Another Panther Security hole?
(Sorry if this is old news, but I didn't find any previous posts on this)
Firewire Target-mode overrides the bloody login password...
I got my new PB"12 today and had no problems getting access to the files on the PB from my Cube, despite the fact that I had set the PB to prompt for a password at login. No problem the other way either (Mac OS 10.3.1 on both).
So, if a thief, your boss or anybody who like to see your files get physical access to your Mac you're toast. All they need is another mac and a firewire-cable (A Panther-CD should do fine too, but if I'm not mistaken, the Open Firmware Password app will take care it).
I've known for a long time that if somebody get physical access to your Mac the barriers to entry takes a serious hit, but this is laughable easy!
After this, the question of enabling Filevault or not on my new PB is purely academic.
Firewire Target-mode overrides the bloody login password...
I got my new PB"12 today and had no problems getting access to the files on the PB from my Cube, despite the fact that I had set the PB to prompt for a password at login. No problem the other way either (Mac OS 10.3.1 on both).
So, if a thief, your boss or anybody who like to see your files get physical access to your Mac you're toast. All they need is another mac and a firewire-cable (A Panther-CD should do fine too, but if I'm not mistaken, the Open Firmware Password app will take care it).
I've known for a long time that if somebody get physical access to your Mac the barriers to entry takes a serious hit, but this is laughable easy!
After this, the question of enabling Filevault or not on my new PB is purely academic.
Comments
Originally posted by whee
If someone has physical access to a system, expect them to also have full access to the contents on the hard drive. This is independent of operating system. Encrypt things you don't want to get out, or keep your computer locked down.
I guess you're right. It's probably just me overreacting. Taking my mac on the road, for the first time ever, makes for a lot of "if"s...
FireWire Target Mode overrides any file level permissions on the hard drive. Most folks would consider this a feature when they really really need those files...
And yes, this is precisely why FileVault was created. If you don't want to play with that yet, you can always set up a Disk Image using Disk Utility and make it encrypted. Store your critical files in there.
Originally posted by Kickaha
...And yes, this is precisely why FileVault was created. If you don't want to play with that yet, you can always set up a Disk Image using Disk Utility and make it encrypted. Store your critical files in there.
Thanks, great advice. And yes, I'm still kind of uneasy about using Filevault.
i think that this link should solve the security issue -
http://docs.info.apple.com/article.html?artnum=120095
you have to download an installer and run it, after which you cant boot up your mac from an external drive or cd, or enter boot up in verbose or safe mode etc.
hope that this solves your problem
lee
edit - sorry i see now that you are talking about booting another mac from the powerbook (and your already aware of the open firmware password)... does seem like a big security flaw!!
Originally posted by pb_lee
you guys all know that you can set an open firmware password to restrict which drive can be used as the startup disk!?
i think that this link should solve the security issue -
http://docs.info.apple.com/article.html?artnum=120095
you have to download an installer and run it, after which you cant boot up your mac from an external drive or cd, or enter boot up in verbose or safe mode etc.
hope that this solves your problem
lee
edit - sorry i see now that you are talking about booting another mac from the powerbook (and your already aware of the open firmware password)... does seem like a big security flaw!!
No, my bad. I didn't have open firmware password installed when I tried to transfer files and programs to my new PB. But I do now...
Also, there is a way to override it (which I'm not going to post here due to the millions of school children who will try to override it on their school's Macs), and any technologically savvy thief would be able to.
Barto
why are the open firmware passwords a bad idea?
i havnt heard much about this feature previously, but now u have me worried!
is it only a bad idea if you forget your password? or are there other reasons that make these open firmware passwords a bad idea??
ive given the open firmware the same password as my admin password so i doubt that ill forget it!
thanks,
Lee
If you lose you password, most users have to take a trip to the Apple Store / Independent Reseller. If a third party requires access to the computer (eg an Apple Store upgrading your computer), you have to distribute the password. In other words, it can be a huge inconvenience.
But what does it give you in return? Not much. Anyone technically skilled enough to boot into single user mode or from a FireWire hard drive a do some damage will be able to disable the password. Like Kickacha has said, if you want to protect your data, you need to use encryption.
Barto