, kind of like bouncing off proxies except it uses encryption. You have secure email, everything else without your packets being lost. We have packets on that. They're going to be offering it for the Mac. They're going to start beta testing for OSX and the Mac version this fall. So there's a sign-up sheet for that and there's packets for everybody to pick up in September. As far as new Mac hacking software goes, there hasn't been much release since the last year. The files that are released all go ahead and demo some if I could even see. I really can't see that. All right, since last year there's been a new version of the software MacPork release. MacPork is a security auditing tool. It lets you scan your network or anyone else's network for CDI vulnerabilities or open ports and reports them so you can exploit them or test to see if they're exploitable. You just type in the address here. You do a scan. It comes up with all the reports and the next version I believe he's planning on doing class C, class B so you can just scan everyone on your network. All the software is free so they're not asking for anything. It's software given out to the Mac hacking community that's now being used by security. Say that again. I believe he plans on making an open source. The program we spoke about last year. The program last year, Ferret, that's going to be released open source. Ferret's an application that basically goes through your preferences. If you've lost your password it decrypts all of them and gives it to you. So that's going to be open source once he gets around to releasing the next version. Last year we announced Seek and Destroy 4. It wasn't out online. It is now. This is the war dialer. No modem connected so we can't demonstrate it. What does that say? So that's the newest war dialer application for all you old school people who love the war dial. Last year we said that it would support multiple modems for it. The guy never actually got anything for it. We don't have any new releases on it. Security software. Last year I talked a lot about on guard software basically for securing your computer. Really good software. The guy we were speaking with last year from the company is no longer with them. Once they started working on their Windows version of the software, the support, the updates on the Mac totally dropped. The program made here by Prozac decrypts the emergency, creates emergency passwords. When they reported the problem, didn't get any response on it. So they're going for the Windows market now. SMAC is a tool that just opens multiple connections to a server. There's plenty of them out there if you're trying to run denial of service attacks. It's pretty useless nowadays because connections aren't quick enough and operating systems can handle it. Program. There's a couple of text documents out there that people were working on. The midnight raid. For your enjoyment reading pleasures. It covers most of the underground stuff. They became pretty lame and useless. They disappeared. So, takedown service suite. We talked about that last year. This was created. Oh, good. What this application basically is, is it's like Weedow's remote admin extension. Last year I compared it to BO2K or Netbus. It's remote software that lets you take control of the computer over a certain port. This software they haven't updated. There was a trojan installed. It just mailed the IP address, username, password to the person who created it so he could take control of your computer. Pretty sure the account doesn't work anymore so you guys could freely use it. Something that's not on the CD but will be on our website. Netbus, the Mac controlling client of it so you can take control of your friend's PCs once you install it. They have worked on a version of that which is basically fully functional. This has a full menu. It's basically a rip-off of remote admin extension. It's done in real basic. I can't see anything to demonstrate it. OS9 password deleter is for OS9. Put it on a boot disk. Start off of it. It'll delete the password for startup. I know we had a problem with this machine earlier. This would have been useful for it. Portmaster. I believe this one is for the multiple users. Wingo is a Wingate scanner. If you're looking to connect through a proxy or anything like that, you'll want to use this application to try to locate them. You could scan Class C's. Serial client has an application when you're looking for wares or serial numbers. It's basically like hotline server software. You can get it at hotlinesoftware.com or the Big Red H. Everybody connect to a tracker. The people don't have to have static IP addresses. It reports to the server. Check your list. There's now thousands and thousands of servers on there offering legal files, MP3s, things like that. Serial client is more of a private one. The client's only for the Mac now. So you're going to find all your Mac files there. Ferrets, the application I was talking about that goes through your system. I hope you don't have any passwords on here. It goes through the email, everything else. It goes through your hotline server bookmarks. I can't see this. Hotline has grown in the past couple years. You're going to find a lot of PC servers on there rather than Mac. They're all banner, so you have to click on people's banners to make them money before you can start downloading anything. Servers, it's basically fallen to hell. If you're looking more for Mac, the client Karacho out there is only for the Mac. There's fewer of them, but it's Mac. Wow. I don't know if any of you have seen this magazine, Apple. They ran a hotline server. It was basically a Mac underground magazine. They stopped it. They stopped at issue 11. It's on the website. It covers all different Mac topics. I can't see anymore. I know there's a button somewhere to collapse it. It's just an open doc. They cover more than just Mac. They cover overfreaking, and they cover a lot of stupid stuff, but it's great material to read in the bathroom. Yeah, it is. I'm going through my CD right now. Keys off hack. I went over that last year. Keys off, I said, was one of the most secure, simple applications out there. You can't start off a disc. No shift, anything like that. The only problem was is they, someone found a crack for it or a hack. I can't see that either. Basically just goes through and either retrieves the password or deletes it. Maltino, this was created by a guy who disappeared. This is the cracking software, like Crack for Unix. It cracks your password files. It cracks Unix password files. It's great software. The guy disappeared. The version now is at 3.0. It's updated on the website. It's not the quickest software. It's the best out there right now. We're waiting for some for OSX utilizing the processor and the actual platform of it. As far as alternative operating systems, there's a lot more out there now. A lot of people here are running Unix platforms on their Macs rather than using their Mac. Linux, PPC, they're sending a CD's to mail out to you guys. So just fill out the mailing list. It's either going to be prizes or just copies mailed out to everyone. Fill out your email address. It's the PowerPC version of Linux. Right now it's one of the best ones out there. MK Linux, which I said last year as fallen. It's not very good. BSD. I believe it's free BSD that could run on your machines. Net BSD that runs on your 68K Macs. OSX is only PowerPC or G3 in a high. G3 in a high. G3 in a higher. Of course you could run all the windows emulation, get the card for it, but you just can't run the windows applications by itself and who would want to. Nailmail is for the people out there who have their family members that they want to send mass email to. Signs them up for... I believe this one signs... I can only see like a foot of the right hand side of the screen. Mailbomber is simple. It utilizes SMTP servers just for send mail. Everything you could do by hand, but it's done in a little application for everyone else. This application, somebody mailed it to me at last minute. I don't actually know what it does. It was probably stupid, but we're about to see. Hey, that looks like it came from my CD. What does this program do? Okay, that's kind of cool. That's the Freaky logo. So that's probably why I included it. I don't know what it does. This application they're still putting together, you could get it at macpork.com, team2600.com, or team2600.accesscard.org. Updates are always on, Freaks Mac Archive. You could find that at freaky.staticusers.net. The CD is a full CD. It's all Mac files. The text files on there are Mac related. It's the first CD out there since the WACMAC archives that doesn't contain all the Unix exploits and everything else. The speech is done in audio and video for last year and in real audio and mp3. It's the full archive. They're clean, they're decompressed, virus checked, everything's set to go on it. Also included the WACMAC archives, which Space Rogue talked about. So for everyone who missed it, this is the actual CD right there. Do you practice on video here? I tried now. Alright. Sure. This is the speech for last year. I better stop it, huh? Alright, give me one second. Does anybody have any questions while we're doing this? Go ahead. No, it's actually not. The software out there that is supposed to make your Mac secure just switches on file sharing. So you have that turned off, you don't run any expert services, you're secure. You don't run any web servers, you're going to be fine. If you run the web server that comes... If you run the web server that comes with a Microsoft web server, you're going to want to turn that off. There's denial of service attacks for it that will bring your computer down to its knees. The question was to make your Mac secure. Is it true? All you have to do is turn off file sharing. Anyone else? Go ahead. BSD. It's open BSD. Yeah. So, do we have it here? Yeah. We have it here to demonstrate. I'm putting it in my mail so you can show it to CD. All right. I don't know if DP4 supports me or not. Will you control it? Sure. Who else? Go ahead. Say that again. Yeah, we're going to... Once the guy gets here with the keys, we'll have that at the table in the conference room along with all the other papers. Alert. Go ahead. Repeat the first part of that. All right. All right. What, operating system? No, you're going to be fine with that. And go ahead. Some OSX offers services which have to be stopped. So, you're going to have to go a little bit more through that. The document we have covers that. So... Go ahead. I've noticed that I've been evaluating difference. That barrier. You know, has it been satisfactory? No, it hasn't. The launching, just to see if you really like it. You know, so I was looking at the door. You're going to have to go through it. And it only protects. So you can see the ability to turn it in the other way. So, you know... So, I was looking at it and it was the best one I know. IP management barrier. And it works pretty good. But you have to know which board to turn off. It doesn't make it easy. Like that barrier. It's much easier to set up in OSX. How good is that? The other one you have to set up and make sure that you know which board is wrong or wrong. So, you really have to know what you want. What do you do? Pretend it's... What do you do? You go to sleep. What do you do? You start your behavior. You have to suggest that you make choices. You want to change the world. Can you see that? Ah, OSX. Pretend it. Pretend it. Sleepy. Alright. We were just going over what NetBerry offers and what it doesn't. NetBerry is the software to be sold at the stores out of the box. The gentleman said that basically that you're assuming everything is set up right. He heard of software called IP NetBerry which is more for which is more for advanced users or people who know what they're doing. You install NetBerry or you automatically believe that you're secure right there. The software IP NetBerry makes you actually specify which ports you want to block or have access gained to. OSX is you can block the ports, open the ports, everything in the configuration for it because it's the BSD platform. It hasn't been software created specifically for it yet. New applications are coming out every day. You'd want to check versiontracker.com. They have an OSX section now so you can see the new software for it. But for a more advanced user who knows what ports they want to block and where they want to block it from then you'd most likely want to go with that software. I believe it's cheaper than NetBerry but it doesn't have the pretty interface for it. It's you. It never gave out my CD. Anyone else? As far as IP masking Wingate servers have been the thing. They've died down. People are installing it now without it. The new version doesn't let everything happen. So there hasn't been anything new out there. No new techniques for it besides using someone's proxy. So just port scan 1080 and you should come up with something. Cheap cases. Did that answer your question? Anyone else? Go ahead. There'll be paper right here in the front. Somebody's going to get it now. As far as... Alright. Last year I just told everybody to go to freaky.staticusers.net with all their questions and it would be updated there. You can talk to me afterwards. I'll write down your email address, everything like that and we'll get you taken care of. It's a little quicker. Okay. CD has everything on it from the old school AOL one-click type things for all the people like this gentleman down here. Has the XXX applications. These are the little cute ones. Of course you have to be 18 to use any of these. It's alright if I install stuff on your machine. Any questions? We'll boot into OSX. One of the first papers written is by someone who wrote it for SecureMac.com. He's at version 1.1. He's updating it daily. Going over the different services offered. What to do to make him secure. A lot of the things to do you could go to any other Unix site and learn from it but it's different for this version of OSX so it has to be modified. You don't get to run every application for Unix on it. Do you think that X-Windows calls? Yeah, so X-Windows applications are broken unless they're specifically made for it. Let's see porn. Good thing to wake up to in the morning. What's Kinky Shiites? It's done. I don't know where I save this. It's... I don't know where it's going to be. It's all screened. You just save it on your computer. Okay. I think you save it on your computer. We'll create a folder. While we're doing this, any other questions? Web Star Server Software is an excellent web server. They have a lot of CGI plugins for it. You could run full services from it. You can run your whole web server from it. It's not something you need to go to Unix or NT to host it. It offers everything that you're going to need. The military is using it. I believe it's the army. Apple ran advertisements with the tanks around the G4 saying it's secure. Web Star Software, they have a demo for download. We tried to get a hold of them to actually give away a copy but we were a little too late for it. This is my favorite application on the CD, so I thought I'd share it with you. They're just going to get the papers for the mailing list. Go ahead. There has been... There's been one or two. They're listed on Security Focus, I believe. Space Rogue emailed them to me a while ago, but we were updating things so they didn't get published. We're sent out to our mailing list, so if you're on that, you get all the things that don't make it to the website. What was the original question? The original question was... What was the original question? OSX exploits have been found. Sign up on the mailing list. You can view the archives from there, and you can read it. I'm not opening it yet. Yeah, that's not cool. Do you have the newest version of Stuff It on here? Any other questions? Go ahead. You? What's the best resource for meetings that will compile on OSX? I'm trying to get... I'm figuring out what you mean, because it's a file to do with it. When you see key parts of it, one of the best we can find, I think you have to test it into mine. There is another Mac security site. I don't know the URL, but they have gone through different OSX applications to check if they run on it. Nmap, which is a security, auditing, port scanning, fingering... You name it tool. It has been successfully ported to OSX. It's been available for every other Unix platform, so that's out there. I'm just going to put it on the desktop floor. These are just the little toys that you should have while you're working. Kind of cute, huh? They are free, so you don't have to pay for this kind of entertainment. I don't know about this one. This is the kind of stuff your boss pays you for. Next question? You had some? TCP wrapper. I believe one has been installed and tested. I remember seeing it going by a mailing list. I haven't personally done it. My Mac hasn't been able to do much for a while. I mean, it's a powerhouse, but OSX hasn't been able to be installed on it. It's 33 megahertz. It rocks. But it doesn't work. I'll go ahead and put up a list on securemac.com of other Mac security sites with the resources. You had a question? Yeah, for all the OSX applications, just hit versiontracker.com. They've redesigned their site. It looks nice. Go ahead. I don't know about any Unix host. I believe so, because it's offered, though. That is something that's covered in the OSX paper that we were going to hand out. Did you know about going to the third party and various ports in the S&E functionality with the T-Pose? I'm not sure on that. I don't know. I don't know about any Unix host. I'm not sure on that, and I don't know anybody at Apple to contact. You can't... You can't just send them an email. You had a question? Any lady? Next question? No more questions? Okay. Do you have anything on that? I don't know if it offers password hashing. What program was it? Apple IP share 6. Has anybody used that application? Apple IP share? Yes. I don't know. I don't know. I don't know. I don't know. Do you have anything off of it? So it is pretty secure as far as sniffing goes. You won't be able to pick much off of it. All right. I could demonstrate all these porn applications to you guys all day long. So just hit me with questions. Package sniffing. For the Mac, there's a couple programs out there. There's OT session washer which utilizes open transport. Not much for filtering on that. It does offer a little. Etherpeak for Windows for Mac is the most complex packet sniffing software out there. You could specify which protocol to sniff. It works great. You could get login passwords or you could just monitor sessions real time. Works great. There hasn't been any new denial of service attacks against the Mac besides. There was one for OSX. I believe it was fixed. It wasn't for the final release of it. That should be fine. The web server, just turn it off. Don't use it. That comes installed with OS8. As far as music goes, everybody's been hearing about Napster for the PC. I don't know exactly who they bought up, but they did take in a Mac version. I'm not sure which one. How about the word of the state? Part of the state was 103. I'm not sure which one. Think about Napster. Well, because we don't technically know who they bought. They link to Napster, which is the Mac version of Napster. It's done in C, I believe. All the other versions are done in real basic. They're pretty slow. But you could download all your MP3s from there. I believe they have alternative servers set up now. Napster, I believe, does. All these could be found at download.com or mp3.com. Anyone else? See now people come in. You have a question? All right. Am I? Oh, that's why these people are coming in. All right. I'll be at the back or at the front right here. CDs will be on sale here. They're $20. Full archive works great. We have the website packets for Freedom, which is the secure connections we were talking about. They're going to be offering beta testing. You could sign up for that. And we'll get a paper up here for mailing lists to see if you win any of the prizes. They're all done electronically, so all we need is your email address. Thank you.