Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
grapes911 said:
Still not a good solution. I can break that password in about 2 minutes.
tfaz1 said:
How's that?
iMeowbot said:
Open it up, add or remove some RAM, zap the PRAM and you're in. Here's a nice little article on the deal.


Overly simple huh? I guess you could physically lock the computer shut with a pad lock in most cases. But that wouldn't be too hard to break either.
 
Diatribe said:
The only way to be really secure is using an encrypted disk image for sensitive data. It's time that Apple let's File Vault only encrypt wanted folders and not the entire home folder... who wants their music library encrypted anyway?
PGP is much better and does exactly what you want. It does a lot more too.
 
I have to agree with folks who are saying once somebody has physical access to your machine, you can forget about security. If you want to increase your protection, encrypt your sensitive data (and choose a good passwod). Still, if somebody has access to your machine and lots of time, they may still crack this.

Target Disk mode is a wonderful feature in my opinion, allowing one to trouble shoot a Mac and recover data in case things go wonky. It has also been advertised many times by Apple. I fear lots of people have similar misconceptions, thinking that their data is safe when it is in fact not. I work for a web design firm and you wouldn't believe how many clients want full orders from their websites with credit full card info emailed to them (we refuse, keeping part of the credit card number on a secure server which they have to log into).

I really wish folks would be required to take a little short computer basics class before buying a computer. Think of all the computer data theft, identity theft, and spam (through zombied computers) which could be avoided. You have to get a license before driving, you should be at least minimally qualified to use a computer since it can easily ruin yours or someone else's life (well, your credit history, job, etc...) if not used properly.

~ Mr.T
 
Mr_T said:
If you want to increase your protection, encrypt your sensitive data (and choose a good passwod). Still, if somebody has access to your machine and lots of time, they may still crack this.
Not true (unless by "lots of time", you mean billions of years). If you use a very secure algorithm and a very secure password, your files are pretty much impossible to crack. Even with some of the fastest supercomputers, it is estimated to take billions of years on average to crack something like RSA. Quantum computers may change this, but they are still years away from any practical use.
 
grapes911 said:
Still not a good solution. I can break that password in about 2 minutes.

All you have to do is change the amount of RAM in the Mac to disable that OF password thingy. Uhm, ooops.

Well, there is a padlock device on the latch on the tower Power Macs, at least. I used to use a big Masterlock padlock on my G4. Even the newest G5s still have this capability.

Basically anyone with physical access to a computer can get in so this is a moot point really.

Even those tiny personal safes are not secure, a thief can just pick em up and take em home to take as much time as they want to get into it. No different with a Mac.
 
Sayer said:
All you have to do is change the amount of RAM in the Mac to disable that OF password thingy. Uhm, ooops.

Well, there is a padlock device on the latch on the tower Power Macs, at least. I used to use a big Masterlock padlock on my G4. Even the newest G5s still have this capability.

Basically anyone with physical access to a computer can get in so this is a moot point really.

Even those tiny personal safes are not secure, a thief can just pick em up and take em home to take as much time as they want to get into it. No different with a Mac.
Um...Everything you just said was already discussed...
 
Ok sure, if somebody has physical access to your machine, then yes your security is compromised. BUT, short of ripping out the hard drive on a windows machine, you can't steal the data off of the disc all that easily. With a Mac that you want to steal data off of, just boot up holding T while connected to your laptop, then steal all of their files. Awesome.

Target Disk Mode makes it all too easy to get into the system and steal data. I don't care if having physical access to the machine makes it easy for someone to physically steal your Hard Drive, it shouldn't be this easy to steal data. Basically, I can walk in with my laptop, hook up to your PowerMac, hold the T key down during boot, steal everything that's not encrypted, turn your machine back off, and you have no idea that I did it.

At least with Windows, to achieve the same data mining, you have to at least physically take the hard drive out. There is no Target Disk Mode to exploit so easily.
 
Diatribe said:
PGP - Pretty Good Privacy. It was one of the first of one-way encrypting programs. All other programs have copied this idea. It costs some money, but it is well worth it.

Features:
Encrypt and/or Sign entire Disk
Encrypt and/or Sign Folder or file
Encrypt and/or Sign Mail
And much, much more.

Sorry to sound like an advertisement, but I love this program for all my security needs. It is worth every penny.


There is a free version GPG - GNU Privacy Guard, but I don't find it nearly as nice.
 
This is a perfect example of why you should use strong file encryption on your home directory (file vault) so that your data is safe. Besides the fact that it makes your home folder icon look sweet.

indextop20050412.jpg
 
Randall said:
Basically, I can walk in with my laptop, hook up to your PowerMac, hold the T key down during boot, steal everything that's not encrypted, turn your machine back off, and you have no idea that I did it.

Well, not with my PowerMac. Cuz in order to do that you'd need to shutdown my machine first. I always leaving it running, so that it's folding if it's not doing anything else. And in order to shut it down, you'd first need to get past the password-protected screen saver.
 
dejo said:
Well, not with my PowerMac. Cuz in order to do that you'd need to shutdown my machine first. I always leaving it running, so that it's folding if it's not doing anything else. And in order to shut it down, you'd first need to get past the password-protected screen saver.
Or yank the power cord out of the wall. Whichever is easier. :p
 
dejo said:
Well, not with my PowerMac. Cuz in order to do that you'd need to shutdown my machine first. I always leaving it running, so that it's folding if it's not doing anything else. And in order to shut it down, you'd first need to get past the password-protected screen saver.

Like I can't get around that:

NEMA_5-15P.gif
 
dejo said:
Well, you got me there. :mad: :p
Yeah. I agree with everyone on this thread that says if somebody has physical access to your machine, then you're hosed. BUT, I still consider Target Disk mode to be a HUGE security hole. I'm sure that all of the fanbois would agree with me if this was a Windows "feature". LOL :p

Remember to encrypt your files. Sure you'll take a small preformance hit, but your data will be safe as a kitten, assuming you pick a decent password that nobody could easily guess, and is aplaha-numeric, with different cases. Strong encryption is only as good as your password.
 
Randall said:
This is a perfect example of why you should use strong file encryption on your home directory (file vault) so that your data is safe. Besides the fact that it makes your home folder icon look sweet.

indextop20050412.jpg

But as I said before... who needs their music library encrypted...? It needs to be selective.
 
SpaceMagic said:
Well I didn't know about it, nor do I think it's right.

1) A PC cannot read Mac formatted drives natively so it's not as if PCs can rip out a mac drive and view the info.

Unless the PC is running linux (from the pc hard drive or from a knoppix CD), or unless you buy a HFS+ driver for windows (eg MacOpener, MacDrive) for about $40.

SpaceMagic said:
2) I always thought permissions were set on the file in Unix, in fact I know they are as you can CHMOD them. However, permissions therefore on my iBook's drive should be to their user... who is not present on the Mac targeting the drive. Therefore a password should be requested.

Permissions are stored on the disk based on the numeric user id. This means that if the drive stores user "fred" as UID 501 and the drive is connected to a machine that also has a user with UID 501, say "jane" then the files will appear to be owned by "jane" on the second computer. Since the permissions are stored on the filesystem based on the UID, the question is whether a UID of 501 exists. If it does not then the files will be "owned" by "unknown". In either case access permissions for user group and other will be observed.

By default OS X mounts external drives using an option to igore the owner of the files. What you are forgetting is that if the user has root or admin access then they can access any file on the system, bypassing the standard filesystem permissions.

SpaceMagic said:
3) The point is many of you here I'm sure have information you wouldn't particularly like your parents or lover to see ;). While you're in the shower, out to the shops, eating fish n chips.. all they have to do is press T on your mac! They then have Spotlight to find ANY information they please.

This is not a security issue. This is a privacy issue. There are other mechanisms to address the privacy issue. Specifically file encryption (using openssl, PGP, etc) or file system encryption (eg FileVault).

SpaceMagic said:
4) Open Firmware Passwords. Ok... fair enough. But how many of you have this enabled? And then how many of the newer mac users even know about it?

I suggest a computer should ask for your admin password in order to go into target disk mode.

So, the computer should just magically protect people? The admin password is just a chunk of data on the hard drive as far as the hardware is concerned. There is nothing special about it. And what do you want to happen when the sector on your harddrive storing your admin password goes bad? Should an unfortunate bad sector make it impossible for you to access your data, even if you do not need the level of privacy protection that you suggest?

The closest viable technical solution to the hardware controls you are suggesting is restricting target firewire mode in the open firmware.
 
Passwords who needs them

In responce to the target disk mode it is true that is SOP at the helpdesk that i work at. also using safemode getsaround the passwords about 50% of the time soafemode is ctrl + V
 
Diatribe said:
But as I said before... who needs their music library encrypted...? It needs to be selective.
One way to get around this is to move the music library into a different folding, currently i have mine in the shared folder.:)
 
grapes911 said:
PGP - Pretty Good Privacy. It was one of the first of one-way encrypting programs. All other programs have copied this idea. It costs some money, but it is well worth it.

Features:
Encrypt and/or Sign entire Disk
Encrypt and/or Sign Folder or file
Encrypt and/or Sign Mail
And much, much more.

Sorry to sound like an advertisement, but I love this program for all my security needs. It is worth every penny.


There is a free version GPG - GNU Privacy Guard, but I don't find it nearly as nice.

Thanks for the info. Do you have a link to the other app?
 
Diatribe said:
But as I said before... who needs their music library encrypted...? It needs to be selective.
Well sure, but if it's selective, then people with many files could be a big hassle to encrypt them. i.e. Did I encrypt this file? etc. If you just encrypt your whole home directory/partition then you don't ever have to worry about it. True that a lot of things will be unnecessarily encrypted (misic, videos, etc.) but I think it's a small price to pay for not having to worry about it.
 
trainguy77 said:
One way to get around this is to move the music library into a different folding, currently i have mine in the shared folder.:)
I made a user called RIAA and put my music library there... yeah it's shared :p
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.