Root Security Flaw Allows Anyone To Become Root In Mac OS High Sierra

I can confirm the new root security flaw would affect the Apple’s MacBook Pro 2016 model because I’m using one at the moment.  I can also confirm this same flaw would also work on my older MacBook Pro (Mid 2010 model).  Basically, as of how other people have mentioned, this flaw would work regardlessly the MacBook laptop model you’re using as long you had upgraded your MacBook machine to Mac OS High Sierra.  As of now, the flaw is also affecting the latest version of Mac SO High Sierra (10.13.1).  How would the flaw work?  Read on…

I assume this flaw would work still even you have turned on FileVault.  Basically, as long your Mac allow anybody to enter the username as root at the login screen or any login prompt (except in terminal), he/she could just hit enter once or twice without using any password and the root login would be successful.  If you’re new to Mac and Linux, let’s just say that root is the super account that can do just about anything on Mac and Linux machines.  Root can change all users’ passwords.  In fact, root can even erase the entire machine’s storage and destroy the whole operating system with just one command which is [rm -rf /].

I tested the flaw out as how I’d seen on YouTube, and it worked marvelously.  Basically, I was already logged into the machine, and so I went to System Preferences > Users & Groups > clicked the lock icon at the bottom left > entered root at the username prompt > hit “enter key” twice and became root right after.  From here I could change any user’s password or delete any user and group.  In fact, any login prompt would allow me to become root and execute the available super account’s features.

To fix this problem, as seen on YouTube, I opened up the terminal > typed in the command [sudo su] > entered root password (hit enter key without password won’t work in terminal) > typed in command [passwd] > entered same root password or new one (doesn’t matter as long you type in a password you could remember) > exit the terminal entirely by typed [exit] couple times in the terminal > shutdown the terminal by quitting the terminal from the dock.  After this, I tried the root flaw and it wouldn’t work on the graphical user interface such as in the System Preferences.  Thus, I think the fix is real.

Here is one secret I would let you guys in.  Actually, this flaw isn’t a flaw.  Apple has always been easy in regarding in allowing people to physically reset a user password.  In fact, you can also reset a root password of your Mac for as long as Mac has been in the existence, because in the video right after the break I’d talked about how to reset an administrator password in Mac OS X Lion without remembering the root password or using a recovery disk.  By the way, Mac OS X Lion is way back then.  I think Mac OS X Lion was released in 2011.

Since 2011-2012, I haven’t tested the trick I talked about in the video, and so I’m very rusty now.  I’m not even sure the same trick would work exactly the same way as how I had walked you through in the video for newer machines and newer Mac OS iterations.  Regardless, I think even now there should be some similar tricks for you to reset an administrator/root password on any Mac OS as long you got a physical access to the machine.  Maybe FileVault would be able to stop and block the trick I’d shown you in the video from working successfully, but I’m not sure if this is even the case since I haven’t tested this very trick out when I got FileVault running.  So, I think the best security is still all about keeping your machine in a locked cage when you’re not around it.  Keeping a physical machine away from unwanted intruders/hackers would be the best way to stop easy hacks.  Regardless, sometimes remote hacks could also be as easy as the root flaw I’d mentioned in this post.

Advertisements

Try To Use rsync To Complete scp Failed Job

Here is a little trick/tip for nerds who manage websites with a server which allows tools such as SSH and Rsync.  Basically, let’s say you were doing scp command such as …

[scp -r -Cpv example@example.com:/home/example/public_html/* ~/Download/backup/example.com/public_html/]

but your Internet connection got disconnected and stopped the scp command from completing the process of copying files from remote server to local server.  If you don’t have a lot of files to copy, then you should be able to use the same scp command to copy the same files again until everything got copied from remote server to local server.  What if you got huge amount of files (i.e., in tens of Gigabytes) to copy down from remote server to local server?  The disconnection of the Internet during scp process is a devastation in this situation, because the scp command would restart the copying of existing files that already downloaded to your local server.  This would be a waste of time.

No sweat.  I got a solution for you.  Try to use rsync command to sync remote files to local files instead.  This would mean existing files will be skipped, and rsync would only download new files from remote server to local server.  Of course you can reverse the direction of file copying too such as from local server to remote server using rsync.  Nonetheless, the command right after this paragraph shows you how to stop wasting time and continuing the copying of files from remote server to local server in the case scp got interrupted.

[rsync -avzhe ssh example@example.com:/home/example/public_html/* ~/Download/backup/example.com/public_html]

This rsync command I’d mentioned above uses the e parameter to append the ssh command so rsync can be done through SSH for secure file copying.  Basically, the e parameter specifies a remote shell to be used.  By the way, the other parameters are -a (equivalent to -rlptgoD – meaning preserving more files attributes than just using -r), -v (verbose printout), -z (compress files during transfer for faster file transfer), and -h (output numbers in human readable format).  By using rsync this way, you can now continuing the process of copying files from remote server to local server when scp failed to complete the job the first time around.

You Can Still Upgrade To Windows 10 For Free Unless You Watch This Video Too Late

Microsoft stopped allowing people to upgrade to Windows 10 for free the regular way, and so you either have to purchase Windows 10 from Microsoft and online web stores such as Amazon or you can try the method in this video to get Windows 10.  In the video, I reveal how you can upgrade your Windows 10 from Windows 8.1 for free.  I’m not sure you can do this with Windows 8 or 7, but you can give it a try.  I know for sure this method will work with Windows 8.1 though.  Anyhow, check out how to upgrade to Windows 10 for free in the video right after the break.  Enjoy!

Unity Adam Demonstration Short Film Shows Amazing Real Time Graphics Rendering By Unity Game Engine

Unity, the latest Unity’s game engine iteration perhaps or I could be wrong, shows how powerful it is to be able to render super high quality graphics in real time, and the result can be seen in the a short film right after the break.  Unity is a game engine, and the personal edition is freely available for downloading.  You have to pay if you want the professional edition.

XSLT Basics For Transforming One Specific XML Structure To Another XML Structure

I was messing around with R (i.e., a free program that can organize and transform data), and I told R to transform the data into CSV format.  I converted this CSV format file into XML file using one of those CSV to XML free tools on the Internet.  The problem is that the XML file I got from the whole process contains structure in which is radically different from the XML structure that I need to use with a software.  Luckily, XSLT comes to the rescue.  With XSLT, I discover that it’s possible to transform one XML structure to another XML structure.  The problem is that I have no knowledge of how to use XSLT just yet.  Once again, YouTube is a treasure trove of free information, and the YouTube video right after the break introduces me to XSLT basics.  Of course, I may have to do more study and research on XSLT before I would know how to properly transform one XML structure to another XML structure.