Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked with a utility
Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked with a utility
- Subject: Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked with a utility
- From: Dave Schroeder <email@hidden>
- Date: Fri, 27 Apr 2007 11:58:47 -0500
Yes, and not only that, it will only extract the user password for
the *logged in* user, and then can only get things like FileVault or
administrative access *if those passwords are shared* (which they
often are).
This doesn't use secret backdoors to get passwords out of FileVault,
etc.
- Dave
On Apr 27, 2007, at 11:53 AM, Jason Bracy wrote:
Doesn't this rely on the user being logged in AND the keychain being
unlocked? Not really a threat to agencies deploying FileVault with
proper hardening and user training in place.
Jason
On 4/27/07, Marko Kostyrko <email@hidden> wrote:
And we are members of this list ;)
I would have sent the release here but ... kinda got told off for
that.
Federal discounts, and we have other technologies for those
legally allowed
to use it.
Note: this tool is not available to the public.
On Apr 27, 2007, at 9:26 AM, Michael Pike wrote:
http://www.macworld.com/news/2007/04/27/maclockpick/index.php?
lsrc=mwrss
There is the story... not to say "I told you so", but everyone who
calls me paranoid once again sees that paranoid was not wrong in this
instance.
The fact Apple's disk images and Filevault rely on the Apple Keychain
for a encryption key wrapper makes it very insecure.
That is exactly why I buy all of my encryption stuff from NON-US
companies that are not under the same pressures that some of these
obvious ones are.
Un-f'in-believable.
--
Michael Pike
iChat/AIM: email@hidden
Jabber / GoogleTalk: email@hidden
Windows Live Messenger: email@hidden
Yahoo Messenger: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40subrosasoft.com
This email sent to email@hidden
Marko Kostyrko
CEO - SubRosaSoft.com Inc
http://www.SubRosaSoft.com
skype: markokostyrko
email: email@hidden
Cell: +1 (510) 789 3187
All information in this email is confidential information. If you
respond,
please use an encryption protocol.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden