News Mac OS X flaw reveals passwords

http://www.bit-tech.net/news/2008/02/29/mac_os_x_flaw_reveals_passwords/1

A security researcher and Mac fan has discovered that the latest Apple operating system keeps plain-text copies of user passwords in RAM with no security at all.

 

If this was a Microsoft flaw it would be front page news, but as its apple its no biggie.

I sure now that this bug is known there will be malware/spyware coders trying to exploit this, I would

 

There playing it down because you need physical access to the mac itself. Not a problem then move on.... :/

 

Yes, but now that it's public, it's a race between Apple to fix the hole and malware developers to come up with a way to exploit it remotely...

 

pretty serious flaw, and at least apple has said something rather than taking their "we don't discuss things like this, we pretend they don't exist" position.

on the subject of macs in general:

 

lol nice pic.
Then again there is that hack for access to an encrypted hard disk and the computer only needs to be logged in, regardless if its locked or not. But again physical access is the key.

 

well today's news was interesting... guess I'll busy my self with a couple video games on my windows machine.... Wuhahaha!

 

0wn a mac:

get pleb to download a p2p client

use p2p client as host for malware, do a memory scan for the data, return memory scan as a header during file transfer

at attackers end log all received info, ip passwords etc.
use a script to SSH back to the box with root access

voila your Pwned!!! and spamming at an ungodly rate


seriously hope apple get 0wned, cus they are no better if not worse than m$ when it comes to issuing fixes
nm the fact it will shut the fan boys up in lala land, about macs being inherintly secure, there not its just more profitable to go after the majority than the minorities

 

Umm, I guess I'm confused - with physical access to a windows machine, you can reboot in linux and get every password in plain text. Why is it that when it's mac, physical access is suddenly unimportant and we should burn Steve-o in effigy?

Physical access to a logged in system == insecure. Period. That goes for Windows, Mac, and Nix. Honestly now, must we turn this to a mac/windows debate?

 

Here's a scenario for you.

You bring your laptop to work and leave it unattended while you take a coffee break. 15 minutes would be just enough time for an employee to access your passwords. What does this mean? Oh nothing, unless you've recently been to paypal, ebay, online stores, did your taxes (SSN), hotmail...the list goes on and on for what any theif clever enough to hack the mac in the first place would be looking for.

 

Pretty much what I had in mind, as well.

 

HA!!!!

The fish dies by it's own mouth!

Like other have said, If this was Windows, here. We'd all be shitting our pants.
I'd like to quote something that Apple Phag's ALWAYS SAY!
"We don't get viruses or Malware!"
But you do now!

What happened to superiority of the apple brand???

Jobs: "No, it's a feature. Honest. It's insanely great. You'll never forget your passwords again."
^ loving that!

 

Its right that if you get physical access to a PC no matter what OS is running, your basically in, but the physically access may be only in a limited window, i.e. people going out to lunch or coffee break. So not really that much time to work your magic, atleast not if you dont work well under pressure.

But say they leave it logged in for 2 minutes while they are out of the room you have got enough time to get thier password and then come back at your leisure to get whatever information you want.

Its right that if this was microsoft it would be all over the place, maybe not just on computer related websites, but because its apple its played down, when in all honesty its pretty serious.