Trial by Fire...

Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
You still need physical access to the machine. This falls under physical security. I can easily root any Unix box out there, if I have physical access.

btw, I'm not suggesting that this is something that shouldn't be fixed, just that it's not the end of the world.
 
OP
I
Joined
Mar 11, 2011
Messages
161
Reaction score
3
Points
18
I'm not suggesting that this is something that shouldn't be fixed, just that it's not the end of the world.
Oh, of course, but it looks bad; this is just the type of thing that competitors will highlight, and Apple has a pretty high-profile public image to maintain...
 

BrianLachoreVPI


Retired Staff
Joined
Feb 24, 2011
Messages
3,733
Reaction score
124
Points
63
Location
Maryland
Your Mac's Specs
March 2011 15" MBP 2.3GHz i7 Quad Core 8GB Ram | Mid 2011 27" iMac 3.4 GHz i7 16 GB RAM 2 TB HDD
According to the article - this has been around since "at least" Snow Leopard....
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
I can reset the password of any Mac following these basic steps. Like Dys noted though, this depends on physical access. So while it's a problem, Macs are still easily accessed regardless of whether or not the issue is fixed (like Dys said though, this doesn't negate the fact that it should be fixed).
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Give me any machine, Windows 7 also, and let me sit at the machine and I can destroy it.

Not using a hammer either.
 
Joined
May 14, 2009
Messages
2,052
Reaction score
136
Points
63
Location
Near Whitehorse, Yukon
Your Mac's Specs
2012 MBP i7 2.7 GHz 15" Matte - 16 GB RAM - 120 GB Intel SSD - 500 GB DataDoubler Mac OS 10.9
Newtons Law of Computers:
If somebody has physical access to your computer it's bye bye security.

I know Dys said this already but I couldn't resist :p
 

robduckyworth


Retired Staff
Joined
Jan 4, 2011
Messages
2,971
Reaction score
109
Points
63
Location
Reading, UK
Your Mac's Specs
15" MBP, 2.5GHz i7, 750GB, 6770M 1GB, iPad 3, iPhone 4, custom PC
I just filled all my ports with Blu-Tac. Who needs security updates.
 
Joined
Dec 9, 2010
Messages
844
Reaction score
49
Points
28
Location
Virginia
Your Mac's Specs
Currently 13" Late 2010 MBA, 4GB/128GB; Early 2011 13" MBP, dual core i7 2.7ghz, 4gb ram, 500gb hd
Just to clarify, it's an issue with FireWire, not just Macs. Any Windows computer with a FireWire (IEEE 1394, iLink) port is also vulnerable. The issue is the user password is stored in RAM for quick access to resources and the FireWire bus has access to the contents of RAM.
 
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
I've moved your post to a more proper forum; please be sure to check the forum descriptions to find the best place to post.

By posting in the right forum you help people not only find your question faster, but it helps others looking for the same information in the future.

Thanks for understanding!
 
OP
I
Joined
Mar 11, 2011
Messages
161
Reaction score
3
Points
18
You say that:
Just to clarify, it's an issue with FireWire, not just Macs. Any Windows computer with a FireWire (IEEE 1394, iLink) port is also vulnerable. The issue is the user password is stored in RAM for quick access to resources and the FireWire bus has access to the contents of RAM.
However, quoting from the article:
according to Passware, this is a security vulnerability unique to OS X. Asked if all computer operating systems were vulnerable to pulling an admin password from user memory, Passware president Dmitry Sumin told us that in Windows 7, at least, this hole had been closed.

Passware has alerted Apple of the vulnerability and are waiting for a response. Let’s hope that this is a security hole that Apple can patch sooner rather than later. It’s a distressing thing when the newest OS X is less secure than Windows, even in part.
It's an innate failing of any FireWire hardware, be it Mac or PC, but it can be patched via software. Apple really needs to address this issue with its newest "most secure in the world" OS, especially as it's an issue that Microsoft - the kings & queens of vulnerability - already did over a year ago...

Why do I care? Well - as I say in my profile info - I plan on buying a MacBook Pro for university once I've got the money for it (probably won't be for a while because, as a student, it'll take me a long time to save that much), and once I have I'd like to know that if I was unfortunate enough to have it stolen off me the thief couldn't gain immediate access to all my personal files & would be forced to simply format the HDD; I just hope that by the time I get the cash together this hole has been patched...
 
OP
I
Joined
Mar 11, 2011
Messages
161
Reaction score
3
Points
18
please be sure to check the forum descriptions to find the best place to post
Sorry, I misinterpreted the purpose of this forum as specifically for hardware-related questions; not just any general hardware-related posts.
 
Joined
May 14, 2009
Messages
2,052
Reaction score
136
Points
63
Location
Near Whitehorse, Yukon
Your Mac's Specs
2012 MBP i7 2.7 GHz 15" Matte - 16 GB RAM - 120 GB Intel SSD - 500 GB DataDoubler Mac OS 10.9
plan on buying a MacBook Pro for university once I've got the money for it (probably won't be for a while because, as a student, it'll take me a long time to save that much), and once I have I'd like to know that if I was unfortunate enough to have it stolen off me the thief couldn't gain immediate access to all my personal files & would be forced to simply format the HDD; I just hope that by the time I get the cash together this hole has been patched...

How be completely safe from the password stealer!!!

#1 Always shutdown your Mac once you are done using it. With the new Lion and it's Resume feature all your applications will come back as if you would have put it to sleep.

#2 Disable automatic login

#3 Yay! Your secure!!!!!!
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
How be completely safe from the password stealer!!!

#1 Always shutdown your Mac once you are done using it. With the new Lion and it's Resume feature all your applications will come back as if you would have put it to sleep.

#2 Disable automatic login

#3 Yay! Your secure!!!!!!
Even better:

1. Never use the internet or connect to another computer in a networked environment.
2. Never let anyone use your computer.
3. Live in the middle of nowhere (this one is optional). ;)
 
OP
I
Joined
Mar 11, 2011
Messages
161
Reaction score
3
Points
18
Always shutdown your Mac once you are done using it.
I didn't think you were supposed to do that...

One of the differences between Windows & OS X I'd always heard about was that not only was it unnecessary to turn-off your computer when you're done with it (due to Windows not being able to go more than ~24 hours of uptime before needing a reboot, while OS X can run almost indefinitely), but that it was actually bad for an install of OS X to turn a Mac on & off once (or more) a day & could lead to system file fragmentation...

Has this changed since I last heard that, or was the rumour never even true in the first place?
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
sudo ifconfig fw0 down


that oughta do it.
 
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
I really think ultimately this is so not important. Other than a few stories one afternoon this entire story has died.

Other than iHarrison keeping this thread going, this thread would have died.

What that tells me is this whole thing is not a serious issue.
 
Joined
May 14, 2009
Messages
2,052
Reaction score
136
Points
63
Location
Near Whitehorse, Yukon
Your Mac's Specs
2012 MBP i7 2.7 GHz 15" Matte - 16 GB RAM - 120 GB Intel SSD - 500 GB DataDoubler Mac OS 10.9
but that it was actually bad for an install of OS X to turn a Mac on & off once (or more) a day & could lead to system file fragmentation...
*insert hysterical laughter of amusement and disbelief*

K, I'm done with this ludicrous thread
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top