This new tool scans the memory of the securityd process from RAM to reveal unlocked keychain data. The tool requires password authentication to install.
http://www.pcworld.com/businesscent...t_access_to_easily_extract_keychain_data.html
In comparison, many tools are available that can reveal browser, messaging, and other app password from Windows without password authentication. Protected storage is much less secure in Windows.
This article includes the typical sophistry of equating an admin account in OS X with root. It also implies that privilege escalation is easy in OS X but somewhat makes it clear that even if this is true that it is due to social engineering. It uses the fact that many apps are owned by system to show how social engineering is probable in OS X but fails to clarify that more apps are now owned by system since the introduction of the Mac App Store.
The MAS being the source of more system owned apps negates the argument for increased risk of privilege escalation due to social engineering. Apps being owned by system if the source of the installation is secure actually has security benefits because system owned apps require elevated privileges to modify.
The data of locked keychains is not compromised by this tool even with root access. Albeit, this is dependent on locked keychains remaining locked while keychaindump is in use.
See #2 in the link below for more details on creating more secure keychain entries.
Mac Security Suggestions
http://www.pcworld.com/businesscent...t_access_to_easily_extract_keychain_data.html
In comparison, many tools are available that can reveal browser, messaging, and other app password from Windows without password authentication. Protected storage is much less secure in Windows.
This article includes the typical sophistry of equating an admin account in OS X with root. It also implies that privilege escalation is easy in OS X but somewhat makes it clear that even if this is true that it is due to social engineering. It uses the fact that many apps are owned by system to show how social engineering is probable in OS X but fails to clarify that more apps are now owned by system since the introduction of the Mac App Store.
The MAS being the source of more system owned apps negates the argument for increased risk of privilege escalation due to social engineering. Apps being owned by system if the source of the installation is secure actually has security benefits because system owned apps require elevated privileges to modify.
The data of locked keychains is not compromised by this tool even with root access. Albeit, this is dependent on locked keychains remaining locked while keychaindump is in use.
See #2 in the link below for more details on creating more secure keychain entries.
Mac Security Suggestions
Last edited: