Shortcuts

Passware Kit v11 Snatches OSX Passwords In Minutes

rated by 0 users
This post has 4 Replies | 1 Follower

Top 10 Contributor
Posts 24,878
Points 1,116,680
Joined: Sep 2007
ForumsAdministrator
News Posted: Thu, Jul 28 2011 6:45 PM

Whether true or not, Apple’s Mac OSX is typically perceived as being more secure than Windows. But according to Passware, Inc., a leading maker of password recovery and e-Discovery software for Federal and State agencies, law enforcement, and military organizations, among many other corporate clients, OSX has its fair share of vulnerabilities too. In fact, according to Passware, a recent vulnerability found in OSX—including the latest “Lion” release—allows the company’s Passware Kit to ascertain even complex passwords in a matter of minutes.

The tool exploits a vulnerability in the OS when a system with Automatic Login enabled is put into sleep mode. Although precise details of the exploit aren’t explained, apparently passwords are stored in memory when a system is put to sleep, and by using a Mac’s Firewire port, which has Direct Memory Access, the target system’s memory image—passwords and all—can be grabbed when the system goes to sleep. Once the memory image has been copied, Passware’s tools can then scan it and extract the passwords.

Although this exploit may sound somewhat severe, there is an easy way to protect affected OSX-based systems. Simply disabling the Automatic Login feature and shutting the system down eliminates the security risk, because the passwords will no longer be stored in system memory and therefore cannot be extracted using Passware’s tools.


Passware Kit For Windows Shown. Image Source: Passware, Inc.

This latest news out of Passware centers around OSX, but it’s important to note that the company has numerous tools to extract or rest passwords for virtually every major OS and a myriad of popular applications, designed for both personal and enterprise use. The full title of the news release mentions Windows and Linux in fact and claims, “Passware Kit v11 Recovers Mac User Login Passwords in Minutes and Cracks Windows/Linux Hash Passwords”.

Even for the non-tech savvy user, just looking at Passware’s arsenal should tell you that where there’s a will, there’s a way. If someone with the means and the know how to snatch your data wants it, there’s usually a way to get it.

  • | Post Points: 65
Not Ranked
Posts 20
Points 205
Joined: Apr 2011
Location: 000.000.000.1

.

  • | Post Points: 5
Top 50 Contributor
Posts 2,864
Points 29,610
Joined: Mar 2011
Location: United States, Connecticut

Not surprising at all I can reset a (local) windows password in a matter of minutes with many different utilities. I have also used utilities to reset Apple passwords but what is really interesting with this one is that it actually recovers the password.

  • | Post Points: 5
Top 50 Contributor
Posts 3,236
Points 37,910
Joined: Mar 2010
AKwyn replied on Fri, Jul 29 2011 9:52 AM

Well the good news is that if they want to use this for malicious purposes then they're going to have to steal a Mac from some person in a coffee shop.

Otherwise this seems like a good way for people to recover their passwords. $39 seems like a good deal for a program like this to legitimately recover your passwords in case you forgot them for some reason.

 

"The future starts with you; now start posting more!"

  • | Post Points: 5
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sat, Jul 30 2011 12:12 PM

I would not spend money on this.

My prediction: Now that it's public, Apple will have a patch that fixes it inside of two weeks.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS