Comments on: Security glitch exposes OS X account passwords

A new OS X vulnerability, which Apple has not yet fixed, lets an attacker snatch the password from an account that's currently logged in.

[Gromit801]

Access

If I have physical access to your machine, and a boot/install disk, I
can wreak havoc.

This is nothing new.

If someone had physical access to my machine, I have a LOT of
other issues to deal with.

[pjonesCET]

what a Dumb A... thing to do.

describe how to do it with pictures no less

Are you people crazy!

here you report on a serious security breach , describe how to do it and even show step by step pictures.

Anyone using proper brain cells

[Vegaman_Dan]

It has a purpose

Nobody can deny the exploit exists, let alone Apple who often doesn't acknowledge the existance of security risks like this.

I expect they will quickly try to fix the issue, but while identifying the issue is one thing, fixing it in this case may be a bit more tricky.

I have to give kudos to CNET for this. They've gone after Linux, Windows and OS X for security issues before.

I wonder if this affects BSD and Linux as well? They use a very similar architecture for some of this. Perhaps Penguinisto can expand on that. I expect they aren't exposed, but I really don't know.

Penguinisto- any ideas if this issue with OSX would work with *nix flavors?

[kelmon]

Eye Opener

As an existing Mac user, I'd rather know about this than not and am
honestly grateful to CNet for publishing this information. I
certainly have never considered OS X to be impervious to attacks
(the steady release of security updates shows that there are flaws to
be exploited) but seeing exactly how it can be achieved lets you
know what the risks are in a realistic way.

[unknown unknown]

RE

Remember you actually need physical access to the machine and an active user account. Securing a computer against someone with physical access to the machine is very difficult, even without this particular problem. There are lots of places that post details of securities issues and even exploit code. Ever been to SecurityFocus? Heck Ed Felten, the Princeton CS professor, just released an academic paper called Cold Boot Attacks on Disk Encryption, which similar to this issue (keys stored in memory being retrievable).
http://citp.princeton.edu/memory

[Kings X Rocks!]

OH MY GAWD!

My heart is broken. Programming error in an operating system?

What are we going to do now?

[AppleSuxLeo]

Jobs is a Liar...

OH-ES-EX is full of holes...designed like swiss-cheese !

[DrtyDogg]

get a life

You are just as bad as the people who say "Winblows sux you should buy a mac"

[Goodbye Helicopter]

Boot Access is Root Access

These guys are butt stupid. If you have an OS X install disk that
is not older than that particular Mac, you can simply put the disk
in, force power down, restart booting from the install disk, from
the Utilities menu launch Reset Password Utility.
This allows you to change the password for any account on any
connected bootable volume as well as enable the Root account!
That's a hell of a lot easier than this ******** attack.

Apple's not stupid and this is no secret.

[misha1035]

Exactly!

And it's mentioned on the Apple-website !
Jeeesshhh...!

[Brand Lewis]

Load of Horse Manure

Since when is it news that you can compromise a computer when
you HAVE PHYSICAL ACCESS TO IT? Seriously, how obvious does
CNET have to be about being pro-M$ and anti-Apple? As if their
Digital Music Player ratings weren't enough...

[chatins]

physical access not protected

couldn't one do the same thing with a tiger disc, a form of single user mode, to change the password

Apple doesn't owe anyone protection if someone has physical access to your computer.

At least, not yet. The encrypted HD is next file system!

[ralfthedog]

Encrypted HD is this file system.

The problem is the key was left in ram. No level of encryption will save you if the key you are using is compromised. That is what this conversation is about.

Many people do not encrypt their HD because of the performance hit. If your data is not critical, it is a waist to encrypt your hard drive. If your competitors would be willing to kill to get your data, it is a very good idea (at that point you should ask yourself if your data is more important than your life, and how long you can stand up to torture).

[TedPax]

that's why...

Even before this was exposed, I set up KeyChain to have a separate
password. It stays locked even after I log in until it's needed. And
then when it is, it has to be done with a different password. I did
this because I realized someone could walk up to my computer,
and have access to Keychain.

Over all though, this is a pretty lame security risk...

[floripondiocaster]

since we are analyzing it, I would like to take the test in my house, if someone really explain the procedures, and as at the time of changing the ram, in order to extract the data, I have a macbook 2.4 and it seems quite interesting topic, or if some software is being employed to do so independently.,,