lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 29 Feb 2008 11:54:02 +0900
From: Matt Johnston <matt@....asn.au>
To: Jacob Appelbaum <jacob@...elbaum.net>
Cc: oc photon <ocphoton@...il.com>, bugtraq@...urityfocus.com,
	Bill Paul <wpaul@...nesium.net>
Subject: Re: Loginwindow.app and Mac OS X

On Thu, Feb 28, 2008 at 06:28:51PM -0800, Jacob Appelbaum wrote:
> oc photon wrote:
> > n Thu, Feb 28, 2008 at 1:56 PM, Jacob Appelbaum <jacob@...elbaum.net> wrote:
> >> Moin moin Bugtraq readers,
> >>
> >>  Bill Paul and I have discovered that LoginWindow.app doesn't clear
> >>  credentials after a user is authenticated.
> > This has already been discovered in 2004. While the author only looks
> > at swap files, it is obvious that this is the same bug.
> > 
> > http://seclists.org/bugtraq/2004/Jun/0417.html
> 
> Thanks for the heads up. It's very possible that this is the same bug
> but obviously we found it in a different context. It surely seems like
> it may be the original that Apple would not discuss with us.
> 
> The bug number it was duped against was over 2 million bugs prior. Does
> that sound like Apple knew about this for nearly _4_ years (!) and
> didn't do anything about it?
> 
> That's seriously pathetic if it's actually that case!

I reported it a little while after mailing bugtraq, was
given bug ID #3728773 which was marked as a duplicate of
#3711425 (both after your duplicate of #3250780).
Keep in mind that the increment of millions probably
includes all kinds of automated bug submissions. 

As an aside to grabbing secrets from sleeping machines,
OS X's "secure virtual memory" will encrypt the hibernate
image (good) but then seems to store the key in a nvram
variable.  So that'd be another avenue of attack I guess.

Matt

Powered by blists - more mailing lists