Re: [Fed-Talk] Paranoid or what
Re: [Fed-Talk] Paranoid or what
- Subject: Re: [Fed-Talk] Paranoid or what
- From: Shawn Geddis <email@hidden>
- Date: Wed, 18 Jan 2006 18:32:22 -0500
/usr/sbin/ocspd
This is the "Online Certificate Status Protocol" daemon that
processes ALL Certificate Validation. This handles both CRL -
Certificate Revocation Lists & OCSP - Online Certificate Status
Protocol validation of certificates.
You configure which CRL or OCSP or even both CRL & OCSP validation
you want your client to perform -- along with if it is required, off,
or best attempt. This is configured under Keychain Access--
>Preference->Certifricates.
http://searchsecurity.techtarget.com/sDefinition/
0,,sid14_gci784421,00.html
Mac OS X 10.4.x provides client-side OCSP, while server side is
provided by one of the following vendor products of your choice:
CoreStreet http://www.corestreet.com/
Tumbleweed http://www.tumbleweed.com/
It is good to be paranoid, but this is not an item you need to be
paranoid about...
-Shawn
On Jan 18, 2006, at 6:22 PM, Michael Pike wrote:
Ok... this whole screen not locking after 10.4.4 and nobody else
having the problem really concerns me.
I did a (at the shell) process monitor (ps aux), and didn't notice
anything weird other than:
/usr/sbin/ocspd
There is no manual entry for it, and when run directly it just says
"Abort Trap".... after a reboot, my machine now locks properly upon
screen saver abort.
I'm not in a high security agency, but it strikes me as very
peculiar that my computer sat all night on a screen saver and when
I came in in the morning didn't require a password, even though I
rebooted after the 10.4.4 update.
I use Filevault as well for file protection, but I am worried that
perhaps a key logger or something may have been installed.
To my knowledge, to install an application they would still need my
admin password, but they could install a binary application at the
shell level and effectively install a key logger or some other type
of malware without an admin password considering they potentially
had access to my account and shell.
Does anyone know what this OCSPD application does? We had some
linux machines at one time that got the "froggy" bug (showed up as
frgy in process monitor) that would capture passwords and email
them out.
Would it be overkill to rebuild my machine from scratch, or is
there an easy way to determine if something has been placed on here
to capture keystrokes, keychains, etc.
Singing - "I always feel that.... somebody's watching meeeeeeeeee",
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
- Shawn
___________________________________________
Shawn Geddis T (703) 264-5103
Security Consulting Engineer C (703) 623-9329
Apple Enterprise Sales email@hidden
Apple Computer, Inc.
1892 Preston White Drive T (703) 264-5100
Reston, VA 20191
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden