[mac4theblind] OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault
- From: David Hilbert Poehlman <poehlman1@xxxxxxxxxxx>
- To: mac4theblind@xxxxxxxxxxxxx
- Date: Sun, 6 May 2012 15:14:48 -0400
== OS X Lion update accidentally outs user passwords in plain text, stumbles
over FileVault ==
http://www.engadget.com/2012/05/06/os-x-lion-update-accidentally-outs-user-passwords-in-plain-text/
(from Engadget)
Are you an avid user of OS X's FileVault encryption and running a recently
updated version of Lion? It may be time to consider changing your passwords.
According to security researcher David Emry, users who used FileVault prior to
upgrading to 10.7.3 may be able to find their password in a system-wide debug
log file, stored in plain text outside of the encrypted area. This puts the
password at risk of being read by other users or enterprising cyber criminals,
Emry explains, and even opens the door for new flaw-specific malware. FileVault
2, on the other hand, seems to be unaffected by the bug. The community doesn't
currently have a way to fight the flaw, so users rushing to change their
password now may find it being logged as well. Obviously, we'll let you all
know once we hear back from Apple regarding this matter.OS X Lion update
accidentally outs user passwords in plain text, stumbles over FileVault
originally appeared on Engadget on Sun, 06 May 2012 12:55:00 EDT. Please see
our terms for use of feeds.Permalink | ZDNet | Email this | Comments
--
Jonnie Appleseed
With His
Hands-On Technolog(eye)s
Touching The Internet
Reducing Technology's disabilities
One Byte At A Time
************
You are subscribed to the mac4theblind mailing list.
The url for this list, where one can unsubscribe or make any changes to
their list subscription is:
//www.freelists.org/list/mac4theblind
The list archive is located at
//www.freelists.org/archive/mac4theblind/
All emails intended for the list owner can be sent to:
john@xxxxxxxxxxxxxxxxxx
Other related posts:
