 |
 |
A $995 tool can steal your Mac's passwords in minutes
|
|
|
|
|
Grizzled Veteran
Join Date: Aug 2007
Location: U.K.
Status:
Offline
|
|
|
|
|
iMac Intel Core i5, 2.5GHz, 4GB RAM, 500GB 21.5" Monitor 10.8.3.
iMac 17" 2.0ghz Intel Core 2 Duo w 3gb memory (White one) 10.6.8.
Internal 500gb / 8x external HDD's 250GB - 3TB (4x Time Machine)
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
The solution appears to be to turn "Automatic Login" off. But if that was on, why would you need something like this in the first place? Why couldn't you just... reboot the machine? 
edit: d'oh, it's obviously to get the admin password for sudo. never mind
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2000
Location: Stoneham, MA, USA
Status:
Offline
|
|
If I had physical access to a computer and wanted to get in, i'd just netboot it off my laptop and image it's hard drive. No need to spend $995 on this software.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2001
Location: brooklyn ny
Status:
Offline
|
|
just think, for only $1000, i could access someone's exciting email, family photos, schoolwork, or resumés, or...
|
|
"At first, there was Nothing. Then Nothing inverted itself and became Something.
And that is what you all are: inverted Nothings...with potential" (Sun Ra)
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Feb 2005
Status:
Offline
|
|
Likely takes advantage of Firewire's DMA.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status:
Offline
|
|
Didn't anyone tell them you can reset the password by booting of the installer, or with lion the recovery partition.
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Originally Posted by l008com 
If I had physical access to a computer and wanted to get in, i'd just netboot it off my laptop and image it's hard drive. No need to spend $995 on this software.
What if FileVault is on and the disk is encrypted, though?
Originally Posted by BLAZE_MkIV
Didn't anyone tell them you can reset the password by booting of the installer, or with lion the recovery partition.
You can't do that if a firmware password is set.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by CharlesS
The solution appears to be to turn "Automatic Login" off. But if that was on, why would you need something like this in the first place? Why couldn't you just... reboot the machine?
edit: d'oh, it's obviously to get the admin password for sudo. never mind
Wouldn't single user mode + passwd <username> allow you to change the password of any user on that machine?
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
If you have the firmware password set, single-user mode is disabled.
Also, FileVault in Lion encrypts the whole disk, meaning that you need to use your password to access it at all, even to boot into single-user mode.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2001
Location: brooklyn ny
Status:
Offline
|
|
i've been using a firmware password for years; seems worth it with a macbook...it's both great and terrible that you can change a login password simply with an install dvd...
|
|
"At first, there was Nothing. Then Nothing inverted itself and became Something.
And that is what you all are: inverted Nothings...with potential" (Sun Ra)
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Dec 2007
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
is not: I will buy your dog you are hoping to sell for 50 Euros.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by CharlesS
You can't do that if a firmware password is set.
Like that can't be circumvented.
As always: once someone has physical access, all bets are off.
-t
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Originally Posted by turtle777
Like that can't be circumvented.
On the 2011 Macs, it reportedly can't.
Likewise, full disk encryption à la Lion's FileVault should be a decently secure option, really.
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Feb 2005
Status:
Offline
|
|
Originally Posted by CharlesS
full disk encryption à la Lion's FileVault should be a decently secure option, really.
Their software claim to be able to bypass BitLocker, TrueCrypt, and FileVault.
Either by grabbing the key from memory, a safe sleep memory image, or by brute-forcing it if necessary...
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
I will buy your dog you are hoping to sell for 50 Euros.
Make that three; will name them Schwarz, Rot and Gold. To steal my Macs is going to be harder than to steal Superman undies. 
|
|
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Originally Posted by tightsocks
Their software claim to be able to bypass BitLocker, TrueCrypt, and FileVault.
Either by grabbing the key from memory, a safe sleep memory image, or by brute-forcing it if necessary...
If it's a strong passphrase, you can't brute force it. Since it's FDE, the sleep image should be encrypted too, in addition to swap. I suppose that leaves memory, but if it's direct memory, shouldn't a security-conscious person unload the firewire kext?
Would Lion's full ASLR matter here?
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Originally Posted by tightsocks
Their software claim to be able to bypass BitLocker, TrueCrypt, and FileVault.
Either by grabbing the key from memory, a safe sleep memory image, or by brute-forcing it if necessary...
Right, I was responding to the people saying "Just boot from the install disc / pull the hard drive / single user mode / etc."
Clearly these people have found some other vulnerability in OS X. Hopefully, Apple will be on it before too long.
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Something seems a bit off with this product. There is very little detail or screenshots of them hacking into Macs. Can't help but think a youtube video demonstration would get them a lot of PR and yet there isn't one of those either.
|
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Mar 2003
Location: Down by the river
Status:
Offline
|
|
The funny thing here is this company is stealing your $995. Prolly priced so high to appeal to the US Gov't, they like paying a lot for stuff.
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Feb 2005
Status:
Offline
|
|
Originally Posted by Waragainstsleep
Something seems a bit off with this product. There is very little detail or screenshots of them hacking into Macs. Can't help but think a youtube video demonstration would get them a lot of PR and yet there isn't one of those either.
I think the Mac support is fairly new.
Lots of info on their site:
http://www.lostpassword.com/kit-forensic.htm
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2004
Location: UK
Status:
Offline
|
|
Which would be all the more reason to make a song and dance about it. Seems unlikely they'd be smart enough to 'decrypt hard disks' but don't know how to get free advertising from all the Mac blogs.
I'm not sure thats what really bothers me about it. There is just something about their site that makes me suspicious. Can't put my finger on it.
|
|
I have plenty of more important things to do, if only I could bring myself to do them....
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top