Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Aussie Researcher Cracks OS X Lion Passwords

samzenpus posted about 3 years ago | from the all-your-passwords-are-belong-to-me dept.

Security 165

daria42 writes "Thought your Mac was secure running Apple's latest operating system? Think again. Turns out that in some respects Lion is actually less secure than previous version of Mac OS X, due to some permission-tweaking by Apple that has opened up a way for an attacker to crack your password on your Lion box. The flaw was discovered by an Australian researcher who has previously published a guide to cracking Mac OS X passwords. Sounds like Apple had better get a patch out for this."

cancel ×

165 comments

Sorry! There are no comments related to the filter you selected.

Omg! (-1)

Anonymous Coward | about 3 years ago | (#37514348)

First post!

Not really cracking the passwords. (4, Informative)

Anonymous Coward | about 3 years ago | (#37514362)

He's not really cracking the passwords. He's just found a way to read the hash and salt from each users shadow file without root privileges. It's fairly serious, but the hashes still need to be brute-forced.

Re:Not really cracking the passwords. (5, Interesting)

CaptainJeff (731782) | about 3 years ago | (#37514430)

Most common approach to password cracking = brute force, targeting the specific hash (with the specific salt) of the account you're trying to crack. Step one of such an attack = determining the hash and salt that you're targeting. Which is what he figured out. If he's now bruteforcing those hashes, then he absolutely is cracking the passwords (well, he's trying to anyway).

But your basic point is right...he's figured out a way to capture hash/salt data, which he still should not be able to do. Since Lion uses SHA-256 hashes for its shadow file, that cracking attempt is still going to be quite difficult.

The more important part of this article is that under some circumstances, you can change the password of the logged in user without entering the current password. Now, *that* is a big deal (the degree of which is subject to valid debate).

Re:Not really cracking the passwords. (1)

Sycraft-fu (314770) | about 3 years ago | (#37514790)

Also it does make the brute forcing process many times faster. Generally speaking a system won't let you remotely connect to it and get a password wrong too many times before it locks you out for a bit. Also authentication isn't immediate, so even if it doesn't lock you out, there is a limit to how fast you can test passwords. 1/second would probably be a reasonable upper limit. Get a hash file, and you can do a few orders of magnitude better.

Now for a good password this doesn't matter. It is the difference between "never" and "not before the sun goes dark" or the like. However not all users use good passwords. You might well have a user that has a password that is short, all alpha, but not one of the real common ones that remote exploits tend to try. That could be cracked in a reasonable amount of time, if you have the hash.

Re:Not really cracking the passwords. (2)

ceoyoyo (59147) | about 3 years ago | (#37515210)

SHA-512, according to the article.

It's definitely an oversight, but should be fixed pretty quickly. The one line fix at the end of the article (restricting permissions on dscl) seems reasonable.

Re:Not really cracking the passwords. (2)

Dell Brandstone (127568) | about 3 years ago | (#37515462)

Addendum (also, this problem is not just bad because of the password hash exposure):
You could argue that brute forcing passwords is not the most common approach. For example, harvesting a million accounts and walking away with the passwords that can be cracked through an efficient "smart dictionary" attack, and abandoning the other ones, is probably bar far the most common harvesting strategy.

It's sort of like putting a club on your car.. It's not that they can't steal your car... but there's an easy to steal one next to yours.

So having a hash+salt with SHA-512, and a secure password? If you have a cryptographically strong password, this is a low severity aspect of the problem. The other issue is being able to use the same dscl subsystem to *change* passwords, under certain circumstances, without using credentials. If you can change the logged-in user's password, su to them, sudo /bin/sh, and then reinstall the old salt/hash into the compromised account, you can effectively root the box without damaging the target user's credentials.

Re:Not really cracking the passwords. (1)

Antisyzygy (1495469) | about 3 years ago | (#37516026)

I had some pretty good success cracking some Unix passwords with a password list. It was an exercise for a computer security course, where we actually had to break into a target machine. Out of about 40 user accounts I recovered approximately half.

Re:Not really cracking the passwords. (-1, Troll)

bbeagle (2262032) | about 3 years ago | (#37514458)

for this to work, a particular java app must be installed and run on a website which is run on the Mac OS X computer. This is all possible, but basically FUD.

Re:Not really cracking the passwords. (4, Informative)

Anonymous Coward | about 3 years ago | (#37514492)

for this to work, a particular java app must be installed and run on a website which is run on the Mac OS X computer. .

No, that's just one attack vector suggested in the article to illustrate how this could be abused.

This is all possible, but basically FUD

ANY application which runs with a regular user permission CAN access the hashes for ALL the user passwords on the system.
That's not FUD. Also, the method described is not just possible, that's exactly how many infections occur these days.

Re:Not really cracking the passwords. (1, Redundant)

MightyYar (622222) | about 3 years ago | (#37514494)

Yeah, once you get to the point of waving your hands and saying, "And then all that has to be done it to trick the user into running some arbitrary code," the exploit goes from "serious" to "surprised if it didn't work".

Re:Not really cracking the passwords. (2)

ArAgost (853804) | about 3 years ago | (#37514732)

What TFA forgot to mention is that the attacker can change the password without breaking a sweat. So while still not straightforward (you have to get the user to execute your applet), there is no need to brute force.

Re:Not really cracking the passwords. (1)

Megane (129182) | about 3 years ago | (#37515110)

So... read old password, change password, create root shell via sudo, change password back, make me some sandwiches?

Changing password without any challenge (4, Interesting)

Bloody Peasant (12708) | about 3 years ago | (#37515216)

Agreed; and what most here have totally missed is the fact that there is no "existing password" challenge if you use dscl localhost... as TFA [techgineering.org] says right at the end, almost as an afterthought.

Re:Changing password without any challenge (1)

Culture20 (968837) | about 3 years ago | (#37516052)

  1. set up cron job to run the dscl localhost -passwd on all local admin accounts.
  2. Request IT to "fix" something.
  3. Desktop admin logins in, cron job changes password.
  4. ...
  5. Profit!

Re:Not really cracking the passwords. (1)

Ferzerp (83619) | about 3 years ago | (#37514788)

That *is* what password cracking is....

Re:Not really cracking the passwords. (0)

sycodon (149926) | about 3 years ago | (#37514854)

A "researcher" or a hacker trying to cloak himself in a veil of legitimacy?

Why exactly would a company other than Apple pay someone to spend their time figuring this out?

Re:Not really cracking the passwords. (1)

Dog-Cow (21281) | about 3 years ago | (#37514942)

Why exactly did your mother's doctor allow you to be born?

Re:Not really cracking the passwords. (1)

hot soldering iron (800102) | about 3 years ago | (#37515092)

I know the Dept. of Homeland Security is serious enough that they damn near reverse engineer their desktop and workstation computers during inspection to make sure that they are as secure as they can be. Some organizations take security very serious. If they don't, people die. THEIR PEOPLE.

When China hacked Google, they were looking for political dissidents, among other things. I'm pretty sure that both Google and China take data security pretty fucking seriously, too.

Re:Not really cracking the passwords. (1)

Securityemo (1407943) | about 3 years ago | (#37515912)

If you hadn't realized, people research security vulnerabilities for fun and prestige. Not just profit.

Re:Not really cracking the passwords. (1)

Stonent1 (594886) | about 3 years ago | (#37515948)

If you have access to the shadow file on most Unix systems you can just delete the hashes to blank out the password. I've used that to gain access to old Sun boxes that I picked up at swap meets that still had an OS installed on them. Just boot up in Single mode (boot -s) or boot from OS install media and access the shadow file that way.

I'm waiting.... (-1, Flamebait)

Dexter Herbivore (1322345) | about 3 years ago | (#37514400)

I'm waiting for the seemingly inevitable complaints that this is another Australian story. Without trying to gloat, face it /. Australia is a haven for geek news.

Re:I'm waiting.... (1)

Anonymous Coward | about 3 years ago | (#37514486)

The only complaints would be from people incited by you deliberately trying to troll.

Could those with mod points wipe this jerk down to -1?

Apple bashers in 3...2...1.... (-1)

Anonymous Coward | about 3 years ago | (#37514404)

The angry nerd rage against a corporation... Still not gettin' you laid or paid folks...

Fuck Apple (-1)

Anonymous Coward | about 3 years ago | (#37514412)

Only chinks and fags use Apple. Decent white southern democrats use GNU/Linux.

Re:Fuck Apple (-1)

Anonymous Coward | about 3 years ago | (#37514530)

I think you mean those back woods, red neck hill Billy's who are married to their sisters. And what your southern un-educated ass thinks is Linux is really DOS. Now us well educated northerners actually know what Linux is and use it.

Re:Fuck Apple (-1)

Anonymous Coward | about 3 years ago | (#37514740)

It's GNU/Linux, dumbass.

Re:Fuck Apple (-1)

Anonymous Coward | about 3 years ago | (#37514958)

Fuck off, RMS.

Re:Fuck Apple (0)

couchslug (175151) | about 3 years ago | (#37515160)

"Decent white southern democrats "

Contradiction in terms. Nice try though!

Here's the full details. (5, Informative)

Core Condor (2469670) | about 3 years ago | (#37514418)

http://www.techgineering.org/2011/09/22/2489/a-new-exploit-in-os-x-lion-allows-unauthorized-access-to-users-to-change-password/ [techgineering.org] - A New Exploit in OS X Lion Allows Unauthorized Access To Users to Change Password

Re:Here's the full details. (4, Informative)

spydir31 (312329) | about 3 years ago | (#37514686)

Even better is the researchers' own blog post [defenceindepth.net]

Re:Here's the full details. (1)

Rhodri Mawr (862554) | about 3 years ago | (#37515202)

Even better is the researchers' own blog post [defenceindepth.net]

...but don't visit it if you're using Mac OS X Lion...

Re:Here's the full details. (1)

dzfoo (772245) | about 3 years ago | (#37515300)

Or, you know, instead of better you could go for accurate:
http://mcaf.ee/3h8mg [mcaf.ee]

          -dZ.

Not good, but not a panic situation (3, Informative)

Sycraft-fu (314770) | about 3 years ago | (#37514438)

So looking at it, basically what it comes down to is you can effectively get at the shadow file as any user. That does indeed mean you can get the hashes to attempt to crack passwords. This isn't a good situation, and isn't how it should be. On any UNIX you should have to be root to get at the shadow file, on Windows you must be an administrator (and running elevated, if UAC is on) to get at the SAM file.

However, do note that it is just a set of hashes. So you still have to crack the password. So long as the passwords are good, this really doesn't get you anywhere. If you've ever messed with this you find that things quickly get impossible so long as passwords are reasonably long. As such, if you have good passwords, this isn't a huge problem.

That said, I think we'll want to send out a warning to our Mac types today since they seem to think Macs make them immune to security issues and as such are prone to bad passwords. Perhaps this can help convince them to adopt better password standards since, really, that is one of the big keys to good security these days.

Re:Not good, but not a panic situation (2)

boristhespider (1678416) | about 3 years ago | (#37514506)

If you don't value your job too highly, you could even do a demonstration by deliberately exploiting the exploit to get their hashes, cracking their passwords, and email each of them an archive encrypted with their own password. When they unlock it they find a text file saying "CHANGE YOUR PASSWORD YOU MORON". Depending on your bosses you may well get fired for this, but it would help convince people that actually they're not as safe as all that.

Re:Not good, but not a panic situation (1)

Anonymous Coward | about 3 years ago | (#37514660)

If you don't value your job too highly, you could even do a demonstration by deliberately exploiting the exploit to get their hashes, cracking their passwords, and email each of them an archive encrypted with their own password. When they unlock it they find a text file saying "CHANGE YOUR PASSWORD YOU MORON". Depending on your bosses you may well get fired for this, but it would help convince people that actually they're not as safe as all that.

I used to do regular password strength checks in my company. When I successfully guessed one I sent the user an email from themselves that read: "Hi. This message is from your evil twin. If you'd like me to go away, I suggest you change your password to something stronger than "password."

Re:Not good, but not a panic situation (0)

boristhespider (1678416) | about 3 years ago | (#37514684)

That's the spirit! The only time I've adminned a system for some reason it didn't occur to me, even though I'm positive that half the passwords were "password" and the rest were four or five characters long because "anything longer is too hard to remember".

Re:Not good, but not a panic situation (1)

kestasjk (933987) | about 3 years ago | (#37514988)

I'm all for security audits, but if someone logged onto my e-mail account and sent a message from it, even with good intentions, I would definitely follow it up with more than a password change.

Re:Not good, but not a panic situation (0)

Anonymous Coward | about 3 years ago | (#37515938)

First you have to find who is your evil twin. Then sue him... just ridiculous :)

Re:Not good, but not a panic situation (1)

Dare nMc (468959) | about 3 years ago | (#37515972)

If they have accounts on your local machine, especially if it is a laptop, then just send a note to IT, why do I have a user "jimjones" with password "jimj0nes" with access to my laptop... I basically did this to my IT dept a few years back. They pushed out a update that installed VNC in a hidden mode on all PC's. When I found it on my PC, I cracked the password (very week rot-13 type of storage mechanism) emailed one of them a message, "why is vnc installed on my machine with password "hex0515." They realized I could also access every machine in the company, and removed the vnc client the next day on all of them. I gave no threats, no mention of other repercussions, just a note wondering, has my machine been hacked, and should I be worried (but we both new better)...

Re:Not good, but not a panic situation (3, Informative)

Manip (656104) | about 3 years ago | (#37514516)

The SAM file on Windows is impossible to retrieve while the Windows kernel is running. The kernel has an exclusive read/write lock on the file and any attempt to access it will be denied. It is possible to read an NTFS file-system outside of the OS even while the OS is running but we're talking about deep-file system inspection.

Re:Not good, but not a panic situation (3, Insightful)

jamesh (87723) | about 3 years ago | (#37514670)

The SAM file on Windows is impossible to retrieve while the Windows kernel is running. The kernel has an exclusive read/write lock on the file and any attempt to access it will be denied. It is possible to read an NTFS file-system outside of the OS even while the OS is running but we're talking about deep-file system inspection.

You meant any attempt by a user without admin privileges of course. VSS solved the backup-open-files problems a long time ago.

You can still get at it (1)

Sycraft-fu (314770) | about 3 years ago | (#37514752)

L0phtcrack can nab a SAM file from a a running system. I am not sure how it goes about doing that, but it works. I presume it dumps the in-memory copy.

However, as I said, you have to be an administrator to do it and on UAC enabled systems, you must escalate. As such it is fairly hard to get at.

Re:Not good, but not a panic situation (1)

X.25 (255792) | about 3 years ago | (#37515896)

The SAM file on Windows is impossible to retrieve while the Windows kernel is running. The kernel has an exclusive read/write lock on the file and any attempt to access it will be denied. It is possible to read an NTFS file-system outside of the OS even while the OS is running but we're talking about deep-file system inspection.

What the ... ?

What are you smoking?

at least the Lion firewall is on (1)

Anonymous Coward | about 3 years ago | (#37514460)

Unlike Snow Leopard

Re:at least the Lion firewall is on (1)

Anonymous Coward | about 3 years ago | (#37514572)

No it's not. Did a fresh&clean Lion installation this weekend and had to manually enable the firewall. (No big deal)

However, Lion rocks and is much snappier and a lot better than Snow Leopard.

Re:at least the Lion firewall is on (1)

Anonymous Coward | about 3 years ago | (#37514708)

I know I'd hate it if my malware didn't run snappy...

Re:at least the Lion firewall is on (0)

Anonymous Coward | about 3 years ago | (#37514806)

What malware?

Seriously? Until today there is no real widespread malware problem on the Mac Plattform. Zilch.Zero.
That MacDefender thing was not malware, but Scareware and was nuked from orbit by Apple.

Re:at least the Lion firewall is on (1)

ceoyoyo (59147) | about 3 years ago | (#37515258)

There still isn't' one today.

There are a few vulnerabilities, but no malware that exploits them. Yet.

Re:at least the Lion firewall is on (1)

Anonymous Coward | about 3 years ago | (#37515932)

you mean, you don't have itunes on your shiny toy?

*ducks*

Extremely Serious (4, Insightful)

Manip (656104) | about 3 years ago | (#37514466)

I was expecting to read one of the normal fear-mongering stories that we often see on /. (e.g. "Drop Box sends passwords in plain text!!") but actually this is one of the most serious OS level holes I've seen in years. Not only can you retrieve the password for any user on the system but you can also reset their password without having to know what it was.

People have posted "they're still hashes so you still have to break them" which is of course true, but if you keep reading down he shows you how to reset the other user's password without ever having to know them.

Re:Extremely Serious (5, Funny)

RyuuzakiTetsuya (195424) | about 3 years ago | (#37514534)

Worst?! XP had that flaw that let you install Vista.

Re:Extremely Serious (1)

nstlgc (945418) | about 3 years ago | (#37514830)

Cue Slashdot laugh track in 3... 2... 1...

Re:Extremely Serious (0)

Anonymous Coward | about 3 years ago | (#37515006)

I'd rather be able to install whatever crappy software I want on my computer (eg: Vista) than only be able to install pre-approved software.

Re:Extremely Serious (-1)

Anonymous Coward | about 3 years ago | (#37514682)

The funny thing is that OS X is still clearly far far far more secure and reliable than either Windows or Linux. Hell, the linux loosers can't even keep their own servers up, let alone anyone elses.

Re:Extremely Serious (0)

Anonymous Coward | about 3 years ago | (#37514922)

Hi, I'm Anonymous Coward and I retract the stupid comment above. Obviously, I left my password open and some Mac PR flack got in and left a message under my name. I will not let it happen again.

Oh wait...look at all these other posts attributed to me. Damn it.

Re:Extremely Serious (3, Interesting)

Anonymous Coward | about 3 years ago | (#37514726)

Password reset doesn't work for my OS X installation. . .


$ dscl localhost -passwd /Search/Users/
New Password:
Permission denied. Please enter user's old password:
passwd: DS error: eDSAuthFailed
  DS Error: -14090 (eDSAuthFailed)
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.7.1
BuildVersion: 11B26

Re:Extremely Serious (-1)

Anonymous Coward | about 3 years ago | (#37515444)

Yes, this ain't good. But it's hardly more serious than the myriad remote root OS vulnerabilities that have been reported over the past several years.

Huzzah (-1)

Anonymous Coward | about 3 years ago | (#37514482)

So, how many of you are switching back to PC? Anyone? Anyone? You know it'll take Apple a good 2 months before they actually patch it.

Re:Huzzah (1)

boristhespider (1678416) | about 3 years ago | (#37514520)

I suspect that a lot of people are sticking with Snow Leopard at the minute, for a variety of reasons.

Re:Huzzah (1)

omnichad (1198475) | about 3 years ago | (#37514754)

Like being on a Hackintosh and being concerned that the original version of Final Cut Studio and Adobe CS3 will work and also the trouble of making the OS X drivers work with your hardware.

Re:Huzzah (1)

boristhespider (1678416) | about 3 years ago | (#37514798)

That would be one reason, yes. Using programs that require any PPC code would be another (and for some reason quite a few programs still use(d) PPC installers and plug-ins even if the actual program was all Intel. That either has or will change quickly, of course). Not liking the way Lion forces an inflexible revision system onto you is another. Personally I just don't really see the need to move from Snow Leopard.

Anyway, this is all a bit off-topic, except that Snow Leopard at least doesn't have this vulnerability, even if it does have a couple of others.

Re:Huzzah (1)

metalgamer84 (1916754) | about 3 years ago | (#37514618)

Some of us never left.

Re:Huzzah (-1)

Anonymous Coward | about 3 years ago | (#37514640)

NEVER, NEVER EVER.

I would rather amputate all my limbs with a blund rusty spoon that to ever use that abomination of a pseudo-OS (Windows) ever again.
I would rather let my self being extensively tortured by Pinhead himself than to install that pile of shit. (Windows)
Hell, I would rather us no OS at all than to be forced to endure Windows.

Nuff said. Bill Gates should stand trial in front of the international court for crimes against humanity.

Lion rocks.

Re:Huzzah (1)

NatasRevol (731260) | about 3 years ago | (#37514816)

The blog post has the patch. Lower the privs:

sudo chmod 100 /usr/bin/dscl

Does sound kind of serious, maybe (3, Informative)

bryan1945 (301828) | about 3 years ago | (#37514536)

Here is a bit from TFA-
"This means, according to the researcher, that it might be possible for an attacker to crack a users’ Lion password by attacking their system through a Java app hosted online. The attack vector would still require the owner of the computer running Mac OS X to allow the Java app to run — but it is possible."

It's not exactly a 1-2-3 step action. Also, the article never said he actually cracked any passwords, though he claims-

"Dunstan noted that due, no doubt, to Lion’s relatively short time being available for use, he could not find any major cracking software supporting the ability to crack encrypted passwords in the operating system — but he has published a simple script which allows users to do so. "

Little bit more backup would be a good thing, here.

Cue the script (1)

nine-times (778537) | about 3 years ago | (#37514556)

Ok, now it's time for a bunch of people to complain about how snide and awful Mac users are, how they think that they're immune to security problems. We'll get a string of posts about how some study indicated that OSX was less secure than Windows, maybe some anecdotal evidence that some slashdotter knew a guy who was a Mac user, and he was an asshole and said something stupid about computers once.

When we've gotten enough of those, we'll see a backlash of posts rehashing old complaints about Windows and Linux, defending Macs.

Re:Cue the script (0)

CapuchinSeven (2266542) | about 3 years ago | (#37514606)

You sir... Have the gift!

Re:Cue the script (0)

Anonymous Coward | about 3 years ago | (#37515016)

Brilliant, but you forgot one thing: that the only reason OS X hasn't seen any viruses is because of its low market share percentage.

Re:Cue the script (0)

Anonymous Coward | about 3 years ago | (#37515676)

Ok, now it's time for a bunch of people to complain about how snide and awful Mac users are, how they think that they're immune to security problems. We'll get a string of posts about how some study indicated that OSX was less secure than Windows, maybe some anecdotal evidence that some slashdotter knew a guy who was a Mac user, and he was an asshole and said something stupid about computers once.

When we've gotten enough of those, we'll see a backlash of posts rehashing old complaints about Windows and Linux, defending Macs.

Yeah, Slashdot isn't what it was. In the old days we just got straight to rehashing old complaints about Windows without any need for the build up.

So not serious (2)

aybiss (876862) | about 3 years ago | (#37514592)

You can change the password for any user on a Windows box without ANY credentials, provided you have physical access. Seems we have forgotten this while everyone is fear-mongering about what someone can do over the 'net.

Re:So not serious (4, Insightful)

boristhespider (1678416) | about 3 years ago | (#37514616)

You can change the root password on a Mac box without ANY credentials, provided you have physical access, Seems we have forgotten this while everyone is fear-mongering about what someone can do over the 'net.

Sorry for the sarcasm, but basically once someone has physical access to your computer you're basically boned unless you've encrypted your drive. It's Macs I know best, and it's trivial: boot to single user mode (command+S at start), mount in the file system as read/write (it even gives onscreen instructions for doing this) and then change the root password. I imagine something very similar can be done in Linux if there's an easy way to get it into single-user mode. Besides, on any machine to which you have physical access you can always boot a live distro and at the very least access the hashes if not easily take full control of the system.

Re:So not serious (1)

nstlgc (945418) | about 3 years ago | (#37514846)

But... but... Micro$oft!!

Re:So not serious (1)

93 Escort Wagon (326346) | about 3 years ago | (#37515818)

Sorry for the sarcasm, but basically once someone has physical access to your computer you're basically boned unless you've encrypted your drive. It's Macs I know best, ...

If it's Macs you know best, then you also know Lion makes it quite simple to encrypt your hard drive.

It was the first thing I did after I installed Lion, actually.

Re:So not serious (1)

sootman (158191) | about 3 years ago | (#37515962)

An old rule: "If you don't have physical security, you don't have security." You can also set a firmware password [apple.com] so people can't use this trick, or Option to choose another boot device, or T to enter target disk mode, etc. They can still pull the drive out, but short of that, you're more covered.

Re:So not serious (0)

Anonymous Coward | about 3 years ago | (#37514624)

Here's an exercise for you:

What is the difference between "doing over the 'net" and "provided you have physical access"?

Re:So not serious (0)

Anonymous Coward | about 3 years ago | (#37514638)

You can change the password on any box with physical access. It isn't about physical access.

Apple wankers so quick to bring Windows in to their problems. But, but, but.. Windows!

Re:So not serious (1)

aybiss (876862) | about 3 years ago | (#37514928)

Not an apple guy. Not by a long shot.

But thanks for picking up on the one brand name in my argument and latching onto that instead of the point I was making.

That being, unless your box is disconnected and locked in a safe, there WILL ALWAYS be ways to manipulate the OS, WHATEVER THAT MAY BE.

You now have my permission to go back to playing Angry Birds your iPads you inbred self-hating dimwits.

Re:So not serious (0)

Anonymous Coward | about 3 years ago | (#37514976)

Yet you threw Windows under the bus in your argument, rather than just making the broad point...

Re:So not serious (1)

aybiss (876862) | about 3 years ago | (#37515132)

Only because I have not had to hack hundreds of Mac boxes just to keep them working in my day-to-day routine. (That's true.)

Macs are just so shit hot that user incompetence (like forgettting passwords) never even occurs. (That's known as sarcasm. It's a thing that exists. People do it sometimes.)

Does that make you feel all better now?

Re:So not serious (2)

aybiss (876862) | about 3 years ago | (#37515060)

In fact, let me clarify by example:

1 - Compromise system
2 - Replace OS code with some that allows access to said file

OR

1 - Compromise system
2 - Install something like the WinPE layer that allows access to said file

OR

1 - Compromise system
2 - Perform complicated SQL injection and Javascript hack that allows access to said file

Notice how the first step is always 'compromise system'? Whether that involves standing in front of it or breaking RSA... suddenly it's like, "Oh noes, I can see teh files that make up the system I currently use to operate my boxen!"

Re:So not serious (0)

Anonymous Coward | about 3 years ago | (#37516086)

How?

Is /. really a week behind the rest of the world? (-1)

Anonymous Coward | about 3 years ago | (#37514688)

Does it really take a week for this news story to get from a site like The Register to /. ?

http://www.theregister.co.uk/2011/09/19/apple_password_security_exposed/

Re:Is /. really a week behind the rest of the worl (-1)

Anonymous Coward | about 3 years ago | (#37515090)

Yes, and sometimes even longer... :(

Interesting contrast I notice here (3, Insightful)

metalgamer84 (1916754) | about 3 years ago | (#37514690)

Its interesting how when OSX has a security hole, everyone downplays it as "not that serious, no big deal". In contrast, if this same issue happened with XP/Vista/7, then the entire /. crowd would be jumping on the bandwagon of Microsoft bashing, "OMG another MS security hole! See people, Windows is crap!". Its funny how people will defend their preference and bash their competitors, even though the root issue can be the same for both. Anyhoo, just an observation.

Re:Interesting contrast I notice here (1)

sammyF70 (1154563) | about 3 years ago | (#37514802)

... and if it happens on any linux distro all the Windows and Mac User are just happy to it proves Linux and FOSS in general is inherently much more insecure than OSX/Win7. Well .. that's /., what did you expect?

Re:Interesting contrast I notice here (2)

aybiss (876862) | about 3 years ago | (#37514952)

Has anyone discovered a good BeOS or OS/2 hack recently?

Re:Interesting contrast I notice here (1)

93 Escort Wagon (326346) | about 3 years ago | (#37515836)

Has anyone discovered a good BeOS or OS/2 hack recently?

No, but I can quickly own any Commodore 64 system I might come across...

Re:Interesting contrast I notice here (2)

CapuchinSeven (2266542) | about 3 years ago | (#37514918)

It's easier on Windows frankly, but I agree that they shouldn't be defended and fanboying your own choice of OS over another just because they are as bad as each other, is not a good idea.

Linux and Windows are just as bad. (3, Insightful)

CapuchinSeven (2266542) | about 3 years ago | (#37514894)

It's trivial to break the password on a Windows machine, in fact a hell of a lot easier on a Windows machine, if you have physical access. I'll happily do it, and have done it, in about 10 seconds with a boot USB or CD if the machine so too old for USB. A friend assures me a Linux box isn't that much harder. I use Linux, OSX and Windows in one form or another for my given needs but I feel that the REAL issue here shouldn't be "it's easier to do this on Windows, it's all anti-Apple FUD", but rather "we shouldn't be fanboys to any company/brand/make/type, there is no excuse for bad QA and security auditing in any OS". Ultimately though, physical access is the death of any OS.

Re:Linux and Windows are just as bad. (1)

boristhespider (1678416) | about 3 years ago | (#37515036)

You'll never get anywhere on Slashdot with that kind of measured attitude.

Re:Linux and Windows are just as bad. (2, Insightful)

Anonymous Coward | about 3 years ago | (#37515212)

I quote you.
It is interesting, though, that not all of us succeed in changing current user's password with dscl localhost -passwd /Search/Users/. I tested it on two Lion installs, and it did not work (well it actually asked for current password, as it should do). At the same time, dscl localhost -read /Search/Users/ | grep ShadowHashData returns 0 bytes, on build 11C62.
This somehow makes the anti-Apple FUD theory a lil bit stronger, IMHO. Before blindly quoting what people writes on their blog, sometime doing some first-person (easy) test can be a good idea.

mod do3n (-1)

Anonymous Coward | about 3 years ago | (#37514984)

Well there's your problem... (2)

neorush (1103917) | about 3 years ago | (#37515046)

This sounds like a typical PEBKAC coding error. The dscl is probably (not much of a mac user here) running as root for indexing and such , but of course you do not need to be root to run it. Reminds me of when locate used to return / index all files, including ones that you did not have permission to, and of course now we have slocate. This is the kind error crops up in Microsoft vulnerabilities all the time. Its like they just didn't think it through from the black hat perspective at all.

While it's possible... (5, Interesting)

Anonymous Coward | about 3 years ago | (#37515354)

Either it's already been patched, as I'm running the developer builds of 10.7.2, or there's an issue in his particular setup vs. a normal install that's allowing this to happen.

Stepping through the information on his own blog at: http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html [defenceindepth.net]

When performing his "dscl localhost -read /Search/Users/" I do NOT get the dsAttrTypeNative:ShadowHashData result UNLESS I have root privileges through sudo. Not even for my own user.

How many ways can a system be made insecure... (1)

3seas (184403) | about 3 years ago | (#37515474)

...through an unsuspecting update or upgrade?

Man (0)

Anonymous Coward | about 3 years ago | (#37515596)

Lion is the Vista of OS X, I think Apple took a huge step back from Snow Leopard and I have yet to find a good reason why they needed to cripple Lion when Snow Leopard was so stable and secure.

Its like Apple decided iCloud was the only feature that matters and dropped quality and reliability of almost every aspect of OS X in order to hit a fall target date for iCloud integration. Problem is I think iCloud is going to be a huge disaster for Apple if Lion's lack of quality is any indication of how Apple has been handling their software development over the last few years.

Bottom line is I am waiting for at least 5 or 6 service packs before I touch Lion again, my first foray into a Lion server update found it unusable and lacking, just like Vista.

"Think again" (-1)

Anonymous Coward | about 3 years ago | (#37515700)

What's this patronizing "think again" idiocy? Go write your tabloid with that kind of mannerism.

Re:"Think again" (1)

iggymanz (596061) | about 3 years ago | (#37516000)

You call this a tabloid? think again.

Face Palm (2)

wzinc (612701) | about 3 years ago | (#37516068)

FTA: "The attack vector would still require the owner of the computer running Mac OS X to allow the Java app to run — but it is possible."
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?