Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 13, 2011, 01:23 PM   #1
NorthDakota91
macrumors member
 
Join Date: Sep 2011
Location: Italy
Lion security flaw with "resetpassword"

Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?
__________________
 Macbook White 7.1 (Core 2 Duo 2.4 GHz, 8GB of RAM, 120GB SanDisk Pro SSD)
(Eventually, sorry for my bad english )
NorthDakota91 is offline   0 Reply With Quote
Old Dec 13, 2011, 01:24 PM   #2
Intell
macrumors P6
 
Intell's Avatar
 
Join Date: Jan 2010
Location: Inside
Use a firmware password. This flaw is no different then boot the Mac from an external drive or cd.
__________________
Last edited by Intell; Yesterday at 3:16 AM.
Intell is offline   0 Reply With Quote
Old Jan 10, 2013, 10:04 AM   #3
scottishwildcat
macrumors regular
 
Join Date: Oct 2007
I wouldn't really call it a "flaw". As any security guru will tell you, once somebody has physical access to your machine, all bets are off -- at that point, if somebody really wants access to your stuff, they can most likely get it one way or another. The best you can do is make it hard enough that they might lose interest first.
scottishwildcat is offline   0 Reply With Quote
Old Jan 10, 2013, 10:08 AM   #4
Bear
macrumors G3
 
Join Date: Jul 2002
Location: Sol III - Terra
Two ways to avoid it. One is the firmware password. The other is Filevault 2. If the disk is encrypted, they wouldn't be able to use the reset password.

If you're worried about data security and integrity, I would recommend the FileVault 2 route as the firmware password isn't 100% secure as Apple knows how to reset it, so I'm sure others do as well.
__________________
-----Bear
Bear is offline   0 Reply With Quote
Old Jan 10, 2013, 11:35 AM   #5
benwiggy
macrumors 68020
 
Join Date: Jun 2012
Quote:
Originally Posted by NorthDakota91 View Post
Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?
If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.

The best way to avoid such problems are not to leave your expensive computer lying around, and place it in a locked drawer when you're not using it.
benwiggy is offline   0 Reply With Quote
Old Jan 10, 2013, 11:41 AM   #6
ThirteenXIII
macrumors 6502a
 
Join Date: Mar 2008
Quote:
Originally Posted by benwiggy View Post
If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.

The best way to avoid such problems are not to leave your expensive computer lying around, and place it in a locked drawer when you're not using it.
not with disk encryption. and the recommended methods provided previously.
But, yes proper watch over your stuff is the first step.
Also Back-ups are critical!
ThirteenXIII is offline   4 Reply With Quote
Old Jan 10, 2013, 12:00 PM   #7
benwiggy
macrumors 68020
 
Join Date: Jun 2012
Quote:
Originally Posted by ThirteenXIII View Post
not with disk encryption. and the recommended methods provided previously.
But, yes proper watch over your stuff is the first step.
Also Back-ups are critical!
Many people leave their laptops continually running, and don't leave a password to get past the screensaver.
Some people let their dorm buddy use their laptop on the same account.

In short, encryption is fine, but it's just one defence against some, but by no means all, of the security threats to your computer.

Most thieves are not Tom Cruise trying to access your special data without you noticing, but will probably just wipe the disk and sell the laptop.
benwiggy is offline   0 Reply With Quote
Old Jan 10, 2013, 12:02 PM   #8
ezramoore
macrumors 6502a
 
Join Date: Mar 2006
Location: Washington State
Common sense is your best defense.

resetpassword is a feature not a flaw.
ezramoore is offline   0 Reply With Quote
Old Jan 10, 2013, 12:25 PM   #9
ThirteenXIII
macrumors 6502a
 
Join Date: Mar 2008
Quote:
Originally Posted by benwiggy View Post
Many people leave their laptops continually running, and don't leave a password to get past the screensaver.
Some people let their dorm buddy use their laptop on the same account.

In short, encryption is fine, but it's just one defence against some, but by no means all, of the security threats to your computer.

Most thieves are not Tom Cruise trying to access your special data without you noticing, but will probably just wipe the disk and sell the laptop.
well when you support enterprise level systems it is critical regardless of how "Special" or "not special" the data is. even in basic users. never underestimate the maliciousness of thieves, a slight bit of personal data is all they may need to steal your identity, cause problems, etc.

Also, tell me how you can erase an encrypted disk? if it were that easy it wouldnt be a defacto encryption process.
ThirteenXIII is offline   3 Reply With Quote
Old Jan 10, 2013, 01:05 PM   #10
benwiggy
macrumors 68020
 
Join Date: Jun 2012
Quote:
Originally Posted by ThirteenXIII View Post
Also, tell me how you can erase an encrypted disk? if it were that easy it wouldnt be a defacto encryption process.
I dunno -- erase it using Linux or Windows? I'd be surprised if diskutil didn't let you somehow, though.

But yes, encryption is of course useful. And I would expect enterprise-level guys to be following a lot of procedure that most domestic users don't.
I was merely trying to highlight other physical risks that are greater than "resetpassword".
;-)
benwiggy is offline   0 Reply With Quote
Old Jan 10, 2013, 01:57 PM   #11
chrfr
macrumors 68020
 
Join Date: Jul 2009
Quote:
Originally Posted by benwiggy View Post
And I would expect enterprise-level guys to be following a lot of procedure that most domestic users don't.
Yeah, the Enterprise level equipment with sensitive data is locked in a limited-access secured data center.
chrfr is offline   0 Reply With Quote
Old Jan 10, 2013, 03:30 PM   #12
ZMacintosh
macrumors 6502a
 
Join Date: Nov 2008
Quote:
Originally Posted by chrfr View Post
Yeah, the Enterprise level equipment with sensitive data is locked in a limited-access secured data center.
not always true, such as with schools, or businesses with off-site work.
ZMacintosh is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Chinese Security Team Exploits Safari Security Flaw at PWN2OWN MacRumors Mac Blog Discussion 30 Mar 17, 2014 01:12 PM
When will Apple admit that there's a manufacturing flaw in Sandy Bridge 15"/17" MBPs? yjchua95 MacBook Pro 0 Mar 15, 2014 10:45 AM
"No items found" message on main page - more security fallout? 50548 Site and Forum Feedback 3 Nov 18, 2013 08:36 PM
iOS7's new "Managed Open" security control trivial to bypass Omniver iOS 7 0 Sep 19, 2013 12:01 PM
Security flaw opens all modern Android devices to "zombie botnet" takeover [u] OzExige Wasteland 7 Jul 4, 2013 03:14 AM

Forum Jump

All times are GMT -5. The time now is 10:30 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC