The good news is that it isn't the full three months since the log file is only kept by default for several weeks. If you updated last week, then it's only one week of password accesses that has been stored. Of course, sometimes that's all it takes. Some users have already noticed this feature in the wild but hadn't yet stumbled across the reason.
Users on the Novell Forums noticed and have been discussing the issue since last week. On the Apple Support Communities forum, at least one user noticed the flaw exactly three months ago, and asked for an explanation. Here's what he wrote:. I've tried it on another Mac as well, same result: The login of a normal network user writes this log line as his homedir gets mounted. This poses a security risk.
Turn Any USB Memory Stick Into An Ultra-Secure, Password Protected Filestore [OS X Tips]
We have some users who are local admins, they could ask another user to login on their Mac and look for the password afterwards. Extration in single user mode would be possible as well. Is this a "speciality" of our environment or is this a known bug? Can I turn this behavior off? This flaw further shows Apple has a quality assurance problem.
PowerPoint 2008 Password Recovery for Mac
When it comes to encryption, it's important to choose a secure algorithm, but implementation is even more important. A simple bug in how the keys are secured, managed, or accessed can lead to a massive unraveling, as we've seen here. Apple needs to fix this issue as soon as possible. Even when a patch is made available, it will be impossible for the company to ensure the log file has been deleted, especially given all the places it may have been backed up.
This means your password could still be out there even after you update, so after you do, make sure to change it. I'd like to thank my colleague Ed Bott for editing and contributing to this report. Update on May 7 : Emery got back to me with a lengthy e-mail. Here is an excerpt of his thoughts:.
In my opinion, it should be impossible to turn such a feature on without patching code, and ideally shipped binaries should not contain even a disabled code path to log passwords in plain text. And considering the consequences for security, there certainly are legitimate questions about whether this was a pure accident by some low level developer that failed to get caught by QA, or a deliberate act by a malefactor "mole" somewhere within Apple - or by far the least likely but also most sinister - a deliberate act a by someone in authority at Apple - perhaps to meet pressure from some government for access to encrypted partitions at national borders?
Certainly there is a well known strategy for finding this sort of stuff - namely to choose a rather unique password string and search for it across the entire raw disk device and if you find it or perhaps certain predictable permutations and encodings of it as well, determine what file it is in using the obvious filesystem maintenance commands that track a disk block back to the file it is part of.
This is weak in that it doesn't catch all cases of leaks reliably but at least might catch a glaring one like this I'd frankly expect it would be automatic to run such tests as part of a regression suite on a major product trusted by millions to be somewhat secure. Anonymous attacks Ukrainian government after Demonoid bust. Wikileaks has been under DDoS attack for the last five days. Demonoid owners under criminal investigation.
Reuters was using old WordPress version when it was hacked. Github tops 40 million developers as Python, data science, machine learning popularity surges. Github, owned by Microsoft, said it had more than 10 million new users, 44 million repositories created and 87 million pull requests in the last 12 months.
How to Password Protect Folder on Mac For Free Without Software
Microsoft Teams gains traction faster than expected, catches Plantronics flat footed. Plantronics outlook for the third quarter and fiscal year is well below expectations. Enterprises are moving from Skype for Business to Microsoft Teams at a rapid clip and the Windows 10 updates: Microsoft kills off Skip Ahead ring for Insiders. Insiders will no longer have the option of jumping into the Skip Ahead ring to see very early Windows 10 builds.
Bug discovered by Google. New Relic beats Q2 estimates. Cornerstone and Five9 reported better-than-expected third quarter results. Red Hat Enterprise Linux 8. The first minor update of RHEL 8. So for instance, lets say I have two passwords, one is password1 and the other password2. If I enter password1 it will show only the folders that that one password protects. If I enter password2 it will only show the folders related to that password and not password1.
Dirty pictures? If they ask for proof just enter your password for the taxes folder. They never have to know that you secretly have a dirty pictures folder… unless they also read this article and put the pieces together. Password protecting an application like Mail for example, will cause a your password to be required before Mail can open.
Espionage 2 has the same level of encryption, and is cheaper, although it is missing the easy to use menu bar icon that Espionage 3 has. I find Disk Utility works perfectly fine to password protect files and folders. It even allows you to send compressed disk images to someone else while still requiring that person to enter the password to open it. If you want to send a PC user a compressed password protected file, you should send them a password protected. Before purchasing their app though, be sure to check over version 2 and version 3.
Both are quite a bit different from each other.
How to password protect a USB drive in OSX Mountain Lion - Your Mac Teacher
Your email address will not be published. Website - optional. Save my name, email, and website in this browser for the next time I comment. Post Archives Contact About. Password Protection using Disk Utility. Disk Utility. Author: Damien. Damien has written post s on AppDucate.