Apple Takes 3 Months But Finally Stops Printing Passwords in Plaintext
May 9, 2012 5:20 PM
comment(s) - last by
Company is showing signs of improvement, past flaws took it up to a year to patch
Famed OS X hacker
once told a security blog
, "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."
But of late there have been
in the farm house, and even Apple, Inc. (
started to admit that it has security issues
-- well, after realizing that telling its technicians to
lie to customers about them
might be bad publicity. One recent piece of malware is estimated to have
infected 600K Macs
generated millions in profit
for identity thieves alone.
Kapersky Labs, a top security firm recently warned the public that Apple's security was
10 years behind Microsoft
). Evidence of that was seen in the 10.7.3 build of OS X "Lion", which due a programming error (a stray debugging flag left on in OS X's source) accidentally logged
the passwords of users who used legacy FileVault settings.
An Apple user, Eric Hildum
in the support forums three months ago:
I’ve tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted.
This poses a security risk. We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well.
Is this a “speciality” of our environment or is this a known bug? Can I turn this behavior off?
We are running Lion clients with a SL Server and using OpenDirectory.
Apparently the Apple answer was that this was a "feature" for the time being, because the user received no reply to his pleas for three months. Then a security researcher by the name of David Emery, posted his findings to the
mailing list, a list frequent by hackers.
As noted by Mr. Emery, the issue did not effect purchasers of new Lion systems, but might have affected many users of legacy systems who upgraded to Lion.
With the Cryptome email, the media began to catch wind of Lion's penchant for plaintext password dumping and Apple was forced into the awkward position of providing an "update" for its "feature".
Hence OS X 10.7.4 was born, and aired today to loyal Lion subscribers.
The patch also "improves" other "features", such as no longer losing settings to the "reopen windows when logging back in" checkbox, and allowing "certain British third-party keyboards" to finally work.
Apple may still be living in the dark ages of security, but at least it's figured out not to stores users' passwords in plaintext, even if it took the company three months of complaints. On the plus side, the three month turnaround is faster than past incidents where Apple took
up to a year to fix past security issues/features
This article is over a month old, voting and posting comments is disabled
RE: More biased anti-apple Trolling
5/9/2012 8:24:10 PM
Are you even serious? Statistically speaking, if only 5 percent of Macs get a virus by your rationale, how many would that be if they had the same base installment as windows machines???? Remember now, there are still even win 98 machines on the net, it is only obvious that if even both of these machines where equally secured, than windows would billions more infections by market dominance alone!
What hacker would want to create a virus to target the least amount of computers to spread to? Doesn't make any sense...
Windows is always under attack due to their dominance, this has made them hardened and use to dealing with non stop attacks. Only recently has Apple started to barely gain enough of the market share to be targeted by hackers (that and its easy when Apple didn't supposedly need antivirus software)making them an easy target, but yet not ready to deal with these ongoing threats.
Trust me, I love to love an underdog, but Apple is not the underdog to love, just by supporting them, even knowing the way that they deal business and treat their customers as idiots tells me quite a bit about your personality.
But hey, Apple can instill a feeling of superiority and coolness right?
"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller
Symantec: Flashback Trojan for Mac Generates $10,000/Day
May 1, 2012, 1:46 PM
Kaspersky Labs: Apple's Security 10 Years Behind Microsoft
April 26, 2012, 7:39 AM
Apple Admits Its Macs Have a Malware Problem
April 12, 2012, 12:07 PM
Malware Authors Get Boost from Apple's Sluggish Updates, Infect 600K Macs
April 6, 2012, 8:40 AM
"Devil Robber" Trojan Infects Macs, Leeches Their GPUs for Bitcoin Profit
November 1, 2011, 10:59 AM
Microsoft Channels LittleBigPlanet and Minecraft With "Project Spark" Beta
December 4, 2013, 9:14 AM
Software Firm Apptricity Receives $50 Million in U.S. Army Piracy Lawsuit
November 29, 2013, 11:42 AM
EA and Tiger Woods Part ways, EA Sports Offers First Look at Next Gen Golf Game
October 29, 2013, 9:27 AM
Quick Note: Trial Versions of iWork, Aperture Updated for Free by Mac App Store
October 24, 2013, 12:53 PM
Crytek "Warface" Opens New Era of AAA In-Browser FPS Gaming
October 22, 2013, 3:00 PM
Microsoft Rolls Out Windows 8.1
October 17, 2013, 11:52 AM
Most Popular Articles
NSA Snares Americans' Porn Viewing Histories in Effort to Target Muslims
December 1, 2013, 9:00 PM
Coalition of 20+ Tech Firms Backs MRAM as Potential DRAM, NAND Replacement
November 29, 2013, 11:59 PM
Fed Up With Cheating OEMs, Microsoft Trolls Chromebooks in New Ad
November 27, 2013, 4:09 PM
Xbox? PCs? Mobile? Microsoft Wants One Windows to Rule Them All
November 25, 2013, 8:21 PM
Seattle Restaurant Bans Google Glass, Tells Wearers to "Just shut up and get out"
November 27, 2013, 10:27 AM
Latest Blog Posts
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
NSA and Congress -- You Will Never Kill the Constitution, It's an Idea
Nov 10, 2013, 2:00 PM
AT&T Explores $100B+ USD Deal to Acquire Vodafone's European Operations
Nov 4, 2013, 7:34 AM
U.S. Army Developing Cyber, Electronic War Arsenal
Oct 31, 2013, 4:49 PM
More Blog Posts
Copyright 2013 DailyTech LLC. -
Terms, Conditions & Privacy Information