Re: [Fed-Talk] Mac keychain vulnerability
Re: [Fed-Talk] Mac keychain vulnerability
- Subject: Re: [Fed-Talk] Mac keychain vulnerability
- From: "Lee, Ian" <email@hidden>
- Date: Thu, 28 Sep 2017 14:13:43 +0000
- Thread-topic: [Fed-Talk] Mac keychain vulnerability
A flood of keychain unlock prompts from aware applications after the keychain
locks does not encourage those controls use.
^ Definitely agree with this. Even worse IMO, when the unlock prompts are
generally “Keychain Access would like access to your keychain”, and not being
specific about what application / trigger is causing that.
~ Ian Lee
Lawrence Livermore National Laboratory
W: 925-423-4941
C: 925-667-8903
On Sep 28, 2017, at 05:07, Ron Colvin
<email@hidden<mailto:email@hidden>> wrote:
I do think the lock when sleeping and lock after x minutes of activity could be
improved so that they would be more useful to mitigate the risk. A flood of
keychain unlock prompts from aware applications after the keychain locks does
not encourage those controls use.
On 9/28/17 7:55 AM, Dave Schroeder wrote:
You probably didn't see a post for the reasons you said...it's been known for a
while and impacts multiple versions of macOS. This "disclosure" was done (and
timed with High Sierra release) for publicity, and misrepresents the nature of
the threat.
Dave
On Sep 27, 2017, at 5:38 PM, Ron Colvin
<email@hidden<mailto:email@hidden>> wrote:
https://arstechnica.com/information-technology/2017/09/password-theft-0day-imperils-users-of-high-sierra-and-earlier-macos-versions/
I was surprised I had not seen a post.
This is not a "new" vulnerability. Password exports from unlocked keychains has
been a known issue to some for a while. It is mentioned in the CIS Benchmarks
with keychain lock controls.
--
********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA OCIO ITSD Analyst
<email@hidden>
Cell 240-472-1633
NASA Jabber (email@hidden) AIM rcolvin13
NASA Skype (email@hidden)
********************************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA OCIO ITSD Analyst
<email@hidden<mailto:email@hidden>>
Cell 240-472-1633
NASA Jabber (email@hidden<mailto:email@hidden>) AIM rcolvin13
NASA Skype (email@hidden<mailto:email@hidden>)
********************************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden