Apple Security Threat

Friday, November 07, 2008

A recent occurrence has made me think twice about Apple’s Target Disk Mode boot option. Indeed it can be a very convenient feature, but like most conveniences this one is riddled with security threats. What is most bothersome, though, is how few people realize the problems it poses — not to mention the simplicity of a solution that Apple does not provide...at least not by default.

For those of you not up to speed, most of Apple’s computers allow themselves to be temporarily turned into an external hard drive simply by pressing the corresponding hot key (‘T’) during boot up. If the computer supports this option (most do) it will enter what is called Target Disk Mode (TDM) and allow itself to become a mass storage device and be connected to another computer via an IEEE 1394 interface (aka FireWire, i.LINK, Lynx…whatever).

Yes, this feature is convenient for transferring large amounts of data or if you need a quick makeshift external hard drive (assuming you have a male-male Firewire cable). Unfortunately, the feature also inherently bypasses the OS from ever being started on your computer allowing others access to all sorts of files that you assumed were secure by the OS’s login.

How It Works

When you press the power button on your computer the first thing to come to life is the firmware (a very low level program that lives in the hardware) and it decides what happens next — whether to boot into the installed OS, boot from a CD, boot from a network drive, etc. The decision is based on multiple factors, one of which is to check for certain hot keys on the keyboard.

The Problem

The problem with this convenience is that anyone with a finger has the ability to transform your computer into a large external drive. Yeah, including that person that just walked away with your laptop while you were getting another soy latte at Star Bucks.

Some would argue that if I’m this concerned with the security of my files, that I should enable FileVault in order to encrypt every file on my hard drive. Yeah? Well, I don’t think I should have to enable something that will have incredible amounts of overhead just because a back door exists that can completely circumvent the OS’s login prompt.

Solution (but not really)

Firmware Password Utility Application The solution is simple: eliminate the hot keys from influencing the firmware’s decision. Welding a steel plate on top of your keyboard would work I guess, but that’s not very convenient. A better idea would be to tell the firmware to not check the hot keys.

Currently, there is no way to disable these hot keys, but it turns out there is a way to password protect the firmware with some extra software. But after reading Apple documentation that states that the firmware password can be circumvented (quite easily), and that it could in fact be hazardous to your system, and that it is temperamental, I disabled it on my machine and don’t recommend it. Way to fuck us over, Apple:

“WARNING: Open Firmware settings are critical. Take great care when modifying these settings and when creating a secure Open Firmware password.”

“An Open Firmware password provides some protection, but it can be reset if a user has physical access to the machine and changes the physical memory configuration of the machine.”

“Open Firmware password protection can be bypassed if the user changes the physical memory configuration of the machine and then resets the PRAM three times (by holding down Command, Option, P, and R keys during system startup).”

The Rant

First of all, I think that the extra Firmware Password Utility (not included in a default installation…but available from the software installation disc (/Applications/Utilities/) and online) should not be necessary. I think there should be a simple check box in the System Preferences that enables/disables whether or not the keyboard is “heard” by the firmware.

I also think that the hot keys should be disabled by default. Apple is all about an ‘out of the box, ready to go’ mentality so I suspect they leave the feature enabled by default because that makes it more convenient for their users to make use of the TDM functionality. We’ve seen this same behavior before, but I think the security threat outweighs the convenience factor. Tisk, tisk Apple.

Labels: annoying, apple inc., convenience, design, irritations, security

Things That Grind My Gears

Friday, August 08, 2008

I must be a very optimistic person because I tend to handle my irritations rather well. I began keeping a list of scenarios that genuinely bother me, but as I compiled the list I noticed that the pet peeves didn’t bother me as much any more. Or rather, I began to see humor in the situation so I was able to laugh my way out of potential letdowns the next time that they happened.

The purpose of sharing the following scenarios is to hopefully allow you to see the ridiculous nature of the circumstances, and maybe the next time they happen to you, you’ll be able to laugh at the situation rather than let it affect you negatively. I tried to filter out common ones such as “stubbing my toe” or “biting my lip” so they should be fairly distinct yet common enough that you’ll be able to relate:

When a cereal flake deflects the milk onto the counter while pouring.
Inhaling too much air before the hot liquid that you’re cautiously trying to sip gets to your lips and having to breath out and start over.
Liquid that accumulates in the cap threads of a juice (or water) bottle so the next time you open it, just enough leaks to drip down your chin as you drink.
Having to back-track through diagonally parked cars.
Paper toilet seat covers ripping in the wrong place when getting them ready for use.
After parking your car, you try to turn just the engine off because you want to finish what is currently playing on the radio, but you accidentally turn off all the electronics and it takes forever to get the radio back on.
Trying to pick up a piece of paper that you don’t want to ruin off of concrete.
When cell phones situate themselves sideways in your front pocket.
Powdered chocolate or sugar spilling onto the counter on its way from the container to your mug.
Elevators that have too much of a delay between their initial slow down to when they actually stop and open the doors.
Arriving in the back of a long line and having no one else add to the length of it the whole time that you’re there.
Applauding after an airplane landing.
Hangers that…
- bow in the middle when used with heavy pants,
- snag shirts when you try to slide them off,
- swivel at the hook (because it aids its snagging with other hangers).
Water dripping down your long-sleeve shirt while washing the dishes.
Applications that steal focus while you’re typing in another one.
Seeing that someone missed a belt loop.
Faucets that are too close to the edge of the sink making it difficult to wash your hands without constantly hitting the far-end of the porcelain.
Not receiving any calls throughout the entire day and then receiving several at the same time.
Luggage tipping over while trying to roll it down the street.
Trying to avoid people when walking through a crowded concourse.
Water melon seeds on the floor. Good luck picking them up!
Curled up phone cords beyond repair.

If you got a kick out of some of the irritations above, you might be interested in the movie High Strung. It’s a bit slow, but has some good moments. Jim Carey makes a little appearance as well.

Labels: annoying, irritations, optimistic, pessimistic, pet peeves