Re: [Fed-Talk] Drive Encryption - Filevault - Step By Step Instructions To Break It
Re: [Fed-Talk] Drive Encryption - Filevault - Step By Step Instructions To Break It
- Subject: Re: [Fed-Talk] Drive Encryption - Filevault - Step By Step Instructions To Break It
- From: Todd Heberlein <email@hidden>
- Date: Wed, 20 May 2009 19:10:47 -0700
This may have been covered here and I missed it, but someone (CNET)
did a step by step procedure for breaking FileVault, it looks to
have taken less than 5 minutes.
The article is about a year old, but it is a general problem that has
a long history. In general, once an adversary has the ability to gain
access to your memory, he can find all sorts of interesting stuff
cached there.
Back in 1992 I remember watching a hacker break log into a SunOS
machine using a stolen account and then dump the password file (so he
could run it through a password cracker later I presume). I was
smiling because we had switched to a shadow password file (pretty
novel back in those days). Within 20 seconds though the guy ran a
command (gcore I think) that gave him kernel memory access, and then
he dumped the memory and grepped looking for password entry patterns.
Out popped my password entry -- the shadow password file was cached in
memory. My jaw dropped.
A few days later I heard of a related attack after someone logged in
-- it turns out the array which stored your plain-text password was
never wiped, so if you had logged in recently, the attack could get
your password.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden