apfs   405

« earlier    

Objective-See: From the Top to the Bottom
› tracking down the cause of CVE-2017-7149, from the UI level
In this blog, we'll take a detailed look a nasty bug (CVE-2017-7149) at affected High Sierra (macOS 10.13). Discovered by Matheus Mariano, this vulnerability could afford local attackers access to the contents of encrypted APFS volumes!
While Apple has patched this bug, and diff'ing the patch revealed the exact nature of the flaw (see Daniel Martín's tweet and great writeup), here, we'll take a different route to (re)illustrate the underlying issue.
Though our findings will mirror Daniel's, this blog post will instead start at the user interface (UI) level of the vulnerable app, then dig down, reversing various components and frameworks until we finally uncover the bug.
This method doesn't require a patch to diff and is a good practical reversing walk-thru!
Background
A few weeks ago Matheus Mariano tweeted: "If you create an Encrypted APFS container and install the new macOS, your password will be stored as plain text in your password hint."
diagnostics  bug  macOS  10.13  passwords  encryption  security  privacy  APFS 
8 days ago by rgl7194
Acquisition Forecast | Acquisition Planning Forecast System
APFS Number
F2017038784 NAICS Code
541611 Component
Transportation Security Administration Sub-component
None
Contract Vehicle
DWAC/PACTS II Dollar Range
$2,000,000 to $5,000,000 Small Business Program
SDVOSB Contract Status
Recompetition
Incumbent
Information Technology Coalition, Inc. Contract Number
HSCG2312DATB011 / HSTS0413JCT8009 Contract Complete
June 10, 2023
Estimated Release
March 15, 2018 Anticipated Award Quarter
Q3 2018
POC Name
FRANK ADERTON POC Phone
5712271690 POC Email
Frank.Aderton@tsa.dhs.gov
Description
To assist the OSC budget and finance staff within the various programs and the support organizations with business planning, budget presentation, and budget analysis and execution. In addition, the Contractors will prepare integrated OSC budget documents by gathering and consolidating programmatic documents from the budget and finance staff within the various programs and support organizations within OSC. Acquisition Strategy: TBD
APFS  TSA 
23 days ago by dan.p.taylor
Acquisition Forecast | Acquisition Planning Forecast System
APFS Number
F2017040553 NAICS Code
541611 Component
United States Coast Guard Sub-component
Headquarters Command
Contract Vehicle
DWAC/OASIS Dollar Range
$5,000,000 to $10,000,000 Small Business Program
8(a) Contract Status
Recompetition
Incumbent
JRC Integrated Systems, Inc Contract Number
HSCG-23-13-D-PMF005 Contract Complete
March 31, 2019
Estimated Release
Jan. 10, 2018 Anticipated Award Quarter
Q2 2018
POC Name
Franchesca Kammerer POC Phone
202-475-3033 POC Email
franchesca.f.kammerer@uscg.mil
Description
Program support for the USCG Office of International Acquisition Programs (CG-922). CG-922 manages all Foreign Military Sales (FMS) projects and Excess Defense Article transfers for the USCG. This support will cover all aspects of the FMS/EDA processes and will include CONUS and OCONUS travel. **ANC Direct Award**
USCG  FMS  APFS 
4 weeks ago by dan.p.taylor
Acquisition Forecast | Acquisition Planning Forecast System
APFS Number
F2017038905 NAICS Code
541990 Component
United States Coast Guard Sub-component
Headquarters Command
Contract Vehicle
DWAC/OASIS Dollar Range
$500,000 to $1,000,000 Small Business Program
None Contract Status
New Requirement
Estimated Release
Oct. 16, 2017 Anticipated Award Quarter
Q2 2018
POC Name
David Berger POC Phone
860 271-2872 POC Email
David.J.Berger@uscg.mil
Description
Intelligence, Surveillance and Reconnaissance (ISR) Enterprise Data Network Study and Analysis: This requirement is to conduct a DHS Science and Technology and US Coast Guard Intelligence, Surveillance and Reconnaissance (ISR) Enterprise Data Network Study and Analysis. The outcome of this work will be a completed Capability Analysis Report, Mission Needs Statement, and Concept of Operations.
APFS  USCG 
6 weeks ago by dan.p.taylor
Shirt Pocket Watch - Snapshot Surprise!
I've gone from "hoo boy, will SuperDuper still work the same with APFS" to "oh man, this is way better." Time machine-like backups with history image restore, plus your bootable clone drive can boot to multiple historical snapshots... awesome.
superduper  filesystem  mac  clone  apfs 
6 weeks ago by ttscoff
APFS for Windows by Paragon Software
If you work on Windows computer and want to read APFS-formatted HDD, SSD or flash drive, you need APFS for Windows by Paragon Software.
tool  apfs  compatibility  filesystem  windows  crossplatform  utility 
6 weeks ago by ferdinandfuchs
Shirt Pocket Watch - Snapshot Surprise!
via: @siracusa: "This allows Time Machine-like date-based restorations from bootable APFS backup drives.”
(https://twitter.com/siracusa/status/939312766002876416)
superduper  apfs  2017  backup 
6 weeks ago by handcoding
How to upgrade a drive with High Sierra and APFS | Macworld
What if you want to swap in a higher-capacity drive in the new version of macOS?
osx  apfs 
7 weeks ago by twleung
How to Downgrade from macOS High Sierra | Other World Computing Blog
Upgrading to a new OS can have unexpected consequences that may end up with you wishing you never updated to begin with.
restore  sierra  apfs  reference  timemachine  highsierra  diskutility  1012  howto  downgrade  1013 
7 weeks ago by ferdinandfuchs
Acquisition Forecast | Acquisition Planning Forecast System
APFS Number
F2017040300 NAICS Code
541511 Component
DHS HQ Sub-component
U.S. Citizenship & Immigration Services
Contract Vehicle
DWAC/EAGLE II Dollar Range
$20,000,000 to $50,000,000 Small Business Program
None Contract Status
New Requirement
Estimated Release
April 1, 2018 Anticipated Award Quarter
Q4 2018
POC Name
Scott Purnell-Saunders POC Phone
(202) 272-1974 POC Email
scott.e.purnell-saunders@uscis.dhs.gov
Description
USCIS has a requirement to procure Agile development and maintenance capability to sustain IT systems for the agency’s Risk and Fraud Portfolio. The contractors will supply Agile development teams to participate in IT maintenance efforts for sustaining previously developed systems and applications using Agile processes like Scrum, Kanban, and other variants. Anticipating awarding this effort against EAGLE II, FC1 Unrestricted track.
agile  USCIS  DHS  APFS 
7 weeks ago by dan.p.taylor
adam leventhal's blog » apfs in detail: overview
"hfs+ has been pulled in a bunch of competing directions with different forks for different devices (e.g. the ios team created their own hfs variant, working so covertly that not even the mac os team knew) [...]"
apfs  os  fs  history  apple 
7 weeks ago by chl

« earlier    

related tags

10.13  1012  1013  2017  administration  afp  agile  apple  appletv  apps  backup  backups  beta  biometrics  blog  blogs  bsd-hammer  bsd  bug  camera  cbp  cfo  clone  compatibility  concurrency  cpic  crittografia  crossplatform  cultofmac  customerservice  decrypt  design  dhs  diagnostics  diskutility  downgrade  efi  encrypt  encryption  file  file_system  filesystem  filesystems  filevault  fms  fs  funny  fusion  fusiondrive  genius  hackintosh  harddrive  high-sierra  high  high_sierra  highsierra  history  howto  ice  imaging  inspiration  ios  ios11  kbase  krack  mac  macadmin  macintosh  macos  macos10.13  macosx  mh  mhie  misle  netinstall  networking  noapfs  oha  operatingsystem  os  osx  osx_high_sierra  passwords  phishing  privacy  problemi  process  programming  quality  reference  restore  reverseengineering  reviews  security  sierra  skip  software  soluzioni  ssd  storage  strumenti  superduper  support  sysadmin  system  terminal  terminale  timemachine  tip  tolearn  tool  toread  tounderstand  tsa  tutorial  uscg  uscis  utilities  utility  vmware  wi-fi  windows  wtf  watch 

Copy this bookmark:



description:


tags: