NNSquad - Network Neutrality Squad
[ NNSquad ] Apple security blunder exposes Lion login passwords in clear text
Apple security blunder exposes Lion login passwords in clear text
http://j.mp/Iw9JnG (ZDNET)
"An Apple programmer, apparently by accident, left a debug flag in the
most recent version of the Mac OS X operating system. In specific
configurations, applying OS X Lion update 10.7.3 turns on a
system-wide debug log file that contains the login passwords of every
user who has logged in since the update was applied. The passwords are
stored in clear text.
...
This leak of credentials could be catastrophic for businesses that
have relied on the FileVault feature in Macs for years. FileVault is
intended to protect sensitive information stored by providing an
encrypted user home directory contained in an encrypted file system
mounted on top of the user's home directory. If an employee has their
Mac stolen, however, anything they encrypted, as well as anything that
requires those credentials, can be accessed without hindrance if the
vulnerable configuration is in place."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
- Data Wisdom Explorers League: http://www.dwel.org
- Network Neutrality Squad: http://www.nnsquad.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
- PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad