Re: [Fed-Talk] Mac keychain vulnerability
Re: [Fed-Talk] Mac keychain vulnerability
- Subject: Re: [Fed-Talk] Mac keychain vulnerability
- From: Dave Schroeder <email@hidden>
- Date: Thu, 28 Sep 2017 11:55:20 +0000
- Thread-topic: [Fed-Talk] Mac keychain vulnerability
You probably didn't see a post for the reasons you said...it's been known for a
while and impacts multiple versions of macOS. This "disclosure" was done (and
timed with High Sierra release) for publicity, and misrepresents the nature of
the threat.
Dave
> On Sep 27, 2017, at 5:38 PM, Ron Colvin <email@hidden> wrote:
>
> https://arstechnica.com/information-technology/2017/09/password-theft-0day-imperils-users-of-high-sierra-and-earlier-macos-versions/
>
> I was surprised I had not seen a post.
> This is not a "new" vulnerability. Password exports from unlocked keychains
> has been a known issue to some for a while. It is mentioned in the CIS
> Benchmarks with keychain lock controls.
>
> --
>
>
> ********************************************************
> Ron Colvin CISSP, CAP, CEH
> Certified Security Analyst
> NASA OCIO ITSD Analyst
> <email@hidden>
> Cell 240-472-1633
> NASA Jabber (email@hidden) AIM rcolvin13
> NASA Skype (email@hidden)
> ********************************************************
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden