osx lion
Latest
OS X Lion update accidentally outs user passwords in plain text, stumbles over FileVault
Are you an avid user of OS X's FileVault encryption and running a recently updated version of Lion? It may be time to consider changing your passwords. According to security researcher David Emry, users who used FileVault prior to upgrading to 10.7.3 may be able to find their password in a system-wide debug log file, stored in plain text outside of the encrypted area. This puts the password at risk of being read by other users or enterprising cyber criminals, Emry explains, and even opens the door for new flaw-specific malware. FileVault 2, on the other hand, seems to be unaffected by the bug. The community doesn't currently have a way to fight the flaw without disabling FileVault, so users rushing to change their password now may find it being logged as well. Obviously, we'll let you all know once we hear back from Apple regarding this matter.
Apple issues Flashback removal tool for 10.7 Lion systems not running Java
The Flashback OS X trojan continues to cast a rainy shadow over Mac owners' sense of security, and even though a fix has been released, this was only for what Apple considered "the most common variants." Users of Lion, who don't have Java installed, weren't included in that initial run, but there is a new removal tool just for them. So, if you're running 10.7 and never installed Oracle's virtual machine, make sure you point your browser at the source link below.
Passware claims FileVault 2 can be cracked in under an hour, sells you the software to prove it
Lunch hours may never feel safe again. That is, if you have a Mac running Lion / FileVault 2, like leaving your computer around, or have unscrupulous colleagues. Data recovery firm Passware claims its "Forensic" edition software can decrypt files protected by FileVault 2 in just 40 minutes -- whether it's "letmein" or "H4x0rl8t0rK1tt3h" you chose to stand in its way. Using live-memory analysis over firewire, the encryption key can be accessed from FileVault's partition, gifting the pilferer privy access to keychain files and login data -- and therefore pretty much everything else. If you want to try this out for yourself, conveniently, Passware will sell you the software ($995 for a single user license) without so much as a flash of a badge.
Apple to allow license-free virtualization with OS X Lion, developers roar with delight
Developers and IT managers have reason to smile today, because it looks like Apple is changing its approach to virtualization. According to Mac Rumors, users who download the client version of OS X Lion will be able to run one or two virtualized copies on a single Mac, using tools like VMware or Parallels. This functionality first surfaced with Leopard, but was only available to users who obtained a pricey OS X Server license. The EULA for 10.7, however, suggests that Lion owners won't need any extra licenses to tinker away in an alternate OS universe. It's news that the enterprise community will certainly welcome, but we'll have to wait a little longer before riding the Lion into a virtual realm, later this month.
