Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac OS X Security! Anyone can see files!

grapes911 said:
Then turn that preference off.

Open iTunes
iTunes -->Preferences -->Advanced
Uncheck "Copy files to iTunes Music folder when adding to library"

Things will now stay where you put them.

While you're in there, you can also change your iTunes Music folder location. I put it somewhere where all user can access it. I change this for every user account and make them all the same place.
Click to expand...
Thanx. :eek: :eek:


Talking of copies though, is their an easy way to remove duplicate files? Half of my collection has become duplicated, I have over 11,000 songs in my library.. long painful task doing it all. It's not just a link, but duplicated the files on the file system. :S
 
howesey said:
Thanx. :eek: :eek:
Click to expand...
No problem. OS X does it all, you just have to know where to look. :cool:


howesey said:
Talking of copies though, is their an easy way to remove duplicate files? Half of my collection has become duplicated, I have over 11,000 songs in my library.. long painful task doing it all.
Click to expand...
Edit --> Show duplicate songs.
 
Diatribe said:
Yeah I might think about turning it on, leaving out the music folder. Now where to put it? :cool:
Click to expand...

I like the idea of a selective Filevault. That'd be a pretty nice feature.
 
howesey said:
One problem with that - if you use iTunes, you load them up, iTunes will copy them into your home directory.
Click to expand...
OR what i do is just make a alias so you lose no functionality at all!:eek: So make an alias of the music folder once you got it where you want it, then make a alias, name it iTunes, put it in our music home folder and, bang! There you go it works like a charm!:D
 
EGT said:
I knew about this but I still think being able to reset the password with an Installation CD is complete bull.

Complete bull in the sense that it's crap you can do it, not that it's not true. Sorry, it's a very slowww day today.
Click to expand...

Good point. It is pretty stupid, but if you ever got stuck and forgot your password I'm sure you'd be grateful.

The Target Disk Mode is just the same as swapping hard drives

If people want to get on your machine, they will... especially if they have physical access. If it is just over a network or the web, Macs have more protection than PC's in that area. In the physical sense, all computers are at the same risk.
 
File Vault is not secure b/c the master key password is kept in /Library/Keychains/FileVaultMaster.keychain; this portion of the disk is not encrypted, only the home folders of the enabled accounts. If you delete this, it resets the password. You then need to log into each user account and change the password but we all know you can reset each user accounts passwords from the startup disc.
 
juicedus said:
File Vault is not secure b/c the master key password is kept in /Library/Keychains/FileVaultMaster.keychain; this portion of the disk is not encrypted, only the home folders of the enabled accounts. If you delete this, it resets the password. You then need to log into each user account and change the password but we all know you can reset each user accounts passwords from the startup disc.
Click to expand...
Have you actually tried doing this? Sounds too easy, but then again you might just have found a hole in Apple security. That could give you 15 minutes... :)

The only thing is that I thought the (original) FileVault Master key password was used when encrypting the sparseimage (ie. FileVault), so even if you delete the keychain, you would still have to set the new pasword to the same as the original to be able to open the sparseimage. But then again I could be very wrong...
 
Mitthrawnuruodo said:
Have you actually tried doing this? Sounds too easy, but then again you might just have found a hole in Apple security. That could give you 15 minutes... :)

The only thing is that I thought the (original) FileVault Master key password was used when encrypting the sparseimage (ie. FileVault), so even if you delete the keychain, you would still have to set the new pasword to the same as the original to be able to open the sparseimage. But then again I could be very wrong...
Click to expand...

Now that would all be a good question. Anyone care to try? :D
 
jocool5 said:
now if i read this right and i have a mac that i need information off of. i could just get another Harddrive and buy an enclosure and i would have bypassed all of the above. However time consuming and costly. right?
Click to expand...

Time consuming/costly to the point of maybe US$60 and an hour of time. (A little more if they need to open up your laptop and want to reassemble it to hide the evidence.)
 
Like I said in my previous post, if you want to encrypt your files beyond a reasonable doubt then use OpenSSL to do it with strong encryption AES 256...
 
I think I need a class on the whole keychains, encryption,file transfer protocol, disk ethics thing. Anyone know where I can learn this stuff? It sounds like this is the best time to obtain and start using this knowledge... me thinks (YAARRRR!!)
 
Randall said:
Like I said in my previous post, if you want to encrypt your files beyond a reasonable doubt then use OpenSSL to do it with strong encryption AES 256...
Click to expand...

Beyond reasonable doubt.... for the next 6-12 months. :)
 
grapes911 said:
Why do you say that.
Click to expand...

Because encryption is not perfect. As computing power increases and better analysis techniques are developed it becomes possible to crack encryption either through brute force or better analysis techniques.

When the DES encryption standard was published (admittedly in 1977) it was considered secure using a key size of 56 bits. It was reaffirmed as being secure in 1993, and a modified application of DES was reaffirmed as secure in 1999. As of 2004 with increased computing power and better cryptoanalysis techniques have shown that DES can be cracked using custom publically described hardware in around 2 days.

There are also theoretical concerns about the AES algorithm, specifically some of the mathematical struture of the cypher.

An encryption algorthm will eventually be cracked. Unless it is a truely randome one-time pad. The question whenever you store data is "how much is the data worth to someone?". If the cost of cracking the encryption is higher than the worth of the data then the data is "safe". However, next month the cost of cracking the encryption will probably be less than it is today since hardware continues to decrease in cost and techniques for cracking encryption algorithms continues to improve. Therefore, if you really want to secure the data then you need to keep updating the method of encryption you use. And you still can never be totally certain that someone will not find a cryptoanalysis approach tomorrow that will crack the encryption for minimal cost.

The corollary of this is that if the data is truely sensitive then it should never be stored on a computer. If the data is stored on a computer, then that machine should have no network connections and physical access must be restricted. But expert wisdom is that the act of storing data on a computer dramatically reduces the security of the data simply due to the ability to make identical copies of the encrypted data without evidence of the copy being made.
 
mrichmon said:
Because encryption is not perfect. As computing power increases and better analysis techniques are developed it becomes possible to crack encryption either through brute force or better analysis techniques.
Click to expand...

Well, as I said before, a 2048 RSA takes a billion years on average to crack with current technology. We just keep using larger keys, until quantum computers become a reality, which is still years away from becoming practicle. I'm going to assume you were making a joke with that 6-12 month thing.
 
grapes911 said:
Well, as I said before, a 2048 RSA takes a billion years on average to crack with current technology. We just keep using larger keys, until quantum computers become a reality, which is still years away from becoming practicle. I'm going to assume you were making a joke with that 6-12 month thing.
Click to expand...

Yes, I was being a little facetious. But the hidden point was that when DES was released it was estimated as taking X years to crack using what was then "current technology". Where X was a very large number which was commonly described as longer than it will take for the Sun to burn out. (I've googled but have not been able to turn up a numeric estimate of the brute force search time using 1977 technology.)

In practice it turned out that X ~= 22 years. We may wind up with a similar value of X for 2048 bit RSA and 256 bit AES since we don't know what impact technology improvements will have on current encryption standards.
 
mrichmon said:
Yes, I was being a little facetious. But the hidden point was that when DES was released it was estimated as taking X years to crack using what was then "current technology". Where X was a very large number which was commonly described as longer than it will take for the Sun to burn out. (I've googled but have not been able to turn up a numeric estimate of the brute force search time using 1977 technology.)

In practice it turned out that X ~= 22 years. We may wind up with a similar value of X for 2048 bit RSA and 256 bit AES since we don't know what impact technology improvements will have on current encryption standards.
Click to expand...
Well that's true, but I think as we increase the bit strength 32, 64, 128, 256, etc. that the time it takes to decrypt via brute force gets exponentially larger, even with advances in computer hardware, we're still talking in the thousands of years. You're saying that with our current technology, we could break an encryption cipher from 1977 in 22 years? Or that if you started in 1977 with the same tech, that it would take only 22 years? Either way, that is more then enough time to keep your data safe. Even with the strongest supercomputers in the world working on it with distributed computing, it would take a long long time to crack.
 
Randall said:
At least with Windows, to achieve the same data mining, you have to at least physically take the hard drive out. There is no Target Disk Mode to exploit so easily.
Click to expand...

Actually... on a Windows machine, you'd just have to boot up from a Knoppix CD and copy whatever you like onto a USB drive. I do it all the time to recover data from PCs whose Windows installations have gotten corrupted.
 
blackstone said:
Actually... on a Windows machine, you'd just have to boot up from a Knoppix CD and copy whatever you like onto a USB drive. I do it all the time to recover data from PCs whose Windows installations have gotten corrupted.
Click to expand...
Ok so I stand corrected. At least there is no target disc mode that you can use to just dump your hard disc to somebody else's computer. Like was mentioned eariler, anybody that has physical access to the machine is going to be able to get information off of it, it's just a matter of how easily it will be done. Target Disk mode is handing you the hard drive on a silver platter, a major security risk IMO. The bottom line is you gotta encrypt files that you don't want people to get access to. Because like you said, if somebody wants your data bad enough, they'll get it. If you encrypted your files the right way though, hell will freeze over before they actually can use the data.
 
Randall said:
You're saying that with our current technology, we could break an encryption cipher from 1977 in 22 years? Or that if you started in 1977 with the same tech, that it would take only 22 years?
Click to expand...

No, that with current technology DES can be cracked in around 2 days. DES is an encryption standard that was first published in 1977 and recertified by the US Department of Defense as secure a couple of times, most recently in 1994 I think. So, in 1977 it was estimated to take some very long time to crack using 1977 technoloy. In 1999 it was cracked in 49 days using 1999 technology. Therefore with the advance in technology, the time it took to crack DES was 22 years (to wait for the 1999 technology) + 49 days (to actaully crack the cypher).

Today, in 2006, DES can be cracked in around 2 days using current technology.

Randall said:
Either way, that is more then enough time to keep your data safe. Even with the strongest supercomputers in the world working on it with distributed computing, it would take a long long time to crack.
Click to expand...

Yes. My original point was only that periodically encrypted data needs to be migrated from the old encryption standard to whatever is the current encryption standard.

A similar thing happened with WiFi encryption... WEP was released and believed to be secure, a couple of years later better analysis techniques have shown how to crack WEP in under an hour. WEP is now generally seen as a minor barrier to data access and if you want a secure network you need to use WPA or LEAP.

We have no guarantees that a "secure" encryption standard today will not be found to be easy to crack next year. Therefore, if you rely on encryption to secure your data you need to periodically check whether the encryption standard is still secure and migrate your data to a secure standard if necessary.
 
mrichmon said:
We have no guarantees that a "secure" encryption standard today will not be found to be easy to crack next year. Therefore, if you rely on encryption to secure your data you need to periodically check whether the encryption standard is still secure and migrate your data to a secure standard if necessary.
Click to expand...

So, assuming that AES takes about as long to become obsolete as DES did, I should plan on switching my AES-encrypted disk images over to some new standard around when Steve Jobs releases OS XIII? ;)

(Yes, in all seriousness I do understand that AES may end up becoming vulnerable sooner than that. But unless AES has some hidden weakness that dramatically reduces the amount of computing required to crack a given file, this seems kind of academic. After all, we'll probably all have ended up shifting to AES' successor anyways, in order to maintain easy access to our data with up-to-date tools, by the time AES becomes as weak as DES is today.)
 
Diatribe said:
Now that would all be a good question. Anyone care to try? :D
Click to expand...
I did accidently. Doesn't work. It's the same as changing the password hash on Windows EFS - still doesn't open.

Randall said:
Target Disk mode is handing you the hard drive on a silver platter, a major security risk IMO.
Click to expand...
I would actually say that LiveCD and a portable HDD is easier than FWTDM. It's almost as fast (depends if you use drag/drop or just dd), and a lot easier to carry around (even a 12" PowerBook is bulkier and heavier than external HDD and a CD. If you really dislike it that much, then turn on the Open Firmware Password (on the DVD for Tiger, off the Apple site for pre-Tiger)

Diatribe said:
Does anyone have any experiences on the slowdown using File Vault? And are there any other disadvantages?
Click to expand...
Sometimes it can completely f*ck up :p I had an error where it couldn't "releive unused space" or whatever, so I had almost no free space yet very little used
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back