Overclock.net › Forums › Industry News › Technology and Science News › [SND] Pricey Software Cracks Mac Passwords
New Posts  All Forums:Forum Nav:

[SND] Pricey Software Cracks Mac Passwords

post #1 of 6
Thread Starter 
Quote:
Though Mac users traditionally face fewer online attacks than their PC-using counterparts, a new tool called Passware is doing its devious part to change that.
Intended as a legitimate solution for computer forensic experts, Passware contains an important security flaw that has existed for three years, the tech website Ars Technica reported
Quote:
Ars Technica suggests turning off your Mac instead of putting it to sleep when not in use, setting up a firmware password to prevent someone from booting up your machine and disabling the "Automatic Login" setting, which prevents passwords from being stored in the computer's memory

http://www.securitynewsdaily.com/pri...asswords-0999/
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
post #2 of 6
Interesting.

However, does Keychain load its entire database into memory automatically? The article makes it sound like all your passwords are barfed into memory, but I'm not sure that's right.

I thought keychain passwords were encrypted also.
    
CPUMotherboardGraphicsRAM
Phenom II X3 720 @ 3.5 (1.39v) Gigabyte GA-MA790XT-UD4P ASUS 5850 @ 880/1180 (1.118v) 4gb 1333mhz G.Skill DDR3 
Hard DriveHard DriveHard DriveHard Drive
64gb Crucial M4 SSD 3x 250gb WD2500JD - RAID0 1tb WD1001FALS 1tb WD10EARS 
Optical DriveCoolingOSMonitor
Pioneer DLDVD/CDRW Arctic Freezer Pro 64 Win 7 64bit Ultimate E2305 LG 23" LED 
KeyboardPowerCaseMouse
Filco Majestouch II Ninja Tenkeyless Fortron BlueStorm II 500w CM 690II Advanced Razer DeathAdder 
Mouse PadAudioAudio
generic Echo Miamidi PCI M-Audio BX5a Studio Monitors 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Phenom II X3 720 @ 3.5 (1.39v) Gigabyte GA-MA790XT-UD4P ASUS 5850 @ 880/1180 (1.118v) 4gb 1333mhz G.Skill DDR3 
Hard DriveHard DriveHard DriveHard Drive
64gb Crucial M4 SSD 3x 250gb WD2500JD - RAID0 1tb WD1001FALS 1tb WD10EARS 
Optical DriveCoolingOSMonitor
Pioneer DLDVD/CDRW Arctic Freezer Pro 64 Win 7 64bit Ultimate E2305 LG 23" LED 
KeyboardPowerCaseMouse
Filco Majestouch II Ninja Tenkeyless Fortron BlueStorm II 500w CM 690II Advanced Razer DeathAdder 
Mouse PadAudioAudio
generic Echo Miamidi PCI M-Audio BX5a Studio Monitors 
  hide details  
Reply
post #3 of 6
Quote:
Originally Posted by _02 View Post
Interesting.

However, does Keychain load its entire database into memory automatically? The article makes it sound like all your passwords are barfed into memory, but I'm not sure that's right.

I thought keychain passwords were encrypted also.
as far as I can remember, all issues with keychain were fixed years ago. Keychain is encrypted so I'm thinking this probably exploits older machines.
post #4 of 6
The Ars source is 2008.
edit: the article uses the ars source to show that Apple has known about the vulnerability for three years.
Edited by hajile - 7/27/11 at 8:12am
post #5 of 6
Why am I not surprised nothing was ever done about it?
post #6 of 6
Quote:
Though Mac users traditionally face fewer online attacks than their PC-using counterparts, a new tool called Passware is doing its devious part to change that.
You need physical access to their FireWire and USB ports. That is not an online threat.

People shouldn't use automatic login anyway.
    
CPUMotherboardGraphicsRAM
Phenom II X3 720 @ 3.5 (1.39v) Gigabyte GA-MA790XT-UD4P ASUS 5850 @ 880/1180 (1.118v) 4gb 1333mhz G.Skill DDR3 
Hard DriveHard DriveHard DriveHard Drive
64gb Crucial M4 SSD 3x 250gb WD2500JD - RAID0 1tb WD1001FALS 1tb WD10EARS 
Optical DriveCoolingOSMonitor
Pioneer DLDVD/CDRW Arctic Freezer Pro 64 Win 7 64bit Ultimate E2305 LG 23" LED 
KeyboardPowerCaseMouse
Filco Majestouch II Ninja Tenkeyless Fortron BlueStorm II 500w CM 690II Advanced Razer DeathAdder 
Mouse PadAudioAudio
generic Echo Miamidi PCI M-Audio BX5a Studio Monitors 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Phenom II X3 720 @ 3.5 (1.39v) Gigabyte GA-MA790XT-UD4P ASUS 5850 @ 880/1180 (1.118v) 4gb 1333mhz G.Skill DDR3 
Hard DriveHard DriveHard DriveHard Drive
64gb Crucial M4 SSD 3x 250gb WD2500JD - RAID0 1tb WD1001FALS 1tb WD10EARS 
Optical DriveCoolingOSMonitor
Pioneer DLDVD/CDRW Arctic Freezer Pro 64 Win 7 64bit Ultimate E2305 LG 23" LED 
KeyboardPowerCaseMouse
Filco Majestouch II Ninja Tenkeyless Fortron BlueStorm II 500w CM 690II Advanced Razer DeathAdder 
Mouse PadAudioAudio
generic Echo Miamidi PCI M-Audio BX5a Studio Monitors 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [SND] Pricey Software Cracks Mac Passwords