Print 61 comment(s) - last by coferj.. on May 16 at 2:08 PM

Company is showing signs of improvement, past flaws took it up to a year to patch

Famed OS X hacker Charlie Miller once told a security blog, "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."

But of late there have been some thieves in the farm house, and even Apple, Inc. (AAPL) has started to admit that it has security issues -- well, after realizing that telling its technicians to lie to customers about them might be bad publicity.  One recent piece of malware is estimated to have infected 600K Macs and generated millions in profit for identity thieves alone.

Kapersky Labs, a top security firm recently warned the public that Apple's security was 10 years behind Microsoft Corp.'s (MSFT).  Evidence of that was seen in the 10.7.3 build of OS X "Lion", which due a programming error (a stray debugging flag left on in OS X's source) accidentally logged in plaintext the passwords of users who used legacy FileVault settings.

An Apple user, Eric Hildum complained in the support forums three months ago:

I’ve tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.
This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.

Is this a “speciality” of our environment or is this a known bug? Can I turn this behavior off?
We are running Lion clients with a SL Server and using OpenDirectory.

Apparently the Apple answer was that this was a "feature" for the time being, because the user received no reply to his pleas for three months.  Then a security researcher by the name of David Emery, posted his findings to the Cryptome mailing list, a list frequent by hackers.

Apple FileVault

As noted by Mr. Emery, the issue did not effect purchasers of new Lion systems, but might have affected many users of legacy systems who upgraded to Lion.

With the Cryptome email, the media began to catch wind of Lion's penchant for plaintext password dumping and Apple was forced into the awkward position of providing an "update" for its "feature".

Hence OS X 10.7.4 was born, and aired today to loyal Lion subscribers.  

The patch also "improves" other "features", such as no longer losing settings to the "reopen windows when logging back in" checkbox, and allowing "certain British third-party keyboards" to finally work.

Apple may still be living in the dark ages of security, but at least it's figured out not to stores users' passwords in plaintext, even if it took the company three months of complaints.  On the plus side, the three month turnaround is faster than past incidents where Apple took up to a year to fix past security issues/features.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: More biased anti-apple Trolling
By iceolate on 5/9/2012 7:33:10 PM , Rating: 4
I personally don't have any use for a notebook computer. However when it comes to notebook computers, I would recommend Lenovo based on their durability and excellent customer service, and then second to that would be MSI and Asus based on their quality internal hardware.

When it comes to Apple's iMac or PowerMac computers, they seem to be a bit a more reliable as far as the hardware lasting. However, those are also way overpriced for the outdated hardware that they contain. One could build a far superior machine for a fraction of the cost that has things like eSATA, USB 3 and HDMI. Why doesn't the 27" iMac have any video inputs? It has only outputs. You pay a premium for a giant high res display and then can't even connect anything else to it. Super lame.

All Macs continue to have problems with their crappy, overpriced, slot loading optical drives as well. That's usually the first thing to break. I personally don't care for the OSX operating system either. I find it very unintuitive and lacking in features. The wireless networking can be horrendous at times, too.

RE: More biased anti-apple Trolling
By Dennis Travis on 5/9/2012 7:47:08 PM , Rating: 2
Lenova is an excellent PC Notebook for sure. You will get no argument from me. They take after the IBM Thinkpads and I have think pads that are 15 years old and still work like the day they were made. Excellent machines.

RE: More biased anti-apple Trolling
By Dennis Travis on 5/9/2012 7:48:35 PM , Rating: 2
Oops, me bad. Lenovo!

RE: More biased anti-apple Trolling
By Cheesew1z69 on 5/9/2012 9:08:41 PM , Rating: 2
They are IBM Thinkpads....

RE: More biased anti-apple Trolling
By Iaiken on 5/10/2012 11:43:13 AM , Rating: 2
They ARE IBM Thinkpads....

Quoted for truth. Emphasis added...

"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki