On 2007-01-18 Simon Slavin wrote:
> On 17 Jan 2007, at 11:28pm, Gregor Alessi wrote:
>> To crack Open Firmware Protection just remove physical memory - the
>> PW will be gone.
>
> Intel Macs use something that does the same job as Open Firmware
> passwords, but doesn't work the same. Changing physical memory does
> not defeat it.
Then they have to have some other means to reset the firmware to default
values (which should include erasing any user-defined passwords). Not
being able to reset it would be pretty much inacceptable IMHO, because
it would leave you with unusable hardware if the password got lost.
Anyway, I think what Gregor meant to tell is that firmware passwords
won't stop an attacker from accessing data on a stolen notebook.
> And could I restress the idea of using an encrypted disk image ?
> People seem to have ignored it when it's an almost idea solution for
> most of you.
I'd recommend against the suggestion you made in your other post,
because even though the encrypted disk image will protect the files it
contains, sensitive data may be leaked through caches or temporary files
when the user is working with the data. Using Filevault (and encrypted
swap) should prevent this (as far as possible without full disk
encryption), since OS X keeps all user data inside the user's home.
I consider Filevault (+ automatic login disabled) sufficient for the
scenario the OP described: prevent an attacker from accessing sensitive
data on a stolen notebook. The OP may consider your suggestion as an
addition to using Filevault, though, in order to reduce the risk of an
attacker being able to access sensitive data while the user is logged
in.
We use Filevault for about a year now (though not in a large
deployment), and haven't experienced any problems with it. However, I
agree with Miles that frequent backups are mandatory, and not only
because a Filevault may become corrupt.
Regards
Ansgar Wiechers
--
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
