Mac OS X Security! Anyone can see files!

[SpaceMagic]

I just put my iBook in Target disk mode (as in hold T while booting, so that it appears as an external disk on my g5 via a firewire cable) and my G5 has root (well, unlimited) access to the iBook's hard disk! No passwords asked!

I could just take anyone's computer and attach with a firewire cable.. and bob's your uncle, access to anyone's files! What's going on?!

 

[Randall]

I just put my iBook in Target disk mode (as in hold T while booting, so that it appears as an external disk on my g5 via a firewire cable) and my G5 has root (well, unlimited) access to the iBook's hard disk! No passwords asked!

I could just take anyone's computer and attach with a firewire cable.. and bob's your uncle, access to anyone's files! What's going on?!

If this is true then that's the biggest security hole I've ever read about in my life. Wow! You sure don't have to be l33t to do some damage there.

 

[Linam]

It is not possible, you are joking...
right

 

[SpaceMagic]

It sure is possible. Try it if you can!

 

[crap freakboy]

I thought this was common knowledge.

 

[croshtique]

Yes it is possible; but if someone has physical access to your machine and is able to do this, then you might as well let all security measures go out the window...
You can, however, enable Open Firmware password protection to stop people booting up in Target Disk Mode.

 

[eva01]

I thought this was common knowledge.

so did i

 

[grapes911]

You can, however, enable Open Firmware password protection to stop people booting up in Target Disk Mode.

Still not a good solution. I can break that password in about 2 minutes.

 

[Lacero]

What about with File Vault? Technically, they shouldn't be able to access your home directory.

The use of encrypted disk images should be used, if the information is really sensitive. I have one called Confidential.dmg, which I store all my banking passwords, financial info, naked images of myself in compromising positions, etc. Let's also not forget my stash of hot donkey porn!

Here's to the Crazy Ones ​

 

[iMeowbot]

This is what encrypted disk images (with or without the FileVault scheme) are for.

 

[ffakr]

Are you all kidding?

Seriously, Are you all kidding?
People are shocked that a computer system is not secure when you've got raw access to that computer's drive on another machine?

You can pull the drive out of any computer system and plug it into another computer system and get full access to that data. We pull NTFS drives all the time and copy user data to new computers or recover data onto other computers. We reset Windows 2K and XP passwords with recovery CDs by writing directly into the hive. I can boot OS X or any other Unix system into single user mode (Root) and have free run over the whole filesystem.

As soon as you give up physical access of your machine or a physical console on that machine you have absolutely no security unless you implement some sort of physical security barrier (like bio-metrics) or some sort of encryption like encrypted disk images or encrypted filesystems.

This isn't a shock. It isn't a huge security hole. This is just reality. Freaking out about whether or not your unencrypted drive is secure after someone steals your computer makes even less sense than expecting your home safe to be secure after someone steals the whole safe.

ffakr

 

[howesey]

Mac OS X on your iPod, bob's your uncle.

 

[semaja2]

wow im amazed how people are shocked at this even with a windows machine you can crack it open by ripping out the hdd unless you use efs which macosx has as well, but i think at that point you would be more concered at that fact they have your laptop, but target disk mode it great i hear for when your mac crashes you can recover your files quick and easy

 

[EGT]

I knew about this but I still think being able to reset the password with an Installation CD is complete bull.

Complete bull in the sense that it's crap you can do it, not that it's not true. Sorry, it's a very slowww day today.

 

[Aarow]

If anybody took my computer, I'd roundhouse kick them to the face .

Also, Bob's your uncle?

 

[SpaceMagic]

Well I didn't know about it, nor do I think it's right.

1) A PC cannot read Mac formatted drives natively so it's not as if PCs can rip out a mac drive and view the info.

2) I always thought permissions were set on the file in Unix, in fact I know they are as you can CHMOD them. However, permissions therefore on my iBook's drive should be to their user... who is not present on the Mac targeting the drive. Therefore a password should be requested.

3) The point is many of you here I'm sure have information you wouldn't particularly like your parents or lover to see . While you're in the shower, out to the shops, eating fish n chips.. all they have to do is press T on your mac! They then have Spotlight to find ANY information they please.

4) Open Firmware Passwords. Ok... fair enough. But how many of you have this enabled? And then how many of the newer mac users even know about it?

I suggest a computer should ask for your admin password in order to go into target disk mode.

 

[Poff]

Or.. you could just use filevault as someone else here suggested.

Target disk mode has nothing to do with os x. it comes "before" unix and osx.

 

[jemeinc]

I consider that a feature... I use it sometimes for transferring video projects from one machine to another... I guess "technically" it could be looked at as a security flaw, but it still requires physical access to your machine... I see the point, but for me it's not the type of security problem I'm concerned with...

 

[portent]

The most effective form of computer security yet devised is a deadbolt lock on the door to the building. Once someone has physical access to your machine, it's all over (unless you store everything on an encrypted volume.)

If you make a habit of keeping embarrassing secrets from your lover/parents/children/roommate, encrypt them.

 

[EGT]

Or.. you could just use filevault as someone else here suggested.

Filevault requires a lot of hard drive space though.

 

[katie ta achoo]

Or.. you could just use filevault as someone else here suggested.

Target disk mode has nothing to do with os x. it comes "before" unix and osx.

encrpyting a disk image is so easy in OS X.
Just open up disk utility, follow a few steps (Sorry, Don't know them.. I'm not at my PB) and Bam! encrypted disk image.

isn't that where everyone keeps their banking passwords, financial info, and naked images of themselves in compromising positions?
Lacero, you're my hero!

 

[blackpeter]

Still not a good solution. I can break that password in about 2 minutes.

How's that?

 

[iMeowbot]

How's that?

Open it up, add or remove some RAM, zap the PRAM and you're in. Here's a nice little article on the deal.

 

[blackpeter]

Open it up, add or remove some RAM, zap the PRAM and you're in. Here's a nice little article on the deal.

Very cool. Thanks...

 

[Diatribe]

The only way to be really secure is using an encrypted disk image for sensitive data. It's time that Apple let's File Vault only encrypt wanted folders and not the entire home folder... who wants their music library encrypted anyway?