Overclock.net › Forums › Industry News › Software News › [BitTech] Apple goof opens FileVault hole in OS X
New Posts  All Forums:Forum Nav:

[BitTech] Apple goof opens FileVault hole in OS X - Page 2

post #11 of 57
Thread Starter 
Quote:
Originally Posted by [xPt]FLuX View Post

I would think major companies would be gunning for top notch security after the Sony debacle..
Security is not easy: http://www.wired.com/threatlevel/2012/05/everyone-hacked/all/1

This was a mistake... PW should never be stored anywhere in plain text.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #12 of 57
Quote:
Originally Posted by DuckieHo View Post

http://www.bit-tech.net/news/bits/2012/05/07/os-x-filevault-flaw/1
Quote:
According to security researcher David Emery, who discovered the flaw, an attacker with physical access to the target system can boot the system into FireWire disk mode to bypass the log-in screen, mount the system partition, and then read the file containing the plain-text passwords. Armed with these passwords, the attacker can then decrypt the FileVault-protected data.

Passwords in plain text!

Kaspersky were right with them being years behind in security.
|White Fury|
(27 items)
 
|Scootaloo|
(12 items)
 
The Workhorse
(7 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 3770k 4.5GHz [De-Lidded] MSI Z77A-G43 MSI GTX 780 Reference - Oooh soo sexy! 8GB G.Skill RipjawsX 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 Pro 128GB 2TB Seagate Barracuda 2TB Seagate Barracuda 640GB WD Blue 
Hard DriveOptical DriveCoolingOS
1.5TB WD Green Samsung DVD/RW Cogage Arrow [Lapped] Microsoft Windows 10 Pro 
MonitorMonitorKeyboardPower
Fujitsu SL3230t 1080p @75Hz Samsung UE32F5000 1920x1080 Saitek Eclipse Thermaltake Toughpower XT 675w 
CaseMouseMouse PadAudio
Coolermaster 690 II Black/White Advanced CM Storm Xornet Qsteel Asus Xonar DS 
AudioAudioAudioAudio
Quad 33 Pre-Amplifier (Pre-Production Unit) Quad 303 Power-Amplifier - 90 Watts RMS (Pre-Pr... Quad 303 Power-Amplifier - 90 Watts RMS (Post-P... Quad FM3 Tuner 
AudioAudioAudio
Mission 751 Bookshelf's Mission M73 Floor standing loudspeakers Mission 78as Dual 8" Active Sub Woofer - 250 watts 
CPUMotherboardGraphicsGraphics
Intel Q8400 MSI P45 Platinum EVGA GTX 750Ti MSI GTX 560Ti 
RAMHard DriveCoolingOS
6GB DDR 2 800MHz (Kingston Hyper X and Corsair ... Samsung 840 120GB Coolermaster Hyper 212 (Rev 1) Windows 10 Insider 
MonitorKeyboardPowerCase
Samsung 1080p TV Saitek Eclipse Coolermaster GX750 Coolermaster CM 690II Black 
CPUGraphicsRAMHard Drive
Intel Core i5 3230m 2.6GHz (3.2GHz Turbo) Nvidia GT 635m 2GB 8GB DDR3 1600MHz Samsung 840 120GB 
Optical DriveOSMonitor
Blu-Ray Reader / DVD RW Windows 8.1 15.6" 1366x768 
  hide details  
Reply
|White Fury|
(27 items)
 
|Scootaloo|
(12 items)
 
The Workhorse
(7 items)
 
CPUMotherboardGraphicsRAM
Intel Core i7 3770k 4.5GHz [De-Lidded] MSI Z77A-G43 MSI GTX 780 Reference - Oooh soo sexy! 8GB G.Skill RipjawsX 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 Pro 128GB 2TB Seagate Barracuda 2TB Seagate Barracuda 640GB WD Blue 
Hard DriveOptical DriveCoolingOS
1.5TB WD Green Samsung DVD/RW Cogage Arrow [Lapped] Microsoft Windows 10 Pro 
MonitorMonitorKeyboardPower
Fujitsu SL3230t 1080p @75Hz Samsung UE32F5000 1920x1080 Saitek Eclipse Thermaltake Toughpower XT 675w 
CaseMouseMouse PadAudio
Coolermaster 690 II Black/White Advanced CM Storm Xornet Qsteel Asus Xonar DS 
AudioAudioAudioAudio
Quad 33 Pre-Amplifier (Pre-Production Unit) Quad 303 Power-Amplifier - 90 Watts RMS (Pre-Pr... Quad 303 Power-Amplifier - 90 Watts RMS (Post-P... Quad FM3 Tuner 
AudioAudioAudio
Mission 751 Bookshelf's Mission M73 Floor standing loudspeakers Mission 78as Dual 8" Active Sub Woofer - 250 watts 
CPUMotherboardGraphicsGraphics
Intel Q8400 MSI P45 Platinum EVGA GTX 750Ti MSI GTX 560Ti 
RAMHard DriveCoolingOS
6GB DDR 2 800MHz (Kingston Hyper X and Corsair ... Samsung 840 120GB Coolermaster Hyper 212 (Rev 1) Windows 10 Insider 
MonitorKeyboardPowerCase
Samsung 1080p TV Saitek Eclipse Coolermaster GX750 Coolermaster CM 690II Black 
CPUGraphicsRAMHard Drive
Intel Core i5 3230m 2.6GHz (3.2GHz Turbo) Nvidia GT 635m 2GB 8GB DDR3 1600MHz Samsung 840 120GB 
Optical DriveOSMonitor
Blu-Ray Reader / DVD RW Windows 8.1 15.6" 1366x768 
  hide details  
Reply
post #13 of 57
Severe mistake. Regardless of "security being tough," there was no reason for this to happen. If I'm getting this right, the passwords WEREN'T saved in plain text before, but for some reason they decided to do so with the recent update. WHY? It is literally COMMON SENSE. They had it right, with no problems. Why make such a change that would obviously be a huge security risk? Whoever was delegated to handle that part of security should definitely get the dirty boot...
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
Gaming Rig
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 2x Sapphire HD7970 OC with Boost, 1150 MHz/1550... 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 Pro Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
  hide details  
Reply
post #14 of 57
Thread Starter 
Quote:
Originally Posted by Stealth Pyros View Post

Severe mistake. Regardless of "security being tough," there was no reason for this to happen. If I'm getting this right, the passwords WEREN'T saved in plain text before, but for some reason they decided to do so with the recent update. WHY? It is literally COMMON SENSE. They had it right, with no problems. Why make such a change that would obviously be a huge security risk? Whoever was delegated to handle that part of security should definitely get the dirty boot...

It was probably a debug mode. A developer working on the patch forgot to disable the mode before release.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #15 of 57
My question is how did the passwords magically go from hashes to plain text...
    
CPUMotherboardGraphicsRAM
i5 2500k Asus P8P67 XFX HD 6950 G.Skill 2x4GB 
CoolingOSPowerCase
CM Hyper 212+ Windows 7 / Linux Mint Seasonic S12ii 620 HAF 912 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i5 2500k Asus P8P67 XFX HD 6950 G.Skill 2x4GB 
CoolingOSPowerCase
CM Hyper 212+ Windows 7 / Linux Mint Seasonic S12ii 620 HAF 912 
  hide details  
Reply
post #16 of 57
"Fortunately, few people will be affected. To be hit by the problem, you’ll need to have used FileVault encryption prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault. If you did, the OS X 10.7.3 update will have turned on a a debug log file outside of the encrypted area of the OS, which will be storing user passwords in plain text."
Nameless
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
  hide details  
Reply
Nameless
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
  hide details  
Reply
post #17 of 57
I am not mentioning that it plays as malware, but future devices that will be to come will have an impact on the amount of malware/trojans that will be aimed at OS by apple. Sorry i didn't explain it to well.
Sharkbait
(16 items)
 
  
CPUMotherboardGraphicsRAM
2500k OC 4.6 Asrock p67 extreme 4 gen 3 Asus GTX 670 DirectCU ii top sli 16gb gskill ripsaw 
Hard DriveHard DriveOptical DriveCooling
3xWD RE4 2tb Crucial M4 128gb none Corsair h80 
OSMonitorKeyboardPower
Windows 7 Pro 64-bit HP ZR30w 30" IPS Corsair vengeance k60 Corsair hx850 
CaseMouseMouse PadAudio
Lian Li Lancool DragonLord K62R1 Corsair vengeance m60 Razor Large ASUS Xonar Essence STX 
  hide details  
Reply
Sharkbait
(16 items)
 
  
CPUMotherboardGraphicsRAM
2500k OC 4.6 Asrock p67 extreme 4 gen 3 Asus GTX 670 DirectCU ii top sli 16gb gskill ripsaw 
Hard DriveHard DriveOptical DriveCooling
3xWD RE4 2tb Crucial M4 128gb none Corsair h80 
OSMonitorKeyboardPower
Windows 7 Pro 64-bit HP ZR30w 30" IPS Corsair vengeance k60 Corsair hx850 
CaseMouseMouse PadAudio
Lian Li Lancool DragonLord K62R1 Corsair vengeance m60 Razor Large ASUS Xonar Essence STX 
  hide details  
Reply
post #18 of 57
Mistakes happen and in thousands of lines of code, things can go unnoticed for years. The important question however, is how fast and with what method will Apple respond?
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
post #19 of 57
Quote:
Originally Posted by OC'ing Noob View Post

Mistakes happen and in thousands of lines of code, things can go unnoticed for years. The important question however, is how fast and with what method will Apple respond?

This. These kinds of mistakes happen all the time. The real question is how fast Apple will be to fix it.
post #20 of 57
Thread Starter 
Quote:
Originally Posted by legojoey17 View Post

My question is how did the passwords magically go from hashes to plain text...
Debug mode.
Quote:
Originally Posted by OC'ing Noob View Post

Mistakes happen and in thousands of lines of code, things can go unnoticed for years. The important question however, is how fast and with what method will Apple respond?
Better question... will Apple even acknowledge the issue or will they "secretly" patch? tongue.gif
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [BitTech] Apple goof opens FileVault hole in OS X