Comments on: Security glitch exposes OS X account passwords
A new OS X vulnerability, which Apple has not yet fixed, lets an attacker snatch the password from an account that's currently logged in.
Most Popular
15 sites that went kaput in 2009
Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.
Top 10 news stories of the decade
Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.
About News Blog
Recent posts on technology, trends, and more.
Add this feed to your online news reader
It's shocking how many people refuse to install updates.
This issue for example is described as a 'glitch', a term commonly used to describe very minor issues. This issue however is quite severe as it leaves passwords in user accessible memory with no attempt to obfuscate them. Go pick up any security book and chapter one tells you not to do this.
Had this been found in Windows, the title surely would have been: "Critical security flaw in Windows exposes account passwords"
It would be nice to read unbiased news every once in awhile.
"cold boot" paper last week describing unrelated vulnerabilities in
encrypted filesystems, including Apple's FileVault, Windows Vista's
BitLocker, and a number of open-source ones."
Didn't anyone catch that Windows was mentioned? And it wasn't
singled out over the Mac. Windows/Apple fanboys need to chill out
and just focus on security.
Any OS is equally vulnerable when physical access is involved, and I think you'd notice someone trying to compromise your machine by that manner.
/P
If you had turned off your Macbook first then done a cold boot, would the exploit still work? Probably not.
"Turning off your computer and waiting a minute or more protects you from this attack by giving the contents of DRAM time to decay."
And in terms of physical security, there are different levels of vulnerability. If you use FileVault and the computer is locked with its screen saver turned on, you probably don't expect the account password to be accessible.
So if you're using either of those tools, assuming that the attacker has physical access is a valid assumption. i.e., if this is the line of defence separating the attacker from your data, the attacker already has your machine!
attack threat.)"
Actually, setting a firmware password will also mitigate the iPod
attack.
My computer will ONLY boot from the internal hard drive without a
password; then requires a password to log in. It won't boot into
Target Disc Mode or from the OS install DVD without a password.
btw, is your name really Andy Kaufman? I laugh just thinking about
him.
With the risk level to the attacker now fully assessed (damned high), I doubt we'll see anyone attempting it on a criminal level any time soon.
/P
supervision, I expect that my computer can be hacked. If not in
this method, than in myriad other ways. It's a no brainer.
The only way to prevent this is to disable your internal HD, use
an external for everything, and take it with you no matter what,
in essence making the computer a dumb machine. Of course,
then someone can steal your HD and plug it in, clone it and
crack it at their leisure.
The moral? Don't let people have access to your computer
without supervision. :)
leave you alone with it. You have to find another way. But it's on
the internet, right now, and with enough work, you can probably
find out what IP address I'm writing from. So have at it!
Hey, now it's not so easy... ;)
sweat much until a patch is released :)
to extract them from NT4.
I'm sure the situation has improved but why take the chance?
Translation: "a great track record of being such a small platform that very few people care about cracking us. That's why at Apple we're focusing on selling lots of iPods, and not lots of computers, because we wouldn't know how to live in that world."
I don't envy MS the challenges they must have dealing with
security on their platform. But Apple is selling more computers
than ever, and it's clear to everyone that one of the big
advantages is that they have done an very good job of keeping
up with security issues. If the Mac is more secure in part
because it's less ubiquitous, it's stil more secure, and that's a
good thing. It doesn't mean Apple can't compete. I don't work
for them or own stock or anything and I don't think Steve Jobs
walks on water. Just so you know.
easier way to break the password encryption.........Instead of doing
all this stupid stuff freezing RAM, all you have to do is pop an OS
DVD in the drive, boot up from it and change the password there.
Who needs all this crap....
can be used to reset an admin account password. This gives a
nefarious user admin access to the machine. But if there is an
account on the machine, admin or no, using File Vault, then
FileVault has encrypted the date using the login password.
The admin user can reset the login password for any account on
the Mac, but he can't recover any existing ones. Thus there is no
way to recover FileVault data using the boot-DVD.
Once a user has physical access to your machine (like to rip out
DRAM), then unless you are using FileVault or some other form
of file encryption, all bets are off in terms of data security. For
example, the nasty person could plug in a FireWire cable and
start your Mac up in Target-Disk mode, which would let them
clone the whole darn thing if they wanted to.
On an almost marginally related note, I believe Apple should
ship the computers with two accounts by default, one for user
work and one for admin/maintenance.
And Apple makes no secret about this.
If you own the original system install DVD, you own the computer!
Windows 2000 to XP (haven't tested on Vista)
- CD Rom that boots into a linux kernel that allows me to reset the administrator password.
Novell NetWare 4.x & Greater
- Program that I can run from the console which builds a new user at the root of the tree
Linux
- Boot into Single User Mode and reset password
As many have said. If you have physical access to the box you can do just about anything under the sun.
dw9
admin for day to day stuff.......so if they can only get the passwords
from the active profile then who cares?
If you can get your hands on a computer that's logged
on.....wouldn't you have access to everything anyway?
It is an admitted potential break-in point, but honestly, it's pretty convoluted and low priority at best.
After all, If I have to reboot a machine to get the contents, I could just as easily use a live CD to modify the Windows SAM account file and get whatever I want out of that... which has been the case ever since Windows NT came out.
Point is, anyone with physical access to any machine will have the contents of it.
/P
Seriously, the removal of the DRAM chips is extremely sketchy
because it would require the DRAM chips to almost immediate
be placed, in correct order, into a container providing power,
and access.
Downloading the DRAM memory ... I think this tactic pretty
much will work with most computer systems. Not downplaying
the resourcefulness, and usefulness of this tactic, but
opportunity is a HUGE issue.
Bottom line. If someone went to resorting to these tactics, all
they need is a spy-camera to watch you type in your password.
This "security" issue alarm is a little far-fetched for 99% of the
people using their systems. This story illustrates alarmism
inching into the under-cover agent realm. In which case, there
is almost no security, if you are a target.
I still enjoy OS X the best, my machine can take 16GB of ram, the older G5 powermac and I have 4.5 installed and it creams!!!! leaves everything in dust and it's based on the older PowerPC processor the 2GB dual CPU model.
I can edit video, sounds and many other apps in real time, flawlessly, no waiting for stuff to happen or catch up. I have a PC at home too, I keep it for work, that has 4GM of RAM and it still sucks! It still crashes, it still freeses, SO take that to the bank.
example of story with limited legs. At least on this point. The
"glitch" describes a physical assault in which the "hacker" already
has you computer, a computer that is turned on, and logged on.
Too late. Nothing is going to protect you from that.
the machine - this couldnt happen on fast user switch.
2) There is no way loginwindow stores memory on logout
because it relaunches,
3) loginwindow does not enter the password no more - the
application which does that is SecurityAgent.app
4) autologin is probably turned on. that is the only reason the
loginwindow would need the password - which is stored on
disk. the best way to "break" into this machine is to reboot.
Apple clearly says that autologin is nonsecure.
if logged out there is no store of memory.
with physical access any machine can be broken into. without
the firmware password there are much easier ways of getting
into OS X than this nonsense. Muppets.
uGd&45nmn7S2 is just as easy to nab from memory.
- Security improvment for Windows PCs and Macs.
- by ralfthedog February 28, 2008 3:23 PM PST
- I would love to see a firmware update that writes 0s to your ram on boot. (That is ram, not hard drive)
- Like this Reply to this comment
-
-
- RE
- by unknown unknown February 29, 2008 2:53 PM PST
- One of easiest solutions seems to be to have programs and OS's just over write the memory used to store passwords and encryption keys when they're not need anymore.
- Like this
-
- True
- by DrtyDogg March 1, 2008 10:03 PM PST
- It should be implemented
- Like this
-
Showing 1 of 2 pages (88 Comments)The other problem is preventing keys from being paged into virtual memory.