Apple's operating systems still enjoy a perception of strong security despite the fact that vulnerabilities for both iOS and Mac OS X are discovered on a continuous basis and Apple's pace of providing patches is rather unpredictable.
Mac OS X Lion is not an exception and we are hearing that login passwords that are stored in the system memory, even when the computer is in sleep mode or locked, are used to get possibly unauthorized access to a system.
Passware said that a new version of its Passware Kit Forensic V11 can retrieve passwords from a Mac OS X Lion computer in a few minutes. The software uses the content that is stored in the system memory and reads it via Firewire. According to Passware, the password can easily be extracted regardless of password strength. "Long touted as a stable and secure operating system, Mac users are cautioned that the newest operating system has a potential vulnerability that enables password extraction from devices running Mac OS Lion," said Passware president Dmitry Sumin in a statement.
The recommendation to protect yourself from this vulnerability is to simply turn your Mac off and not let it sit in sleep mode on your desk - which seems to be rather common sense. If there is critical and sensitive content on your Mac, you just don't let it sit running in a location where others can easily access it while you are away.
Public computer labs or school computers are easy to get to. That would be a treasure trove of passwords.
But we all know that Microsoft actually gives out patches right away and accepts that there are vulnerabilities at least. It's not the factual issue we laugh at, it's from the attitude Apple has towards it's "ecosystem". There is no fun in losing your password to a script kiddie thanks to the OS maker being irresponsible to deliver patches ASAP for (known) vulnerabilities.
Cheers!
the program pulls the pass from hash tables, every system is vulnerable to this once local access is gained. What makes this news, is that an unsecured firewire port can be used while the system is in hibernate mode to read the tables loaded in the memory, skipping that standard, gain local access step.
happy its not me, funny because apple didn't announce it just like the last major security risk, and sad that apple made it so easy to compromise so much users.
odd question does this effect boot camp in any way?
Let me explain since you apple zealots need excuses for everything as to why any flaw with what the divine Jobs produces under his eye. On my windows box, if I leave the computer locked, someone could come and take the computer, but they wouldn't be able to unlock it without the password. Additionally, since I encrypt my hard drive, without the password, even direct access to the hard drive doesn't help with getting the data. With this, it sounds as if a user in an idle state, i.e. system locked but running, another person can plug something in and extract the passwords, thus enabling them to un-encrypt the data and gain full access. Do you see the problem? This would also then allow a malicious person to then, say, hypothetically, install keyloggers and such to gain other information. You people think way too much in the consumer world where someone stealing your stuff is the biggest worry and never consider the much bigger threat of compromised systems.
This apparently doesn't affect other platforms because though you can extract the passwords from memory, you need to be logged in to do it as they won't autorun a device if nobody is logged in, which apparently is not the case in apple land. I will admit this is conjecture as I'm not intimately familiar with the vulnerability, but this appears to be what's going on.
There is no need to announce it, it is not a vulnerability. You can download BartPE cd and reset all versions of windows for free. You can boot most flavors of Unix into single user mode and reset their passwords for free. Hell you can copy the passwd and the shadow files and get all the username and group permission information as well. there are thousands of tools out there to crack windows hash information. The only way to stop it is to have a password that is 13+ characters or more and Windows will not store the hash in the registry. How many people here have that kind of password? Zero..
No computer is bullet proof and no computer is secure when physical access is there.
Out of the box no commercial OS is hardend. That is because they have to allow you to configure what services you want to use. Linux is actually one of the worst in that regard. Windows 7 has done a fairly good job but Lion is rock solid. What makes a difference in security between unix type and Windows type OS's is the fact that you have access all the way down to the kernel in Unix OS's so you can harden the hell out of the OS because you have more control.
These day's we have some really solid OS options. Windows 7, OSX Lion, Linux have really grown up. Apple happens to have obscurity on their side because they have and probably will have the minory users for the forseeable future where is Windows is entrinched everywhere and as such OSX is much more secure and apple is free to shore things up because the floodgates open.
Nothing is bullet proof with physical access, nothing at all. This article is just biased.
Oh and Boot Camp just provides a way to dual boot between OSX and Windows. It is not directly effected but the same methods apply to break into any OS you install on a Mac or PC dual boot or not.
you know that you can emulate a device easy right?
and with so much vulnerability that Mac OS have, installing ghost drivers and emulating a virtual fire wire port you have full access... (it is memory access in the code) and memory access can be emulated easy. Don't try to protect a vulnerability with your level of intellect about technology dude. He might not have a good level of english but your level of technology knowledge is nonexistent