Print 61 comment(s) - last by coferj.. on May 16 at 2:08 PM

Company is showing signs of improvement, past flaws took it up to a year to patch

Famed OS X hacker Charlie Miller once told a security blog, "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."

But of late there have been some thieves in the farm house, and even Apple, Inc. (AAPL) has started to admit that it has security issues -- well, after realizing that telling its technicians to lie to customers about them might be bad publicity.  One recent piece of malware is estimated to have infected 600K Macs and generated millions in profit for identity thieves alone.

Kapersky Labs, a top security firm recently warned the public that Apple's security was 10 years behind Microsoft Corp.'s (MSFT).  Evidence of that was seen in the 10.7.3 build of OS X "Lion", which due a programming error (a stray debugging flag left on in OS X's source) accidentally logged in plaintext the passwords of users who used legacy FileVault settings.

An Apple user, Eric Hildum complained in the support forums three months ago:

I’ve tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.
This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.

Is this a “speciality” of our environment or is this a known bug? Can I turn this behavior off?
We are running Lion clients with a SL Server and using OpenDirectory.

Apparently the Apple answer was that this was a "feature" for the time being, because the user received no reply to his pleas for three months.  Then a security researcher by the name of David Emery, posted his findings to the Cryptome mailing list, a list frequent by hackers.

Apple FileVault

As noted by Mr. Emery, the issue did not effect purchasers of new Lion systems, but might have affected many users of legacy systems who upgraded to Lion.

With the Cryptome email, the media began to catch wind of Lion's penchant for plaintext password dumping and Apple was forced into the awkward position of providing an "update" for its "feature".

Hence OS X 10.7.4 was born, and aired today to loyal Lion subscribers.  

The patch also "improves" other "features", such as no longer losing settings to the "reopen windows when logging back in" checkbox, and allowing "certain British third-party keyboards" to finally work.

Apple may still be living in the dark ages of security, but at least it's figured out not to stores users' passwords in plaintext, even if it took the company three months of complaints.  On the plus side, the three month turnaround is faster than past incidents where Apple took up to a year to fix past security issues/features.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: More biased anti-apple Trolling
By JediJeb on 5/9/2012 6:04:37 PM , Rating: 5
I've onwed 8 Macs in the last 5 years and have never been hacked once or had their identity stolen

I have had 5 PCs over the last 20 years and have never been hacked, had a virus or malware on those at home, even when running them with Windows versions far past their prime(just upgraded one to WinXP 3 years ago). Those are my home systems and I am careful of what I load and what sites I visit, so that would point to PCs not being easily infected if you only look at my record.

Now if you look at the PCs at work, that is another story. We had a case of malware/virus there that was tough to get rid of, but when it was figured out how it came to be, not even a Mac would have been safe from that user. Mac or PC, if a user will click on anything, they are both prone to be infected.

The build quality of every Mac is beautiful unlike Windows machines, which look like cheap garbage

If you narrow down the list of Windows machines to only a hand full of select models, they look great too. But on the other hand, if someone has a very limited budget, what is the bargain basement model of a Mac that they can purchase? Not everyone can own the Ferrari of computers(though I would consider a Mac more of a BMW than a Ferrari), some can only afford the Tata, and Apple just does not offer a cheap poor person's model.

You can say Apple is 10, 20 years behind I don't care. You're just biased and full of garbage.

Just as full of garbage as those who make Macs out to be some heaven sent piece of perfection. Macs are what they are, a decent computer running a decent operating system that can fall prey to malware infections when the ones using them are careless. There are PCs that can stomp them on performance, others that can stomp them on price, and if you throw Linux on one with an experienced user at the keyboard that would probably even beat them out in other areas too. Windows users freely admit they have bugs, Linux users will admit the same, Mac users seem to never admit any weakness in their systems even when it is pointed out to them with clear proof. Who is the more biased, one who goes out of their way to point out an Apple flaw, or one who vehemently denies any idea that a flaw can exist?

By sprockkets on 5/9/2012 9:57:49 PM , Rating: 3
Clearly Macs were not made for you - you, you use your brain and make informed decisions, and if you don't know something you find out.

"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki