• Apple

    Using Viruses For Good

    I get prompted any time one of my books is cited in legitimate research journals. A group of Kuwaiti researchers wrote a paper that, to quote the researchers, finds that “In a nutshell, this research indicates that there is a possibility of converting computer viruses into beneficial programs for storage space and CPU optimization.” The paper is available here: http://www.jatit.org/volumes/Vol101No10/19Vol101No10.pdf I’ve often said that agent-based device management tools (and let’s keep in mind that MDM is an Apple-supplied agent) are in a way commercially supported advanced persistent threats. After all, they have similar command and control architectures… These are often larger, monolithic architectures that grow, and so consume more resources…

  • Mac Security

    Use ChatGPT to Analyze macOS Logs for Anomaly Detection

    tldr: Posted this anomaly detector that uses ChatGPT at https://github.com/krypted/Lightweight-GPT-Log-Anomaly-Detector. Can be used untrained or with lightly trained troves of macOS system logs. Tweak to your delight… Use A number of options may need to be run in a given environment. To do so, use the following: Create a virtual environment python3.6 -m virtualenv venv Activate the virtual environment source venv/bin/activate Install the requirements pip install -r requirements.txt Create the log file sudo log show --last 10m > log-info-10m.txt Run the script log-analysis.py to parse log file and generate anomalous logs. Example usage: python log-analysis.py --log_filename log-info-10m.txt python log-analysis.py --log_filename log-info-10m.txt --use_error_keywords True --score_threshold 0.5 python log-analysis.py --log_filename log-info-10m.txt --use_error_keywords…

  • Mac OS X,  Mac Security,  Swift

    macOS Script To List System Extensions And Their State

    Yesterday I posted https://krypted.com/mac-security/script-to-list-extensions-running-on-a-mac/ to scriptify some research on App Extensions and System Extensions. I mentioned that it’s also possible to loop through /Applications or /Applications/Utilities and look for any .systemextension bundles (which includes network extensions as those are .networkextension.systemextension – and ultimately they’re all kinda’ auxiliary kext’s ‘even though’cause kexts are bad – but I digress). So here’s a script that loops through the file hierarchy supplied by $1 and then checks any found against systemextensionsctl to make sure they’re running: https://github.com/krypted/extensionslist/blob/main/systemextensions.sh In action, here are a couple of outputs of what it can look like. Per developer documentation (and with a little experience writing them), the two locations…

  • iPhone

    Screen Time And Setting Limits For Ourselves And Our Families

    Do you know how much time you spend in various apps and on your device? Do you want to gently be reminded of how much time you’re staring at screens and maybe even be limited in how much you can be lost on the screen?  First, let’s Let’s do this limiting the time you can be on the device in the first place, using a feature of Screen Time called Downtime: Open Settings Tap on Screen Time Tap Downtime Tap on and then set the start of Downtime and the stop of Downtime. Tap back on Screen Time in the upper left hand corner of the screen. Now, let’s setup…

  • Articles and Books

    Security Considerations When Selecting Cloud-Based Software

    My latest piece on Huffington Post: OMG the cloud! Everything must go to the cloud, and now! And sometimes finding a tool is about workflow. And the workflow should make sense and be awesome. But there’s an argument that you shouldn’t even keep a lot of data unless it’s kept confidential and therefore properly secured. The liability of keeping information about other people and what they do is just too great to outweigh what you might otherwise use that data for. Security matters. Workflow matters. And with the number of services out there that you can use for any given task, if any aren’t secure enough then there are probably…

  • iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    List of Safe Complex Characters for Passwords

    A number of systems require you to use complex characters in passwords and passcodes. Here is a list of characters that can be used, along with the name and the associated unicode:    (Space) U+0020 ! (Exclamation) U+0021 ” (Double quotes) U+0022 # (Number sign) U+0023 $ (Dollar sign) U+0024 % (Percent) U+0025 & (Ampersand) U+0026 ‘  (Single quotes) U+0027 ( (Left parenthesis) U+0028 ) (Right parenthesis) U+0029 * (Asterisk) U+002A + (Plus) U+002B , (Comma) U+002C – (Minus sign) U+002D . (Period) U+002E / (Slash) U+002F : (Colon) U+003A ; (Semicolon) U+003B < (Less than sign) U+003C (not allowed in all systems) = (Equal sign) U+003D > (Greater than sign) U+003E (not allowed in all systems)…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    My 16 Mac Security Advances Article On TechCrunch

    Ever since the kids from Silicon Valley went to TechCrunch, I’ve been thinking that at some point I’d want to put a piece there. Luckily, I recently got the chance. Today, 16 Apple Security Advances To Take Note Of In 2016 went up on TechCrunch. You can access the article here. The original article actually listed the year that each was introduced in order. It was a lot of work to go back in time and piece the timeline together, so since the years didn’t make it through editorial, I list them here (not that anyone actually cares): 2002: Managed Preferences 2003: FileVault 2004: Require all software installers that need system resources…

  • Apple Configurator,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Programmatically Extract Saved Wi-Fi Passwords In OS X

    Previously, I covered how to Programmatically Obtain Recent Wi-Fi Networks On A Mac. But, here I’m gonna’ go a step further and look at how to extract the password for a network as well. The two are stored in different locations. The recent networks are in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences defaults domain. If you pull one of those, then you can use the security command to extract the password itself. security find-generic-password -ga "Krypted Home" The output is as follows, showing everything that is tracked about this network in the keychain. keychain: "/Library/Keychains/System.keychain" class: "genp" attributes: 0x00000007 <blob>="Krypted Home" 0x00000008 <blob>=<NULL> "acct"<blob>="Krypted Home" "cdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000" "crtr"<uint32>=<NULL> "cusi"<sint32>=<NULL> "desc"<blob>="AirPort network password" "gena"<blob>=<NULL> "icmt"<blob>=<NULL> "invi"<sint32>=<NULL> "mdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000"…