Help & FAQs    Search BCF    Members    Groups    Events Calendar
Resend my activation email : Register : Log in 
BCF: Bike Chat Forums


MAC OS High Sierra hack

 Reply to topic
Bike Chat Forums Index -> The Geek Zone
View previous topic : View next topic  
Author Message

mentalboy
World Chat Champion



Joined: 05 May 2012
Karma :
PostPosted: 00:48 - 29 Nov 2017    Post subject: MAC OS High Sierra hack Reply with quote
Whoops! Laughing

https://www.wired.com/story/macos-high-sierra-hack-root/
____________________
Make mine a Corona.
 Back to top
View user's profile Send private message Send e-mail You must be logged in to rate posts

Going
Nearly there...



Joined: 26 Feb 2012
Karma :
PostPosted: 02:14 - 29 Nov 2017    Post subject: Reply with quote
That doesn't seem like much of a bug. That could happen to any Unix/Like system if you don't add a password to Root.
What should happen though, is once the OS is installed, a password should added for Root or to be turn off.

Quote:
researchers confirm—that it's possible to block the attack by either setting a password for the root user, or disabling root access altogether


Linux does this by default and I think Windows does something along these lines.
 Back to top
View user's profile Send private message You must be logged in to rate posts

UnknownStuntm...
World Chat Champion



Joined: 13 Sep 2007
Karma :
PostPosted: 09:44 - 29 Nov 2017    Post subject: Reply with quote
Going wrote:
That doesn't seem like much of a bug. That could happen to any Unix/Like system if you don't add a password to Root.
What should happen though, is once the OS is installed, a password should added for Root or to be turn off.


IIRC the root account was removed as part of the install process for HS.

I see it as a bug in the gooeey bad password timer.

It's a massive howler though, huge.
 Back to top
View user's profile Send private message You must be logged in to rate posts

ScaredyCat
World Chat Champion



Joined: 19 May 2012
Karma :
PostPosted: 10:21 - 29 Nov 2017    Post subject: Reply with quote
Only appears to happen on new/clean installs not upgrades.

It's also inaccurate that "Security researchers" did anything it's been on the apple dev forums for over a week.
https://forums.developer.apple.com/thread/79235

https://www.dropbox.com/s/rlndfpkts2miskp/fukinappl.jpg?raw=1
____________________
Honda CBF125 ➝ NC700X
Honda CBF125 ↳ Speed Triple
 Back to top
View user's profile Send private message You must be logged in to rate posts

UnknownStuntm...
World Chat Champion



Joined: 13 Sep 2007
Karma :
PostPosted: 10:55 - 29 Nov 2017    Post subject: Reply with quote
ScaredyCat wrote:
Only appears to happen on new/clean installs not upgrades.
Nope, I upgraded from previous version, and I could do what el Reg suggested I might be able to do.
 Back to top
View user's profile Send private message You must be logged in to rate posts

Rogerborg
nimbA



Joined: 26 Oct 2010
Karma :
PostPosted: 12:45 - 29 Nov 2017    Post subject: Reply with quote
Going wrote:
That could happen to any Unix/Like system if you don't add a password to Root.

Sure, that's why GNU/Hippy OSen come:

1) Without charge.
and
2) With a SHOUTY DISCLAIMER OF WARRANTY.

What's Apple'$ excu$e?

I just pointed this out to a colleague with a Mac who scoffed at the idea. He wasn't scoffing long. I particularly like how you type "root" once and Computer Says No, then you just do it again and it gives up and lets you in. Clapping

Huh, I haven't lulled so hard since DEC put a button on the back of their workstations that rebooted straight into SU mode.
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike
 Back to top
View user's profile Send private message You must be logged in to rate posts

M.C
Super Spammer



Joined: 29 Sep 2015
Karma :
PostPosted: 14:15 - 29 Nov 2017    Post subject: Reply with quote
It does not affect Sierra or other previous macOS versions. - another reason why I don't rush to update my stuff.
 Back to top
View user's profile Send private message You must be logged in to rate posts

Rogerborg
nimbA



Joined: 26 Oct 2010
Karma :
PostPosted: 14:56 - 29 Nov 2017    Post subject: Reply with quote
We're wildly speculating that the first attempt actually creates a passwordless root account, then the 2nd lets you in. This is fun.
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike
 Back to top
View user's profile Send private message You must be logged in to rate posts

Going
Nearly there...



Joined: 26 Feb 2012
Karma :
PostPosted: 18:08 - 29 Nov 2017    Post subject: Reply with quote
UnknownStuntman wrote:

IIRC the root account was removed as part of the install process for HS.


Really, Then let them burn Twisted Evil Twisted Evil Twisted Evil

Well I suppose disabling the root account is a good idea for most users.
 Back to top
View user's profile Send private message You must be logged in to rate posts

CaNsA
Super Spammer



Joined: 02 Jan 2008
Karma :
PostPosted: 08:41 - 30 Nov 2017    Post subject: Reply with quote
https://i.imgur.com/Mm9e3PT.png
 Back to top
View user's profile Send private message You must be logged in to rate posts

t121anf
World Chat Champion



Joined: 23 Feb 2007
Karma :
PostPosted: 10:06 - 30 Nov 2017    Post subject: Reply with quote
I can't replicate this on my mac, I don't recall setting a root password.

Checked software updates, last update was Nov 7.

meh.
 Back to top
View user's profile Send private message You must be logged in to rate posts

RhynoCZ
Super Spammer



Joined: 09 Mar 2012
Karma :
PostPosted: 10:28 - 30 Nov 2017    Post subject: Reply with quote
So this superior software company, that has the most advanced OS and all that, ... Thinking

Going wrote:
Well I suppose disabling the root account is a good idea for most users.

Do you actually expect a Mac user do anything beyond facebook, iTunes and whatever movie app there is? Tut Tut
____________________
'87 Honda XBR 500, '96 Kawasaki ZX7R P1, '90 Honda CB-1, '88 Kawasaki GPz550, MZ 150 ETZ
'95 Mercedes-Benz w202 C200 CGI, '98 Mercedes-Benz w210 E200 Kompressor
 Back to top
View user's profile Send private message You must be logged in to rate posts

Rogerborg
nimbA



Joined: 26 Oct 2010
Karma :
PostPosted: 13:08 - 30 Nov 2017    Post subject: Reply with quote
RhynoCZ wrote:
Going wrote:
Well I suppose disabling the root account is a good idea for most users.

Do you actually expect a Mac user do anything beyond facebook, iTunes and whatever movie app there is? Tut Tut

I assume that it means that it was a good idea for Apple to remove the root account on most users' behalf.

Which it would have been if they hadn't monged this up so spectacularly. All joking aside, the chain of people culpable for letting this into the wild must never, ever be allowed to work with anything more complicated than a deep fat fryer.
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike
 Back to top
View user's profile Send private message You must be logged in to rate posts

M.C
Super Spammer



Joined: 29 Sep 2015
Karma :
PostPosted: 17:45 - 30 Nov 2017    Post subject: Reply with quote
RhynoCZ wrote:
So this superior software company, that has the most advanced OS and all that, ... Thinking

It runs a million times better on my PC (which it was never designed to) than Windows 10 Wink Not a fanboy, just saying.
 Back to top
View user's profile Send private message You must be logged in to rate posts
Old Thread Alert!

The last post was made 6 years, 140 days ago. Instead of replying here, would creating a new thread be more useful?
  Display posts from previous:   
This page may contain affiliate links, which means we may earn a small commission if a visitor clicks through and makes a purchase. By clicking on an affiliate link, you accept that third-party cookies will be set.

Post new topic   Reply to topic    Bike Chat Forums Index -> The Geek Zone All times are GMT + 1 Hour
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Read the Terms of Use! - Powered by phpBB © phpBB Group
 
Debug Mode: ON - Server: birks (www) - Page Generation Time: 0.07 Sec - Server Load: 1.09 - MySQL Queries: 17 - Page Size: 86.04 Kb