IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Saw that, but…
Ashton is actually convinced—on what does not appear to me compelling evidence—that the bad guys compromised his machine via a used iPhone beginning five years ago.

I made a house call to A’s rustic cottage in the wine country over the weekend in hopes of resolving his real or fancied security issues. I came away persuaded, if not certain, that his concerns are largely misplaced; he in turn was genially unconvinced by my assurances. I was, I think, able to demonstrate that at least some of the symptoms he believed to be evidence of hacking were no such thing, and stemmed from misconceptions about the Mac UI, and particularly about the way the “Dock” works, in one instance invoking on my own unconnected MBP a piece of visual feedback he’d considered damning evidence of outside interference.

There were other issues. His password recording hygiene (my own is not flawless) could be better. It took us a few attempts, where successful, to go places we needed to go. In other instances, we came a-cropper. His supposed iCloud password, revealed in Keychain Access, was a string of gibberish, and not the familiar characters he recalled. The string of gibberish, carefully entered (on the new machine, using my phone as a WiFi hot spot), was not recognized. Easy-peasy: enter the phone number associated with this account and Apple will help you reset the password via that device. Er, the phone was believed compromised, as mentioned above, and so the service was cancelled. Got a sort of Gordian knot thing going here.

Ashton believes that he is being hacked via AirDrop. Research suggests that AirDrop has an effective range of about ten meters, so unless the one neighbor within that distance is the author of his grief, this seems as implausible as his earlier Bluetooth model. He also asserted that the new iMac had also been infected, and that a dodgy icon for “GoToAssist”* (which I was able to remove from the old unit) had appeared in its dock. It was not there when we turned on the machine; nor could I find any evidence that the software had ever been in residence.

I append here a snippet from the Terminal app that, saith A, appeared unbidden on his screen the other day, although it appears to be a record from a month ago. It alarmed him deeply, and he takes it to mean that the baddies have been changing his passwords (I saw no evidence of this in Keychain Access). I’ve screenshotted and redacted it:

“terminal”/

I see another house call in my future, because we’d left some issues unresolved, including the cabling configuration for his television/internet setup, by the time Lina, her errands in nearby Sonoma discharged, arrived to retrieve me. I’m particularly keen to determine which of the two “xfinity” wireless networks detectable from the premises is his: my money is on the unsecured one.

cordially,

*My understanding of this tech is, to put it mildly, imperfect, but if some external bad actor were actually fucking with A, GoToAssist, which some techie apparently installed on a consultation years ago, would seem a likelier channel than some of his other candidates.
New Bummer.
It's good of you to try to help. Here's hoping it gets resolved soon. Ashton must be quite stressed about it. :-(

(I'm not seeing your avatar picture nor the "terminal" image in your post - just broken link graphics. I don't think drook's avatar picture shows up either.)

Cheers,
Scott.
New Images
Odd…they show up from here. Try the link:

www.rcareaga.com/mystery_term.jpg

visually,
New OT: broken images
That is happening because the forum pages are now https and most modern browsers now won't show embedded images that are http.

Wade.
New Ah. Thanks.
     FFS Ashton - (rcareaga) - (21)
         buy a $9 crap usb keyboard problem solved -NT - (boxley)
         There's insufficient brains on the keyboard to do it - (pwhysall)
         Process IDs - (scoenye) - (12)
             I’ll pass this on to him - (rcareaga) - (11)
                 This reminds me of - (crazy) - (9)
                     Yes and no - (drook) - (1)
                         No idea. 20 plus years ago -NT - (crazy)
                     Similarly, ... - (Another Scott) - (6)
                         very normal -NT - (boxley) - (2)
                             Yeah. - (Another Scott)
                             Yeah we both reacted like that - (crazy)
                         It's almost as if... - (pwhysall) - (2)
                             That goes under the heading of : holy s*** - (crazy)
                             Yah. NetBIOS has a reputation for being very chatty. -NT - (static)
                 End users should never look at system log files - (pwhysall)
         Most likely unrelated, but you did say "new". - (mmoffitt) - (5)
             Saw that, but… - (rcareaga) - (4)
                 Bummer. - (Another Scott) - (3)
                     Images - (rcareaga)
                     OT: broken images - (static) - (1)
                         Ah. Thanks. -NT - (Another Scott)

Truly, you have a dizzying intellect.
68 ms