grapes911 said:
tfaz1 said:
iMeowbot said:
Overly simple huh? I guess you could physically lock the computer shut with a pad lock in most cases. But that wouldn't be too hard to break either.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Mac OS X Security! Anyone can see files!
- Thread starter SpaceMagic
- Start date
- Sort by reaction score
Overly simple huh? I guess you could physically lock the computer shut with a pad lock in most cases. But that wouldn't be too hard to break either.
I have to agree with folks who are saying once somebody has physical access to your machine, you can forget about security. If you want to increase your protection, encrypt your sensitive data (and choose a good passwod). Still, if somebody has access to your machine and lots of time, they may still crack this.
Target Disk mode is a wonderful feature in my opinion, allowing one to trouble shoot a Mac and recover data in case things go wonky. It has also been advertised many times by Apple. I fear lots of people have similar misconceptions, thinking that their data is safe when it is in fact not. I work for a web design firm and you wouldn't believe how many clients want full orders from their websites with credit full card info emailed to them (we refuse, keeping part of the credit card number on a secure server which they have to log into).
I really wish folks would be required to take a little short computer basics class before buying a computer. Think of all the computer data theft, identity theft, and spam (through zombied computers) which could be avoided. You have to get a license before driving, you should be at least minimally qualified to use a computer since it can easily ruin yours or someone else's life (well, your credit history, job, etc...) if not used properly.
~ Mr.T
Target Disk mode is a wonderful feature in my opinion, allowing one to trouble shoot a Mac and recover data in case things go wonky. It has also been advertised many times by Apple. I fear lots of people have similar misconceptions, thinking that their data is safe when it is in fact not. I work for a web design firm and you wouldn't believe how many clients want full orders from their websites with credit full card info emailed to them (we refuse, keeping part of the credit card number on a secure server which they have to log into).
I really wish folks would be required to take a little short computer basics class before buying a computer. Think of all the computer data theft, identity theft, and spam (through zombied computers) which could be avoided. You have to get a license before driving, you should be at least minimally qualified to use a computer since it can easily ruin yours or someone else's life (well, your credit history, job, etc...) if not used properly.
~ Mr.T
Not true (unless by "lots of time", you mean billions of years). If you use a very secure algorithm and a very secure password, your files are pretty much impossible to crack. Even with some of the fastest supercomputers, it is estimated to take billions of years on average to crack something like RSA. Quantum computers may change this, but they are still years away from any practical use.Mr_T said:
grapes911 said:
All you have to do is change the amount of RAM in the Mac to disable that OF password thingy. Uhm, ooops.
Well, there is a padlock device on the latch on the tower Power Macs, at least. I used to use a big Masterlock padlock on my G4. Even the newest G5s still have this capability.
Basically anyone with physical access to a computer can get in so this is a moot point really.
Even those tiny personal safes are not secure, a thief can just pick em up and take em home to take as much time as they want to get into it. No different with a Mac.
Ok sure, if somebody has physical access to your machine, then yes your security is compromised. BUT, short of ripping out the hard drive on a windows machine, you can't steal the data off of the disc all that easily. With a Mac that you want to steal data off of, just boot up holding T while connected to your laptop, then steal all of their files. Awesome.
Target Disk Mode makes it all too easy to get into the system and steal data. I don't care if having physical access to the machine makes it easy for someone to physically steal your Hard Drive, it shouldn't be this easy to steal data. Basically, I can walk in with my laptop, hook up to your PowerMac, hold the T key down during boot, steal everything that's not encrypted, turn your machine back off, and you have no idea that I did it.
At least with Windows, to achieve the same data mining, you have to at least physically take the hard drive out. There is no Target Disk Mode to exploit so easily.
Target Disk Mode makes it all too easy to get into the system and steal data. I don't care if having physical access to the machine makes it easy for someone to physically steal your Hard Drive, it shouldn't be this easy to steal data. Basically, I can walk in with my laptop, hook up to your PowerMac, hold the T key down during boot, steal everything that's not encrypted, turn your machine back off, and you have no idea that I did it.
At least with Windows, to achieve the same data mining, you have to at least physically take the hard drive out. There is no Target Disk Mode to exploit so easily.
PGP - Pretty Good Privacy. It was one of the first of one-way encrypting programs. All other programs have copied this idea. It costs some money, but it is well worth it.Diatribe said:
Features:
Encrypt and/or Sign entire Disk
Encrypt and/or Sign Folder or file
Encrypt and/or Sign Mail
And much, much more.
Sorry to sound like an advertisement, but I love this program for all my security needs. It is worth every penny.
There is a free version GPG - GNU Privacy Guard, but I don't find it nearly as nice.
This is a perfect example of why you should use strong file encryption on your home directory (file vault) so that your data is safe. Besides the fact that it makes your home folder icon look sweet.
Randall said:
Well, not with my PowerMac. Cuz in order to do that you'd need to shutdown my machine first. I always leaving it running, so that it's folding if it's not doing anything else. And in order to shut it down, you'd first need to get past the password-protected screen saver.
LOL your response was so much funnier. Pictures are priceless.grapes911 said:Like I can't get around that:
Randall said:Or yank the power cord out of the wall. Whichever is easier.
Well, you got me there.
Yeah...but you beat me to the punch. I was a little too slow browsing google images.Randall said:LOL your response was so much funnier. Pictures are priceless.
Yeah. I agree with everyone on this thread that says if somebody has physical access to your machine, then you're hosed. BUT, I still consider Target Disk mode to be a HUGE security hole. I'm sure that all of the fanbois would agree with me if this was a Windows "feature". LOLdejo said:Well, you got me there.
Remember to encrypt your files. Sure you'll take a small preformance hit, but your data will be safe as a kitten, assuming you pick a decent password that nobody could easily guess, and is aplaha-numeric, with different cases. Strong encryption is only as good as your password.
Randall said:This is a perfect example of why you should use strong file encryption on your home directory (file vault) so that your data is safe. Besides the fact that it makes your home folder icon look sweet.
But as I said before... who needs their music library encrypted...? It needs to be selective.
SpaceMagic said:
Unless the PC is running linux (from the pc hard drive or from a knoppix CD), or unless you buy a HFS+ driver for windows (eg MacOpener, MacDrive) for about $40.
SpaceMagic said:
Permissions are stored on the disk based on the numeric user id. This means that if the drive stores user "fred" as UID 501 and the drive is connected to a machine that also has a user with UID 501, say "jane" then the files will appear to be owned by "jane" on the second computer. Since the permissions are stored on the filesystem based on the UID, the question is whether a UID of 501 exists. If it does not then the files will be "owned" by "unknown". In either case access permissions for user group and other will be observed.
By default OS X mounts external drives using an option to igore the owner of the files. What you are forgetting is that if the user has root or admin access then they can access any file on the system, bypassing the standard filesystem permissions.
SpaceMagic said:3) The point is many of you here I'm sure have information you wouldn't particularly like your parents or lover to see
This is not a security issue. This is a privacy issue. There are other mechanisms to address the privacy issue. Specifically file encryption (using openssl, PGP, etc) or file system encryption (eg FileVault).
SpaceMagic said:
So, the computer should just magically protect people? The admin password is just a chunk of data on the hard drive as far as the hardware is concerned. There is nothing special about it. And what do you want to happen when the sector on your harddrive storing your admin password goes bad? Should an unfortunate bad sector make it impossible for you to access your data, even if you do not need the level of privacy protection that you suggest?
The closest viable technical solution to the hardware controls you are suggesting is restricting target firewire mode in the open firmware.
One way to get around this is to move the music library into a different folding, currently i have mine in the shared folder.Diatribe said:
Well sure, but if it's selective, then people with many files could be a big hassle to encrypt them. i.e. Did I encrypt this file? etc. If you just encrypt your whole home directory/partition then you don't ever have to worry about it. True that a lot of things will be unnecessarily encrypted (misic, videos, etc.) but I think it's a small price to pay for not having to worry about it.Diatribe said:
trainguy77 said:One way to get around this is to move the music library into a different folding, currently i have mine in the shared folder.
Yeah I know this would be possible but I like everything neat and organized.
I made a user called RIAA and put my music library there... yeah it's sharedtrainguy77 said:One way to get around this is to move the music library into a different folding, currently i have mine in the shared folder.