Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: [Fed-Talk] Passware grabs Mac passwords over FireWire
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Passware grabs Mac passwords over FireWire

FV2 requires an initial unlocking before the regular logon screen (double login).

As far as this product, what does "The security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered." mean? Does it mean if you turn off automatic login, the password isn't stored in RAM? Their statement doesn't make a lot of sense since turning the computer off empties RAM anyway (I know, someone "proved" it is still there for a short period of time) so why worry about the Automatic Login setting. If they actually mean either of these works, then I don't know of any government computer that is allowed to use automatic login so this problem is moot.

On Jul 26, 2011, at 12:47 PM, David Whitley wrote:

The website says that FV2 will not prevent this, but I wonder if it can still do it if the computer is on, but you aren't logged in.  Isn't FV2's decryption done post-login?

David R. Whitley Jr. 

Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550

Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 >[Fed-Talk] Passware grabs Mac passwords over FireWire (From: Rex Sanders <email@hidden>)
 >Re: [Fed-Talk] Passware grabs Mac passwords over FireWire (From: David Whitley <email@hidden>)

Visit the Apple Store online or at retail locations.

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.