Hey,
I've been having some funny issues with Chrome today. Could someone have a look at the following file I found in my /var/db directory? It doesn't appear to be an Apple script, and in fact there's only two exact Google matches for that file name. So I'm a bit puzzled where it came from. I don't want to put my tinfoil hat on just yet, but if I'm not mistaken this header appears to be spoofing the credentials of an Apple server.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>event</key>
<string>reject</string>
<key>timestamp</key>
<date>2015-12-17T02:17:11Z</date>
</dict>
</plist>
Any advice would be appreciated. For what it's worth, there is a corresponding event in my console from earlier this evening that reads "12/16/15 5:52:38.023 PM ntpd[175]: time set +0.302704 s."
I've been having some funny issues with Chrome today. Could someone have a look at the following file I found in my /var/db directory? It doesn't appear to be an Apple script, and in fact there's only two exact Google matches for that file name. So I'm a bit puzzled where it came from. I don't want to put my tinfoil hat on just yet, but if I'm not mistaken this header appears to be spoofing the credentials of an Apple server.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>event</key>
<string>reject</string>
<key>timestamp</key>
<date>2015-12-17T02:17:11Z</date>
</dict>
</plist>
Any advice would be appreciated. For what it's worth, there is a corresponding event in my console from earlier this evening that reads "12/16/15 5:52:38.023 PM ntpd[175]: time set +0.302704 s."
