Declan McCullagh reports at News.com that....
Apple has confirmed a security glitch that, in many situations, will let someone with physical access to a Macintosh computer gain access to the password of the active user account.
The vulnerability arises out of a programming error that stores the account password in the computer's memory long after it's needed, meaning it can be retrieved and used to log into the computer and impersonate the user.
"This is a real problem and it needs to be fixed," said Jacob Appelbaum, a San Francisco-area programmer who discovered the vulnerability and reported it to Apple. He said he disagreed with the company's response: "They won't put it in the latest security update or release a security update just for this issue."
Appelbaum is one of the team of researchers who published a "cold boot" paper last week describing unrelated vulnerabilities in encrypted filesystems, including Apple's FileVault, Windows Vista's BitLocker, and a number of open-source ones.
Image: "Rebooting the target MacBook in a studio at CNET on Second Street in San Francisco. From left to right: Paul, Schoen, Appelbaum, and [Declan McCullagh].
Update: All of the technical details are here on bugtraq.
Ryan Alden, a 39 year-old professional sack of filth/security technician, was charged with 28 felonies after getting caught by the cops doing some incredibly invasive, heinous shit. From Gizmodo: Nichols Hills Police Chief Steven Cox told News9 that one of the homeowners had called a heat and air company to come and take a look […]
Two years ago, the EU Aviation Safety Agency warned that some Airbus 350s required a hard reboot every 149 hours to be safe to fly; two years later, most of the affected planes are still being rebooted to cope with the bug.
Women wearing seatbelts are 73% more likely to be killed or seriously injured in a car crash than men in seatbelts, and while it's not entirely certain why this is, it's a pretty good bet that sampling bias in crash-testing is to blame.
There’s no shortage of stories about the benefits of cannabidiol, that benign (and non-psychoactive) cousin of THC. Some have been using it for years to deal with pain, stress, and sleeplessness. And the more people use it, the more discussion there is about how to use it. While there’s no shortage of quality edibles on […]
Are we done with capsule coffee makers yet? Sure, they’re easy. But they are not so easy on the environment, and it’s debatable whether they actually make a better cup. Luckily, there’s never been a better time to switch back to the good old reliable drip method – especially when drip coffeemakers have quietly been […]
If there’s one thing that stayed consistent through the last decade or so of tech industry turmoil, it’s the love affair between techies and Linux. There’s just a ton you can do with the OS, and its open-source format means you can customize your rig from the ground up. Apparently not content with that level […]