Lost+Found: password readers, passcode stories, vulnerability prevention, trojan tales

The Lost+Found eye test - can you spot where the passcode is? Too short for news, too good to lose; Lost+Found is a roundup of useful security news. This time: a new tool spits out Mac OS X passwords, mother "cracks" iPhone, Microsoft gives careless programmers a slap on the wrist, researchers break out of VM and sandbox profiles, and a well-known security expert publishes tall tales.

• Root users are above it all, and that applies equally on Mac OS X. If a root user wants to access a specific file, there's usually a way to do so. The open source keychaindump tool reads plaintext keychain passwords of logged-in users directly from memory.

• Thomas Roth recounts a nice little story about how his mother apparently "hacked" the passcode for his iPhone – by simply looking on the back and entering the number 0682 which was printed next to the CE mark. His mother's eyes must be a lot better than ours.

• There are functions, such as strcpy, that do exactly what they're supposed to – but which should nonetheless be avoided, as they offer hackers an attack surface for buffer overflows. On its Security Blog, Microsoft has posted a reminder about its banned.h header file, which displays error messages when a developer uses one of these "banned" functions.

• In a blog post, security specialist Vupen details a reliable exploit for a Xen vulnerability discovered in June and takes the opportunity to discuss the background behind the attack.

• Researchers have discerned vulnerabilities in the sandbox profiles in SUSE and Ubuntu. Both distributions deploy AppArmor, a path-based Mandatory Access Control (MAC) system, but include profiles which leave much room for improvement.

• In addition to administrator books such as Windows Sysinternals Administrator's Reference, security expert and Sysinternals tools author Mark Russinovich also wrote a cyber thriller entitled Zero Day. He has now once again combined technical expertise and fiction in his new novel called Trojan Horse.

• Cryptohaze has made rainbow tables for 8 character MD5 and NTLM hashes (US charset) available to download via BitTorrent. The tables weigh in at about 1.5TB.

(crve)