Software Exploits Mac OS X Lion Login Passwords Vulnerability

Status
Not open for further replies.
G

Guest

Guest
Over Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.
 

amk-aka-Phantom

Distinguished
Mar 10, 2011
3,003
0
20,860
31
Nothing surprising. It's a well-known fact that the supposed invulnerability of Mac OS is just a myth - it's more like no one really bothered with it due to low percentage of Mac OS users. More Mac OS users - more attention from the malware. Though, in the last two years the malware stuff eased off from all OSs... or is it just me? ;)
 

Jath

Distinguished
Nov 25, 2010
14
0
18,510
0
So, just a question, since I'm not familiar with Macs at all. Does Mac OS X run on the Macbooks? Because it would be ironic that the 'gain access to the system' vulnerability that's needed for that battery problem just suddenly 'appeared'.
 

ivan_chess

Distinguished
Mar 11, 2010
61
0
18,630
0
[citation][nom]PatAugustine[/nom]Over Firewire? This means the attacker needs physical access. Every System Administrator on the planet can tell you that there is no security if the attacker has physical access to the system.[/citation]

Public computer labs or school computers are easy to get to. That would be a treasure trove of passwords.
 
G

Guest

Guest
This same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.
 
[citation][nom]Paul II[/nom]This same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.[/citation]

But we all know that Microsoft actually gives out patches right away and accepts that there are vulnerabilities at least. It's not the factual issue we laugh at, it's from the attitude Apple has towards it's "ecosystem". There is no fun in losing your password to a script kiddie thanks to the OS maker being irresponsible to deliver patches ASAP for (known) vulnerabilities.

Cheers!
 

jackbling

Distinguished
Jul 21, 2011
213
0
18,680
0
[citation][nom]Paul II[/nom]This same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.[/citation]

the program pulls the pass from hash tables, every system is vulnerable to this once local access is gained. What makes this news, is that an unsecured firewire port can be used while the system is in hibernate mode to read the tables loaded in the memory, skipping that standard, gain local access step.
 

Khimera2000

Distinguished
Jul 16, 2009
324
0
18,780
0
that didn't take long...

happy its not me, funny because apple didn't announce it just like the last major security risk, and sad that apple made it so easy to compromise so much users.

odd question does this effect boot camp in any way?
 
G

Guest

Guest
@Khimera2000: how exactly does this "compromise so much users"? (nice Engrish, btw) You need PHYSICAL ACCESS to the machine in order to pull this off - anybody who really wants your data at that point can just STEAL the thing...
 

cyprod

Distinguished
Sep 26, 2006
127
0
18,680
0
ummm, to the people saying "if you have local access blah blah blah", have any of you ever heard of this thing called drive encryption?

Let me explain since you apple zealots need excuses for everything as to why any flaw with what the divine Jobs produces under his eye. On my windows box, if I leave the computer locked, someone could come and take the computer, but they wouldn't be able to unlock it without the password. Additionally, since I encrypt my hard drive, without the password, even direct access to the hard drive doesn't help with getting the data. With this, it sounds as if a user in an idle state, i.e. system locked but running, another person can plug something in and extract the passwords, thus enabling them to un-encrypt the data and gain full access. Do you see the problem? This would also then allow a malicious person to then, say, hypothetically, install keyloggers and such to gain other information. You people think way too much in the consumer world where someone stealing your stuff is the biggest worry and never consider the much bigger threat of compromised systems.

This apparently doesn't affect other platforms because though you can extract the passwords from memory, you need to be logged in to do it as they won't autorun a device if nobody is logged in, which apparently is not the case in apple land. I will admit this is conjecture as I'm not intimately familiar with the vulnerability, but this appears to be what's going on.
 

ap3x

Distinguished
May 17, 2009
596
0
18,980
0
[citation][nom]Khimera2000[/nom]that didn't take long...happy its not me, funny because apple didn't announce it just like the last major security risk, and sad that apple made it so easy to compromise so much users.odd question does this effect boot camp in any way?[/citation]

There is no need to announce it, it is not a vulnerability. You can download BartPE cd and reset all versions of windows for free. You can boot most flavors of Unix into single user mode and reset their passwords for free. Hell you can copy the passwd and the shadow files and get all the username and group permission information as well. there are thousands of tools out there to crack windows hash information. The only way to stop it is to have a password that is 13+ characters or more and Windows will not store the hash in the registry. How many people here have that kind of password? Zero..

No computer is bullet proof and no computer is secure when physical access is there.

Out of the box no commercial OS is hardend. That is because they have to allow you to configure what services you want to use. Linux is actually one of the worst in that regard. Windows 7 has done a fairly good job but Lion is rock solid. What makes a difference in security between unix type and Windows type OS's is the fact that you have access all the way down to the kernel in Unix OS's so you can harden the hell out of the OS because you have more control.

These day's we have some really solid OS options. Windows 7, OSX Lion, Linux have really grown up. Apple happens to have obscurity on their side because they have and probably will have the minory users for the forseeable future where is Windows is entrinched everywhere and as such OSX is much more secure and apple is free to shore things up because the floodgates open.

Nothing is bullet proof with physical access, nothing at all. This article is just biased.

Oh and Boot Camp just provides a way to dual boot between OSX and Windows. It is not directly effected but the same methods apply to break into any OS you install on a Mac or PC dual boot or not.
 

aracheb

Distinguished
Nov 21, 2008
275
0
18,780
0
[citation][nom]engrishforeverybody[/nom]@Khimera2000: how exactly does this "compromise so much users"? (nice Engrish, btw) You need PHYSICAL ACCESS to the machine in order to pull this off - anybody who really wants your data at that point can just STEAL the thing...[/citation]
you know that you can emulate a device easy right?
and with so much vulnerability that Mac OS have, installing ghost drivers and emulating a virtual fire wire port you have full access... (it is memory access in the code) and memory access can be emulated easy. Don't try to protect a vulnerability with your level of intellect about technology dude. He might not have a good level of english but your level of technology knowledge is nonexistent
 

ap3x

Distinguished
May 17, 2009
596
0
18,980
0
[citation][nom]cyprod[/nom]ummm, to the people saying "if you have local access blah blah blah", have any of you ever heard of this thing called drive encryption?Let me explain since you apple zealots need excuses for everything as to why any flaw with what the divine Jobs produces under his eye. On my windows box, if I leave the computer locked, someone could come and take the computer, but they wouldn't be able to unlock it without the password. Additionally, since I encrypt my hard drive, without the password, even direct access to the hard drive doesn't help with getting the data. With this, it sounds as if a user in an idle state, i.e. system locked but running, another person can plug something in and extract the passwords, thus enabling them to un-encrypt the data and gain full access. Do you see the problem? This would also then allow a malicious person to then, say, hypothetically, install keyloggers and such to gain other information. You people think way too much in the consumer world where someone stealing your stuff is the biggest worry and never consider the much bigger threat of compromised systems.This apparently doesn't affect other platforms because though you can extract the passwords from memory, you need to be logged in to do it as they won't autorun a device if nobody is logged in, which apparently is not the case in apple land. I will admit this is conjecture as I'm not intimately familiar with the vulnerability, but this appears to be what's going on.[/citation]

No offense but you said something that was pretty arrogant. First of all by disk encryption I assume you are referring to bitlocker correct? You do realized that this is not enabled by default. You do also realize that bitlocker was introduced in Windows Vista because people where constantly accessing and stealing data from Windows machines. Do you also that OSX has Filevault that encrypts the entire drive or just folders as well and that it was introduced in OSX Panther back in 2003.

Both filevault and bitlocker are not enabled by default. Just like any OS you have to harden it if you are concerned about security. One of the main reasons that filevault and bitlocker are not enabled is because it henders performance. Another issue is that disk encryption does not work well with SSD's. It completely breaks TRIM which OSX Lion and Windows 7 support natively for SSD's.

Oh, and I don't have to be logged into a Windows machine to extract password information ;-) Disk encryption only protects from someone physically taking the hardrive out or taking the physical machine and accessing stored data without authentication. Does squat over the network.

Again, up to the user to deploy best practices but most users do not have the level of understanding that you or I have. They just want a easy to use computer that is reliable. Security is about doing just enough to make someone with malicious intent to move to something easier. Using disk encryption is one piece of a number of things that should be done to better protect your data. Same with having AV.
 
G

Guest

Guest
I have reset passwords for customers more times than I care to rememb.That's the issue here, people!
They forget those passwords, or their kids set new ones up and forget them. If the password was unbreakable all those customers would have been locked out simple, not a possibility in my eyes.

Osx is full of holes, just like every other OS out there.
 

ap3x

Distinguished
May 17, 2009
596
0
18,980
0
[citation][nom]aracheb[/nom]you know that you can emulate a device easy right?and with so much vulnerability that Mac OS have, installing ghost drivers and emulating a virtual fire wire port you have full access... (it is memory access in the code) and memory access can be emulated easy. Don't try to protect a vulnerability with your level of intellect about technology dude. He might not have a good level of english but your level of technology knowledge is nonexistent[/citation]


lol, you know what the guy is saying. He did not say anything that was wrong. It was a common sense statement that allot of thieves would do. You named a few ways to break into a unhardened OSX operating system Hurrah to you. Your brain power is overwhelming. Give me a break. lol. Ever looked at the contents of Metasploit directory or just look at the good ol Backtrack cd. Stuff is so easy you can do a search on Youtube and see how it is done. Hell their are entire security classes on how to do it. You know the stuff is common when their are paid for classes for it.
 

molo9000

Distinguished
Aug 14, 2010
646
0
18,990
6
[citation][nom]cyprod[/nom]This apparently doesn't affect other platforms because though you can extract the passwords from memory, you need to be logged in to do it as they won't autorun a device if nobody is logged in, which apparently is not the case in apple land. I will admit this is conjecture as I'm not intimately familiar with the vulnerability, but this appears to be what's going on.[/citation]

There is no autorun involved here.
The OS is completely bypassed, because the Firewire hardware has direct access to the system's memory.
You can get a memory dump from any computer with a Firewire port, no matter what the operating system.

[citation][nom]aracheb[/nom]you know that you can emulate a device easy right?and with so much vulnerability that Mac OS have, installing ghost drivers and emulating a virtual fire wire port you have full access... (it is memory access in the code) and memory access can be emulated easy. Don't try to protect a vulnerability with your level of intellect about technology dude. He might not have a good level of english but your level of technology knowledge is nonexistent[/citation]

If an attacker is able to install a driver, he already has administrator privileges.

Besides. Direct Memory Access is a hardware feature. U can't emulate that in software unless you already have access to all memory.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS