Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Goodbye windows partition
- Thread starter lilcosco08
- Start date
- Sort by reaction score
Single user mode allows changing the account password. The firmware password prevents using Single user mode without a password. Removing the RAM with PRAM reset bypasses the firmware password. So, someone can change the account password.
If change account password via "Accounts" in "System Preferences," I believe it changes the FileVault password for that account as well. I do not know if the Single user mode hack will change the FileVault password. I doubt it would so Master password would be needed.
Deleting the Master password keychain file to reset the password while the accounts contents are encrypted causes the account data to be lost forever. So, FileVault is secure from firmware password hacking.
But, FileVault (and other disk encryption tools including full disk encryption) is not safe from cold boot attacks if someone has physical access while the machine is still powered on. Cold boot attacks reliably allow the recovery of user account passwords from RAM. Obviously, once the passwords are available the contents of FileVault are available given use the same password. The keys for other full disk encryption software are accessible in this manner as well.
So it is recommended that the system be powered OFF whenever it is not in use and the risk of theft is high.
Cold boot attacks are much less effective against sparse bundle disk images that are kept unmounted as much as possible while both logged in and out. This is because the encryption keys are less likely to persist in RAM when the disk image is unmounted (overwritten). Unless a cold boot attack occurred soon after disk image was unmounted, the key for the disk image is secure. Given that the login keychain uses the account password, it is important to make a separate keychain with a unique password for items that require extra security.
The downside of not using full disk encryption is the swap file is not encrypted. But, users can encrypt the swap file by turning on "secure virtual memory" in the security pane of system preferences.
For more info on securing your Mac see: Mac Security Suggestions
If change account password via "Accounts" in "System Preferences," I believe it changes the FileVault password for that account as well. I do not know if the Single user mode hack will change the FileVault password. I doubt it would so Master password would be needed.
Deleting the Master password keychain file to reset the password while the accounts contents are encrypted causes the account data to be lost forever. So, FileVault is secure from firmware password hacking.
But, FileVault (and other disk encryption tools including full disk encryption) is not safe from cold boot attacks if someone has physical access while the machine is still powered on. Cold boot attacks reliably allow the recovery of user account passwords from RAM. Obviously, once the passwords are available the contents of FileVault are available given use the same password. The keys for other full disk encryption software are accessible in this manner as well.
So it is recommended that the system be powered OFF whenever it is not in use and the risk of theft is high.
Cold boot attacks are much less effective against sparse bundle disk images that are kept unmounted as much as possible while both logged in and out. This is because the encryption keys are less likely to persist in RAM when the disk image is unmounted (overwritten). Unless a cold boot attack occurred soon after disk image was unmounted, the key for the disk image is secure. Given that the login keychain uses the account password, it is important to make a separate keychain with a unique password for items that require extra security.
The downside of not using full disk encryption is the swap file is not encrypted. But, users can encrypt the swap file by turning on "secure virtual memory" in the security pane of system preferences.
For more info on securing your Mac see: Mac Security Suggestions
Last edited:
a little update:
I wasn't able to find his MAC address, but a quick look at the router logs showed me his IP.
a quick search from there brought me to a minecraft server post which recently went dedicated. A look at the WHOIS info showed me that it was someone I know
VEEEENGEEEAAANNCCCEEEEE
I wasn't able to find his MAC address, but a quick look at the router logs showed me his IP.
a quick search from there brought me to a minecraft server post which recently went dedicated. A look at the WHOIS info showed me that it was someone I know
VEEEENGEEEAAANNCCCEEEEE
NOD32 sucks.
You should use Symantec Antivirus instead ;-)
But it doesn't sound like a normal virus.
Are you sure nobody has ever touched your laptop?
It doesn't sound like any virus, because none exist that run on current Mac OS X. No antivirus apps are necessary to protect a Mac. Read the link in post #12.