Tuesday, September 11, 2012

New software breaks a bunch of keys in Mac OS X

Software tool allows potential hackers Mac OS easily steal a set of keys and passwords

A new software tool allows potential hackers Mac OS easily steal a set of keys and passwords, logging in, and provide restricted applications administrator level access. The software was created Keychaindump Finnish programmer Yuuuso Salonen, who became the author of earlier software firewall Radio Silence for Mac OS X.

A bunch of keys in Mac OS X is a password management system that was created in order to store and get quick access to user login and password of various services. Initially a set of keys with a high degree of protection of internal information. "Passwords are encrypted in a bundle multiple ways. Some of these keys by encrypting a doll - one key encrypts the other" - says Salonen.

"The master key opens the first layer of encryption and further access to the relevant keys are in the chain, while the entire cascade of decryption is done by an encryption function PBKDF2", - says the Finnish developer.

The program uses a sophisticated technique Salonen recognition, which scans the computer's memory for location of its ongoing securyd, control operations associated with a bunch of keys. In Keychaindump not use any vulnerabilities in Mac OS X or process securityd, but instead use a feature of the approach Apple - automatically decrypt custom keychain when they are in their accounts, and stores them in memory for the fastest access.
According to independent experts, the algorithm of Apple is not necessarily bad, because it has built-in additional protection, for example prompts you to enter an additional password to access the bond, but in the end, it is also susceptible to cracking, in addition, if the program is run under Administrator account, it can get even more privileged.

"My program does not use any security vulnerabilities, since the beginning, it requires root-access to the system, and they know most of the administrators, root-access - it is a lot," - says Salonen.

Finnish developer himself says that he hopes to use his legal program to test security systems. At the same time, he said that the program is open-source and deliberate abuse are not perfect.

1 comment:

  1. Wow, it is really nice. I am glad that you have published the information regarding antivirus and security software. The post really gave us the safety software for our windows which will help in keeping data safe.
    Safety Software