Tag: Security

Posted on

macOS High Sierra “root” User is Enabled by Default with Blank Password

Apple will be issuing Software Update to disable “root” user which is inadvertently enabled by default with blank password in macOS High Sierra.

To disable “root” user, follow the instruction from Apple or the instruction below:

Disable the root user
Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).

Click the Lock, then enter an administrator name and password.
Click Login Options.
Click Join (or Edit).
Click Open Directory Utility.
Click the Lock in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility: Choose Edit > Disable Root

In previous incarnations of macOS/OS X/Mac OS X, “root” user is disabled by default.

Note:
Anyone with physical access to your Mac potentially can reset your password.

Posted on

Root Access Vulnerability in macOS High Sierra

As reported by Juli Clover for MacRumors and numerous other sites:

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.

We verified that on macOS High Sierra 10.13.1, “root” user is enabled by default with blank password. For comparison, OS X El Capitan has “root” user disabled by default.

UPDATE:
We verified that previous versions of macOS/OS X/Mac OS X have “root” user disabled by default.

This is similar to the enabled-by-default-with-blank-password “administrator” accounts in Windows XP.

By having “root” user disabled by default, potentially a remote attacker can compromise Macs running macOS High Sierra.

Having said all that, anyone with physical access and the right knowledge can reset local user password.

Posted on

iOS 11.1 beta 3: Passcode is Now Required to Trust a Computer

UPDATE: This feature also shows up in iOS 11.0.3

New security feature in iOS 11.1 beta 3:

Passcode, if enabled, is now required to trust a computer.

I don’t remember seeing this message on the phone before other than the usual “Do you want to trust this computer” message.

It is a good security measure to have this on. I know a lot of people who don’t want to be bothered with entering the passcode every time they need to unlock the iPhone; they also think Touch ID is hassle.

 

Posted on

WPA2 Wi-Fi Vulnerability

This just in.

From BleepingComputer:

Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.

The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.

Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack.

Yikes!

Also from BleepingComputer:

List of Firmware & Driver Updates for KRACK WPA2 Vulnerability

Posted on

Dreamhost is under DDoS Attack

Dreamhost-under-DDoS-20170824.png

NOTE:
Earlier, we were unable to published the post here because at its current incarnation, 37prime is hosted by Dreamhost. We posted one at our WordPress.com-hosted blog.

From @Dreamhost:

“Our engineers have identified the cause of the DNS degradation as a Distributed Denial of Service (DDoS) attack. dreamhoststatus.com

Dreamhost is currently in the news as the Department of Justice “demands that DreamHost hand over 1.3 million visitor IP addresses” for a site hosted by the company.

Wordfence chimed in:

The DDoS appears to be unrelated to the DoJ request above. It looks like it may be an Anonymous attack targeting the Dreamhost DNS to try to take a white supremacist website called ‘punishedstormer dot com’ offline. The website came online today and is hosted at Dreamhost.

We will closely follow this news.

Posted on

Security Alert: Handbrake Download Mirror was Compromised

HandBrake

From Handbrake.fr:

SECURITY WARNING

Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it.

Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.”

If you have Handbrake installed on your Macs, you should check if it is compromised by this Trojan.

Also:

“Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores.”

YIKES!

Posted on

Pump-and-Dump Scammer is still at it.

Pump-and-Dump-Spam.jpg

Within the last 150 minutes, our spam filter caught more than 40 Pump-and-Dump email spam; the same ones from April 11, 2017.

Pump-and-Dump email spam typically comes in waves with randomly generated sender names. It is really easy to spot as it promises the potential collaborating-victim a quick scheme to make money. Based on our statistics, the scammer sends the email spam with two different subject lines and contents each day. If you happened to receive this kind of email spam, you would see multiple emails from different senders with the same exact subject line and content. They are really easy to spot.

You can help fighting the spammer by using services such as SpamCop.net.