Software Exploits Mac OS X Lion Login Passwords Vulnerability

[ap3x]

[citation][nom]molo9000[/nom]There is no autorun involved here.The OS is completely bypassed, because the Firewire hardware has direct access to the system's memory.You can get a memory dump from any computer with a Firewire port, no matter what the operating system.If an attacker is able to install a driver, he already has administrator privileges.Besides. Direct Memory Access is a hardware feature. U can't emulate that in software unless you already have access to all memory.[/citation]

Good point

 

[Khimera2000]

Just saying, alot of schools have labs with Macs. In the wrong hands, with a key logger this can be a problem.

 

[pale paladin]

hmm this isn't that big of a deal. While I typically would rant about OSX being a swiss cheese OS I must say that this vulnerability isn't that much different or worse than many others that already exist.

If there is physical contact by the hacker/cracker then anything is possible on any platform. I have tools that will smoke any password on any OS.

If they were doing this remotely then it would be scary but through Firewire???? cmon this is propaganda .

I hate to stand up for my mortal enemy but this is hardly news at all and doesn't really effect Mac users.

 

[Vladislaus]

[citation][nom]Paul II[/nom]This same software is available for windows! No OS is secure. I like how this article doesn't mention that this same software has been available since windows launch.[/citation]
The program is available in windows but it cracks the password using brute force, and was also able to recover linux/unix and mac os passwords. This new version is capable of recovering the password much faster because apple stores the password in the computer memory without encryption. All they need to do is copy the computer memory and search for it. Windows doesn't have this issue of if it has no one has taken advantage of it.

 

[Vladislaus]

[citation][nom]ap3x[/nom]There is no need to announce it, it is not a vulnerability. You can download BartPE cd and reset all versions of windows for free. You can boot most flavors of Unix into single user mode and reset their passwords for free. Hell you can copy the passwd and the shadow files and get all the username and group permission information as well. there are thousands of tools out there to crack windows hash information. The only way to stop it is to have a password that is 13+ characters or more and Windows will not store the hash in the registry. How many people here have that kind of password? Zero..[/citation]
For most users this isn't an issue, but for those that use encryption is. Because programs that delete/hack passwords are useless on encrypted drives.
[citation][nom]ap3x[/nom]No offense but you said something that was pretty arrogant. First of all by disk encryption I assume you are referring to bitlocker correct? You do realized that this is not enabled by default. You do also realize that bitlocker was introduced in Windows Vista because people where constantly accessing and stealing data from Windows machines. Do you also that OSX has Filevault that encrypts the entire drive or just folders as well and that it was introduced in OSX Panther back in 2003. [/citation]
Bitlocker wasn't introduced because any kind of lack of security of windows machines, nor any kind of HDD encryption software was born because of this. HDD encryption in no way protects the computer from being hacked, when a user is logged on that computer is subject to the same security flaws as another computer using an unencrypted drive.

Encryption was introduced because any file stored in an unencrypted HDD can be read by simply plugging it to another computer.

Also only now with 10.7 can you use filevault to encrypt the entire system drive or other drives, Windows does it since 2006. In the past only the home folder was encryptable.

The reason OSes comes with the hdd encryption off, its because for most people is irrelevant since they don't have much sensitive data on it and it also has a negative impact on the computer performance.
[citation][nom]ap3x[/nom]Out of the box no commercial OS is hardend. That is because they have to allow you to configure what services you want to use. Linux is actually one of the worst in that regard.[/citation]
What...? Linux is one of the most configurable OSes out there. but you say it's the worst?

 

[palladin9479]

his new version is capable of recovering the password much faster because apple stores the password in the computer memory without encryption.

This is the core security flaw, that the users credentials are kept inside memory in an unprotected state. This means any malicious software with root access can nab the unencrypted password and phone home with it. Whats worse is that you won't know about it and continue thinking your system is safe.

With this vulnerability someone can connect a firewire device and nab the password out of memory then use that password to gain access to the system and bypass any encryption / protection that is present. Download all your CC / banking info, plant malicious software or just plant illegal material. The last two would be used in a corporate espionage situation where one company is attempting to damage their competitor.

No this wouldn't work on a Windows, Linux or Solaris system. Those systems keep the users credentials encrypted inside system memory, even dumping the memory wouldn't yield the credentials. Thus the attacker wouldn't be able to gain access to the system and do all those nasty things I mentioned earlier.

 

[Guest]

It's pretty obvious from these comments that a lot of the whiny windoze fanboys on this site have never used a live CD to crack a Windows password. Once you get your hands on the physical hardware, all security bets are off unless you're running full-disk encryption. Even then you better have a damn good password, or it's only a matter of time until it's cracked.

 

[Vladislaus]

[citation][nom]GiveItARestLosers[/nom]It's pretty obvious from these comments that a lot of the whiny windoze fanboys on this site have never used a live CD to crack a Windows password. Once you get your hands on the physical hardware, all security bets are off unless you're running full-disk encryption. Even then you better have a damn good password, or it's only a matter of time until it's cracked.[/citation]
It's pretty obvious from your comment that you don't understand how this works. Live CDs use brute force or dictionary attacks to recover the password, or you can delete the password. This kind of cds exist for most if not all oses (yes, mac included). Also I would like to see you recover a password from a encrypted HDD.

This new method doesn't need to use brute force or any kind of attack because the password is stored in an unencrypted manner on the system memory when the computer is in use.

 

[amk-aka-Phantom]

It's pretty obvious from your comment that you don't understand how this works. Live CDs use brute force or dictionary attacks to recover the password, or you can delete the password. This kind of cds exist for most if not all oses (yes, mac included). Also I would like to see you recover a password from a encrypted HDD.

This new method doesn't need to use brute force or any kind of attack because the password is stored in an unencrypted manner on the system memory when the computer is in use.

Lol, Live CD doesn't need to use brute force attack, it can just access your data as if the partition didn't have the password. Did it on my laptop a few times - needed to fish out some files when Win7 broke the WinXP bootloader (ended up fixing without format, but better have a backup anyway, right?).

 

[gogogadgetliver]

[citation][nom]amk-aka-phantom[/nom]Lol, Live CD doesn't need to use brute force attack, it can just access your data as if the partition didn't have the password. Did it on my laptop a few times - needed to fish out some files when Win7 broke the WinXP bootloader (ended up fixing without format, but better have a backup anyway, right?).[/citation]

Live CD won't access data on a bitlocker drive. It will access gibberish. If you want unencrypted access then right now brute force is the only way.

You don't even know how to fix a bootloader. WTF are you even here talking for?

 

[datawrecker]

[citation][nom]ap3x[/nom]No offense but you said something that was pretty arrogant. First of all by disk encryption I assume you are referring to bitlocker correct? You do realized that this is not enabled by default. You do also realize that bitlocker was introduced in Windows Vista because people where constantly accessing and stealing data from Windows machines. Do you also that OSX has Filevault that encrypts the entire drive or just folders as well and that it was introduced in OSX Panther back in 2003. Both filevault and bitlocker are not enabled by default. Just like any OS you have to harden it if you are concerned about security. One of the main reasons that filevault and bitlocker are not enabled is because it henders performance. Another issue is that disk encryption does not work well with SSD's. It completely breaks TRIM which OSX Lion and Windows 7 support natively for SSD's.Oh, and I don't have to be logged into a Windows machine to extract password information ;-) Disk encryption only protects from someone physically taking the hardrive out or taking the physical machine and accessing stored data without authentication. Does squat over the network.Again, up to the user to deploy best practices but most users do not have the level of understanding that you or I have. They just want a easy to use computer that is reliable. Security is about doing just enough to make someone with malicious intent to move to something easier. Using disk encryption is one piece of a number of things that should be done to better protect your data. Same with having AV.[/citation]

You are absolutely correct. It is up to the users to follow best practices. However, the primary reasons people purchase Apple products is that they claim they just work right out of the box and that you do not need to worry about the technical details. Apple has no problem forcing their user base into specific options. So why is the Filevault not on by default and locked?

I understand why bit locker is not defaulted on. Windows is providing a flexible environment for users to do what they wish. That is not the case with Apple. With Apple its more of a this is what it can do, you don't need it to do anything else.

 

[aracheb]

[citation][nom]datawrecker[/nom]You are absolutely correct. It is up to the users to follow best practices. However, the primary reasons people purchase Apple products is that they claim they just work right out of the box and that you do not need to worry about the technical details. Apple has no problem forcing their user base into specific options. So why is the Filevault not on by default and locked? I understand why bit locker is not defaulted on. Windows is providing a flexible environment for users to do what they wish. That is not the case with Apple. With Apple its more of a this is what it can do, you don't need it to do anything else.[/citation]
Problem is that must mac user and null in computer knowledge, hence that is the reason that push them to buy mac because i have to accept in a standard way of using computer (web browsing and reading email is easier to use). But at the same time, Apple sell the false image that they are secure and they don't have virus which is pure bullshit. (but the problem here is that those user believe this kind of bull crap and go on into the net like that (simply naked).. (like a woman going naked to a porn theater). And when the shit star rolling uphill they star wondering.. (Mac computer should come with a familiar size tube of K Y anal Lube) this will help their customer base when they get f... up..

 

[captaincharisma]

[citation][nom]WyomingKnott[/nom]"The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and..." leave it that way.[/citation]

yep turn it off return it to the store and exchange it for a cheaper PC with the same specs as your mac and you will get 1-2000 bucks back from the exchange as well

 

[amk-aka-Phantom]

Live CD won't access data on a bitlocker drive. It will access gibberish. If you want unencrypted access then right now brute force is the only way.

You don't even know how to fix a bootloader. WTF are you even here talking for?

That's bitlocker... I was talking XP, smartass, it's not part of it. And WTF are YOU talking about "you don't even know how to fix the bootloader"... the hell do you know about what I can and cannot do?! Bootloader is simple to fix if it's just a matter of partition order being screwed up or boot.ini deleted (which Win7 did, lol), it takes 1 minute.

 

[palladin9479]

[citation][nom]Vladislaus[/nom]It's pretty obvious from your comment that you don't understand how this works. Live CDs use brute force or dictionary attacks to recover the password, or you can delete the password. This kind of cds exist for most if not all oses (yes, mac included). Also I would like to see you recover a password from a encrypted HDD.This new method doesn't need to use brute force or any kind of attack because the password is stored in an unencrypted manner on the system memory when the computer is in use.[/citation]

Depends, if we're talking an encrypted drive then your SoL. If its like the other 99.99% of installations in the world then the root disk won't be encrypted. And while it's impossible to get the root / Admin password, instead you can just zero it out and put a new value in its place. All Unix based distro's behave this way, just zero out the password entry in /etc/shadow and your set. Windows is inside the SAM registry.

Anyhow, doing this though may get your access to the system, but it will also flag the owner that ~something~ was changed. Changing administrative password's isn't a very stealthy technique, and in this business you need stealth to prevent detection and thus increase your window of opportunity.