[LRUG] [OT?] Security advice, Prey and catching burglars... 'The Ruby Way'

Mark Woods mwoods at online.ie
Fri Mar 30 06:51:36 PDT 2012


> One of the iMacs didn't have a firmware password and was running Snow
> Leopard so they booted it up in single user mode as described here...
> http://www.hackmac.org/hacks/how-to-create-a-new-administrator-account/
> ... and created a new admin account. Had they wanted to, (fortunately the
> were too busy watching terrible Slovakian rap music) they could have reset
> the password on the other admin account(?) and would then have access to the
> Keychain,

Are you sure this works? As far as I know, and I've only recently
returned to the mac cult so I may well be wrong, the login keychain
password and the account password are not actually one and the same.
My understanding is that they are kept in sync if you change the
account password while logged in to the account, but changing the
account password via some other means does not change the keychain
password. If I've got this wrong, um, I'll need to spend some time
reviewing the security of the data on my macbook.

> We'd also just put all our very sensitive data
> in https://agilebits.com/knox and stored the Knox vault on dropbox.

Does knox use the login keychain to control access to the encrypted
data? (I don't use knox, but my understanding, which again may be
wrong, is that it's basically a nice wrapper around an encrypted
sparsebundle).

Mark



More information about the Chat mailing list