Apple wants to make OS X El Capitan and iOS 9 less susceptible to attackers, so it’s introducing a new two-factor authentication system to both operating systems. The new authentication system will be available in the public betas for both operating systems.
There’s been some decent content added here over the last couple of days. Thom on vacation again?
Yeah, David is posting so much cool stuff. Especially the last few days.
Apple’s email servers are up and running all ready to say how awesome it’ll be to try the beta… but the actual web page itself is so swamped you’re not going to be getting in for a while. Kind of sloppy.
I would much rather have something like Google Authenticator. I use the App for both my Office 365 / Microsoft account, and my main google account.
It is based on a shared secret, and doesn’t require some intervention on anyone’s part.
In El Capitan, root is no longer root, rather power user.
To have real UNIX root, it needs to be changed with Mac OS X booted in safe mode.
I have heard many things about this, but nothing official. Do you have a source for this “root is only root when booted in safe mode”?
Detailed info. http://apple.stackexchange.com/questions/193368/what-is-the-rootles…
Security and Your Apps, WWDC 2015
https://developer.apple.com/videos/wwdc/2015/?id=706
Thanks very much for the link to the video. I didn’t make the link between “Safe Mode” (which I associate with the old Windows F8) and “Recovery Mode” (basically a read-only OS that runs as the “Installer” user in both OsX and Windows.
So there is no way to temporarily run as “real root”, only a setting that is set from Recovery, stored in NVRAM and applied in all installations on that machine (if you have multiboots)
A very interesting idea that will surely be turned of by many developers and will protect some users against deeply integrated persistent malware.
But when will a mechanism be developed that prevents the really important things (the users files) instead of the easily replacable things (the system files)?
Oh, we’ve had that for years. It’s called a brain. Unfortunately, most users turn it off.
It already exists, and is called sandbox.
On Mac OS X Store / iOS, Android, Windows Phone/Store applications can only see what the user gives them, not the whole $HOME.
But it still requires people to think, of course.
Sandboxing and especially using your brain is surely part of the solution, but most people would much rather have their entire system broken/hacked than their email/facebook/pictures deleted. Systems can be repaired within an hour or so. Personal files…hopefully you have a good backup
Kind of like TrustedSolaris?(or whatever that modification was, that effectively had no root account)
Might be, I never used it.
Next step: Crysis.