Apple makes a hash of password security (again) Apple has dropped a couple of monumental password security clangers with the release on OS X Lion, according to security blogger Patrick Dunstan. Dunstan, who posted an important piece on cracking Mac OS X passwords a couple of years ago, decided to revisit the subject with the release of OS X Lion (version 10.7). He …
Windows? With its rich history of real world exploits, trojans and self replicating worms. Even though MS may have tightened things up recently it still feels like more malware than apps are written for the platform these days.
With regards to OS X I suspect these so called exploits rarely make it past the testing in lab stage. Don't seem to be many real world examples documented. And although it may have a marginal effect I don't buy the market share argument anymore. There are enough Mac's out there in the hands of some pretty affluent people and organisations to make for a juicy and profitable target very much worth exploiting. Given that to date, no high profile cases have hit the headlines indicates to me that OS X is more secure than most.
As a Mac user since before OSX was a twinkle in Jobs eye, typing on a iMac (rolled back to 10.6 from 10.7), I agree, it is bloody terrible that an OS *today* has such a potential security hole. Never mind that Windows XP was a nightmare pre SP2, or that Linux can be hit in the same way if it doesn't have the latest updates, the fact that the worlds most modern OS has a security model from the last decade, which is a giant step back from the previous version is pretty damn abysmal.
And note to all other Mac users - stop with the "ooh it doesn't matter, there are far more windows machines and there are no viruses on the Mac". Get over it, that ship has sailed. We have to suffer along with the rest of them. Go to sophos's website and install their free Mac AV scanner and then move on with your life.
Stop for a second and then realise just how silly that sounds.
Saying that "security is better than system XX and so thats alright then" is not a sound line of reasoning. It is certainly not a good basis for system design.
It should be a secure as is feasible, not as secure windows is plus a bit..
This smacks of clever people not doing a thorough audit after building in new features.
Not malicious/ thoughtless (as I would classify MS security pre 2005), just a bit careless.
Which suggests Apple's OS X development team need to take a closer look at their QA and security auditing procedures. Naughty. Very naughty.
Hopefully the recent hiring of a security chap with some serious experience in the subject will help to reduce these cock-ups, although even a company as small (relatively speaking) as Apple will need time to adapt.
On the other hand... It's not as if any other OS out there can claim to 100% secure either, and it's still a lot easier to hack people than machines. So, don't have nightmares!
First the borked versionning "no files but a database" system, then this?
I do not routinely use fruit-branded products, but my officemate (to whom I passed this article as well as the one on undeletable files) is considering a downupgrade*. Now he only has to figure out how!
*yes, I typed this on a porpoise.
'Twas a wise move, to take a tried-and-tested system as a base to build their aqua interface on top of, even if they chose to reinvent a couple wheels (netinfo, anyone?) for reasons that seemed good to them. Too bad the current architects apparently have not learned from the ancestral systems' hard-won security lessons. A pity, really. Also an object lesson that you can't just take security for granted, but needs constant vigilance to maintain.
We are talking about a company whose one employee whose last start with J can do presentation and convince that their product is the best. However, when is your last time that Microsoft took anyone to court just because they blatantly copied their product? They achieved over 90% of market share w/o taking anyone to court. Whether I like their product is beside the point. Apple has little competition in creating happy customer? Why do they have to take Chinese food distributor just because God knows what. When did you hear about a company, besides Apple, where an employee takes out the prototype that they are working on and leaves it in a local bar? twice? With that kind of security, they go around suing people? They are suing Samsung because their Galaxy Tab is in a shape of rectangle and has a color of black blatantly like an iPad.
why would anyone want to try copy windows?
anyway, you cant sue people who copy ideas that you copied/stole anyway.
and are you saying that MS *never* sued anyone?
Yah, sure they did it the perfect way, thats why the EU and US have had them in court many times for their trading practices.
you forgot the 'joke alert icon'
> However, when is your last time that Microsoft took anyone to court just because they blatantly copied their product?
But why would anyone want to blatantly copy Microsoft's crapware? Did anyone make blatant copies of such fine products as the Morris Marina or Amstrad em@iler?
Of course, that very nice Mr. Ballmer from the very cuddly and not at all monopolistic Microsoft has definitely never ever sued or threatened to sue Google or Motorola or Samsung or Apple or HTC or TomTom or Foxconn or Barnes & Noble or...
Yes, they do... Maybe not to banks or the like, but they really push at creative industries, such as graphic design, journalism etc. This would be a particular problem for journos becuase there is a tendancy to handle sensitive information be that whitsle blowing related documents or just a scoop, prior to publication.
You'd still need physical access to the machine to break into it an account like this.
If you have physical access to a Windows or Linux machine it's a trivial task to reset users and roots passwords to gain access.
I tried Lion for about a week before going back to 10.6 as it was impressively poor, there must be a way to back port drives from 10.7 into 10.6 so that Snow Leopard can be installed on new Macs.
you have put in a bios password, and set the boot sequence to HDD only. It will then not boot from CD USB or (heavens forbid) floppy (remember them). You can still open up the PC, zero the CMOS RAM by shorting it and try again, but that is not trivial to do without drawing some attention.
I still prefer my Linux, but the missus and the kids want their windows.
This post has been deleted by its author
Not good and I hope they fix it. But you can only change the current user (just tried it myself), so until that fix ensure your machine is locked when you leave your desk for jokers of colleagues can cause a bit of troubled fun.
You can't change other users passwords, unless anyone is so stupid to work under an administrative account....Which probably are a lot of users :)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
