Apple makes a hash of password security (again)
Shadow boxing By John Leyden
19 September 2011Apple has dropped a couple of monumental password security clangers with the release on OS X Lion, according to security blogger Patrick Dunstan.
Dunstan, who posted an important piece on cracking Mac OS X passwords a couple of years ago, decided to revisit the subject with the release of OS X Lion (version 10.7).
He discovered Apple's developers had made user security worse in two important ways: firstly, it's possible to change the password of the current user without needing to know the original password, as Dunstan explains.
...