What H1-B with an IQ of 350 OK'd *this* one?
Who needs Chinese hackers?
Navigation: use the links below to view more comments.
first 1-20, 21 next last
To: Swordmaker
2 posted on
11/28/2017 3:00:01 PM PST by
grey_whiskers
(The opinions are solely those of the author and are subject to change without notice.)
To: grey_whiskers
Awesome - I just downloaded this update last week, but didn’t have enough time to remove some stuff I was working on, so I didn’t have room to install it. Now I have a good reason to wait.
3 posted on
11/28/2017 3:03:43 PM PST by
reed13k
To: grey_whiskers
To: grey_whiskers
5 posted on
11/28/2017 3:20:08 PM PST by
CopperTop
(Outside the wire it's just us chickens. Dig?)
To: grey_whiskers
But the Apple fan bois on FR told us that Apple is perfect.
6 posted on
11/28/2017 3:27:50 PM PST by
PAR35
To: grey_whiskers
I’ve had this update for awhile now.
I remember there was another update to it immediately following the original and I suspect that second one fixed this.
I just tried it on my machine. Went to preferences, security and tried unlocking the padlock with “root”. It would not let it enter. Using my username and password would.
7 posted on
11/28/2017 3:28:33 PM PST by
lgjhn23
(It's easy to be liberal when you're dumber than a box of rocks.)
To: grey_whiskers
Wow... Good thing this wasn’t Microsoft that did it or that would be bad news. Apple fanboys will just consider it a nice feature and thank apple for the easy root.
On a serious note how the hell does this happen? Buffer overruns I understand but just typing root gives you root??? This is serious bad coding, quality review, security design, and leadership.
8 posted on
11/28/2017 3:28:57 PM PST by
for-q-clinton
(If at first you don't succeed keep on sucking until you do succeed)
To: grey_whiskers
I haven’t kept track. Has Apple abolished root and required all users with root privileges to sudo? That’s what they did in Ubuntu, although by sudo’ing to the shell executable you could still get a rootshell.
To: grey_whiskers
I’m running 10.13.1 and this bug doesn’t seem to affect me. Perhaps it only affects certain models? In any event Apple should sort it out soon. Agree this is something that never should have gotten out the door.
11 posted on
11/28/2017 3:49:56 PM PST by
AustinBill
(consequence is what makes our choices real)
To: grey_whiskers
What happens if you type in poop?
To: grey_whiskers
This has to be fake news. I am sure someone will be along shortly to wave their hands and tell you it is all just an illusion of old and out of date info.
To: grey_whiskers; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; Action-America; acoulterfan; ..
MAJOR OOPS in MacOS HIGH SIERRA, if an Administrator skips a step in creating a ROOT USER and fails to create the Root User password, which should NOT BE POSSIBLE. . . but in MacOXS 10.13.1 High Sierra it somehow was allowed to do so, . . the Root User can be created as "ROOT" or "root", without a password, just as any standard user can be created without a password, allowing anyone to log in with Root User permissions, by just typing in "root" at a user prompt! NOT GOOD. However, if the password IS input, it is secure. It DOES have to be done by an Administrator level user. The flaw is not REQUIRING a password before ROOT is enabled. Apple will push out a fix for this fast. . . It's a hard flaw to notice. . . but someone did. PING!
Apple macOS 10.13.1
ROOT USER
PASSWORD CREATION
VULNERABILITY
Ping!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
16 posted on
11/28/2017 5:09:02 PM PST by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: grey_whiskers
This is a stupid oversight. What it essentially is, is that it has always been an ability of an Administrator User to create a ROOT USER but it should not allow that event to occur without also requiring the input of a password before enabling the Root capabilities.
Creation of normal users can occur without passwords, but this one should NOT ever be allowed without a password and in the past it has been required for this. Apparently, someone was working on this and disabled to forced PW and it did not get re-enabled in the release. The good news is that it requires an Administrator level user to create a Root user, and also physical access to the computer.
It’s an easy fix, and Apple will be pushing out an update that will address it very quickly by returning the password requirement.
17 posted on
11/28/2017 5:19:10 PM PST by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: grey_whiskers
Stuff like this is why I never upgrade to the newest version of macOS has been out for at least a year.
26 posted on
11/28/2017 6:39:18 PM PST by
TheStickman
(#MAGA all day every day!)
To: All
Apparently there is more to this problem than just allowing Root with no password. Root is enabled by default in the latest macOS High Sierra. That is a huge departure from previous macOS and OSX versions where it was always disabled by default.
Here is how to protect yourself against YOU or anyone exploiting this vulnerability. It is as simple as disabling the Root user.
- Log into your Mac as an Administrator
- Open System Preferences
- Select Users and Groups
- Unlock the pane by Clicking on the Padlock Icon and entering the Admin User Name and Password
- Click on Log in Options
- Click "Join" Network Account Server:
- Click on Open Directory Utility
- Unlock this pane by Clicking on the Padlock Icon and entering the Admin User Name and Password
- Under the Directory Utility Menu Bar, select Edit then click and release on Disable Root User
- Lock the Padlock Icon on the pane
- Close the Utility Directory pane window by clicking on the Red Dot
- Lock the Users & Groups Preference pane
- Close the Users & Groups Preference pane by clicking on the Red Dot.
Once you have done this, the Root User Abilities are closed down and have to be re-activated by repeating the above procedure and clicking on the drop down menu to ENABLE ROOT USER. . . and ADD a password.
27 posted on
11/28/2017 7:12:13 PM PST by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: grey_whiskers; dayglored; ctdonath2
So, after doing some digging, the problem is NOT that the code allows creation of root abilities without a password, but that the ROOT USER is ALREADY enabled with no password under the name ROOT or root. . . and was installed on all macOS 10.13.1 installs.
It's not a problem with the root creation but with the update install being left with a root user still active without a password!
DUMB, DUMBER, and DUMBEST!
Industrial Strength STUPID by someone who just did not look! And some idiot who forgot to DISABLE THE F'ING ACCOUNT in the Gold Master!!!!
Not to mention those in QA, as dayglored pointed out, who just did not notice when they went in and enabled their own ROOT ACCOUNTS that it was already enabled!
30 posted on
11/28/2017 7:32:16 PM PST by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: grey_whiskers
Thank God I’m still on El Capitan.
51 posted on
11/28/2017 8:44:03 PM PST by
dfwgator
To: grey_whiskers
Podesta was helping them with security.
74 posted on
11/29/2017 7:46:52 AM PST by
dila813
(Voting for Trump to Punish Trumpets!Goo)
77 posted on
11/29/2017 8:51:26 AM PST by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
To: grey_whiskers
"it appears that anyone can log in just by putting root in the user name field."
Close, but no cigar...
84 posted on
11/29/2017 3:46:32 PM PST by
PLMerite
("They say that we were Cold Warriors. Yes, and a bloody good show, too." - Robert Conquest)
Navigation: use the links below to view more comments.
first 1-20, 21 next last
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson