[Fed-Talk] Lockpick
[Fed-Talk] Lockpick
- Subject: [Fed-Talk] Lockpick
- From: "Gordon Bob Ctr AF/A3/5EG" <email@hidden>
- Date: Fri, 27 Apr 2007 13:20:54 -0400
- Thread-topic: Lockpick
I am not in law enforcement, I am with the USAF. I have 40 systems
class and unclass. This is a tool I could use with my users who forget
what their passwords are. Since my users have at a minimum 4 computer
systems. Remembering passwords is very difficult. This tool could save
me lots of time and heartache.
I would purchase this in a heartbeat.
Bob
-----Original Message-----
From: fed-talk-bounces+bob.gordon.ctr=email@hidden
[mailto:fed-talk-bounces+bob.gordon.ctr=email@hidden]
On Behalf Of email@hidden
Sent: Friday, April 27, 2007 1:00 PM
To: email@hidden
Subject: Fed-talk Digest, Vol 4, Issue 110
Send Fed-talk mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fed-talk digest..."
Today's Topics:
1. Re: Filevault, Disk Encrypted Images, cracked with a utility
(Jason Bracy)
2. Re: Filevault, Disk Encrypted Images, cracked with a utility
(Marko Kostyrko)
3. Re: Filevault, Disk Encrypted Images, cracked with a utility
(Dave Schroeder)
4. Re: Filevault, Disk Encrypted Images, cracked with a utility
(Dave Schroeder)
5. Re: Filevault, Disk Encrypted Images, cracked with a utility
(Marko Kostyrko)
----------------------------------------------------------------------
Message: 1
Date: Fri, 27 Apr 2007 12:53:44 -0400
From: "Jason Bracy" <email@hidden>
Subject: Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked
with
a utility
To: FedTalk <email@hidden>
Message-ID:
<email@hidden>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Doesn't this rely on the user being logged in AND the keychain being
unlocked? Not really a threat to agencies deploying FileVault with
proper hardening and user training in place.
Jason
On 4/27/07, Marko Kostyrko <email@hidden> wrote:
>
> And we are members of this list ;)
>
> I would have sent the release here but ... kinda got told off for
that.
>
> Federal discounts, and we have other technologies for those legally
allowed
> to use it.
>
> Note: this tool is not available to the public.
>
> On Apr 27, 2007, at 9:26 AM, Michael Pike wrote:
>
http://www.macworld.com/news/2007/04/27/maclockpick/index.php?lsrc=mwrss
>
> There is the story... not to say "I told you so", but everyone who
> calls me paranoid once again sees that paranoid was not wrong in this
> instance.
>
> The fact Apple's disk images and Filevault rely on the Apple Keychain
> for a encryption key wrapper makes it very insecure.
>
> That is exactly why I buy all of my encryption stuff from NON-US
> companies that are not under the same pressures that some of these
> obvious ones are.
>
> Un-f'in-believable.
>
>
> --
> Michael Pike
> iChat/AIM: email@hidden
> Jabber / GoogleTalk: email@hidden
> Windows Live Messenger: email@hidden
> Yahoo Messenger: email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
>
> This email sent to email@hidden
>
>
> Marko Kostyrko
> CEO - SubRosaSoft.com Inc
> http://www.SubRosaSoft.com
> skype: markokostyrko
> email: email@hidden
> Cell: +1 (510) 789 3187
>
> All information in this email is confidential information. If you
respond,
> please use an encryption protocol.
------------------------------
Message: 2
Date: Fri, 27 Apr 2007 09:53:34 -0700
From: Marko Kostyrko <email@hidden>
Subject: Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked
with
a utility
To: "Michael Pike" <email@hidden>
Cc: FedTalk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
Thanks for the note Mike, Ill respond on a private level soon.
The product is available on http://www.subrosasoft.com/OSXSoftware/
index.php?main_page=product_info&cPath=200&products_id=195
Discounts for federal and licensed investigators (in fact its only
available to licensed investigators so that is a little moot)
On Apr 27, 2007, at 9:46 AM, Michael Pike wrote:
> I know fedtalk doesnt lke advertising, but with something like this
> with a bonafied purpose, I do not see any reason why Marko should not
> be permitted to post a blurb on the list about it. I found out from
> Macworld... pretty sad when the general public knows about something
> before the ones who it is intended for does.
>
> I vote that if someone makes a new product they should be allowed to
> post one message about it (not updates, but a new product) so we know
> about it.
>
> Marko: how do we order one?
>
>
> On 4/27/07, Marko Kostyrko <email@hidden> wrote:
>>
>> And we are members of this list ;)
>>
>> I would have sent the release here but ... kinda got told off for
>> that.
>>
>> Federal discounts, and we have other technologies for those
>> legally allowed
>> to use it.
>>
>> Note: this tool is not available to the public.
>>
>> On Apr 27, 2007, at 9:26 AM, Michael Pike wrote:
>> http://www.macworld.com/news/2007/04/27/maclockpick/index.php?
>> lsrc=mwrss
>>
>> There is the story... not to say "I told you so", but everyone who
>> calls me paranoid once again sees that paranoid was not wrong in this
>> instance.
>>
>> The fact Apple's disk images and Filevault rely on the Apple Keychain
>> for a encryption key wrapper makes it very insecure.
>>
>> That is exactly why I buy all of my encryption stuff from NON-US
>> companies that are not under the same pressures that some of these
>> obvious ones are.
>>
>> Un-f'in-believable.
>>
>>
>> --
>> Michael Pike
>> iChat/AIM: email@hidden
>> Jabber / GoogleTalk: email@hidden
>> Windows Live Messenger: email@hidden
>> Yahoo Messenger: email@hidden
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> 40subrosasoft.com
>>
>> This email sent to email@hidden
>>
>>
>> Marko Kostyrko
>> CEO - SubRosaSoft.com Inc
>> http://www.SubRosaSoft.com
>> skype: markokostyrko
>> email: email@hidden
>> Cell: +1 (510) 789 3187
>>
>> All information in this email is confidential information. If you
>> respond,
>> please use an encryption protocol.
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>>
>
>
> --
> Michael Pike
> iChat/AIM: email@hidden
> Jabber / GoogleTalk: email@hidden
> Windows Live Messenger: email@hidden
> Yahoo Messenger: email@hidden
Marko Kostyrko
CEO - SubRosaSoft.com Inc
http://www.SubRosaSoft.com
skype: markokostyrko
email: email@hidden
Cell: +1 (510) 789 3187
All information in this email is confidential information. If you
respond, please use an encryption protocol.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.apple.com/mailman/private/fed-talk/attachments/20070427/770
0a900/attachment-0001.html
------------------------------
Message: 3
Date: Fri, 27 Apr 2007 11:56:15 -0500
From: Dave Schroeder <email@hidden>
Subject: Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked
with
a utility
To: Michael Pike <email@hidden>
Cc: Fedtalk List <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
On Apr 27, 2007, at 11:26 AM, Michael Pike wrote:
> That is exactly why I buy all of my encryption stuff from NON-US
> companies that are not under the same pressures that some of these
> obvious ones are.
>
> Un-f'in-believable.
This isn't possible because of any US governmental influence. This is
possible because of the way Mac OS X is architected (also itself not
because of US governmental influence).
Prudence (and even paranoia, if you're so included) is fine. But I'm
sorry to say that it's not because of the US government that this is
possible.
- Dave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2380 bytes
Desc: not available
Url :
http://lists.apple.com/mailman/private/fed-talk/attachments/20070427/f28
e2fed/smime-0001.bin
------------------------------
Message: 4
Date: Fri, 27 Apr 2007 11:58:47 -0500
From: Dave Schroeder <email@hidden>
Subject: Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked
with
a utility
To: Jason Bracy <email@hidden>
Cc: FedTalk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
Yes, and not only that, it will only extract the user password for
the *logged in* user, and then can only get things like FileVault or
administrative access *if those passwords are shared* (which they
often are).
This doesn't use secret backdoors to get passwords out of FileVault,
etc.
- Dave
On Apr 27, 2007, at 11:53 AM, Jason Bracy wrote:
> Doesn't this rely on the user being logged in AND the keychain being
> unlocked? Not really a threat to agencies deploying FileVault with
> proper hardening and user training in place.
>
> Jason
>
>
> On 4/27/07, Marko Kostyrko <email@hidden> wrote:
>>
>> And we are members of this list ;)
>>
>> I would have sent the release here but ... kinda got told off for
>> that.
>>
>> Federal discounts, and we have other technologies for those
>> legally allowed
>> to use it.
>>
>> Note: this tool is not available to the public.
>>
>> On Apr 27, 2007, at 9:26 AM, Michael Pike wrote:
>> http://www.macworld.com/news/2007/04/27/maclockpick/index.php?
>> lsrc=mwrss
>>
>> There is the story... not to say "I told you so", but everyone who
>> calls me paranoid once again sees that paranoid was not wrong in this
>> instance.
>>
>> The fact Apple's disk images and Filevault rely on the Apple Keychain
>> for a encryption key wrapper makes it very insecure.
>>
>> That is exactly why I buy all of my encryption stuff from NON-US
>> companies that are not under the same pressures that some of these
>> obvious ones are.
>>
>> Un-f'in-believable.
>>
>>
>> --
>> Michael Pike
>> iChat/AIM: email@hidden
>> Jabber / GoogleTalk: email@hidden
>> Windows Live Messenger: email@hidden
>> Yahoo Messenger: email@hidden
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> 40subrosasoft.com
>>
>> This email sent to email@hidden
>>
>>
>> Marko Kostyrko
>> CEO - SubRosaSoft.com Inc
>> http://www.SubRosaSoft.com
>> skype: markokostyrko
>> email: email@hidden
>> Cell: +1 (510) 789 3187
>>
>> All information in this email is confidential information. If you
>> respond,
>> please use an encryption protocol.
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2380 bytes
Desc: not available
Url :
http://lists.apple.com/mailman/private/fed-talk/attachments/20070427/d64
d5a07/smime-0001.bin
------------------------------
Message: 5
Date: Fri, 27 Apr 2007 09:59:03 -0700
From: Marko Kostyrko <email@hidden>
Subject: Re: [Fed-Talk] Filevault, Disk Encrypted Images, cracked
with
a utility
To: "Jason Bracy" <email@hidden>
Cc: FedTalk <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="us-ascii"
Yes it does rely on that.
But it should be noted that this is the default state.
If you follow the very wise and sound advice from the apple web pages
on locking down your system it will not work. However if you are a
normal user and just close the lid or walk away from your mac it will
work nicely.
The default state of the keychain is open on startup, this remains so
if the suspect walks away or puts his machine into his carry bag.
On Apr 27, 2007, at 9:52 AM, Jason Bracy wrote:
> Doesn't this rely on the user being logged in AND the keychain being
> unlocked? Not really a threat to agencies deploying FileVault with
> proper hardening and user training in place.
>
> Jason
>
> On 4/27/07, Marko Kostyrko <email@hidden> wrote:
>>
>> And we are members of this list ;)
>>
>> I would have sent the release here but ... kinda got told off for
>> that.
>>
>> Federal discounts, and we have other technologies for those
>> legally allowed
>> to use it.
>>
>> Note: this tool is not available to the public.
>>
>> On Apr 27, 2007, at 9:26 AM, Michael Pike wrote:
>> http://www.macworld.com/news/2007/04/27/maclockpick/index.php?
>> lsrc=mwrss
>>
>> There is the story... not to say "I told you so", but everyone who
>> calls me paranoid once again sees that paranoid was not wrong in this
>> instance.
>>
>> The fact Apple's disk images and Filevault rely on the Apple Keychain
>> for a encryption key wrapper makes it very insecure.
>>
>> That is exactly why I buy all of my encryption stuff from NON-US
>> companies that are not under the same pressures that some of these
>> obvious ones are.
>>
>> Un-f'in-believable.
>>
>>
>> --
>> Michael Pike
>> iChat/AIM: email@hidden
>> Jabber / GoogleTalk: email@hidden
>> Windows Live Messenger: email@hidden
>> Yahoo Messenger: email@hidden
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>> 40subrosasoft.com
>>
>> This email sent to email@hidden
>>
>>
>> Marko Kostyrko
>> CEO - SubRosaSoft.com Inc
>> http://www.SubRosaSoft.com
>> skype: markokostyrko
>> email: email@hidden
>> Cell: +1 (510) 789 3187
>>
>> All information in this email is confidential information. If you
>> respond,
>> please use an encryption protocol.
Marko Kostyrko
CEO - SubRosaSoft.com Inc
http://www.SubRosaSoft.com
skype: markokostyrko
email: email@hidden
Cell: +1 (510) 789 3187
All information in this email is confidential information. If you
respond, please use an encryption protocol.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.apple.com/mailman/private/fed-talk/attachments/20070427/555
b048a/attachment.html
------------------------------
_______________________________________________
Fed-talk mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/fed-talk
End of Fed-talk Digest, Vol 4, Issue 110
****************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden