 |
 |
OS 9 security - is it so secure?
|
|
|
|
|
Clinically Insane
Join Date: Apr 2000
Status:
Offline
|
|
Hey all. I am rather worried as I have stumbled into a rather big security hole in the MacOS 9 file encryption thing.
I was able to gain access to 100% of the files I tried to without a password, and without the need for any brute-force attacks or anything...
I won't say how I did it in a public forum (that could make matters worse!), but please take note of this warning - DO NOT use Apple file encryption for sensitive documents (not that I imagine you would).
If anyone else believes they have found the same thing, please say so. I am hoping this is just happening on my computer, and I will check that out later today. I did not want to post this prematurely, as there may be no problem - but better safe than sorry.
If anyone wants to know more, e-mail me or contact me through ICQ on 48111606.
I will be sending Apple an e-mail with the details soon.
Cipher13
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Feb 2000
Location: Old Dominion University, Norfok, VA
Status:
Offline
|
|
Is your Keychain unlocked? That might do it... Unless you click the "Add to keychain" check box in the encrypt dialog, you have to enter your password every time... and the password can be different from your keychain password. This may not be the problem but it sounds like it.
------------------
-- iPond317
All hail iMac DV
G4 Performance Leader
iBook #1 consumer laptop
Mac OS 9: Your Internet co-pilot
Power Mac G4 considered "super computer"
Think different.
|
iPond317 | ODU Apple Campus Rep
"Ten years ago down by the lake I sunk my sweet love down to her watery grave." - Hello Again | DMB
Old: Apple IIc, PowerMac 7200/90, iMac Bondi Blue 233, Titanium PowerBook G4 400 - New: MacBook 2.0, iPhone 8GB, AirPort Extreme Gb, iPod 30GB 5th Gen
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Apr 2000
Status:
Offline
|
|
The password of the file was different to my keychain password. I had the keychain locked too. I didn't even know the password for the file - a friend encrypted a file and told me to try and get it unlocked. I thought yeah, right, but I thought I knew the password he had entered - same password every time.
I went to type in the password and nudged the Enter key on the keypad - the file decrypted with NO PASSWORD ENTERED!!!
He told me the real password too - it wasn't that I had thought.
I tried with the password - file decrypted. Without password - file decrypted. With incorrect password - file did not decrypt.
Very strange.
I have since tried it on another system - it didn't work, so it seems like there's somthing up with my system. I got a friend to encrypt a file with a random password then send it to me. We tried that and I could decrypt his file with no password...
I have no idea whats happened, but I have messed around with the Apple File Security app in ResEdit (on a copy of course).
If anyone has any clue as to whats happened, I'd really like your input.
Its not a problem I want to fix ;-), but nontheless a problem.
I will format HD tonight (once a month, every month), and see if when all old files are back on the problem remains.
I'll keep you updated...
Cipher13
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Sep 1999
Location: Seattle, WA USA
Status:
Offline
|
|
Odd. I don't have this problem. If I encrypt a file, without adding it to they keychain, I absolutely cannot gain access without the correct password. Tried Return and Enter.. still wouldn't let me in.. other combinations, no. Correct password.. i'm in.
What are you encrypting?
- oZ
|
|
- oZ
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Apr 2000
Status:
Offline
|
|
I was encrypting PICT format screenshots (just the standard Command-Shift-3 style), and then encrypted 4 of them, one at a time.
I could gain access either with no password, or the correct password, and the Keychain was involved in no way whatsoever...
Just about to format, so we'll see then.....
Cipher13
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Feb 2000
Location: Old Dominion University, Norfok, VA
Status:
Offline
|
|
I tried doing what you did... taking screen shots and encrypting them and then trying to open them without having to decrypt them, but it wouldn't open unless I gave it the correct password. I even tried to click on the Decrypt button without a password in the field and it wouldn't let me open it still.
I think you need to re-install the Keychain software. Either that or do a clean-install of OS 9 again and go back and update to the latest version, 9.0.4. That would probably be the only way to really solve the problem. Or, you might try deleting the Keychain preferences from the System Folder. Try the prefs first and if that doesn't work, try the clean-install.
------------------
-- iPond317
All hail iMac DV
G4 Performance Leader
iBook #1 consumer laptop
Mac OS 9: Your Internet co-pilot
Power Mac G4 considered "super computer"
Think different.
|
iPond317 | ODU Apple Campus Rep
"Ten years ago down by the lake I sunk my sweet love down to her watery grave." - Hello Again | DMB
Old: Apple IIc, PowerMac 7200/90, iMac Bondi Blue 233, Titanium PowerBook G4 400 - New: MacBook 2.0, iPhone 8GB, AirPort Extreme Gb, iPod 30GB 5th Gen
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Apr 2000
Status:
Offline
|
|
Well, I just got my new G4 (yay!) and did the same thing to the Apple Security file on it as I did on my 5500, and nothing.
Must have been a total fluke. Still makes me worry about a back door or something...
Cipher13
[This message has been edited by Cipher13 (edited 04-27-2000).]
[This message has been edited by Cipher13 (edited 04-27-2000).]
|
|
|
| |
|
|
|
|
|
|
|
| |
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
