http://www.informationweek.com/news/security/vulnerabilities/231002943 By Mathew J. Schwartz InformationWeek July 29, 2011 Updated forensic software can steal Apple OS X login passwords in minutes, even when the devices are locked or asleep. To be successful, however, users of the software, Passware Kit Forensic v11, must have physical access to the target Mac device, as well as a FireWire cable connection. At that point, the software can capture the password data from the Mac's memory, even on the latest version of Apple's operating system, Mac OS X Lion. According to Passware, its $995 software kit only takes a few minutes to work. It also functions regardless of password strength, and even if FileVault encryption has been activated. Passware previously implemented the same technique to decrypt Windows hard disks encrypted with BitLocker and TrueCrypt, with software running on a USB key that is plugged into the target machine. Interestingly, the "potential vulnerability"--as Passware described it--in Apple OS X that enables password extraction is in many ways also a documented FireWire feature. "One of the design features of FireWire, and part of what makes it attractive for professional use, is that it allows for [direct memory access], a technology used in modern computers which allows peripherals to bypass the CPU and directly read from and write to memory," said Aryeh Goretsky, a distinguished researcher at ESET, in a blog post. "Because the processor does not have to manage the data transfer, higher data rates, and lower CPU utilization can be ensured, while leaving the CPU available to perform other functions." [...] ___________________________________________________________ Attend Black Hat USA 2011, hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4, offering over 60 training sessions and 9 tracks of Briefings from security industry elite. To sign up visit: http://www.blackhat.comReceived on Mon Aug 01 2011 - 02:50:21 PDT
This archive was generated by hypermail 2.2.0 : Mon Aug 01 2011 - 02:53:30 PDT