OS X Security Glitch?

Looks like some folks are all too happy to have discovered a 'glitch' in OS X.<br>Is this a new one?<br><br><br><br><br>[color:blue][/b]Hodie mihi. Cras tibi.</font color=blue>[/b]

Looks like a new security update is on the horizon. I like the fact that someone needs 'physical access' to the machine in order to exploit this one. I'll lock my doors when I leave the house. ;-)<br><br>

Yeah, low priority if it has to be physically done on the machine and not via the 'net or email script.<br><blockquote><font size=1>In reply to:</font><hr><p>someone with physical access to the computer can use multiple methods to extract the contents of the computer's DRAM chips.<p><hr></blockquote><p><br>Which means they'd have to be at your computer for several minutes at least, so the risk of discovery is rather high.<br><br><br><P ID="edit"><FONT SIZE=-1><EM>Edited by MacBozo on 03/01/08 04:26 PM (server time).</EM></FONT></P>

<blockquote><font size=1>In reply to:</font><hr><p>Which means they'd have to be at your computer for several minutes at least, so the risk of discovery is rather high..<p><hr></blockquote><p>What?<br><br>Thousands of laptops are stolen every single day. Which then gives the person all the time in the world to access the information.<br><br><br><br>Hey I'm an F'n Jerk!®

I don't own a laptop. <br><br><br>

I'm waiting for some enterprising person to start selling a little fridge to keep your RAM fresh :)<br><br>[color:purple]A lopsided man runs best along the little side-hills of success<br>- Frank Moore Colby</font color=purple>

"Thousands of laptops are stolen every single day. Which then gives the person all the time in the world to access the information."<br><br>That's true even without this security glitch, unless you use FileVault or some other sort of encryption.<br><br><br><br>

<blockquote><font size=1>In reply to:</font><hr><p>That's true even without this security glitch, unless you use FileVault or some other sort of encryption.<p><hr></blockquote><p>Yes it is. <br><br>Actually, the biggest security flaw in OS X is that you can simply boot from an install disc and change the password giving you root access to the machine! So even if this glitch is fixed, it really doesn't make a damn bit of difference.<br><br>Of course, the description of this glitch was a bit over the top. Seriously, who is going to rip the DRAM chips out of the machine and install them into another machine?<br><br><br><br>Hey I'm an F'n Jerk!®<P ID="edit"><FONT SIZE=-1><EM>Edited by SgtBaxter on 03/01/08 11:06 PM (server time).</EM></FONT></P>

<blockquote><font size=1>In reply to:</font><hr><p>Actually, the biggest security flaw in OS X is that you can simply boot from an install disc and change the password giving you root access to the machine! So even if this glitch is fixed, it really doesn't make a damn bit of difference.<p><hr></blockquote><p>But not to the keychain, it has it's own password, that info is safe.<br><br>------> JD's Trivia game<br><br>------> MCF-MM Trivia game

<blockquote><font size=1>In reply to:</font><hr><p>But not to the keychain, it has it's own password, that info is safe.<p><hr></blockquote><p>Huh? No. Keychain access allows you to reset the password. There's even instructions at Apple on how to do it.<br><br>There is also a terminal workaround to reset the system keychain to the user keychain, so you have access to everything normally hidden like airport passwords. That has worked up through 10.4, I can't imagine it's any different in 10.5.<br><br>Please note these aren't really security flaws, you need to be able to change the password, because people forget them. The machine wouldn't be usable otherwise. But don't think that if someone has stolen your laptop that your info is safe because you've got great passwords and FileVault. It's not safe, no matter what platform you're running.<br><br><br><br>Hey I'm an F'n Jerk!®

<blockquote><font size=1>In reply to:</font><hr><p>Keychain access allows you to reset the password. There's even instructions at Apple on how to do it.<p><hr></blockquote><p>Could you find that for me? I have run across this many times, and I have looked many times at Apple and with Google, and see nothing in Keychain Access on it.<br><br>Closest I could find is this;<br><br>http://docs.info.apple.com/article.html?artnum=106973<br><br>Note the first line "You may delete and recreate a keychain file if the keychain is inaccessible (locked with a lost or unavailable password)." This involves removing the old keychain and making new a blank one.<br><br><br>------> JD's Trivia game<br><br>------> MCF-MM Trivia game

To reset your keychain, you can use Keychain First Aid (built into <br>Keychain Access; was a separate application under Mac OS X 10.1) and do <br>the repair function. If your default keychain's password is different <br>from your login password, it'll make the same as your login password, <br>which is the default condition. Keychain First Aid also checks other <br>keychains you have access to, so X509Anchors should get checked as <br>well.<br><br>-*-*-*-*-<br><br><br>Found that here: http://mailman.mit.edu/pipermail/macpartners/2004-June/000537.html and it is 2004 so older system.<br><br>

Guess that makes the MB Air your best bet ...can't take the RAM out of it at all <br><br>Can I call that a "Feature"? <br><br>zweisoft<br>

Thanks. In the link you sent it mentions using “Synchronize login keychain password” in Keychain access. It appears they did away with that in 10.4, good move. That explains the confusion in whether it can be changed or not. I was never aware that could be done.<br><br>For anyone interested here's how it used to be done in the old days;<br><br>http://www.kunaldua.com/blog/?p=100<br><br>------> JD's Trivia game<br><br>------> MCF-MM Trivia game

Me ole friend Google again. Threw in some combination of words a couple times and then tried to guess if any of the links might be related to what you guys were talking about. That one had too much terminal stuff in it for me to actually understand, so I actually PM'd it to Reboot so as not to embarrass myself if I was 100 miles off the mark. . . <br><br>Hey, I get lucky now and then. <br><br><br><br>

Hey try this for me, since I'm on 10.4, and I can't tell if it'll work in 10.5<br><br>In Keychain access, create a new keychain. Call it test, give it a password of qwerty (unless that's your login password, just give it a different one)<br><br>Now lock all keychains.<br><br>In the finder, go to ~/Library/Keychains<br><br>Delete test.keychain.<br><br>Make a copy of login.keychain, rename it test.keychain.<br><br>Click back into keychain access and see if you can unlock test.keychain.<br><br>In 10.4 typing in qwerty will unlock the keychain, and give you full access to everything that was in the login.keychain, since the test.keychain is essentially that keychain now.<br><br><br><br>Hey I'm an F'n Jerk!®

I'll give it a shot later today.<br><br>------> JD's Trivia game<br><br>------> MCF-MM Trivia game

I forgot to add, don't close keychain access when you do it.<br><br><br><br>Hey I'm an F'n Jerk!®

I can unlock the test keychain with the test password, but it shows empty, same as 10.4. If I quit then relaunch keychain, test shows my login items, but can't be unlocked with the test password, needs the login password to unlock. But, if I try to check mark the password button in the Info window for an item, and put in the test password it won't show the item's password, says wrong password, and if I try and use the login password, rather than saying wrong password it says "access denied." I tried in 10.4 and yes the login password then can show the passwords for the items.<br><br>I tried all this before and after unlocking keychains, with the same results.<br><br>I don't think the login.keychain password is reset when changing passwords from the installer DVD though. That is where I have run into problems. If it's not none of the above would work in 10.4 or 10.5 as login.keychain would still have the old unknown password. I'll try the above hoop jumps then I'll try changing the Admin password in Accounts prefs and see if that changes keychain passwords.<br><br>------> JD's Trivia game<br><br>------> MCF-MM Trivia game

That's odd, we're doing something different albeit slightly different.<br><br>Creating the test keychain, then trashing it and replacing with a copy of login keychain does the trick for me. <br><br>Heck, you don't really need to lock it either, just clicking off, then clicking back into it reveals the contents. Again, that's in 10.4., perhaps it's changed slightly in 10.5.<br><br>That's pretty much the gist of getting into the system key as well.<br><br>There is a check box to automatically change the keychain passwords when you change account passwords. I usually change my account password a few times a year.<br><br><br><br>Hey I'm an F'n Jerk!®

<blockquote><font size=1>In reply to:</font><hr><p>you don't really need to lock it either, just clicking off, then clicking back into it reveals the contents.<p><hr></blockquote><p>Same here, but double click any item on the right, and to view the passwords you need to check mark Password and put in the keychain password or all you can see are usernames. In 10.5 you can't get to the passwords, but in 10.4 you can.<br><br>I'll try the change from DVD thing in 10.4 to see if that affects things. If it doesn't change the keychain password then none of this would work in 10.4 either a it's relying on already knowing the login.keychain password.<br><br>------> JD's Trivia game<br><br>------> MCF-MM Trivia game

Nope, FileVault (along with TrueCrypt, BitLocker, probably others) can also be broken by transporting the RAM from one machine to another and extracting the private key.<br><br>http://www.news.com/2300-1029_3-6230933-1.html<br><br>Play World of Warcraft, for free!