For what it's worth - when FileVault 2 is enabled on a 10.7 clean install, automatic logins appear to be disabled by default. The checkbox is checked and grayed out so that it can't be unchecked.
Thanks,
Rich
On Jul 26, 2011, at 5:35 PM, Danziger, Alan D. wrote:
@David – FV2 won't prevent this because the disk is unlocked as the computer boots up. By default. (I've done it differently, with two partitions, only one of which unlocks on boot).
@Peter – FV2 doesn't require a double-login, it caches the unencryption credentials and uses them to log you in automatically.
Also: If you turn the computer off, RAM is emptied. If you have "Automatic Login" enabled, when 'an adversary' tries to boot it, the computer logs you in automatically & thus has the passwords & keychain back in memory… "Automatic Login" basically stores
your password somewhere the OS can get to it on boot-up…
It requires BOTH – disabling autologin, and actually shutting down (vs. sleep) - to protect against their process.
Regards,
-=Alan
From: "Link, Peter R." < email@hidden>
Date: Tue, 26 Jul 2011 16:02:58 -0400
To: David Whitley < email@hidden>
Cc: Apple Fed-Talk < email@hidden>
Subject: Re: [Fed-Talk] Passware grabs Mac passwords over FireWire
FV2 requires an initial unlocking before the regular logon screen (double login).
As far as this product, what does "The security risk is easy to overcome by simply turning off the computer instead of putting it to sleep, and disabling the "Automatic Login" setting. This way, passwords will not be present in memory and cannot be recovered."
mean? Does it mean if you turn off automatic login, the password isn't stored in RAM? Their statement doesn't make a lot of sense since turning the computer off empties RAM anyway (I know, someone "proved" it is still there for a short period of time) so why
worry about the Automatic Login setting. If they actually mean either of these works, then I don't know of any government computer that is allowed to use automatic login so this problem is moot.
On Jul 26, 2011, at 12:47 PM, David Whitley wrote:
The website says that FV2 will not prevent this, but I wonder if it can still do it if the computer is on, but you aren't logged in. Isn't FV2's decryption done post-login?
On Jul 26, 2011, at 3:34 PM, Rex Sanders wrote:
FireWire has long been known as a back door into Mac OS RAM. Now Passware
has a kit for extracting system passwords from Mac OS X over FireWire:
http://www.prnewswire.com/news-releases/passware-proves-mac-os-lion-insecure-revealing-login-passwords-in-minutes-126166663.html
The security risk is easy to overcome by simply turning off the computer
instead of putting it to sleep, and disabling the "Automatic Login"
setting. This way, passwords will not be present in memory and cannot be
recovered.
Note that www.lostpassword.com, Passware's web site, is blocked by DOI Web
filters as Malware, so be careful out there.
I wonder if Thunderbolt presents the same issues?
-- Rex
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list ( email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Peter
Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
---
JFRC Help Desk
phone: x4030
The best way to get in touch with me is through email.
|