Screensaver Bug in Mac OS X
dave1212 writes "Still too early to tell, but there seems to be a screen saver password exploit in Mac OS X. It was discovered and postedon the Full Disclosure list earlier today. Theories, personal tests, and rumours abound, with some success stories, and the possibility that it could affect all Cocoa programs. Speculation points toward a 2048 character buffer, with people using the emacs shortcuts Ctrl-K and Ctrl-Y to fill the text field in under half a minute."
A full, easily exploitable security hole in MacOS X. Now all those windoids will have no reason not to switch, as MacOS X now provides all the features of Windows, including a security hole.
I have no tag line
Someone with physical access to your machine can access it!! WHO KNEW?! Call in the army reserve and physically secure access to all your machines!
can hop up on the desk and crack OS X?
Hah! I knew it! Mac OSX isn't based on Mach or BSD at all! It runs on top of emacs!
Actually, the thing that surprises me is that they managed to trim emacs down so it's only an operating system.
It's been discovered that someone with physical access to your computer can access it.
My local computer store has password-protected screensavers on all its demo Macs - now I'll be able to surf the web for... ahem... "those" sites... when the store employees aren't looking!
---
Hello, Slashdot user. My name is Dr. Sbaitso. I am here to help you.
Because extensive user testing has shown that some people can type their passwords so fast that even a GHz-class RISC processor can't keep up unless the password capture program is written in C. The system can fall behind if it takes more than a handful opcodes per character in the inner loop. Unfortunately, these performance constraints preclude checking array bounds between each typed character.
It's regrettable that we have to live with risks like these, but we have little choice when dealing with data input at these kinds of speeds.
a GHz-class RISC processor can't keep up unless the password capture program is written in C.
How the hell did you get it to work in C? I had to hand roll the code in assembler and optimize the register allocations. You can also save a byte and a cycle on the loop if you take the branch-prediction microcode into account.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
It probably didn't work for you because you didn't type enough stuff. Go buy a drinking bird.
I got drunk last night and passed out at the keyboard and came 'round *six hours later* - a lot longer than the 5 minutes needed for this "exploit" and I STILL couldn't get into my Mac OS X box.
Couldn't find any more beer, and I couldn't find my pants, either.. but that's another story.. grrr
If OS X was truly open source, we'd probably be patching our machines right now, instead of impotently discussing this on slashdot.
True, except you wouldn't be able to run Fink to download the screensaver patch until you figure out why your computer crashes every time you type with your hardware-hacked keyboard. You suspect that it's because your version of OpenAqua is creating conflicts with GND (GND's Not Darwin), but you can't go online to check because the web forum doesn't support OnSafari 0.1.2.33a.
When you have nothing left to burn you must set yourself on fire