How to Manage Filevault vulnerability to protect your login passwords

People who upgraded their account from snow Leopard to OS X Lion 10.7.3 and promted for Legacy setting in Filevault, must be worried when they heard about the security vulnerability, which lead to dump their login credentials in a plain text log file.

While the vulnerability may have affected a certain group of people who still use the legacy encryption scheme, there are several things that can be done about it.

Following some common steps, you can avoid your login password being exposed in a log file as a simple plain text.

The older FileVault technology in OS X encrypted a user's home folder and left the rest of the system unencrypted, but in the Lion version of the operating system, Apple replaced FileVault with a full-disk encryption option dubbed "FileVault 2." However, for compatibility Apple still supports the legacy FileVault that was enabled on upgraded accounts, though any new enabling of FileVault will require the use of FileVault 2.

There are several things you can do to work around this bug:

 

1. Check for Filevault functionality on your computer

• In you account go to the "security & Privacy" system preferences.
• When you do this, a warning stating "You're using an old version of FileVault" will appear if your account is using the legacy FileVault technology.
• Additionally, you can go to the Macintosh HD > Users directory and see if any home directories for accounts other than your own look like disk image files (as opposed to folders).
• This will let you know which accounts on the system are using the legacy FileVault technology.

 

2. Update or Turn off Filevault

* You can upgrade your outdated Filevault and use the latest version to ensure the security. Apple's new FileVailt scheme is not affected by any bug. Filevault2 is also more stable and secure than original Filevault.

You can enable FileVault 2 on the system with the legacy FileVault enabled for specific user accounts; however, this will not provide full protection from this bug. While enabling FileVault 2 will prevent access to the logged passwords from external sources (such as booting the system to Target Disk mode or removing the hard drive), it will not prevent another admin user on the system from accessing the system logs and reading the password.

* If any accounts are using legacy Filevault, then you can disable it. To do this

• log in with the account and access the Security system preferences
• click on the option to disable FileVault.

 

3. Change your password

Updating or disabling the legacy filevault is not enough, you need to change your password for your computer as soon as possible if you are affected by the bug.

Additionally you must clear your system log to make sure there are no more any "log file" containing your password in plain text.

To do this, open the Terminal utility (in the /Applications/Utilities/ folder) and run the following two commands:

sudo rm -rf /var/log/*

sudo rm -rf /Library/Logs/*

This approach will clear out all the logs in the system, which in some cases might not be desired. Therefore, you can more specifically remove instances of the "secure.log" file that contain the passwords by running the following commands instead:

sudo rm -rf /var/log/secure.log

sudo rm -rf /var/log/secure.log.*

Removing system log is completely optional, but if you are using the same password for other personal accounts, then it is a good practice to follow all the steps mentioned above.

Apple should have released a security patch by now - but it is interesting to know that they are still standing behind the lines. Let's hope they address this issue promptly with a security update that both closes the security hole and secure the entire management.