Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

munkery

macrumors 68020
Original poster
Dec 18, 2006
2,217
1
This new tool scans the memory of the securityd process from RAM to reveal unlocked keychain data. The tool requires password authentication to install.

http://www.pcworld.com/businesscent...t_access_to_easily_extract_keychain_data.html

In comparison, many tools are available that can reveal browser, messaging, and other app password from Windows without password authentication. Protected storage is much less secure in Windows.

This article includes the typical sophistry of equating an admin account in OS X with root. It also implies that privilege escalation is easy in OS X but somewhat makes it clear that even if this is true that it is due to social engineering. It uses the fact that many apps are owned by system to show how social engineering is probable in OS X but fails to clarify that more apps are now owned by system since the introduction of the Mac App Store.

The MAS being the source of more system owned apps negates the argument for increased risk of privilege escalation due to social engineering. Apps being owned by system if the source of the installation is secure actually has security benefits because system owned apps require elevated privileges to modify.

The data of locked keychains is not compromised by this tool even with root access. Albeit, this is dependent on locked keychains remaining locked while keychaindump is in use.

See #2 in the link below for more details on creating more secure keychain entries.

Mac Security Suggestions
 
Last edited:
"Mac OS X Hackers With Root Access"

As it is, we don't even have Root Access when we log in as an administrator, right? So I'm not too sure how that would be able to work remotely?

If I'm misunderstanding, though, please educate me :eek:
 
Root access can also be achieved by a process if the process is installed with elevated privileges so that it runs as root. Whether or not a process runs as root can be shown by Activity Monitor.

When you are prompted for password authentication to install an app most often it is because the app requires installing components in protected areas of the OS. The apps still run with user privileges.

But, sometimes apps that are installed with password authentication require those elevated privileges to be able to run as root.

This is why knowing how to safely use password authentication is important.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.