Windows Server 2012 Resource Centre
[ad] Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Click here to visit our Windows Server 2012 Resource Centre with case studies, white papers and articles about Windows Server 2012.
Nokia Lumia Smartphones: Innovation's calling
[ad] Nokia Lumia with Windows Phone comes with unique camera technology, wireless charging and turn-by-turn navigation. Make every image picture perfect. See your city differently. Charge without wires. Click here to learn more.
Save up to $199 on Dell XPS 12 Ultrabooks: Power for your projects and passions.
[ad] This convertible Ultrabook™ delivers the speed and performance you expect from the XPS family in a sleek new design that's ready for work and play. Don't get two pieces of technology when one will do it all. The Dell XPS 12 is a tablet and Ultrabook combined to produce the perfect laptop.
Great articles on other sites
- Rio Tinto scales BYOD to 4000 users
- QLD energy provider to outsource IT services
- TransGrid makes the leap to Windows 7
- Major network outage at Anittel
- Is The Xbox Durango Prankster About To Be Charged With Owning A ‘Stun Gun’?
- $5.2m to put e-tax on Mac
- Galaxy S 4 “Google Edition” to be available in Australia via MobiCity
- When does mission creep become censorship?
- First NBN fibre extension completed
- Proof the internet filter lives on by other means
Managing virtualised environments: Free whitepaper
[ad] Virtualisation is one of the single most important technologies for efficiently operating servers. This free whitepaper presents information about current trends in virtualisation adoption, risks associated with single vendor virtualisation, and the benefits of open source virtualisation. Click here to download the whitepaper.
News - Written by Renai LeMay on Monday, September 26, 2011 12:36 - 29 Comments
Aussie researcher cracks OS X Lion passwords
news An Australian security expert respected for his work testing the defences of Apple software has published a method which appears to allow an attacker to break through the password defences of Cupertino’s latest Max OS X Lion operating system.
According to his LinkedIn profile, Patrick Dunstan is currently an information security specialist at the University of Adelaide, although he also works as a guest lecturer at the University of South Australia. Dunstan had previously attracted attention in late 2009 with a blog post explaining how a user who had already gained access to a Mac OS X system could extract a user’s password on that system.
In a new blog post this week — first reported by Secure Computing Magazine last week — Dunstan published an update to his technique. However, this time around he discovered a startling new fact with respect to Lion’s security protection — according to the researcher it leaves a crucial step out which could allow remote access to user passwords on the system.
In previous versions of Mac OS X, in order to access a users’ password, an attacker would need to break into what is referred to in Unix-based operating systems (such as Mac OS X) as a ‘shadow’ file — a file which stores critical data but can only be accessed by users with a high privilege — such as root access.
“So for all modern OS X platforms (Tiger, Leopard, Snow Leopard and Lion) each user has their own shadow file (hash database) whose data is accessible only by the root user … or at least it should be,” wrote Dunstan in his post. “It appears in the redesign of OS X Lion’s authentication scheme a critical step has been overlooked. Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data.”
This means, according to the researcher, that it might be possible for an attacker to crack a users’ Lion password by attacking their system through a Java app hosted online. The attack vector would still require the owner of the computer running Mac OS X to allow the Java app to run — but it is possible.
Dunstan noted that due, no doubt, to Lion’s relatively short time being available for use, he could not find any major cracking software supporting the ability to crack encrypted passwords in the operating system — but he has published a simple script which allows users to do so. It is not yet clear whether Apple is aware of the issue, but a temporary workaround allows users to secure their system through setting different permissions on a certain file.
The news comes as Mac OS X continues to be subject to fewer security attacks than Microsoft Windows. Security researchers have stated in the past that there could be a number of reasons for the appearance of heightened security on the Apple platform, ranging from its Unix basis, which allows a high degree of fine-grained permissions to be used on files and applications, to the relative dominance of Windows in the desktop PC market.
However, researchers have also speculated that attacks on Mac OS X could increase in future, along with the platform’s growing popularity and use on mobile devices such as iPhone and iPads.
As this attack would likely require a user to allow an application to run on their system before it could succeed, I would regard it as less dangerous than many other security headaches out there, which would require no support from a user. However, what Dunstan’s blog post demonstrates is that Mac OS X is not inherently safe from security problems. They do exist on the Mac; and I’m sure we’ll see more of them as time goes on; especially aimed at devices such as iPads.
Image credit: Apple
Leave a Comment
Enterprise IT, Featured, News - May 24, 2013 10:38 - 4 Comments
More In Enterprise IT
- Perpetual dumps CIO after Fujitsu outsourcing
- Victoria abandons IT shared services?
Core CenITex services to be outsourced
- Australia gets two Windows Azure datacentres
- Oracle reveals swathe of Aussie rollouts
- Australia’s universities hacked on a regular basis
News, Telecommunications - May 23, 2013 11:57 - 85 Comments
More In Telecommunications
- Telstra set for massive internal restructure
- iiNet sells TransACT’s FTTP to NBN Co
- At death’s door:
Vodafone loses 216k more customers
- 4G race: Telstra turns on 1500th tower
- Optus launches TD-LTE 4G trial in Canberra
Blog, Gadgets - May 24, 2013 14:48 - 4 Comments
More In Gadgets
- 3G ASUS 7″ Fonepad lands Down Under
- HP forces MicroServer fan page offline?
- Surprise! Xbox One neutered for Australia
- Sony Xperia Z tablet hits Australia
- HP Slate 7 to land in Australia shortly