Slashdot Mirror


User: NatasRevol

NatasRevol's activity in the archive.

Stories
0
Comments
6,627
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,627

  1. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    To be clear, in your outlined attack, is there a password crack here or is it only a social attack to get hopefully access to a local admin account, and from there a network admin account?

    ie how do you decrypt admin privileges in the Login Keychain if the user isn't an admin?

  2. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    Same on OS X.

  3. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    If you've got physical access to the machine, all bets are off. I can read /etc/shadow, I can read /windows/Windows/System32/config.

    So how is that any different than any other system?

  4. Re:Yay on DARPA Set To Blast Falcon Mach 20 Test Flight · · Score: 1

    The kind developed by DARPA??

  5. Re:Users with admin rights? on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    Well, per the presentation, they need to get the admin passwords to use the 'exploit'.

  6. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    Yeah, that's not really a remote exploit now is it?

    And you don't need the fsck at all, showing that you don't really understand it but just copy & pasted.

    It's not any different than booting from a linux cd that can crack the passwords on a Windows machine.

  7. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    Two things.

    1. *How* to decrypt the keychain would be an important detail
    2. Still doesn't mean that it's not using network/admin passwords.

  8. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    From page 32:

    Privileged credentials in the keychain can be used to spread and explore

    ie network admin login credentials.

    Or all the local admin logins are the same - which is essentially a network admin password. Often, computers are set up with the same local admin account across all/most machines - Mac or PC.

  9. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 2

    You might want to go actually read the presentation. It does need an admin password in order to get privilege escalation. See pages 32-34 in the presentation.

    There is no exploit here on getting the local admin or network admin password. It requires an admin password to ... wait for it ... do admin type things on the network.

  10. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    No, the AD hack doesn't rely on Safari. It just says click on malicious link - no browser mentioned.

    Safari is mentioned as a route for compromise on the Mac side though. One that still requires you to type in an admin password to get admin privs.

  11. Re:Users with admin rights? on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    I didn't see the actual presentation, but the exploit at the beginning of the presentation shows an AD hack, and doesn't mention needing passwords - just clicking on a malicious link.

  12. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    That's not the case though. Otherwise, it can't authenticate to another network Mac. Unless all the local admin passwords are the same, in which case they're effectively the network admin password.

    It's always going to need the network admin password. Now lazy sysadmins often make them the same as the local admin passwords, but they're not actually the same thing.

  13. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 1

    Yeah. And how is that not having the admin password?

    Tell you what, give me the admin password to an active directory forest. See if I can fuck things up a bit. Want to bet I can?

  14. Re:Users with admin rights? on Macs More Vulnerable Than Windows For Enterprise · · Score: 3, Insightful

    Yeah, which is not the case most of the time.

    Users with admin passwords can do admin things. Duh.

    Meaning this 'exploit' isn't much of an exploit.

  15. Re:And? on Macs More Vulnerable Than Windows For Enterprise · · Score: 3, Funny

    It's not a bug, it's a design difference. On Mac Server, it does fall back to simpler protocols because that's how it was often set up - no real sysadmins means no consistent use of strong authentication.

    However, it would all go away if Apple required and ONLY allowed kerberos for authentication of any service from OS X Server. In other words, just like AD.

    Having said that, this exploit still requires an admin password to escalate privileges - which isn't typically given in a corporate setting. In other words, admin passwords can do admin things.

  16. Re:Finally, a cluestick on HP Drops Price Again For Its WebOS-Based iPad Challenger · · Score: 1

    Yeah, that's real marketable.

    Just install a custom ROM, easy even for Mom!

    Maybe you can write a jingle for it too.

  17. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 5, Informative

    And the Mac exploit STILL REQUIRES AN ADMIN PASSWORD. Which is not typically given to users in a corporate setting - at least by sane sysadmins.

  18. Re:All computers are less secure on Macs More Vulnerable Than Windows For Enterprise · · Score: 5, Informative

    You might want to go read the actual presentation.

    It starts out with an exploit called Aurora, which compromises AD.

    Whoops.

  19. Re:Previews and review... on Review: Rise of the Planet of the Apes · · Score: 1

    unless there are super hot naked chicks in every scene

    You'll probably prefer The Change Up a lot more then.

  20. Re:Finally, a cluestick on HP Drops Price Again For Its WebOS-Based iPad Challenger · · Score: 1

    as long as they don't want the official Google branded app/Market

    Not a good sales pitch. At any price.

  21. Re:It's not apps, it's marketing on HP Drops Price Again For Its WebOS-Based iPad Challenger · · Score: 2

    So, 30 million people though that they needed Apple's new thing?

    Or maybe 30 million people thought it was better than any laptop out there, for their needs, for the same price?

    Or maybe you're just plain wrong.

  22. Re:Finally, a cluestick on HP Drops Price Again For Its WebOS-Based iPad Challenger · · Score: 1

    now everyone has capacitive touch

    Everyone???? Uhhhh, no.

    http://en.wikipedia.org/wiki/Comparison_of_Android_devices#Tablet_computers

  23. Re:Not hypocritical on Google Accuses Competitors of Abusing Patents Against Android · · Score: 1

    Not disagreeing, but I haven't seen anything that the patent club actually said something like "All you have to do is big on some Nortel patents with the rest of us and you're in."

    It may be inferred, but I haven't seen anyone say anything like that actually happened.

  24. Re:Not hypocritical on Google Accuses Competitors of Abusing Patents Against Android · · Score: 1

    But you do agree that your weapon choice is more limited.

    And you damn well shouldn't whine about it when you chose NOT to do so.

  25. Re:Not hypocritical on Google Accuses Competitors of Abusing Patents Against Android · · Score: 1

    I don't see how anyone can argue that sharing ownership is the same as owning them

    Seriously?

    They can't sue you over patents that you BOTH OWN. - sharing
    They can't sue you over patents that YOU OWN. - owning

    Either way, they can't sue over these patents, IF you were in the ownership circle. Yes, they will always be able to sue you over patents that they own. But owning OR sharing them prevents you from some suits.