Apple’s faith-based security system, which was supposed to suddenly become brilliant when Lion was released, has a basic programming error which gives hackers control of passwords.
According to CNET the problem is that Apple decided to store passwords in shadow files which requires you to tap in your user password if you want to see or change anything. This is a good thing.
But the new Lion OS has a loophole that lets any user see all the passwords. While they can’t see the shadow files they can change the passwords, which is a little daft.
For some reason Lion forgets to ask for authentication when someone changes a password. Hacking a Mac is as easy as typing “$ dscl localhost -passwd /Search/Users/bob” into Terminal, the Mac command line program. You can then put your own password in and control the machine.
Apple fanboys will no doubt tell us that you need to gain access to the computer to do that and every Mac user’s desk is surrounded by barbed wire, a couple of pit bulls with rubber bands tied around their testicles and regular patrols by armed guards.
Apple users never leave their computer alone for a second so Lion’s security is far superior to anything from Microsoft.
It is a problem for those who have shared or public computers. Also it is further proof that under no circumstances should you ever stick a Mac on a corporate network.
Fortunately for Mac users, it would take a lot of effort to break into your house, change your password to gain access to your hard drive only to find your Coldplay collection.