To be clear, in your outlined attack, is there a password crack here or is it only a social attack to get hopefully access to a local admin account, and from there a network admin account?
ie how do you decrypt admin privileges in the Login Keychain if the user isn't an admin?
Privileged credentials in the keychain can be used to spread and explore
ie network admin login credentials.
Or all the local admin logins are the same - which is essentially a network admin password. Often, computers are set up with the same local admin account across all/most machines - Mac or PC.
You might want to go actually read the presentation. It does need an admin password in order to get privilege escalation. See pages 32-34 in the presentation.
There is no exploit here on getting the local admin or network admin password. It requires an admin password to... wait for it... do admin type things on the network.
I didn't see the actual presentation, but the exploit at the beginning of the presentation shows an AD hack, and doesn't mention needing passwords - just clicking on a malicious link.
That's not the case though. Otherwise, it can't authenticate to another network Mac. Unless all the local admin passwords are the same, in which case they're effectively the network admin password.
It's always going to need the network admin password. Now lazy sysadmins often make them the same as the local admin passwords, but they're not actually the same thing.
It's not a bug, it's a design difference. On Mac Server, it does fall back to simpler protocols because that's how it was often set up - no real sysadmins means no consistent use of strong authentication.
However, it would all go away if Apple required and ONLY allowed kerberos for authentication of any service from OS X Server. In other words, just like AD.
Having said that, this exploit still requires an admin password to escalate privileges - which isn't typically given in a corporate setting. In other words, admin passwords can do admin things.
Not disagreeing, but I haven't seen anything that the patent club actually said something like "All you have to do is big on some Nortel patents with the rest of us and you're in."
It may be inferred, but I haven't seen anyone say anything like that actually happened.
I don't see how anyone can argue that sharing ownership is the same as owning them
Seriously?
They can't sue you over patents that you BOTH OWN. - sharing They can't sue you over patents that YOU OWN. - owning
Either way, they can't sue over these patents, IF you were in the ownership circle. Yes, they will always be able to sue you over patents that they own. But owning OR sharing them prevents you from some suits.
To be clear, in your outlined attack, is there a password crack here or is it only a social attack to get hopefully access to a local admin account, and from there a network admin account?
ie how do you decrypt admin privileges in the Login Keychain if the user isn't an admin?
Same on OS X.
If you've got physical access to the machine, all bets are off. I can read /etc/shadow, I can read /windows/Windows/System32/config.
So how is that any different than any other system?
The kind developed by DARPA??
Well, per the presentation, they need to get the admin passwords to use the 'exploit'.
Yeah, that's not really a remote exploit now is it?
And you don't need the fsck at all, showing that you don't really understand it but just copy & pasted.
It's not any different than booting from a linux cd that can crack the passwords on a Windows machine.
Two things.
1. *How* to decrypt the keychain would be an important detail
2. Still doesn't mean that it's not using network/admin passwords.
From page 32:
Privileged credentials in the keychain can be used to spread and explore
ie network admin login credentials.
Or all the local admin logins are the same - which is essentially a network admin password. Often, computers are set up with the same local admin account across all/most machines - Mac or PC.
You might want to go actually read the presentation. It does need an admin password in order to get privilege escalation. See pages 32-34 in the presentation.
There is no exploit here on getting the local admin or network admin password. It requires an admin password to ... wait for it ... do admin type things on the network.
No, the AD hack doesn't rely on Safari. It just says click on malicious link - no browser mentioned.
Safari is mentioned as a route for compromise on the Mac side though. One that still requires you to type in an admin password to get admin privs.
I didn't see the actual presentation, but the exploit at the beginning of the presentation shows an AD hack, and doesn't mention needing passwords - just clicking on a malicious link.
That's not the case though. Otherwise, it can't authenticate to another network Mac. Unless all the local admin passwords are the same, in which case they're effectively the network admin password.
It's always going to need the network admin password. Now lazy sysadmins often make them the same as the local admin passwords, but they're not actually the same thing.
Yeah. And how is that not having the admin password?
Tell you what, give me the admin password to an active directory forest. See if I can fuck things up a bit. Want to bet I can?
Yeah, which is not the case most of the time.
Users with admin passwords can do admin things. Duh.
Meaning this 'exploit' isn't much of an exploit.
It's not a bug, it's a design difference. On Mac Server, it does fall back to simpler protocols because that's how it was often set up - no real sysadmins means no consistent use of strong authentication.
However, it would all go away if Apple required and ONLY allowed kerberos for authentication of any service from OS X Server. In other words, just like AD.
Having said that, this exploit still requires an admin password to escalate privileges - which isn't typically given in a corporate setting. In other words, admin passwords can do admin things.
Yeah, that's real marketable.
Just install a custom ROM, easy even for Mom!
Maybe you can write a jingle for it too.
And the Mac exploit STILL REQUIRES AN ADMIN PASSWORD. Which is not typically given to users in a corporate setting - at least by sane sysadmins.
You might want to go read the actual presentation.
It starts out with an exploit called Aurora, which compromises AD.
Whoops.
unless there are super hot naked chicks in every scene
You'll probably prefer The Change Up a lot more then.
as long as they don't want the official Google branded app/Market
Not a good sales pitch. At any price.
So, 30 million people though that they needed Apple's new thing?
Or maybe 30 million people thought it was better than any laptop out there, for their needs, for the same price?
Or maybe you're just plain wrong.
now everyone has capacitive touch
Everyone???? Uhhhh, no.
http://en.wikipedia.org/wiki/Comparison_of_Android_devices#Tablet_computers
Not disagreeing, but I haven't seen anything that the patent club actually said something like "All you have to do is big on some Nortel patents with the rest of us and you're in."
It may be inferred, but I haven't seen anyone say anything like that actually happened.
But you do agree that your weapon choice is more limited.
And you damn well shouldn't whine about it when you chose NOT to do so.
I don't see how anyone can argue that sharing ownership is the same as owning them
Seriously?
They can't sue you over patents that you BOTH OWN. - sharing
They can't sue you over patents that YOU OWN. - owning
Either way, they can't sue over these patents, IF you were in the ownership circle. Yes, they will always be able to sue you over patents that they own. But owning OR sharing them prevents you from some suits.