148383
submission
evw writes:
Subrosasoft has announced MacLockPick that claims to grab all the passwords stored in the Key Chain including but not limited to logins, disk images, Wi-Fi passwords, iTunes, iChat, Remote Desktop, email, all your banking info, and peer to peer information. MacNN, Gizmodo and other blogs review it.
This sounds like snake-oil to me. Granted, anyone with physical access to your machine to plug in this USB based device can probably pwn you to start with, but this device seems to rely on the user leaving everything wide open. If you use FileVault, turn off auto-login, require a password to wake from sleep, use a decent password and don't grant KeyChain Access blanket permission to access your key chains, does this thing really work? It seems to me that it relies on the digital equivalent of the password written on a post-it stuck to the monitor.
But even if the claims are true, don't panic because it's only for sale to licensed investigators.
