Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Dec 13, 2011, 01:23 PM   #1
NorthDakota91
macrumors member
 
Join Date: Sep 2011
Location: Italy
Lion security flaw with "resetpassword"

Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?
__________________
 Macbook White 7.1 (Core 2 Duo 2.4 GHz, 8GB of RAM, 120GB SanDisk Pro SSD)
(Eventually, sorry for my bad english )
NorthDakota91 is offline   0 Reply With Quote
Old Dec 13, 2011, 01:24 PM   #2
Intell
macrumors G5
 
Intell's Avatar
 
Join Date: Jan 2010
Location: Inside
Use a firmware password. This flaw is no different then boot the Mac from an external drive or cd.
__________________
Last edited by Intell; Yesterday at 10:24 AM.
Intell is offline   0 Reply With Quote
Old Jan 10, 2013, 10:04 AM   #3
scottishwildcat
macrumors regular
 
Join Date: Oct 2007
I wouldn't really call it a "flaw". As any security guru will tell you, once somebody has physical access to your machine, all bets are off -- at that point, if somebody really wants access to your stuff, they can most likely get it one way or another. The best you can do is make it hard enough that they might lose interest first.
scottishwildcat is offline   0 Reply With Quote
Old Jan 10, 2013, 10:08 AM   #4
Bear
macrumors G3
 
Join Date: Jul 2002
Location: Sol III - Terra
Two ways to avoid it. One is the firmware password. The other is Filevault 2. If the disk is encrypted, they wouldn't be able to use the reset password.

If you're worried about data security and integrity, I would recommend the FileVault 2 route as the firmware password isn't 100% secure as Apple knows how to reset it, so I'm sure others do as well.
__________________
-----Bear
Bear is offline   0 Reply With Quote
Old Jan 10, 2013, 11:35 AM   #5
benwiggy
macrumors 68020
 
Join Date: Jun 2012
Quote:
Originally Posted by NorthDakota91 View Post
Just yesterday I've discovered that anyone who has physical access to my Mac can easily reset just any password by using the "resetpassword" command from Lion's recovery partition. My question is: is there a way to avoid that?
If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.

The best way to avoid such problems are not to leave your expensive computer lying around, and place it in a locked drawer when you're not using it.
benwiggy is offline   0 Reply With Quote
Old Jan 10, 2013, 11:41 AM   #6
ThirteenXIII
macrumors 6502a
 
Join Date: Mar 2008
Quote:
Originally Posted by benwiggy View Post
If they have physical access to your Mac, they can boot it up in Target mode (making the whole Mac an external drive to another Mac), or take the drive out and mount it in an external case.

The best way to avoid such problems are not to leave your expensive computer lying around, and place it in a locked drawer when you're not using it.
not with disk encryption. and the recommended methods provided previously.
But, yes proper watch over your stuff is the first step.
Also Back-ups are critical!
ThirteenXIII is offline   4 Reply With Quote
Old Jan 10, 2013, 12:00 PM   #7
benwiggy
macrumors 68020
 
Join Date: Jun 2012
Quote:
Originally Posted by ThirteenXIII View Post
not with disk encryption. and the recommended methods provided previously.
But, yes proper watch over your stuff is the first step.
Also Back-ups are critical!
Many people leave their laptops continually running, and don't leave a password to get past the screensaver.
Some people let their dorm buddy use their laptop on the same account.

In short, encryption is fine, but it's just one defence against some, but by no means all, of the security threats to your computer.

Most thieves are not Tom Cruise trying to access your special data without you noticing, but will probably just wipe the disk and sell the laptop.
benwiggy is offline   0 Reply With Quote
Old Jan 10, 2013, 12:02 PM   #8
ezramoore
macrumors 6502a
 
Join Date: Mar 2006
Location: Washington State
Common sense is your best defense.

resetpassword is a feature not a flaw.
ezramoore is offline   0 Reply With Quote
Old Jan 10, 2013, 12:25 PM   #9
ThirteenXIII
macrumors 6502a
 
Join Date: Mar 2008
Quote:
Originally Posted by benwiggy View Post
Many people leave their laptops continually running, and don't leave a password to get past the screensaver.
Some people let their dorm buddy use their laptop on the same account.

In short, encryption is fine, but it's just one defence against some, but by no means all, of the security threats to your computer.

Most thieves are not Tom Cruise trying to access your special data without you noticing, but will probably just wipe the disk and sell the laptop.
well when you support enterprise level systems it is critical regardless of how "Special" or "not special" the data is. even in basic users. never underestimate the maliciousness of thieves, a slight bit of personal data is all they may need to steal your identity, cause problems, etc.

Also, tell me how you can erase an encrypted disk? if it were that easy it wouldnt be a defacto encryption process.
ThirteenXIII is offline   3 Reply With Quote
Old Jan 10, 2013, 01:05 PM   #10
benwiggy
macrumors 68020
 
Join Date: Jun 2012
Quote:
Originally Posted by ThirteenXIII View Post
Also, tell me how you can erase an encrypted disk? if it were that easy it wouldnt be a defacto encryption process.
I dunno -- erase it using Linux or Windows? I'd be surprised if diskutil didn't let you somehow, though.

But yes, encryption is of course useful. And I would expect enterprise-level guys to be following a lot of procedure that most domestic users don't.
I was merely trying to highlight other physical risks that are greater than "resetpassword".
;-)
benwiggy is offline   0 Reply With Quote
Old Jan 10, 2013, 01:57 PM   #11
chrfr
macrumors 68000
 
Join Date: Jul 2009
Quote:
Originally Posted by benwiggy View Post
And I would expect enterprise-level guys to be following a lot of procedure that most domestic users don't.
Yeah, the Enterprise level equipment with sensitive data is locked in a limited-access secured data center.
chrfr is offline   0 Reply With Quote
Old Jan 10, 2013, 03:30 PM   #12
ZMacintosh
macrumors 6502a
 
Join Date: Nov 2008
Quote:
Originally Posted by chrfr View Post
Yeah, the Enterprise level equipment with sensitive data is locked in a limited-access secured data center.
not always true, such as with schools, or businesses with off-site work.
ZMacintosh is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Safari & pop up blocking? Major security flaw? Magrathea Mac Basics and Help 1 Jul 25, 2013 10:01 AM
HUGE Security Flaw with Passcode Lock Walter Bell iPhone 32 Oct 21, 2011 11:32 AM
Is this a big security flaw with Siri? Candlelight iOS 5 and earlier 2 Oct 19, 2011 03:18 AM
Lion, full screen with external monitor? fixed? Ulf1103 MacBook Pro 0 Aug 26, 2011 08:02 AM
iTunes 10.4 on Mac OS Lion Security error tjanssen1990 Mac Applications and Mac App Store 4 Aug 4, 2011 06:18 PM


All times are GMT -5. The time now is 05:48 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC