ocspd & Mail : was [Fed-Talk] Paranoid or what
ocspd & Mail : was [Fed-Talk] Paranoid or what
- Subject: ocspd & Mail : was [Fed-Talk] Paranoid or what
- From: Michael Kluskens <email@hidden>
- Date: Wed, 1 Feb 2006 11:40:40 -0500
I got a serious problem with ocspd, it is seriously killing my machine.
Today ocspd took up 550 MB of Real Memory.
I can't imagine what that would do on a standard Mac configuration of
512 MB RAM with ATA/IDE hard drive.
I have 1.5 GB of RAM on a Dual G4 1 GHz with SCSI root drive and the
swapping is killing me whenever I try to open a signed email message.
Michael
On Jan 18, 2006, at 6:32 PM, Shawn Geddis wrote:
/usr/sbin/ocspd
This is the "Online Certificate Status Protocol" daemon that
processes ALL Certificate Validation. This handles both CRL -
Certificate Revocation Lists & OCSP - Online Certificate Status
Protocol validation of certificates.
You configure which CRL or OCSP or even both CRL & OCSP validation
you want your client to perform -- along with if it is required,
off, or best attempt. This is configured under Keychain Access--
>Preference->Certifricates.
http://searchsecurity.techtarget.com/sDefinition/
0,,sid14_gci784421,00.html
Mac OS X 10.4.x provides client-side OCSP, while server side is
provided by one of the following vendor products of your choice:
CoreStreet http://www.corestreet.com/
Tumbleweed http://www.tumbleweed.com/
It is good to be paranoid, but this is not an item you need to be
paranoid about...
-Shawn
On Jan 18, 2006, at 6:22 PM, Michael Pike wrote:
Ok... this whole screen not locking after 10.4.4 and nobody else
having the problem really concerns me.
I did a (at the shell) process monitor (ps aux), and didn't notice
anything weird other than:
/usr/sbin/ocspd
There is no manual entry for it, and when run directly it just
says "Abort Trap".... after a reboot, my machine now locks
properly upon screen saver abort.
I'm not in a high security agency, but it strikes me as very
peculiar that my computer sat all night on a screen saver and when
I came in in the morning didn't require a password, even though I
rebooted after the 10.4.4 update.
I use Filevault as well for file protection, but I am worried that
perhaps a key logger or something may have been installed.
To my knowledge, to install an application they would still need
my admin password, but they could install a binary application at
the shell level and effectively install a key logger or some other
type of malware without an admin password considering they
potentially had access to my account and shell.
Does anyone know what this OCSPD application does? We had some
linux machines at one time that got the "froggy" bug (showed up as
frgy in process monitor) that would capture passwords and email
them out.
Would it be overkill to rebuild my machine from scratch, or is
there an easy way to determine if something has been placed on
here to capture keystrokes, keychains, etc.
Singing - "I always feel that.... somebody's watching meeeeeeeeee",
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
- Shawn
___________________________________________
Shawn Geddis T (703) 264-5103
Security Consulting Engineer C (703) 623-9329
Apple Enterprise Sales email@hidden
Apple Computer, Inc.
1892 Preston White Drive T (703) 264-5100
Reston, VA 20191
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40nrl.navy.mil
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden