[mac4theblind] Re: OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault
- From: Justin Harford <blindstein@xxxxxxxxx>
- To: "mac4theblind@xxxxxxxxxxxxx" <mac4theblind@xxxxxxxxxxxxx>
- Date: Sun, 6 May 2012 13:39:23 -0700
Didn't they say that your new password would be logged as well?
Sent from my iPhone
On May 6, 2012, at 1:24 PM, Scott Howell <scottn3byy@xxxxxxxxx> wrote:
> Hmmm, very interesting. I do not use File Vault on my MIni, but have
> considered it for my MBP. Although I have not looked to far into this I
> gather changing the password is the easy fix, so at least it does not require
> some serious hackery to the OS.
>
> On May 6, 2012, at 3:14 PM, David Hilbert Poehlman wrote:
>
>> == OS X Lion update accidentally outs user passwords in plain text, stumbles
>> over FileVault ==
>> http://www.engadget.com/2012/05/06/os-x-lion-update-accidentally-outs-user-passwords-in-plain-text/
>> (from Engadget)
>>
>> Are you an avid user of OS X's FileVault encryption and running a recently
>> updated version of Lion? It may be time to consider changing your passwords.
>> According to security researcher David Emry, users who used FileVault prior
>> to upgrading to 10.7.3 may be able to find their password in a system-wide
>> debug log file, stored in plain text outside of the encrypted area. This
>> puts the password at risk of being read by other users or enterprising cyber
>> criminals, Emry explains, and even opens the door for new flaw-specific
>> malware. FileVault 2, on the other hand, seems to be unaffected by the bug.
>> The community doesn't currently have a way to fight the flaw, so users
>> rushing to change their password now may find it being logged as well.
>> Obviously, we'll let you all know once we hear back from Apple regarding
>> this matter.OS X Lion update accidentally outs user passwords in plain text,
>> stumbles over FileVault originally appeared on Engadget on Sun, 06 May 2012
>> 12:55:00 EDT. Please see our terms for use of feeds.Permalink | ZDNet |
>> Email this | Comments
>>
>>
>>
>> --
>> Jonnie Appleseed
>> With His
>> Hands-On Technolog(eye)s
>> Touching The Internet
>> Reducing Technology's disabilities
>> One Byte At A Time
>>
>> ************
>>
>>
>> You are subscribed to the mac4theblind mailing list.
>>
>>
>> The url for this list, where one can unsubscribe or make any changes to
>> their list subscription is:
>>
>> //www.freelists.org/list/mac4theblind
>>
>> The list archive is located at
>>
>> //www.freelists.org/archive/mac4theblind/
>>
>> All emails intended for the list owner can be sent to:
>>
>> john@xxxxxxxxxxxxxxxxxx
>>
>
> ************
>
>
> You are subscribed to the mac4theblind mailing list.
>
>
> The url for this list, where one can unsubscribe or make any changes to
> their list subscription is:
>
> //www.freelists.org/list/mac4theblind
>
> The list archive is located at
>
> //www.freelists.org/archive/mac4theblind/
>
> All emails intended for the list owner can be sent to:
>
> john@xxxxxxxxxxxxxxxxxx
>
************
You are subscribed to the mac4theblind mailing list.
The url for this list, where one can unsubscribe or make any changes to
their list subscription is:
//www.freelists.org/list/mac4theblind
The list archive is located at
//www.freelists.org/archive/mac4theblind/
All emails intended for the list owner can be sent to:
john@xxxxxxxxxxxxxxxxxx
Other related posts:
