/2017/11/high_sierra_root_login_two_weeks_ago

Comments

anonymous:
ALAS!
11:31 pm — Wednesday, 29 November 2017
Ero:
> One explanation is that logging in with the username “root” and a blank password is so bizarre that it’s the sort of thing no one would think to try.

But it should be in automated tests.
12:05 am — Thursday, 30 November 2017
Mac Pro Is Dead:
> On Nov 23, the staff members informed Apple about it.

Uhh.... all the "responsible disclosure" people are looking pretty bad right now for their hot takes.
2:18 am — Thursday, 30 November 2017
Mac Pro Is Dead:
> So the exploit was floating around, under the radar, for weeks at least, but it seems as though no widespread harm came of it.

Seriously Gruber? WOW at the Apple apologism. You have NO IDEA what widespread harm came of this because the hacker groups and nation states exploiting the bug would not have posted about it publicly.
2:25 am — Thursday, 30 November 2017
ass:
Yeah, nice conclusion there Grubs. If I ran HS I would be reformatting and reinstalling immediately.
2:23 pm — Thursday, 30 November 2017
@ass:
Unless your Mac isn’t physically accessible to others, in which case that’s a patently stupid goddamn thing to do.
3:32 pm — Thursday, 30 November 2017
ass:
https://twitter.com/patrickwardle/status/935639234437935105/video/1

If certain sharing services enabled on target - this attack appears to work remote.
4:07 pm — Thursday, 30 November 2017
Leave a Comment
To leave a comment, install the Safari extension!