| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY19-F37NM6E3He4t70008a3f8@hotmail.com> Date: Mon, 19 Jul 2004 07:56:30 -0400 From: "Michael Shirk" <shirkdog_linux@...mail.com> To: bugtraq@...urityfocus.com Subject: RE: Mac OS X stores login/Keychain/FileVault passwords on disk Pretty much it is a security risk to have an Apple laptop or desktop process any classified information. As long as physical access is used as you suggested a lock rack you are fine for 1U Xserves. However, the typical user on a subway with an iBook could be a major risk. I have set all of the options possible as well as the security setting in OpenFirmware: setenv security-mode full But I need to get a laptop back with a key lock and a cinder block so no one can take it. However, mac laptops are really just attack boxes and not meant to be secure. :-) shirkdog http://www.shirkdog.us -----Original Message----- From: bt@...fried.org [mailto:bt@...fried.org] Sent: Saturday, July 17, 2004 8:17 AM To: bugtraq@...urityfocus.com Subject: Re: Mac OS X stores login/Keychain/FileVault passwords on disk Importance: Low >FWIW: You can enable the security features of OpenFirmware on modern Apple >hardware, such that things like "boot from CD", "target disk mode", etc, >are all disabled. FWIW this is utterly worthless. >It adds at least another barrier for people to have to get around to >get your data. More information is available via a Google search, >but the following URL is a pretty good reference: > >http://www.mactipsandtricks.com/tips/display.lasso?mactip=3D118 To quote myself: http://www.seifried.org/lasg/system/index.html Unfortunately if you are using Apple hardware you cannot secure the boot process in any meaningful manner. While booting if the user holds down the command-option-P-R keys it will wipe any settings that exist, there is no way to avoid this. About the only security related option you can set is whether the machine automatically reboots or not, this is useful for servers to prevent a remote attacker from changing the kernel for example (which require a system reboot). Hold down the command-option-O-F keys to access the OpenFirmware and from there you need to: go> setenv auto-boot? FalseHowever because a local attacker can easily flush the settings there is no inherent security. If you need to use Apple systems as servers then it is highly advisable to lock them in a cabinet of some sort. As workstations in a public area your best solution is to automate the reloading of the OS to speed recovery time. Kurt Seifried, kurt@...fried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _________________________________________________________________ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Powered by blists - more mailing lists