How to strengthen the security in Mac OS X

According to the blog of Defence in Depth in OS X Lion there is a problem, because of which it is possible to change user passwords without prior authentication. In other words, someone can go to the terminal on your computer and change the password for your user, even without knowing your current password. Although earlier that the commission of the action of an attacker direct access of your computer, Defence in Depth offers a scenario in which is possible to implement the change password remotely.

A user with administrator privileges when using Safari can get to the site, on which is placed a malicious Java-applet. Run, it will connect to the attacker, providing access to the system shell. Although the attacker in this case are only limited rights, he's still able to change the password of the current user.

Of course, in this case, it all depends on your personal care about your computer and its safety. If you give your computer to use any counter and on the Internet run any applet that will see it, definitely, you have reason to worry. Otherwise, the risk of being hacked in this way is very small, since the hacker will need more and the current user's name. For your own peace of mind and safety can make a number of preventive actions:

• Turn off automatic logins. Open the "System Preferences" (System Preferences), Select the "Users and Groups" (Users & Groups). Click on the lock to authenticate, click the "Login Parameters" (Login Options) And Auto-Login "in the menu (Automatic Login), Set "Off." (Off).
• Turn off the guest account. In the same section, "Users and Groups", select "User-guest" Guest User. You will see the option "Allow guests to log in on this computer" (Allow guests to log in to this computer), Which is likely to be included. Disable it.
• Turn on password prompt when you exit the screen saver and sleep mode. go to System settings, Later in the section "Safety and Security" (Security & Privacy). Open the "General" tab (General) And select the "Require password... when exiting from sleep or screen saver" (Require password after... sleep or screensaver begins). The field can be left with the value of "right" (Immediately) To request a password immediately after the sleep mode, or the screensaver, or to specify the desired time after which the system will ask for your password.
• Password-protect access to system settings. In the "Privacy and Security", select "Require an administrator password to access the settings icon Castle" (Require an administrator password to access system preferences with lock icons).
• Use parental controls to restrict access to applications. You will need to go to System settings and select Parental Control (Parental Controls), Then select an administrator account and in the applications tab, in the section Allowed programs, disable Terminal and X11. These manipulations must be repeated with all the administrative accounts on the system. Less of this method is that you limit and its own access to the system, but for your less technically savvy friends and family it will be a good option to improve safety.

[via LifeHacker]