How To: Protect Yourself from macOS High Sierra's Glaring Empty-Password Security Flaw

How To: Protect Yourself from macOS High Sierra's Glaring Empty-Password Security Flaw
There's a new macOS vulnerability that hackers within physical reach of your computer can use to gain root access to your system and accounts. Just by using "root" as the username and a blank password on a privilege escalation prompt, someone can install malware on your computer, access hidden files, reset your passwords, and more. Root access gives them the ability to do anything they want.Right now, this only appears to affect Mac users running macOS High Sierra 10.13.1.

How to See if Your System in VulnerableTo test if your system could be hacked, go to the "Users & Groups" section in "System Preferences," and click on the lock icon at the bottom of the pane to make changes. Remove your username and replace it with "root" instead. Next, click inside the password box, then hit the "Unlock" button.You may have to hit "Unlock" a few times to get it to unlock, but it will eventually work unless you manually set a root password on your Mac, which you likely didn't. This is just one example, but any security prompt asking for a username and password can be bypassed in this way, including on the login screen.

How to Protect Yourself from This Local HackTo protect yourself from this huge security flaw (CVE-2017-13872), install the Security Update 2017-001 from Apple immediately, which was issued on Wednesday, Nov. 29. Just open up the Mac App Store app, go to the "Updates" tab, then hit "Update" next to the security update. Apple states that "a logic error existed in the validation of credentials" in their description of the update's content.If you need root user access yourself, you'll have to re-enable and select a new password from the Directory Utility in System Preferences. Previously, before Apple released the patch, the only way to protect yourself (besides enabling the root user manually) was to make sure you were logged in as administrator and open up the Terminal app, which could be found in the "Utilities" folder in "Applications" or through a Spotlight search for it. Once there, you would do the following.Type sudo passwd -u root and hit enter. Enter your current admin password and hit enter. Enter a new password for root and hit enter. Re-enter the root password to confirm and hit enter. After using the trick above, if you try to use the "root" and blank password to gain root access on a privilege escalation prompt, it won't work, and you'll need to enter your new root password in. After updating with Apple's patch, it won't work either, but you also won't have a root password. If you used the Terminal trick or created a root password manually, make sure to remember your new root password or keep it in a password manager you can access from other devices. If you should lose it, it will be a difficult process to reset it should you need to.Follow Gadget Hacks on Facebook, Twitter, Google+, YouTube, and Instagram Follow WonderHowTo on Facebook, Twitter, Pinterest, and Google+
Cover photo, screenshots, and GIFs by Justin Meyers/Gadget Hacks



Ubuntu Full Circle Magazine - Issue Index. Tables of contents for Full Circle Magazine issues 0-145. The magazine is available in both PDF & epub formats.
DistroWatch.com: Put the fun back into computing. Use Linux, BSD.


Reason #2: Wakelocks. If a degrading battery isn't your issue, you're probably dealing with wakelocks.These are services used by apps to prevent your device from sleeping so that they can post notifications and sync data in the background, but the downside is that wakelocks are a huge battery drain.
How to prolong the battery life of your galaxy s3 - AndroidFact
androidfact.com/galaxy-s3-battery-life/
How to prolong the battery life of your galaxy s3 . To get make the most out of the battery on your Galaxy s3 there are a few things that you can do. Some of these things are easy to implement and some can make your cell phone run slower. I will walk you through the different things that you can do and witch you should not do.
How to Tell if Your Samsung Battery Is Bad in - Gadget Hacks

How to Make an umbrella parabolic microphone « Hacks, Mods


A brand new Android 4.4.4 KitKat firmware has been rolled out for the Galaxy Note 4 International variant. Check the instructions listed in this post in order to learn how to successfully install
How to Get the New KitKat-Style - Samsung Galaxy Note 3


How To: Jailbreak the iPhone 3G 2.1 firmware with QuickPwn How To: Get the best backgrounds for iPod Touch or iPhone without jailbreaking How To: Put ringtones on your iPhone 3g How To: Install iTheme to get themes on your iPhone or iPod touch without jailbreaking
How To Set Ringtone On any iphone without jailbreak easy


Common Fix: Reset iOS 11 Settings. If disabling Siri and Search Suggestions or re-syncing the contacts didn't work to fix the Spotlight issue, you should reset the settings of your device. Don't
5 Solutions for iPhone Contacts Disappeared (iOS 12 Supported)


watch face screen look great on a wrist, but it also happens to look fantastic on the Mac too, here is how to get the it

This video demonstrates how to set a voicemail number on any Android phone. If you found it helpful, we would be appreciative of a like (thumbs up) If you want to see more subscribe: http
How to Set up Google Voice on iOS or Android Smartphones


How To: Play 'Final Fantasy Awakening' on Your iPhone Before Its Official Release How To: Play 'WWE Tap Mania' on Your iPhone or Android Before It's Officially Released How To: Play Tencent's 'Strike of Kings' on Your iPhone Now Before It Makes Its Way Stateside
FINAL FANTASY AWAKENING: Now Available in the US


Star Wars game turns your phone into a LIGHTSABER: Google site lets you battle Stormtroopers with a wave of your gadget. Lightsaber Escape was built in Chrome but works on all desktop browsers
Turn Your Phone Into a Lightsaber With Google Chrome's


How to Take Screenshots on an Android. This wikiHow teaches you how to take a snapshot of your Android's on-screen content. You can do this on any Android phone by pressing a combination of hardware buttons, though some Samsung Galaxy phones have slightly different hardware options than their counterparts.
How to Record the Screen on an Android Device | Digital Trends

How to Automate Proper Source Citation Using the APA, MLA, or


A new app on the Play Store — Nexus 5 Real Volume Booster — does exactly that and allows Nexus 5 owners to increase the speaker as well as the headphone volume output of the device. Sadly, the app requires root access to work properly. Read the steps below to find out how you can use the app to improve the volume output of your Nexus 5
How to Boost the Volume of Your Nexus 7 - Laptop Mag


super MARIO HTML5. Arrow/WASD keys move Shift to fire/sprint P/M to pause/mute
Super Mario Bros 3 - Play Game Online - Arcade Spot

0 comments:

Post a Comment