Overclock.net › Forums › Industry News › Software News › [BitTech] Apple goof opens FileVault hole in OS X
New Posts  All Forums:Forum Nav:

[BitTech] Apple goof opens FileVault hole in OS X - Page 2

post #11 of 57
5/7/12 at 1:29pm
Thread Starter 
Quote:
Originally Posted by [xPt]FLuX View Post

I would think major companies would be gunning for top notch security after the Sony debacle..
Security is not easy: http://www.wired.com/threatlevel/2012/05/everyone-hacked/all/1

This was a mistake... PW should never be stored anywhere in plain text.
Once again...
(13 items)
  		  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
View all
  hide details  
Reply
Once again...
(13 items)
  		  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
View all
  hide details  
Reply
post #12 of 57
5/7/12 at 1:33pm
  • Joined: Dec 2010
  • Location: Nottinghamshire
  • Posts: 1,686
  • Rep: 80 (Unique: 60)
  • Trader Rating: 4
  • Folding Team Rank: 616
  • Folding Team Name: MLP Folding is Magic
  •  
    Name Team Rank Points / May Work Units / May
    [OCN]Buzzin92 616 3,814,574 / 0 1,130 / 0
     
  • Select All Posts By This User
Quote:
Originally Posted by DuckieHo View Post

http://www.bit-tech.net/news/bits/2012/05/07/os-x-filevault-flaw/1
Quote:
According to security researcher David Emery, who discovered the flaw, an attacker with physical access to the target system can boot the system into FireWire disk mode to bypass the log-in screen, mount the system partition, and then read the file containing the plain-text passwords. Armed with these passwords, the attacker can then decrypt the FileVault-protected data.

Passwords in plain text!

Kaspersky were right with them being years behind in security.
690 II Advanced
(18 items)
 
Backup Server
(11 items)
  		 
CPUMotherboardGraphicsRAM
Intel Core i7 3770k [De-Lidded] MSI Z77A-G43 MSI GTX 560 Ti Twin Frozr II 8GB G.Skill RipjawsX 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 Pro 128GB 2TB Seagate Barracuda 2TB Seagate Barracuda 640GB WD Blue 
Hard DriveOptical DriveCoolingOS
1.5TB WD Green Samsung DVD/RW Cogage Arrow [Lapped] Microsoft Windows 8 Pro 
MonitorKeyboardPowerCase
Dell U2412m 1920x1200 16:10 Saitek Eclipse Thermaltake Toughpower XT 675w Coolermaster 690 II Black/White Advanced 
MouseMouse Pad
Lenovo MO28UOL Optical Qsteel 
View all
CPUMotherboardGraphicsRAM
Intel Celeron G540 MSI H61i-E35 HD2500 4GB G.Skill RipjawsX 2133MHz 
Hard DriveHard DriveOptical DriveCooling
Maxtor DiamondMAX 80GB WD Green 1.5TB Samsung DVD/RW Stock 
OSPowerCase
Windows Server 2008 R2 Antec Earthwatts 430W Bitfenix Prodigy 
View all
  hide details  
Reply
690 II Advanced
(18 items)
 
Backup Server
(11 items)
  		 
CPUMotherboardGraphicsRAM
Intel Core i7 3770k [De-Lidded] MSI Z77A-G43 MSI GTX 560 Ti Twin Frozr II 8GB G.Skill RipjawsX 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 Pro 128GB 2TB Seagate Barracuda 2TB Seagate Barracuda 640GB WD Blue 
Hard DriveOptical DriveCoolingOS
1.5TB WD Green Samsung DVD/RW Cogage Arrow [Lapped] Microsoft Windows 8 Pro 
MonitorKeyboardPowerCase
Dell U2412m 1920x1200 16:10 Saitek Eclipse Thermaltake Toughpower XT 675w Coolermaster 690 II Black/White Advanced 
MouseMouse Pad
Lenovo MO28UOL Optical Qsteel 
View all
CPUMotherboardGraphicsRAM
Intel Celeron G540 MSI H61i-E35 HD2500 4GB G.Skill RipjawsX 2133MHz 
Hard DriveHard DriveOptical DriveCooling
Maxtor DiamondMAX 80GB WD Green 1.5TB Samsung DVD/RW Stock 
OSPowerCase
Windows Server 2008 R2 Antec Earthwatts 430W Bitfenix Prodigy 
View all
  hide details  
Reply
post #13 of 57
5/7/12 at 1:40pm
  • Joined: Jan 2008
  • Location: Miami Lakes, FL
  • Posts: 8,832
  • Rep: 386 (Unique: 309)
  • Trader Rating: 6
  • Folding Team Rank: 1,367
  •  
    Name Team Rank Points / May Work Units / May
    AlbertGomez 1,367 1,092,583 / 0 3,006 / 0
       
  • Select All Posts By This User
Severe mistake. Regardless of "security being tough," there was no reason for this to happen. If I'm getting this right, the passwords WEREN'T saved in plain text before, but for some reason they decided to do so with the recent update. WHY? It is literally COMMON SENSE. They had it right, with no problems. Why make such a change that would obviously be a huge security risk? Whoever was delegated to handle that part of security should definitely get the dirty boot...
Gaming Rig
(20 items)
  		  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 Sapphire HD7970 OC with Boost 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Corsair Force 3 120GB SSD Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
View all
  hide details  
Reply
Gaming Rig
(20 items)
  		  
CPUMotherboardGraphicsRAM
Intel 2500k, 4.6GHz, 1.304v ASRock P67 Extreme4 Gen3 Sapphire HD7970 OC with Boost 2x4GB DDR3 1600 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Corsair Force 3 120GB SSD Samsung 750GB HD753LJ Samsung F3 ASUS 24X DVD Combo Drive 
CoolingOSMonitorKeyboard
Noctua DH14 Windows 8 Professional x64 Crossover 27Q 27" IPS LED, 2560x1440 Logitech G11 
PowerCaseMouseMouse Pad
Corsair TX750 Cooler Master HAF932 Logitech G500 Custom 
AudioAudioAudioAudio
Creative X-Fi Titanium Fatal1ty 2x Dayton B652 Bookshelf Dayton DTA-100A Amplifier Dayton 12" SUB-1200 Subwoofer 
View all
  hide details  
Reply
post #14 of 57
5/7/12 at 1:48pm
Thread Starter 
Quote:
Originally Posted by Stealth Pyros View Post

Severe mistake. Regardless of "security being tough," there was no reason for this to happen. If I'm getting this right, the passwords WEREN'T saved in plain text before, but for some reason they decided to do so with the recent update. WHY? It is literally COMMON SENSE. They had it right, with no problems. Why make such a change that would obviously be a huge security risk? Whoever was delegated to handle that part of security should definitely get the dirty boot...

It was probably a debug mode. A developer working on the patch forgot to disable the mode before release.
Once again...
(13 items)
  		  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
View all
  hide details  
Reply
Once again...
(13 items)
  		  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
View all
  hide details  
Reply
post #15 of 57
5/7/12 at 1:50pm
My question is how did the passwords magically go from hashes to plain text...
Instanty By A Week
(8 items)
  		  
CPUMotherboardGraphicsRAM
i5 2500k Asus P8P67 XFX HD 6950 G.Skill 2x4GB 
CoolingOSPowerCase
CM Hyper 212+ Windows 7 / Linux Mint Seasonic S12ii 620 HAF 912 
View all
  hide details  
Reply
Instanty By A Week
(8 items)
  		  
CPUMotherboardGraphicsRAM
i5 2500k Asus P8P67 XFX HD 6950 G.Skill 2x4GB 
CoolingOSPowerCase
CM Hyper 212+ Windows 7 / Linux Mint Seasonic S12ii 620 HAF 912 
View all
  hide details  
Reply
post #16 of 57
5/7/12 at 1:51pm
"Fortunately, few people will be affected. To be hit by the problem, you’ll need to have used FileVault encryption prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault. If you did, the OS X 10.7.3 update will have turned on a a debug log file outside of the encrypted area of the OS, which will be storing user passwords in plain text."
Nameless
(14 items)
  		  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
View all
  hide details  
Reply
Nameless
(14 items)
  		  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
View all
  hide details  
Reply
post #17 of 57
5/7/12 at 1:52pm
I am not mentioning that it plays as malware, but future devices that will be to come will have an impact on the amount of malware/trojans that will be aimed at OS by apple. Sorry i didn't explain it to well.
Sharkbait
(16 items)
  		  
CPUMotherboardGraphicsRAM
2500k OC 4.6 Asrock p67 extreme 4 gen 3 Asus GTX 670 DirectCU ii top sli 16gb gskill ripsaw 
Hard DriveHard DriveOptical DriveCooling
3xWD RE4 2tb Crucial M4 128gb none Corsair h80 
OSMonitorKeyboardPower
Windows 7 Pro 64-bit HP ZR30w 30" IPS Corsair vengeance k60 Corsair hx850 
CaseMouseMouse PadAudio
Lian Li Lancool DragonLord K62R1 Corsair vengeance m60 Razor Large ASUS Xonar Essence STX 
View all
  hide details  
Reply
Sharkbait
(16 items)
  		  
CPUMotherboardGraphicsRAM
2500k OC 4.6 Asrock p67 extreme 4 gen 3 Asus GTX 670 DirectCU ii top sli 16gb gskill ripsaw 
Hard DriveHard DriveOptical DriveCooling
3xWD RE4 2tb Crucial M4 128gb none Corsair h80 
OSMonitorKeyboardPower
Windows 7 Pro 64-bit HP ZR30w 30" IPS Corsair vengeance k60 Corsair hx850 
CaseMouseMouse PadAudio
Lian Li Lancool DragonLord K62R1 Corsair vengeance m60 Razor Large ASUS Xonar Essence STX 
View all
  hide details  
Reply
post #18 of 57
5/7/12 at 1:56pm
Mistakes happen and in thousands of lines of code, things can go unnoticed for years. The important question however, is how fast and with what method will Apple respond?
Halloween
(13 items)
  		  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M MSI N580GTX Lightning G. SKill DDR3-1333 16GB 
Hard DriveOSMonitorKeyboard
Samsung 830 128GB, 2x OCZ Vertex, 1 WD Caviar B... Windows 7 Professional x64 Dell Ultrasharp 2407WFP Logitech G15 (Red) 
PowerCaseMouseMouse Pad
Corsair HX850 Silverstone TJ-08E Logitech G9X (Logitech G500 as backup) X-Trac Ripper 
Audio
JDS Labs ODAC > Swans M200MKIII or Schiit Lyr >... 
View all
  hide details  
Reply
Halloween
(13 items)
  		  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M MSI N580GTX Lightning G. SKill DDR3-1333 16GB 
Hard DriveOSMonitorKeyboard
Samsung 830 128GB, 2x OCZ Vertex, 1 WD Caviar B... Windows 7 Professional x64 Dell Ultrasharp 2407WFP Logitech G15 (Red) 
PowerCaseMouseMouse Pad
Corsair HX850 Silverstone TJ-08E Logitech G9X (Logitech G500 as backup) X-Trac Ripper 
Audio
JDS Labs ODAC > Swans M200MKIII or Schiit Lyr >... 
View all
  hide details  
Reply
post #19 of 57
5/7/12 at 1:57pm
  • Shrak
  • (╯°□°)╯︵ ┻━┻
Quote:
Originally Posted by OC'ing Noob View Post

Mistakes happen and in thousands of lines of code, things can go unnoticed for years. The important question however, is how fast and with what method will Apple respond?

This. These kinds of mistakes happen all the time. The real question is how fast Apple will be to fix it.
Reply
Reply
post #20 of 57
5/7/12 at 1:59pm
Thread Starter 
Quote:
Originally Posted by legojoey17 View Post

My question is how did the passwords magically go from hashes to plain text...
Debug mode.
Quote:
Originally Posted by OC'ing Noob View Post

Mistakes happen and in thousands of lines of code, things can go unnoticed for years. The important question however, is how fast and with what method will Apple respond?
Better question... will Apple even acknowledge the issue or will they "secretly" patch? tongue.gif
Once again...
(13 items)
  		  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
View all
  hide details  
Reply
Once again...
(13 items)
  		  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
View all
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [BitTech] Apple goof opens FileVault hole in OS X