Though Mac users traditionally face fewer online attacks than their PC-using counterparts, a new tool called Passware is doing its devious part to change that.
Intended as a legitimate solution for computer forensic experts, Passware contains an important security flaw that has existed for three years, the tech website Ars Technica reported.
When exploited, this flaw can allow its user to steal passwords for more than 200 types of files from a Mac computer in minutes, even if that computer is asleep, locked or encrypted. (Passware is actually Windows-centric software that just tacked on Mac password extraction with the latest update.)
The tool, which costs $995 and can run from a USB stick, doesn't use software to steal a computer's password. Instead, it goes directly to the computer's memory, where it can run amok and steal all the sensitive passwords you've — hopefully — taken the time to protect.
The hack is completed when the attacker dumps the contents of the target system's RAM onto a FireWire device.
"Basically, Passware can cajole your computer into revealing all its secrets — including login passwords and the contents of its Keychain App — in mere minutes. All someone needs to do is plug in the USB stick with the app, tap through a few menus, plug in a FireWire cable, and watch the magic happen," MSNBC explained.
Thankfully, there's a way to protect your Mac from attack.
Ars Technica suggests turning off your Mac instead of putting it to sleep when not in use, setting up a firmware password to prevent someone from booting up your machine and disabling the "Automatic Login" setting, which prevents passwords from being stored in the computer's memory.