Slashdot Mirror
Aussie Researcher Cracks OS X Lion Passwords
daria42 writes "Thought your Mac was secure running Apple's latest operating system? Think again. Turns out that in some respects Lion is actually less secure than previous version of Mac OS X, due to some permission-tweaking by Apple that has opened up a way for an attacker to crack your password on your Lion box. The flaw was discovered by an Australian researcher who has previously published a guide to cracking Mac OS X passwords. Sounds like Apple had better get a patch out for this."
I was expecting to read one of the normal fear-mongering stories that we often see on /. (e.g. "Drop Box sends passwords in plain text!!") but actually this is one of the most serious OS level holes I've seen in years. Not only can you retrieve the password for any user on the system but you can also reset their password without having to know what it was.
People have posted "they're still hashes so you still have to break them" which is of course true, but if you keep reading down he shows you how to reset the other user's password without ever having to know them.
You can change the root password on a Mac box without ANY credentials, provided you have physical access, Seems we have forgotten this while everyone is fear-mongering about what someone can do over the 'net.
Sorry for the sarcasm, but basically once someone has physical access to your computer you're basically boned unless you've encrypted your drive. It's Macs I know best, and it's trivial: boot to single user mode (command+S at start), mount in the file system as read/write (it even gives onscreen instructions for doing this) and then change the root password. I imagine something very similar can be done in Linux if there's an easy way to get it into single-user mode. Besides, on any machine to which you have physical access you can always boot a live distro and at the very least access the hashes if not easily take full control of the system.