Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Apple / Mac

Mac

Mac Users Beware of Password-Exposing Glitch!

Passwords are stored in the computer's memory long after they're needed

By Filip Truta, Apple News Editor

29th of February 2008, 08:08 GMT

Adjust text size:



Enlarge picture
Sure, Macs are pretty much virus-free (plus they come as a whole, seldom crash and they look just great), but a glitch is something no computer or electronic device can escape from. Apple itself has recently confirmed "a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account," according to C|netNews.com (News Blog).

According to Apple, the system becomes most vulnerable after
it stores an account password in the computer's memory and keeps it there long after it's needed, all due to a programming error. This means that the respective password can be retrieved at any time, by anyone with "physical" access to that computer, who wishes to impersonate the real user.

"This is a real problem and it needs to be fixed," said Jacob Appelbaum. He disagrees with the company's response saying "they won't put it in the latest security update or release a security update just for this issue." Jacob is a San Francisco-area programmer who discovered the vulnerability and reported it to Apple.

Jacob and his team of researchers are also responsible for a paper called "cold boot", published just last week. It describes "unrelated vulnerabilities in encrypted filesystems," according to C|net, among which Apple's FileVault, Windows Vista's BitLocker, and some open-source vulnerabilities as well.

"We're aware of this locally exploitable vulnerability, and we're working to fix it in an upcoming software update," Anuj Nayar, senior manager of PR at Apple, told the website. "While no operating system can be 100 percent immune, Apple has a great track record of addressing potential vulnerabilities before they can affect users."

Mac owners, and especially those using Keychain, should note that this vulnerability is specific to OS X. The glitch offers full access to your passwords to wireless networks, Web sites, network-mounted volumes, accounts (accessed via SSH) and more, at least in the system's default configuration.

TAGS:

 glitch | password | account | keychain | vulnerability


Rating:
Fair (2.2/5) 10 vote(s) so far    

Read by 1,002 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Apple Offers Free Recycling in the UK. 10% Discount on New iPods

Toshiba to Boost Apple's Air and Lenovo's X300?

Cheap 4GB Memory Upgrades Available for MacBooks - $95.99

iPhone Infringes on Displaying Number and Name

Apple Finally Talks iPhone SDK

Time Capsule Ships

Nvidia Releases Mac OS X Version of CUDA Programming Tools

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive