Hughesnet Community

OMG

cancel
Showing results for 
Search instead for 
Did you mean: 
MarkJFine
Professor

OMG

Nothing to see here, just logging in as ROOT WITH NO PASSWORD...
https://www.wired.com/story/macos-high-sierra-hack-rootIMG_1035.JPGIncidentally, this is only with macOS. Opening a terminal and trying to su or sudo as root does not work.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
12 REPLIES 12
maratsade
Distinguished Professor IV

Gee, thanks, Apple.

GabeU
Distinguished Professor IV

OMG is right!  Go Mac!!!!  

 

That's crazy!  

 

giphy.gif

I just tried to unlock my preferences using the root trick... didn't work. I will look real foolish if this is a hoax. lol


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
GabeU
Distinguished Professor IV


@MarkJFine wrote:

I just tried to unlock my preferences using the root trick... didn't work. I will look real foolish if this is a hoax. lol


There's a plethora of articles about it.  If it's a hoax, it's a HUGE one.  

maratsade
Distinguished Professor IV

MacRumors says to do this to fix it while Apple works on a fix. iMore says the same thing, and links to an Apple (the article mentions, among other things, that the root user is disabled by default -- could this be why @MarkJFine couldn't access it?)

Turns out the trick only works from the login window if your cursor is in the password box. Having corrected that, sure enough, two clicks on the Unlock button and 'bob's your uncle.'


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.

Being somewhat adept in risk management, I can see a whole host of problems with Apple's instructions, which infer that disabling root access from their interface would be a good idea.

 

Recommend using the last option to just change (actually set, because there is none) the root password rather than disabling it, since the underlying OS really needs it. Disabling root could screw up quite a few installations.

 

Edit: In saying that, hopefully the root password parries down to the OS instead of just putting lipstick on this pig.

Apparently it does, as you can su to root in terminal using the new password.

* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
maratsade
Distinguished Professor IV

I decided to do nothing. Today there was an alleged fix.  I downloaded that and rebooted the laptop and I hope things are kosher now.

 

 


@MarkJFine wrote:

Being somewhat adept in risk management, I can see a whole host of problems with Apple's instructions, which infer that disabling root access from their interface would be a good idea.

 

Recommend using the last option to just change (actually set, because there is none) the root password rather than disabling it, since the underlying OS really needs it. Disabling root could screw up quite a few installations.

 

Edit: In saying that, hopefully the root password parries down to the OS instead of just putting lipstick on this pig.

Apparently it does, as you can su to root in terminal using the new password.

 

Think they should be.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
maratsade
Distinguished Professor IV

How delightful. Apple is being so fabulous. Not.  SJ must be rolling in his grave.

 


@MarkJFine wrote:

Turns out the trick only works from the login window if your cursor is in the password box. Having corrected that, sure enough, two clicks on the Unlock button and 'bob's your uncle.'


 

maratsade
Distinguished Professor IV

It's not a hoax, apparently.  According to iMore, "We are working on a software update to address this issue," an Apple spokesperson told iMore. "In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the 'Change the root password' section."

 


@GabeU wrote:

@MarkJFine wrote:

I just tried to unlock my preferences using the root trick... didn't work. I will look real foolish if this is a hoax. lol


There's a plethora of articles about it.  If it's a hoax, it's a HUGE one.  


 

alfresco
Senior

Ha,Ha, Thanks ,I was just going to update tonight, I'll think I'll wait.