Wednesday, August 26, 2009

Mac passwords

TIP FOR: Mac OSX Tiger (10.4.x) and earlier

This tip is a bit on the technical side, but it is a glaring hole in the security of Macs. Basically, it is this: any user on your system can determine the administrator's password with a bit of knowhow. It has improved with Tiger and seems to be completely fixed with Leopard, but it is still possible. There is an excellent article about cracking Mac passwords here.

If however, you just want to plug the hole and fix this, here are the instructions:

Open Terminal.

Type this in:

sudo chmod 700 /usr/bin/nidump

Enter the administrator password when prompted.

This does not do anything in Leopard as Apple has removed nidump alltogether.

No comments:

Post a Comment