PDA

View Full Version : Kinda Worried...


Pipian
Oct 31, 2003, 07:56 AM
Is The Single user Mode Password Hole Still there in Panther?
This is worrying me because this totally compromises the security of MAC OS X!

More Info is Found here

http://www.securemac.com/macosxsingleuser.php

johnnowak
Oct 31, 2003, 08:17 AM
I'd also like to point out that all OS X systems, their monitors in particular, are vulnerable to the dreaded but rarely used 'Sledgehammer' attack, where the malicious hacker slams the hardware with a physically wielded device. It means instant system failure.

MacsRgr8
Oct 31, 2003, 01:43 PM
Originally posted by johnnowak
I'd also like to point out that all OS X systems, their monitors in particular, are vulnerable to the dreaded but rarely used 'Sledgehammer' attack, where the malicious hacker slams the hardware with a physically wielded device. It means instant system failure.

:D

Yeah. I believe every computer should give owner (root) privileges to the one that can gain physical access to it (i.e. really touch the computer). Try to make it quite complex, so that not "anybody" can do it. Logging such attempts could come in very handy aswell.
Tight security is a very good thing.... on remote computers. Being a sysadmin, I have seen issues where not being able to read the data on a volume because of lost passwords or other clumsiness, could have been very costly or damaging to a company.
You have to make sure that delicate or valuable data is stored on computers which are literally behind closed doors.

Laptops are more difficult....

coopdog
Nov 1, 2003, 09:47 PM
I have used that hole to get past my user account restrictions at places. It is a HUGE hole. It's very easy, it only depends on how fast reboot time is. So on a G5 it would only take about 40-60 seconds to have full root access. Apple should make the only way to you can reset the admin password is by using the OS X CD. Which takes longer.

G5orbust
Nov 1, 2003, 10:22 PM
I am still going for biometirc scanning!

How cool would it be to have a friend over say "watch this", and have your mac scan your retina with one of those cool, Hollywood type screen outputs.


Man...I have no life...

Bu there are holes in OSX because UNIX has holes that are pretty easy to exploit. My guess is Mac users arent really into hacking into other macs...though those PC guys seem to get a kick out of it.

cb911
Nov 1, 2003, 11:51 PM
whoa. i never knew about that. thanks for posting the link.

the only password bypass that i knew of was the buffer overrun when the screensaver was on, but Apple fixed that.

i guess i'll be careful and keep an eye on my PB to make sure no one reboots into single user mode...:eek: :p

SiliconAddict
Nov 2, 2003, 12:18 AM
Originally posted by johnnowak
I'd also like to point out that all OS X systems, their monitors in particular, are vulnerable to the dreaded but rarely used 'Sledgehammer' attack, where the malicious hacker slams the hardware with a physically wielded device. It means instant system failure.

Hmmm. If memory serves I read about a solution for this on news.com.

I believe it was a join effort between Symantec and Nerf. :D