NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Apple security blunder exposes Lion login passwords in clear text

Apple security blunder exposes Lion login passwords in clear text

http://j.mp/Iw9JnG  (ZDNET)

   "An Apple programmer, apparently by accident, left a debug flag in the
    most recent version of the Mac OS X operating system. In specific
    configurations, applying OS X Lion update 10.7.3 turns on a
    system-wide debug log file that contains the login passwords of every
    user who has logged in since the update was applied. The passwords are
    stored in clear text.
    This leak of credentials could be catastrophic for businesses that
    have relied on the FileVault feature in Macs for years. FileVault is
    intended to protect sensitive information stored by providing an
    encrypted user home directory contained in an encrypted file system
    mounted on top of the user's home directory. If an employee has their
    Mac stolen, however, anything they encrypted, as well as anything that
    requires those credentials, can be accessed without hindrance if the
    vulnerable configuration is in place."

 - - -

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Data Wisdom Explorers League: http://www.dwel.org
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list