 Welcome to the annual Defcon Goodbye Channel. This meeting was held at Exciting Las Vegas, Nevada from July 9 with the 11, 1999. This is video tape number 31, Macintosh Security. Today we're going to introduce the next speaker, but I wanted to give a little background on what's been happening in the Macintosh scene, as it were. A lot of people seem to think that Macintosh is unhackable. I read this numerous times recent article by Adam Penenberg that quoted somebody. They said, oh, you're a machine with a Mac. Well, it's not true, it never has been. Back in 1, 2, when the law first started, I started a Macintosh cracking archive, a hacking archive. It would keep little programs, little tools, Mac versions of crack for a new pack of cracking and other various tools. They were all for free, which was big back then. Some of the ad-ease crackers for Macintosh. I just put them up on the FTP site. Everybody laughed at me when I did it, and the other law members no much was like, nobody wants that stuff. We put it up, and it was immediately a big hit. A little torn in my FTP archive was taken over by people just downloading stuff, and it was really amazing. I was really surprised at how well it took off. Eventually, the RACMAC archives moved on to the web from the straight FTP server, which was now running MacSE. We moved on to the web, I webified the entire site, put links up, and the archives kept growing and growing. We released RACMAC archives CD volume 1, which is now sold out, has been for a while, and there will not be a volume 2. A very, very popular site. I was very surprised at how many other people out there were working with Macintoshes and doing that sort of thing. So it's a very popular type topic. It's unusual because you don't hear about it very often. You hear more about the NT, the Windows, Unix, maybe I've ever talked about Mac OS. So RACMAC is going strong, it's doing well, lots of hits, lots of people looking at it, downloading stuff, uploading stuff. The RACC released a CD, a thousand copies sold out. But my interest started to go elsewhere, and RACC has sort of fallen by the wayside as I've taken over Hacker News and some other duties. Unfortunately, RACC hasn't been updated in a long time. A lot of people have sent me an email saying, hey, when are you going to update RACC, when are you going to get new files up, when are you going to do this, when are you going to do that, fix the broken links, etc., etc. So I'm going to get about a mile on that. Unfortunately, I don't have time. When RACC started, it was the only resource to get Macintosh utilities. And so, I felt it was sort of a duty to put it up. But lately, recently, last year or two, we've had some other people who have sort of taken over the league, as it were, for Macintosh hacking. I mean, that's who's here today. The Freakings Macintosh Archives and SecureMac.com is now the probably the premier Macintosh hacking sites to get your information and your tools. So, what I'm going to do today is I'm going to officially declare the RACC Mac Archives in Mothballs. It's not going to go down, I'm not going to take the site down, I'm not going to move any of the software that's up there. But I will officially Mothball it so that people won't expect it to be updated. And I'm going to link to Freaky here, Freaky's Macintosh Archives, and basically pass this embarked upon from my archive over to his, so that we can now have an official site or resource where you can get your Macintosh information. So, without further ado, I will introduce to you Freaky from Freaky's Macintosh Archives. Alright, I don't know how many of you people actually own Macs, or how many people just... Alright, I'm going to go over some different stuff here, Macintosh security, what Mac OS offers in security, the programs out there, and the people who make the security programs. So, alright, stuff. Okay. Damn mouse. Alright, the security software out there from the Mac, it's pretty simple, it's stupid. People who put out the software out there don't put any time into it. They actually just do it for the money. Yeah, there we go. There's a few companies out there that actually have worked with me and Freaky's Macintosh Archives, SecureMac.com, to improve their software. Freaky's Mac Archives puts out the cracks for all different things. One of the software out there made by PowerOn Software is called OnGuard. Right now, they are, in my opinion, one of the best software companies out there for the Mac, because they actually care about it. Most of the other software companies out there just kind of say, I don't care, your site's nothing. So, when OnGuard was released, it kind of just removes the wonderful little encryption that it uses. And a couple days later, they fix that and made it stronger. And this isn't my computer. All right. Magic Key is an Apple Talk boot-force cracker. It's made by someone named... Yeah. It's made by System Cowboy. He's worked with me in creating some of the software out there. He's one of the people that keeps Freaky's Mac Archives running, because people check back daily to the site because they want to know what's out there. What this program does is it boot-force attacks the Apple Talk password file for the server, which we're not running on here. And it spits out the passwords. Pretty nifty stuff. All right, other software out there, like Ad-Ease. Who out there actually uses Ad-Ease still? Nobody? Yeah, Ad-Ease, man. Ad-Ease is the simplest program out there to actually bypass. There's a hundred different ways. System 7.6 is going to have a kind of... It's going to have a beefed up version of Ad-Ease that supports encryption and other nifty stuff like that, so they're going to try to bring it back. Different ways to bypass Ad-Ease. Start up this spacebar, shift key, fire replacement. Turn it off. And who out there uses foolproof? One person? All right, foolproof is kind of fun. School districts like to use it. K-12 environments and some spiffy agencies out there didn't want to be named. But they use it for their security environment and most everybody has come to realize that it's not secure. And the ways to get past it, there's programs out there that'll decrypt the password. There's, again, the startup disk, spacebar, shift key, fire replacement. It's hot in here. All right, for remote security, like, your Mac is pretty secure remotely unless you actually put something on it that makes it insecure like a server. Program out there made by Parallon Software, screen-to-screen. It's like Timbuktu or PC anywhere. Somebody named Prozac made a crack for it. It'll let you log on as a minister from any computer. Parallon Software doesn't know about it yet. But it'll be out there. And the school districts really use it a lot to watch people. Another one out there is made by a guy named Guido. Remote admin extension. Has anybody ever used that? That's a cool program. His new version has keystroke logger. What it basically is, it's like back orifice. What you guys know, it's a little extension that sits on the computer and lets somebody log in remotely, take control of the computer, do file sharing, all that other stuff. He kind of retired doing that, but I'm sure his source code will be out there. I mean, he could have used a better programming language, but it's kind of cool. For web servers, the one that comes bundled with OSA is the MS personal web server. That's cool. There was a denial of service attack for that. It was fixed pretty quick. Another problem I noticed with it is when I tried to remove it, I left one of the extensions on and my computer wouldn't start up ever again. It's a good server. Why 2K problems for the Mac? It's not going to be any. So all you Windows people, everybody else who has problems, get a Mac. I started in the Mac community because Riesel site was turning down and I wanted to do the best site out there, so I put up the site. SecureMac.com is a Macintosh security site that covers it in the nice ways, so school districts and teachers and parents won't get pissed off if their kids are looking at Freaks Mac archives. Let me see if I have that locally, maybe. I was supposed to have a tower computer down here, but it never got down here for some reason. So thank you and thanks for the guy who let me use this computer. NoGuard, what this program does, it's for Power On Software's OnGuard. It has the emergency code when you log in. When you have OnGuard on your computer, you'll see the login screen. If you type in emergency, it will come up with the code. You're supposed to call Power On Software and tell them they'll give you a recovery password. This program does that without you calling them so anybody could mince for their password again. That was cool. Alright, for other Macintosh security programs, there's MPower Pro that's used in more professional businesses. It's pretty cool software. It's rather secure compared to the other ones. I can't use the mouse. Some other things I like to talk about are alternative OSs for the Macintosh. These make the Mac environment more or less secure. Rather less secure because you're dealing with multiple platforms and each one has your own security problems. OSX has its own problems. You're dealing in both BSD environment and Mac OS environment. As far as server, it's very cool. It works really well, but you have twice the security to deal with. That's a denial of service attacks against it already, which will be on Freak's Macintosh archives in the morning. There's one exploit for OSX right now. It's just a CGI buffer overflow which makes the computer go wacko and it dies. But there's going to be more out in the morning. There's going to be a remote kind of exploit to get root. That'll be out in the morning or the day after that, whenever I wake up. Other software out for the Mac that I suggest you use if you want to get more into the security part of it ResEdit, which is a resource editor, which is good for changing stuff. If you have that on a floppy, it'll save your life sometimes. MacBugs, good for the people out there who like to crack the software. I don't know who would do that, but it's out there. MacPaint, because it's the best little art program out there in Resources. As far as the remote and main extension, Widow has gotten a girlfriend, so he's kind of turned over the project and realized that real basic sucks for a programming language. So that's going to be rewritten by somebody named More information will be on the web page tomorrow. A nifty little program that's going to be out is going to be called Fink. It's made by a guy named Jindal. He's helped me out a lot. There's money of exploits and denial of service attacks. Everything's supported for Unix, for Windows. This guy's making a program that'll change the Unix source code and allow it as a plugin and you'll be able to do all of that from nifty attacks, root, all that stuff from your Mac. So you just drop it on the folder. A little bit of tweaking need to be done, but he's all up for just doing it. It's pretty cool. For all you people who like to look at source code, you can take a look at that. It's made by Prozac. It's a pretty cool program. It cracks Authenticate, which is a Macintosh security program. Another one of those programs that were made to make money. As far as keystroke, logger's detection, there really isn't any internet detection intrusion software for the Macintosh. There's schools. Everybody has problems with keystrokes, keyloggers. You can't tell when they're installed. You can make it so it's not noticeable. The program will be released on that to actually remove and show the log files for it. If you have, like, invisible erases on your computer, you make it invisible. You change the extension name to some system-signing name. You can, like, log everybody's strokes forever. Are there any questions? Hotline servers are kind of secure. They actually update it once in a while. Hotline communications is nifty. Check out Karacho. Karacho is a file transfer program like Hotline, chat, everything. It is good. It supports multiple servers. People use it to download shareware and other programs like that and to meet people. Hotline, there has been some insecurities with it, making links to people's hard disks so you can actually download anything from their disk, upload a file, whatever.lnk, and you'd have access to that. As far as denial of service attacks, there have been a few for mostly just sending login requests and server requests. They have a program somewhere. There's a program on my website, which isn't here, but it deals with hotline security. It has a good document on it and how the actual protocol works for it. It's good to look up at. Anybody else? The Apple Network Assistant. Yeah, I haven't used it for back orifice type stuff. We'll have people take a look at that since it's cool. Anybody else? How secure is Mac DNS? I'm not quite sure about that. I haven't really dealt with Mac DNS. There has been a lot of good reviews for it as far as software, but those don't matter. There is a poisoning attack for most DNS servers. Is there one for Mac? What is it? Anybody else? My address is freaky.staticusers.net. Freaky, F-R-E-A-K-Y, that's staticusers.net. Or www.securemac.com. Your choice. Anybody else? All right. Would anybody like to know about any other security products that they may use in their office, work, home? All right. F-Secure does. There was a new version of BetterToma SSH that came out about a week or so ago. So they've been working on that. Hasn't been very complete or successful yet. Excuse me? For the Mac? Cool. F-D-Telnet? Nifty Telnet. All right. Yeah, I've used that. Nobody could use it in the US. The US don't do it. Anybody else? Any suggestions of what I should talk about more? Besides what? Throwing out a window? Is it a Mac? Fun, malicious things you could do to a Mac. Well, it depends on how smart the user is who uses it. There's extensions out there that I'll just screw with their minds. Malicious things. Put keystroke logos on it. Put remote and extension on it. You could really screw with people's minds. If there was a network, you could send up messages and other things like that. There's an extension control panel out there that'll make your Mac look like windows. I do know something called GoMac. It'll give you a little start-by as far as a full display. I'm not sure of that. GoMac sucks? I don't think so. Guy, come back. So don't use GoMac. Suggestion of that guy over there? Woo-hoo! Now we start. No, I, no. Any other questions? Any software? X server for Mac, a good one? There's one you don't have to pay for. Go to Hotline, look for a shareware version. And I think it really grossed. Hold on. This thing's rock. Yes, there is. When the Macs read the disk, there are viruses out there. There haven't been any new viruses out there for the longest time. So any cheap program like disinfectant, which has been discontinued for about a year, it will catch it though. And you can execute on it. Unless with the B-tree on it. There's a little fun and annoying stuff like that. And more Mac virus stuff. Alright, I need some technical support here. Yeah. Alright, we're going to reboot into Linux. An alternative OS, maybe. I'm trying to find the power key on this little socket. Power key. No go, I tried it. Oh, that was the enter key I was holding down with it. How long do you expect to connect with us? Within a week. I was told by some member of some group that it would be open, the source code. So that'll be out within a week from some of our pro-owners. There's a program out there currently, Macbac Warshes. It doesn't support really anything. But it'll still let you connect. So you could be cool and own Windows boxes. Any other questions? Yep, you're on the corner. Alright, give me this. Sure, of course. Password protection program, as far as startup or file security. Arm guard. It works pretty well even though it's easily hackable. I'm going to port stuff. Do that export. Oh yeah, we won't export outside of the US either. Cool. So, go to hotline. Yeah. Oh yeah, this is a pretty cool computer. I'm taking it home with me. Any questions? Private file. I haven't actually checked on that, but I did email the author of most of the encryption programs out there. And I remember getting a not-so-technical response back. A generic. Hey, it's secure. So, if you trust him. Any other questions? I'm a hat. Alright, now that we're back up again. Key killer is a program for keys off. All it does is go to the pref file and cracks it. And it turns keys off for extension 1.3. And of course, the company of the software company hasn't made a crack for it. Fixed for the crack yet. You have any questions, sir? Anything else? I don't know any offhand, but if it is, it'll be on the site. Freaky.staticusers.net when I wake up. So, what other software programs do people use out there in their home and office? WarDialers. Okay, as far as WarDialers, a guy named Simon says, is he in the crowd? You want to come up here? He was actually going to demonstrate. Seek and destroy 4. Okay, I have three discs for special people out there. Seek and destroy 4. It's a new WarDialer for the Mac platform. All the way in the back. In the front. And off of it all. Yeah. Let's see. It'll be up on his site when he wakes up also. If you want to get it, if any of you know Apple communications, they'll probably have it. Ebola, run by a vaccine. He's, I don't know if he's in the crowd. Okay, good. Apple's dead. Thank God. You can get it at Ebola or on Krocho. I run a Krocho server called... Yeah, Apple's dead, jackass. Sorry. Yeah, you can get it on Acid, which is acid.msc.net, I believe. Okay, I'll see if this is actually the test that has it. Does it have a flopper? No, it doesn't. Okay. Well, since we don't have a computer here to use it, I'll just talk a little bit about it and what it's going to be leading up to. It's new. It actually works as an easier interface. I don't know. Let's see where to go. Sorry, I remember because I have to look at it. Future release is actually going to support multiple modems. It doesn't have... It's not like a super duper, like any change from any loadout that's out there now, except that it's kind of like the predecessor, or it's going to be the predecessor of the Lightman project, like it's kind of in quests it's working on. The Lightman project is actually going to be... He went out to make the best loadout for the Macintosh and add features that other systems have that us poor MacLS souls don't have in a word that way. It's going to support area code databases. You can see it's going to have... So you can stick on a wave file or a simple send or whatever and say, oh, I'm sorry, wrong number. So when you call it, it'll just play that if it doesn't get a carrier. Probably going to fax recognition. It's going to have a blacklist so you can type in local numbers of where don't dial 911, don't dial the police department or your local federal investigation places. Also it's going to have a terminal which is going to show you everything that's being sent to the modem so if there are any problems you'll be able to figure it out and take a look at. Easy to read out. It's not just going to be a bunch of gobbled text with empty boxes in there and wondering what else is going on. Trying to think what else it supports. Any questions so far about it? Right now it's in beta, beta 3. It's private so you can't get it and you won't get it until it's public data. No, that's... You can distribute that. Any questions at all? I know what else to say. No, walk on. They all stick in the CD drive. No. Okay, that's about it for that so if there are no questions I will start making beatbox noises until the microphone in three seconds. Two. One. Thank you very much. Support your local freakers and... One question. You mentioned you can play wave file on getting a carry. Is that support for all modems? Right now I don't have any kind of beta that has that feature supported yet. He's working on it. That's not on Seek and Destroy. Seek and Destroy 4 by the way is based on Seek and Destroy 3 by Boris at Dillon.UK. It's on the what all about screen. Basically requested. He checked out the source and he basically rewrote all of it and he just called it Seek and Destroy 4 because it was based on the other guy's code and yeah, that's about it. For beatbox noises, we're just going to sit down now. Thank you. Any other questions? Yep. I have no clue what you just said. Oh yes, there's lots of those. They're on freaky.staticusers.net. And they work very well. They're old. Now like, BTNMF has changed at all. So now I'm in the progress of porting stuff over. VO2K. Bad. Anyway, while this is going I'd like to thank you all for coming. I'm kind of out of stuff to say. Port scanners. AG Group has put out one. PC, Mac, whatever. It works very well. There's BP scan which scans for remote vulnerability made by a group called Broken Pipe who dropped the project. Logic made one. Again, all this stuff is on my site and you can search for it and you'll find it all. What's that address? freaky.staticusers.net Anybody else? Can you sniff? Yeah? There you go. Yeah, Etherpeak, their demo has expired even when you download it from their site so go to Hotline and look for it. Yeah. There's some down there. Hell yeah. Any other questions? I don't get one. Getting kind of personal, aren't ya? I love it. Alright, thank you all for coming. Goodbye.