Mac OS X password recoverable from RAM?

Posted Mar 3rd 2008 11:00PM by Cory Bohon
Filed under: OS, Bad Apple

In a recent post over at Ars Technica, they say that Mac OS X users could have their login passwords recovered through physically accessing the RAM. This comes after FileVault was proven to be cracked. The article notes that Mac OS X and certain applications store the user's password in memory, leaving it there after you've logged in. While locally-running apps cannot readily retrieve the password, someone could get access to the contents of RAM after the computer has been rebooted or shut down.

This could be accomplished by physical means and might require the hacker to remove the RAM cover on your Mac and chill the RAM, as suggested by Edward Felten's research team at Princeton. This freezing allows the information to stay on the RAM for longer than the normal 2.5 to 35 seconds -- allowing someone to place it in another computer and read the contents.

In a separate approach to the password-in-RAM vulnerability, CNET witnessed an EFF demo of an attack using a custom NetBoot "EFI memory scraper" to record the RAM contents on reboot and save the data as a file on another machine over the network -- the attackers were able to clearly find the login password in the file. Again, this attack requires physical access to the machine (in order to force the NetBoot via holding down the N key on restart) within a minute or two of shutdown. However, an attacker could conceivably target a machine that was locked or sleeping (with RAM contents 'live'), power it off and back on, and use the NetBoot attack immediately.

While Apple has been made aware of the attack (notified on February 5), no fixes for these issues were reported in the 2/11 security update. According to CNET, an Apple spokesperson said they were aware of the issues and were "working to fix it in an upcoming software update." Until this update comes out, you may want to set a firmware password for your Mac, or wait longer to leave your unattended Mac after a shut down. Alternatively, we have lovely TUAW-branded tin foil hats available for purchase.

[via Ars Technica]

TUAW reader creates TiVo-to-Go to Mac Tutorial

Posted Dec 5th 2006 6:00PM by Erica Sadun
Filed under: Video, Hacks, How-tos, Apple

Over at Zatz Not Funny, faithful TUAW reader Dave has written up a quick-and-dirty TiVo-to-Go to Mac tutorial.

For those who have been following closely, TiVoToGo DRM has been cracked, allowing transfer and decryption of .tivo format files to your Mac or Linux desktop.

The hack depends on identifying and using your personal Media Access Key with the TiVo Decode open source software. Dave gives the essential run-down of the steps you need to take to de-gunk your files.

myTunes brings a GUI to stripping iTMS DRM

Posted Sep 1st 2006 4:00PM by David Chartier
Filed under: Audio, iTS, Software, Hacks

These crazy hackers are moving fast these days, but Engadget has stayed in stride by providing a walk-through of myTunes, a GUI front-end to QTFairUse (sadly, Windows only - for now), that python code they mentioned earlier this week (not to be confused with any other products by the name of 'myTunes').

A big downer for this app, however, is the way it works its DRM-be-gone magic: it can only work on tracks as they're played in real time. Even then, you're left with a file (sans any metadata like ratings or ID3 tags) which needs to be re-constructed into a playable AAC file with a second tool, though that process seems to take mere seconds per track. Engadget recommends letting the stripping process run overnight, so you can get a good 8 hours or so of unshackled music from each batch. Check out their walk-through for more instructions and ideas on how to optimize this process.

myTunes might not be pretty yet, but it sounds like the developer(s) have a polishing roadmap in place, including simplifying this to a one-step process. For now, it still is the only method we know of for setting your iTMS purchases free.

Windows app cracks iTMS v6 DRM

Posted Sep 1st 2006 10:00AM by David Chartier
Filed under: iTS, Hacks

JHymn users might remember that iTunes 6 broke the DRM-stripping tool, and it seems that Apple's done a good job of keeping FairPlay locked down - until someone cooked up QTFairUse6 for Windows. Yes, it's a Windows app, but it can apparently strip purchases from iTMS version 6.0.4 and above of their constraining DRM. QTFairUse6 isn't pretty either - it's a python script that involves some tinkering, but this might be good news to those who believe that if you love something, you should set it free.

[via Engadget]

Apple to iPod nano service providers: Fix cracked screens

Posted Feb 6th 2006 11:30AM by Fabienne Serriere
Filed under: iPod Family

Apple has stepped up to the plate regarding cracked screens on iPod nano's. Here at TUAW Jan reported on the screen cracking issues back in September of last year. If you have a 5G iPod and not a nano, hardware failure such as cracked screens should be covered if you are under warranty. Now it seems Apple will replace the screens free of charge on the iPod nano's on a case by case basis.

This repair coverage should be taken care of at both Apple stores and Apple certified service providers. Let us know if you hear otherwise!

[via Engadget]

Mac News

WWDC (251)

.Mac (60)

Accessories (636)

Airport (75)

Analysis / Opinion (1333)

Apple (1645)

Apple Corporate (559)

Apple Financial (188)

Apple History (45)

Apple Professional (54)

Apple TV (160)

Audio (446)

Bad Apple (118)

Beta Beat (152)

Blogging (84)

Bluetooth (16)

Bugs/Recalls (56)

Cult of Mac (870)

Deals (216)

Desktops (115)

Developer (255)

Education (99)

eMac (10)

Enterprise (138)

Features (400)

Freeware (385)

Gaming (363)

Graphic Design (33)

Hardware (1281)

Holidays (37)

Humor (576)

iBook (65)

iLife (235)

iMac (184)

Internet (327)

Internet Tools (1314)

iTS (968)

iTunes (801)

iWork (22)

Leopard (367)

Mac mini (112)

Mac Pro (53)

MacBook (202)

MacBook Air (79)

Macbook Pro (220)

MobileMe (19)

Multimedia (444)

Odds and ends (1443)

Open Source (279)

OS (912)

Peripherals (209)

Podcasting (182)

Podcasts (90)

Portables (197)

PowerBook (135)

PowerMac G5 (50)

Retail (588)

Retro Mac (48)

Rig of the Week (42)

Rumors (632)

Software (4324)

Software Update (406)

Steve Jobs (252)

Stocking Stuffers (50)

Surveys and Polls (97)

Switchers (112)

The Woz (34)

TUAW Business (238)

Universal Binary (281)

UNIX / BSD (61)

Video (904)

Weekend Review (82)

WIN Business (47)

Wireless (84)

Xserve (39)

iPhone/iPod News

iPhone (1515)

iPod Family (2028)

App Store (27)

SDK (16)

Mac Events

One More Thing (27)

Liveblog (1)

Other Events (226)

Macworld (489)

Mac Learning

AppleScript (3)

Ask TUAW (102)

Blogs (85)

Books (26)

Books and Blogs (62)

Cool tools (443)

Hacks (460)

How-tos (485)

Interviews (44)

Mods (186)

Productivity (588)

Reviews (109)

Security (155)

Terminal Tips (58)

Tips and tricks (565)

Troubleshooting (167)

TUAW Features

iPhone 101 (27)

TUAW Labs (3)

Blast From the Past (17)

TUAW Tips (142)

Flickr Find (36)

Found Footage (82)

Mac 101 (90)

TUAW Interview (31)

Widget Watch (198)

The Daily Best (1)

TUAW Faceoff (4)

RESOURCES

• Send us news tips
• Contact Us
• Advertise
• Corrections?
• Problems?

RSS NEWSFEEDS

• Main RSS Feed
• Feeds by category

Sponsored Links

Advertise on TUAW

Featured Galleries

 

Most Commented On (7 days)

• Why you shouldn't buy the iPhone 3G on Friday (136)
• TUAW Poll: What are you doing with your original iPhone? (93)
• International iPhone pricing guide (77)
• Ask TUAW: rEFIt with Open Firmware passwords, iCal problems, iPod without iTunes, and more (54)
• Apple Store down (46)
• O2 iPhone pre-orders not going well (36)
• Apple details what you need to bring for iPhone purchase (33)
• 5th Avenue Apple Store starts iPhone 3G line (33)
• iPhone 101: Headphone issues (31)
• Finding Jobs 2.0 (31)

Recent Comments

• Ewill on TUAW: iPhone AppStore Testing and Reviews
• Slothrop on iPhone 2.0 firmware goes golden master
• byatchi on Apple To Ship 2.5 Million Macs Thanks to Vista?
• Ewill on TUAW: iPhone AppStore Testing and Reviews
• James on iPhone App News Roundup: July 8, 2008
• Sensate on Mac 101: Browser tab tricks
• bob on OSXMBC becomes Plex
• Taxman on OSXMBC becomes Plex
• William on iPhone App News Roundup: July 8, 2008
• Tomahawk on Mossberg, Pogue, Baig review the iPhone 3G

More Apple Analysis

• AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
• AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
• iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
• Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad

More from AOL Money and Finance

• Stock Screener
• Stock Quotes
• DJIA
• AMT
• Auto Loans
• Banking
• Car Insurance
• Checking Account
• Credit Cards
• Credit Reports
• Debt Management
• Dow Jones Industrial Average
• Earnings
• GOOG
• Health Insurance
• Home Insurance
• Identity Theft
• Income Tax Basics
• Insurance
• Life Insurance
• Loans
• Money
• Mortgages
• Personal Loans
• Recession
• Refinancing
• Retirement
• Savings Account
• Small Business
• Stock Charts
• Stock Ticker
• Taxes
• Tech News

Weblogs, Inc. Network

• Autos
  • Autoblog
  • AutoblogGreen
  • Autoblog Spanish
  • Autoblog Chinese
  • Autoblog Simplified Chinese
• Technology
  • Download Squad
  • Engadget
  • Engadget HD
  • Engadget Mobile
  • Engadget Chinese
  • Engadget Simplified Chinese
  • Engadget Japanese
  • Engadget Spanish
  • Engadget Polska
  • Switched
  • TUAW (Apple)
• Lifestyle
  • AisleDash
  • DIY Life
  • Gadling
  • Green Daily
  • Luxist
  • ParentDish
  • Slashfood
  • Styledash
  • That's Fit
• Gaming
  • Joystiq
  • DS Fanboy
  • Massively
  • Nintendo Wii Fanboy
  • PS3 Fanboy
  • PSP Fanboy
  • WoW Insider
  • Xbox 360 Fanboy
  • Big Download
• Entertainment
  • Cinematical
  • TV Squad
• Finance
  • BloggingBuyouts
  • BloggingStocks
  • WalletPop
• Sports
  • FanHouse Main
  • NFL
  • NBA
  • MLB
  • NCAA Football
  • NCAA Basketball
  • NASCAR
  • NHL
  • Golf
  • Fantasy Football
• Also on AOL
  • African-American Culture
  • Cars
  • Games
  • Maps
  • Money
  • Movies
  • Music
  • News
  • Radio
  • Sports
  • Television
  Travel

More on AOL: Money, Investing, Bonds, Broker Center, Currency, ETF Center, Futures, International Markets, Mutual Fund Center, Stock Charts, Stock Quotes, Stock Screener, Portfolios, Personal Finance, Personal Loans, Finance Calculators, Money Basics, Retirement, Taxes, Market News, Small Business

All contents copyright © 2003-2008, Weblogs, Inc. All rights reserved

The Unofficial Apple Weblog (TUAW) is a member of the Weblogs, Inc. Network. Privacy Policy, Terms of Service, Notify AOL