A nasty bug was found in macOS 10.13 High Sierra — it was possible to cause the root account to become enabled, and to do so with a blank password.
To trigger this bug all you had to do was go into the control panel, click the padlock to un-lock the sensitive settings, change the username to root, enter no password, then hit enter. At this point the authentication would fail, but, the root account would have been made active. Hit enter again, and root with a blank password will be accepted as valid. At this point you can do anything in the control panel, no matter how restricted your account is in theory, and, anything you can get full terminal access as root.
We WILL have episodes of the NosillaCast (and live shows) on both Christmas and New Years day (unlike those other slacker podcasters). Check out last week’s episode of Chit Chat Across the Pond with Chris Ashley from the SMR Podcast (fun with Windows!). I’m one of the new rotating co-hosts for Eye Chart Radio with Mike LaPlante. Bart comes on for just a few minutes to chat about the ginormous Yahoo breach of 1 BILLION accounts is even worse than it sounds. He explains why it was so absurdly bad that Yahoo was hashing passwords with MD5. Terry Austin sends in a review of Nomorobo for the iPhone. Shelly Brisbin does a dramatic reading of her poem, “I Did Not Buy the MacBook Pro”. I’ll tell you about a way to achieve simultaneous onsite and offsite backups using the new Amazon Duet drive from Seagate.
Last week the company Smile announced big changes to their software TextExpander that were not well received by their customer base. Smile co-founder, Greg Scown, was my guest on Chit Chat Across the Pond to talk about it. Before he came on the show, I decided to send him my outline of what I would be asking. In that email I explained that I was planning on being hard on him, and challenging their new direction. I told him that while I respected him and his company, I had serious problems with their decisions. After reading my email, Greg still agreed to come on the show.
When we finished recording, as hard as I was on him, he actually thanked me for having him on the podcast. After the podcast aired, I got a lot of kudos for not going easy on him. The sentiments against their decisions were nearly unanimous. Out of probably 50 comments on the blog, Facebook, G+ and Twitter, only two people who responded were in support of Smile’s decisions. Continue reading “Why Smile is a Great Company”