Mac OS X Security! Anyone can see files!

Randall · Jan 4, 2006

greatdevourer said:
I would actually say that LiveCD and a portable HDD is easier than FWTDM. It's almost as fast (depends if you use drag/drop or just dd), and a lot easier to carry around (even a 12" PowerBook is bulkier and heavier than external HDD and a CD. If you really dislike it that much, then turn on the Open Firmware Password (on the DVD for Tiger, off the Apple site for pre-Tiger)

Yeah you're right that LiveCD is just as bad. It just goes to show you that having physical access to a system will enable anyone to steal data from you, and they don't even have to know what they're doing (that much). I guess TDM is no more of a security risk then having a LiveCD to boot from. The only files that I actually bother encrypting are my personal finances, and some other misc documents. I use the OpenSSL commands that I wrote about in the beginning of the thread. Remember that your data is never safe. *leaves to go put on tinfoil hat*

Speaking of the Open Firmware Password, can you not get around this in less then 30 seconds by zapping the PRAM?

Diatribe · Jan 4, 2006

greatdevourer said:
I did accidently. Doesn't work. It's the same as changing the password hash on Windows EFS - still doesn't open.

Good to know.

greatdevourer said:
Sometimes it can completely f*ck up I had an error where it couldn't "releive unused space" or whatever, so I had almost no free space yet very little used

Don't scare me, I was about to turn it on...

bagleyb · Jan 4, 2006

All this talk of security reminds me of what my Netware 3.1x instructor told me in 1996.

Unless you're comfortable with the possibility of the whole world seeing it, don't store it on a computer.

Not exactly feasible a decade later, but the premise remains.

juicedus · Jan 4, 2006

greatdevourer said:
I did accidently. Doesn't work. It's the same as changing the password hash on Windows EFS - still doesn't open.

Actually it does. After the file gets deleted and you restart the machine, all the users' master passwords have been reset to nothing. So if you delete the file, restart, then use the OS X disc to reset users passwords you can get into the accounts. If you don't believe me make a test account up and try.

Diatribe · Jan 4, 2006

juicedus said:
Actually it does. After the file gets deleted and you restart the machine, all the users' master passwords have been reset to nothing. So if you delete the file, restart, then use the OS X disc to reset users passwords you can get into the accounts. If you don't believe me make a test account up and try.

You sure about that? That would render File Vault useless...

wattage · Jan 4, 2006

katie ta achoo said:
encrpyting a disk image is so easy in OS X.
Just open up disk utility, follow a few steps (Sorry, Don't know them.. I'm not at my PB) and Bam! encrypted disk image.

isn't that where everyone keeps their banking passwords, financial info, and naked images of themselves in compromising positions?
Lacero, you're my hero!

Nice thread, lots of stuff I didn't know...I'm a consumer though.
Anyway, so do you create a disk image and just drag the sensitive stuff onto it then set a password? Also, what about keychain? Is this good or vunerable?

yellow · Jan 5, 2006

When you create the disk image, you have to choose the password at that time.

The keychain is protected with 128-bit AES encryption, however, if your login password is weak, and you haven't protected yourself (e.g., your swap files), then someone who gets your login password is into your keychain as well.

kalisphoenix · Jan 5, 2006

I defy anyone to get my information off of my particular computer.

(And while you're at it, please put in a larger hard drive and OS7.6. I don't feel like buying a SCSI CD-ROM, so you'll have to bring your own)

gekko513 · Jan 20, 2006

juicedus said:
File Vault is not secure b/c the master key password is kept in /Library/Keychains/FileVaultMaster.keychain; this portion of the disk is not encrypted, only the home folders of the enabled accounts. If you delete this, it resets the password. You then need to log into each user account and change the password but we all know you can reset each user accounts passwords from the startup disc.

That will only let you log in. The encrypted data can't be decrypted if you reset the passwords. If you delete the FileVaultMaster.keychain and reset the passwords the decryption keys will no longer exist anywhere and even the person who knows the original password will probably not be able to decrypt the data unless the key generation is deterministic based on the password, which I doubt it is.

FrankBlack · Jan 20, 2006

Good Thread.

Firewire Traget disk mode is meant as a troubleshooting and data rescue tool. And a fine feature it is indeed. I've saved the day of a few people with it. But, all the advice here is good:

-If someone has physical access to your computer and they are determined, they will figure out how to access it somehow.

-Got stuff you don't want people to see? Follow earlier advice, and use an encrypted disk image. Pick a good, "strong" password. 8 characters at least, mix up case, alpha-numeric, and toss in one or two upper keyboard characters such as the dollar sigh, percent, etc. This disk image is 128 bit AES encryption, but without a stong password, it could be defeated by a determined hacker. Add a layer by making it invisible in the finder. Use the terminal, and have the image name begin with a period dot. Then it's only visible if you use the ls -a command.

-If you choose to set an open firmware password, and the maximum security setting in open firmware, don't forget that password. If you do, well, oops.

-A very good manual for Mac OS X security is available for free, (PDF format) from the NSA's public website. I don't think they've released a 10.4 version though. The version I have is current as of July 8th, 2005. I'd say these folks know their computer security stuff.

grapes911 · Jan 20, 2006

FrankBlack said:
-If you choose to set an open firmware password, and the maximum security setting in open firmware, don't forget that password. If you do, well, oops.

Don't worry about it. It can be cracked in under two minutes.

portent · Jan 20, 2006

grapes911 said:
Don't worry about it. It can be cracked in under two minutes.

If you can log in to a shell, yes.

Otherwise, you have to either remove the battery, or remove (and optionally replace) some RAM. (On a tower, this can be prevented by locking the case shut, but it's not so easy on portables or iMacs.)

grapes911 · Jan 20, 2006

portent said:
If you can log in to a shell, yes.

You cannot remove the OF password via shell.

Otherwise, you have to either remove the battery,

I've never heard that removing the battery works. I'll have to look into this.

or remove (and optionally replace) some RAM. (On a tower, this can be prevented by locking the case shut, but it's not so easy on portables or iMacs.)

This is the method I'm talking about. If were are talking about someone getting physical access to your machine, do you really think getting to the RAM will be difficult? Even a pad lock on a PM can be removed with a pair of bolt cutters.

ddrueckhammer · Jan 20, 2006

I personally don't like to use file-vault because like everyone else was saying, you must encrypt your entire home folder. Instead, as suggested earlier, I create an encrypted disk partition and change the icon to a normal folder icon.

If you really want to be paranoid about privacy (security usually refers to threats from the internet etc), I would:

1. Set an Open Firmware password
2. Disable Target disk-mode
3. Make sure and encrypt the login and your screensaver on OS X
4. Turn on file-vault.
5. Create five layers of randomly assigned password protected encrypted disk partitions within the file-vault but hidden a few layers down and for gods sake change the icon!
(as far as the keychain app is concerned if someone gets that far then they know your system password anyways...but encrypt that too...
6. Reformat your disk once a month using the random highest level format that is available in disk utility, just to make sure that steps 1-5 weren't compromised.
7. Always use the secure empty trash when deleting files.
8. If you ever feel that your security has been compromised take your mac to an undisclosed location and burn it. Then make sure that the serial number is unreadable as well!

You can see how this could get silly. I you are really worried about your significant other seeing your stuff you have issues in your relationship and if you are worried about the theft situation I would think that you would worry more about your missing hardware. Finally, if you are really this paranoid then, of course, you would have a whole plethora of security measures for external attacks like Little Snitch, Net Barrier, OS X firewall or just not ever going online etc...

wattage · Jan 21, 2006

ddrueckhammer said:
7. Always use the secure empty trash when deleting files.

Could you explain this more?

ddrueckhammer · Jan 21, 2006

wattage said:
Could you explain this more?

There is a secure empty trash feature in finder right under the regular one. It just ensures that any data that you were intending to delete is randomly over written so that it can't be recovered at a later time. Kinda like shredding your important documents etc instead of just putting them in the garbage.

Search

Search

Mac OS X Security! Anyone can see files!

Randall

macrumors 6502a

Diatribe

macrumors 601

bagleyb

macrumors member

juicedus

macrumors member

Diatribe

macrumors 601

wattage

macrumors 6502

yellow

Moderator emeritus

kalisphoenix

macrumors 65816

gekko513

macrumors 603

FrankBlack

macrumors 6502

grapes911

Moderator emeritu

portent

macrumors 6502a

grapes911

Moderator emeritu

ddrueckhammer

macrumors 65816

wattage

macrumors 6502

ddrueckhammer

macrumors 65816

Our Staff