 |
 |
Resetting Password To Gain Full Access
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2003
Status:
Offline
|
|
I was loaned a PowerBook G4 by someone, and I couldn't install an application because i didn't have the administrator's password.
then a friend of mine showed me a way around it which i found rather disturbing.
he basically put in an installer cd, and booted off it, then under the INSTALLER app menu, there is an item called "reset password..." he clicked on that, and created a root user with no password.
then when he booted up again, he clicked on "other..." under the login screen, and boom he was not only able to install applications, he had full access to everything on the computer, including other users' home folder.
is it me, or is this rather insecure? or am i missing something here?
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2000
Location: Menands, NY
Status:
Offline
|
|
If you have physical access to a machine, you can gain access the contents, even if you have to pull the disk drive out and install it in another machine. The only solution, if you see this as a problem, is encryption. Using the install CD to reset the password has always been a feature of OS X.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
It's necessary. There is a saying "there is no security without physical security". If you have physical access to a box you can:
1) put the hard drive in another computer and access it there
2) boot in "single-user" mode and have free reign over the system
3) boot from a CD and have free reign over the system
There is an optional firmware patch from Apple that will require a password to boot from any drive besides the internal HD if you want it. However, it's not worth it for most people. It also does not prevent (1) above.
You have to have physical security for a computer to be secure.
|
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Offline
|
|
In most cases, the OpenFirmware password would stop most casual users from doing this. However, as was said before, it is defeatable either by transferring the drive or resetting the OpenFirmware password.
(Last edited by Art Vandelay; Aug 21, 2003 at 01:20 PM.
)
|
|
Vandelay Industries
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2000
Location: The Basement
Status:
Offline
|
|
This goes for any computer's os. In the upcoming 10.3 you can have your home directory encrypted on the fly. This will prevent and protect your data to some extent.
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Nov 2001
Location: Arizona
Status:
Offline
|
|
You can encrypt almost anything you want today by creating disk images with AES-128 encryption. Secure against theft and curious friends alike. Panther will certainly make it easier to simply protect everything in one stroke.
(BTW, the Keychain is always encrypted and using a CD or admin account to change an account's password doesn't grant access to that account's Keychain. So when you return that Powerbook to its owner, you can tell him his new admin password and remind him his Keychain password is still his old account password.)
I think Apple should change it so if you forget your admin password you can never access the machine or data again and have to throw the machine away.
(And once Panther comes out, I bet a lot of people will turn that encryption option on reflexively, and then be horrified when the answer to posting "I forgot my password, how to I get to my files?" is "You can't." )
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
