http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/ By Dan Goodin in San Francisco The Register 26th August 2011 Apple's latest version of Mac OS X is creating serious security risks for businesses that use it to interact with a popular form of centralized networks. People logging in to Macs running OS X 10.7, aka Lion, can access restricted resources using any password they want when the machines use a popular technology known as LDAP for authentication. Short for Lightweight Directory Access Protocol, LDAP servers frequently contain repositories of highly sensitive enterprise data, making them a goldmine to attackers trying to burrow their way in to sensitive networks. “As pen testers, one of the first things we do is attack the LDAP server,” Rob Graham, CEO of auditing firm Errata Security, said. “Once we own an LDAP server we own everything. I can walk up to any laptop (in an organization) and log into it.” The LDAP breakdowns in Lion aren't well understood because Apple still hasn't admitted there's any problem. But according to threads here and here, it affects Macs running Lion that use LDAP to authenticate users to different desktop machines. After the initial login, Lion users can log in with any password. Apple's latest operating system, which was released last month, blindly accepts whatever pass code it's given. [...] _____________________________________________________________ Register now for the #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Mon Aug 29 2011 - 02:26:52 PDT
This archive was generated by hypermail 2.2.0 : Mon Aug 29 2011 - 02:27:36 PDT