password

Q&A: MacFixIt Answers

MacFixIt Answers is a feature in which I answer Mac-related questions e-mailed in by our readers.

This week, readers wrote in with questions about managing custom services in OS X, RAM prices for MacBook systems falling dramatically over the past year, and resetting a forgotten administrator password without admin access and without an OS X installer or recovery disc. I welcome views from readers, so if you have any suggestions or alternative approaches to these problems, please post them in the comments!

Question: Managing custom services in OS X MacFixIt reader Francis asks:

I have followed the guidance in this [ … Read more

Edit PDFs with PDFill PDF Editor

PDF files are easier to read than their Microsoft Word counterparts. However, in order to make changes to them, you need to have a rather pricy program such as Adobe Acrobat. PDFill PDF Editor is a great substitute. You can edit your PDFs the same as you would edit your Word documents. It gives you so many options that you might be overwhelmed.

PDFill PDF Editor smartly tries to mimic Microsoft Word with its layout. Sadly, it doesn't replicate Microsoft Word's ease of use. There are about 100 or more icons that all do different things. While this … Read more

Apple's iCloud lock for Macs is not very secure

One feature in Apple's iCloud service for OS X is its lock option, which allows you to remotely set a PIN for your Mac through iCloud's Find My iPhone service, and require that it be entered to boot the system.

This lock is similar to a firmware password for securing Mac systems. Not only does it prevent booting to alternative boot modes such as Safe Mode or Single User Mode, but it prevents loading in special hardware modes like Target Disk and Internet Recovery so the hard disk cannot be wiped or otherwise accessed.

Unlike the firmware password, … Read more

No password is safe from this new 25-GPU computer cluster

Your really, really strong password just became a little bit easier to break.

Jeremi Gosney, founder and CEO of Stricture Consulting Group, a company that handles password-cracking, has unveiled a computer cluster boasting 25 AMD Radeon graphics cards. The cluster's horsepower allows it to make 350 billion password guesses per second against the NT Lan Manager (NTLM) security protocol Microsoft has used in Windows Server since 2003.

Ars Technica was first to report on the cluster.

Speaking to Ars in an e-mailed statement, Gosney said that his company's technology "can attack hashes approximately four times faster" … Read more

Skype fixes e-mail security flaw

Skype has resolved a nasty e-mail and password security bug and reinstated its password reset page.

Revealed by Skype earlier today, the vulnerability allowed someone to create a Skype account using the same e-mail address as that of the intended victim. That person was then able to reset the password for all accounts associated with that address, thereby locking out the account owner from Skype.

As a precaution, Skype earlier today took down its password reset page to prevent hackers from taking advantage of the flaw. But the company managed to resolve the security hole not long after announcing it, … Read more

Skype disables password resets due to e-mail security flaw

Update, 10:25 a.m. PT: Skype has since resolved the security issue and reinstated the password reset page.

Skype is investigating a security problem that allows someone to take over a user's account by resetting the account password.

The VoIP service provider best known for video calls confirmed in its blog today that it has taken down its password reset page as it probes the issue:

We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the … Read more

Twitter resets passwords of 'compromised' accounts

Is it a bird? Is it a plane? No, it's a password reset message from Twitter, and you should probably do what it says.

An unknown number of Twitter users have received a genuine e-mail from the company warning they should change their password as soon as possible. 

But a Twitter spokesperson told CNET that the e-mail was sent to a wider group of users than intended.

In the e-mail, the microblogging company noted: "Twitter believes that your account may have been compromised by a Web site or service not associated with Twitter. We've reset your … Read more

EFI firmware protection locks down newer Macs

With Apple's firmware password feature on Mac systems you can lock down the options to select an alternative startup disk, boot to Safe or Single User modes, reset the PRAM, and otherwise start the system in ways that can bypass the security features of OS X.

However, as a security measure the firmware password has been met with some criticism because it could easily be bypassed by someone who has physical access to the system. In earlier Intel-based Macs the firmware password was stored in the PRAM of the system, and was simply read by the system's EFI … Read more

The safe way to 'write down' your passwords

Following my post earlier this month on "Ten simple, common-sense security tips," reader John B. asked whether it was safe to store his passwords in a Word DOC file and then copy and paste them into sign-in screens to thwart keystroke loggers. John just has to remember to type in one password: the one he uses to encrypt and password-protect his Word password document.

Of course, John's passwords are vulnerable to clipboard loggers that capture the contents of the clipboard just as key loggers grab your keystrokes. That's why John has to add extra characters to … Read more