MacDailyNews - Where Mac news comes first

Feb 28, 08 - 06:10 pm Comment from: Jubei

Non issue.

Feb 28, 08 - 06:14 pm Comment from: Spark

Non issue for most of us. Good to know and fix for those who truly carry sensitive information on their laptop. This was a good find and Appelbaum is to be congratulated for finding it and reporting it responsibly to Apple and the other effected OS writers.

Feb 28, 08 - 06:21 pm Comment from: Toasty

This cold boot thing is everywhere. They just need to make memory that will clean up after itself when you power off.

Now I understand what happened. My identity got stolen. I knew I should of questioned the two guys under my desk about the network network and logic analyzers they were connecting to my Mac pro. Man we are completely fccked. There is no way of keeping people from connecting network and logic analyzers to the memory bank of your mac while you are working. This is a major design flaw.

TRUE STORY: My house got broken into yesterday. They took the Toshiba laptop and left the Mac. Geez...

Just my $0.02

Feb 28, 08 - 06:25 pm Comment from: Zeke

And if you stand on your head and rub a wooden nickel between your thumb and middle finger while chanting Lincoln's Gettysburg Address people will stuff zucchini squash in your ears and call you "Woodrow". Hey, don't laugh. It's as relevant and valuable as this story.

What did you say? Ruh Roh? I have squash in my ears say it again. I did not hear you. Wuh woh? Your teeth is decaying? What?

String Theory. That's the answer to the DRAM decay issue....

Sitting and waiting with computer turned on will not help. It will not just fade out from RAM. The password is still there in memory and any memory scavenger software can take it out.

Feb 28, 08 - 06:40 pm Comment from: R

So they have to actually physically remove the RAM?

Over my cold dead hand...

ZOMFGBBQ VISTA > OSX

A valid concern. And there's going to be exactly 0% of Mac users affected by this issue by the time it's fixed.

Feb 28, 08 - 06:59 pm Comment from: Altivec Guru

To prevent this vulnerability, remove all memory modules from your computer, so there's no chance that anything can be stored in memory.

Feb 28, 08 - 07:07 pm Comment from: Hentercenter

Uh oh. I better not take my iMac anywhere or let anyone steal my RAM! Oh yeah cant forget to not let anyone into my wired network.

This is a non issue like most other comments have said. Also, like MDN said, most people who would actually steal a laptop would just zero out the hard drive and sell it on eBay.

Feb 28, 08 - 07:09 pm Comment from: Sixvodkas

@You don't get it just doesn't get it;

YES IT WILL fade out of RAM, given time (power your computer OFF first if you're concerned), so don't spook people into thinking their passwords are stored until the Earth spirals into the Sun.

I store all of my passwords in my cookie jar where nobody can find them.

Feb 28, 08 - 07:16 pm Comment from: Hentercenter

@The Truth

Ha! Now I will hack into your cookie jar and steal your passwords (and your cookies while I'm at it)!

Telling everyone that was probably more dangerous than this "threat".

This is why everyone should change their keychain password to something other than their login password; you can do it from within the KeyChain manager app.

Feb 28, 08 - 07:23 pm Comment from: Hentercenter

on a side note. Its kinda funny how there's all of these computer-related advertisemts on MDN and then you scroll below the comment box ad there's a Pizza Hut Pizza Mia ad there. Lol

Feb 28, 08 - 07:36 pm Comment from: Spark

@ Gil
I get it. Good one.

I confirm it. This exploit is on the wild and breeding fast!!

That's it, Apple should be chopped up and the spoils given to the shareholders.

Microsoft won.

Holly crap, if I stick in a OS X install disk in a Mac I can do the same thing as this exploit!!

Unless someone has both encrypted the drive AND set a firmware password. Like who really needs to do this?

After all EFI on every Intel Mac is a spy in the machine. It intercepts calls to hardware, contacts the internet, reads hard drives and does whatever it wants without the OS even being loaded.

So what's this a big deal? A EFI exploit would indeed get lots of attention!!!

...and if someone has physical access to your computer... they're going to steal it, not try and read your password from memory. Once they've stolen it they can easily get to all your documents, you know the excel file that has all your passwords in it, that is not password protected

HA HA MAC LOSERS, SO MUCH FOR YOUR LEGENDARY SECURITY!!

I so much love how the MIGHTY APPLE is making cheap looking glossy screen computers and insecure OS crap just like Microsoft.

What really gets me is you buttholes pay a fortune for the cheap insecure shiny crap too boot!!

FOOLS!!

Wow! So PC Loser is happy?!

Didn't know there was still so much hate for Mac users. Oh well, ENVY has a way of rearing it's ugly head.

It's a non issue BTW.

pathetic.

Apple admits a mistake?

What's next - Microsoft gives away Vista for free?

Feb 28, 08 - 08:14 pm Comment from: TowerTone

I never had this problem when I used a PC.
I speaking about the fear of someone wanting to steal it.....

Feb 28, 08 - 08:15 pm Comment from: TowerTone

here is that 'm I forgot.

The sky is falling...Help!

MDN Magic Word... DEAD as in dead...LOL

Yeah, someone with physical access....

yawnnnn!

Hey, where's ZuneTang? Something like that happens and he's sleeping? Or is he reinstalling Vista? A.k.a performing OVI, Overnight Vista Install.

Really, most of the time my Mac is auto logging in, so I don't give a crap about that because I will be fsck'd anyway.

Feb 28, 08 - 09:31 pm Comment from: Hm...

@ PC Users
Hate to tell you, guys, but Windows has had his flaw for a looooong time. (Which does make it quite embarrassing that OS X now has it, too.) All it takes on an XP system is NotePad and accessing the swap file where passwords/logins/etc could be easily found to pwn your machine.

@ Mac Users:
Shen is right. This one is much more significant than the "freeze your ram" attack. All I need for this one is a sleeping Mac and a pen drive with some little memory editors on it.

Feb 28, 08 - 09:58 pm Comment from: Dialtone

Dear Think:

"...all the Mac clowns on this forum..."

Ahh, think about it for a minute. The URL http://www.macdailyclownnews.com. What did you expect to find?

What if one were to logout and then sleep the mac, as opposed to shutting down? am i still at risk?

Feb 28, 08 - 10:46 pm Comment from: HMCIV

This is the first Apple security vulnerability we've seen in a while that isn't a STD (safari transmitted disease). So think about using proper protection.

Meanwhile Vista users contract digital versions of syphilis every day!

Feb 29, 08 - 01:19 am Comment from: MacBill

Ridiculous non-issue. ANYONE THAT HAS PHYSICAL ACCESS TO A MACHINE can do ANYTHING they want to it!

Non issue.

Right. And if it was Microsoft's operating system that had this problem all the Mac clowns on this forum would be ranting and raving about how bad Microsoft is, how insecure Windows is and how much more "superior" Mac is.

Fact: this is an issue, whether you like it or not.

Feb 29, 08 - 02:43 am Comment from: Think

So how do you pull a password out of ram?
Is that hard or very difficult to do? Seriously.

Now think about this for a minute.... If the person has physical access to your Mac, your office or home has already been compromised and they can just take whatever they want and then leisurely go thru your hard drive at their place.

Feb 29, 08 - 02:47 am Comment from: Think

Better way to think about it....

So this can't happen via the Internet.

What's
the
point.

Feb 29, 08 - 03:17 am Comment from: shen

i hate to sound rational, but this is an issue, and one that Apple will fix, and one that it is doubtful anyone will lose anything too. it is not the end of the world, or a hideous black-mark on Apples record, or anything like that.

this is an example of why you need white hats, and why you should listen to them, and Apple tends to.

having said that, if i physically have you machine, i will eventually own it. nothing will stop that. ever. get over it.

if this were like the poor guy i just talked to that had 5 different malware programs on his vista machine and lost all his bank account info to some hacker, i might be worried. there is a big difference here.

If someone has physical access to a machine, there are inherent security risks way beyond this. Waste of time.

Feb 29, 08 - 04:36 am Comment from: ericdano

I store all my passwords on a Zune. Nobody, and I mean, NO BODY, would ever steal that nor think to look there.

Do these so-called researchers have nothing better to do. This is such a non-issues to 99% of the people on the planet. I guess they finally got tired of writhing viruses for Windows.

I'm working on a research paper, Looking over a User Shoulder can Compromise their Passwords. It's a real issue with no fix in sight.

Feb 29, 08 - 06:11 am Comment from: Wade

"if I stick in a OS X install disk in a Mac I can do the same thing as this exploit!"

This will not discover, or allow you to change, the Keychain password.

This does require physical access, for an extended time, to the machine. I'm not sure how that qualifies as an exploitable fault, but, no reason it should not be fixed. There are things needing security on anyone's computer.

Guys, the only hackers I'm afraid of scientology nuts that get my info and terrorise... like they always do once they get a hold of your details.

Sheesh----Who keeps anything worth stealing on a Mac?
Non-issue.

Feb 29, 08 - 09:21 am Comment from: ken1w

> will let someone with physical access to a Macintosh computer

Wow! Now the hacker has to have physical access to the target Mac to exploit a Mac OS X vulnerability. Next we'll learn about another Mac OS X vulnerability that requires the hacker to actually BE the target Mac's owner.

It's no wonder hackers go after Windows. Windows is the low-hanging fruit. It's just not worth the effort to exploit a Mac OS X vulnerability.

Feb 29, 08 - 09:23 am Comment from: Scott

is MDN loading 100 times faster or is it just my iPhone?

Feb 29, 08 - 09:24 am Comment from: flappo

keychain is faaked up anyway

look at the airport issue in 10.5.2

Its a feature not a glitch. Now I can forget my Password. If I need it, I know where to find it.

Better yet, now I can access all my co-workers porn

Methinks this is not a Baum dropped on Appel.

And yet, it's not good pub at all.

Feb 29, 08 - 11:07 am Comment from: DRM sucks

"....if you're worried that black helicopters carrying nefarious international spies ready to instantly rappel into your home or offices..."

Glad you crossed that out - that only happens when you rip DVDs.