Slashdot Mirror


Apple Security Blunder Exposes Lion Login Passwords In Clear Text

An anonymous reader writes "An Apple programmer, apparently by accident, left a debug flag open in the most recent version of its Mac OS X operating system. In specific configurations, applying the OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text."

3 of 205 comments (clear)

  1. Re:Great by TheThinkingGuy · · Score: -1, Troll

    I think it's funny that people complain about this while still happily submitting their clear-text passwords to Google. From there it goes to any non-honest Google admin to use and exploit. On top of that most people use the same password everywhere, so you're basically giving Google access to everything you have. Really wise, indeed.

  2. Re:Absolute garbage! by Viol8 · · Score: -1, Troll

    "where you were contemplating suicide? I was once in that situation;"

    Hopefully you'll be in that situation again and you'll do us all a favour and actually do it. Then we won't have to put up with your spam on here and the world won't miss a loser like you anyway.

  3. Re:Great by TheThinkingGuy · · Score: 1, Troll

    I know you're being sarcastic, but yes, they should. There's companies who actually care about user's privacy and make md5 hash of the password on the client side. Google does not. This despite the fact that their services need JavaScript enabled, so saying that user might have JS disabled is no valid excuse. Hashing the password on client side would greatly increase security and show that the company actually cares about its users.