passware
Latest
OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault
Are you an avid user of OS X's FileVault encryption and running a recently updated version of Lion? It may be time to consider changing your passwords. According to security researcher David Emry, users who used FileVault prior to upgrading to 10.7.3 may be able to find their password in a system-wide debug log file, stored in plain text outside of the encrypted area. This puts the password at risk of being read by other users or enterprising cyber criminals, Emry explains, and even opens the door for new flaw-specific malware. FileVault 2, on the other hand, seems to be unaffected by the bug. The community doesn't currently have a way to fight the flaw without disabling FileVault, so users rushing to change their password now may find it being logged as well. Obviously, we'll let you all know once we hear back from Apple regarding this matter.
Apple FileVault 2 encryption cracked, but don't panic
FileVault 2 is a feature of Mac OS X 10.7 Lion that provides a way to encrypt a full disk drive so that it can only be used by those who know a password ... until now, that is. Passware, a company that makes forensic software used to recover lost passwords or open encrypted files to police and others, has announced that their Passware Kit Forensic 11.4 software (US$995) can extract the keys to FileVault 2 in an average of 40 minutes. Password was able to recover data from FileVault 2 encrypted drives regardless of the length and complexity of passwords. Fortunately for Mac users, however, not only does the cracking require a relatively expensive piece of software, but it also requires that certain conditions be in place for the software to be able to extract the FileVault keys. The Mac must be powered on and logged in; in other words, the FileVault keys must be in memory for Passware Kit Forensic to extract them. Passware can't extract encryption keys on static data, nor can it determine what the keys are before they've been requested as part of the log-in process. That means that as long as you turn off automatic login, you should be safe. To turn off automatic login on your FileVault 2-encrypted Mac, go to System Preferences > Users & Groups > Login Options and make sure that "Off" is selected from the drop-down. The other tip to keep you safe? Turn off your laptop while traveling so that the Passware software cannot be used to hack into it. There's one other good piece of news; hackers need to get to the contents of memory through a working FireWire or Thunderbolt port, so the Passware process does not work via remote access. Likewise, those older MacBook Airs that only have USB ports are safe from this method -- commenter Thomas Brand on the Brooks Review notes that "Thunderbolt and FireWire access data directly from the system bus allowing the exploit. USB goes through the CPU." Yes, FileVault 2 encryption is vulnerable. But with a few easy, common-sense steps, mobile Mac users can keep their data safe anyway.
Passware claims FileVault 2 can be cracked in under an hour, sells you the software to prove it
Lunch hours may never feel safe again. That is, if you have a Mac running Lion / FileVault 2, like leaving your computer around, or have unscrupulous colleagues. Data recovery firm Passware claims its "Forensic" edition software can decrypt files protected by FileVault 2 in just 40 minutes -- whether it's "letmein" or "H4x0rl8t0rK1tt3h" you chose to stand in its way. Using live-memory analysis over firewire, the encryption key can be accessed from FileVault's partition, gifting the pilferer privy access to keychain files and login data -- and therefore pretty much everything else. If you want to try this out for yourself, conveniently, Passware will sell you the software ($995 for a single user license) without so much as a flash of a badge.
Security firm extracts Mac OS user login passwords over FireWire
OMG. Lock up your Mac now! Security firm Passware sent out a PR blast this morning noting that their $995 application Passware Kit Forensic v11 can retrieve Mac OS user login passwords, and they're saying that this "proves Mac OS Lion insecure." The expensive app, which Passware will happily sell you for all of your forensic and password stealing needs, is used to connect a Windows machine running the software to a Mac via a FireWire connection. It can apparently "capture live Mac memory" and extracts passwords regardless of the strength of your password or use of FileVault encryption. While Passware Kit Forensic could be extremely useful for law-enforcement and government officials, as well as network administrators in enterprises, it doesn't seem likely that a common criminal is going to purchase Passware Kit Forensic when they're much more likely to want to wipe the hard drive and sell a stolen Mac for fast cash. Where this is a bit scary is in industrial or governmental espionage. Those are the situations where a thousand-dollar app would be chump change and the information that's stolen could make or lose billions of dollars. In those cases, Passware's president Dimitry Sumin notes "it is important to ensure physical security of the computer. One might also consider using additional encryption software." As for the rest of us with information that isn't too important? There's an easy way to keep yourself safe -- just turn off your computer when it's not in use instead of putting it to sleep, and disable the Automatic Login setting. By doing this, passwords aren't present in memory and can't be recovered using Passware's software. It's interesting that Passware didn't headline their press release with "Passware Proves Windows 7 Insecure..." since the same software easily retrieves passwords from that commonly used OS.
