Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Regarding Apple and security, their policy via AppleCare seems to be to ASK (over the phone, for instance) for your cleartext computer administrator password before you send in your laptop for repair, without any warning whatsoever of the implications.


I spilled soda on my mac once, and took it to the repair shop. the receptionist there asked me for my password. I laughed and I said of course not. she was shocked and asked: well, how are we going to test the new keyboard. I don't know maybe try to type random things in the password field?


I had this EXACT experience just this month. I went to have a screen replaced and I even explained (and apologized for the inconvenience) that I was very security focused. I set it up in advance so that would perform the repair in front of me, that the device wouldn't be plugged into any of their computers, and it wasn't to be taken out of sight.

Then, he straight up asked me for my password, "most customers write their password down so we can test that it works."

I feel a little bad because the look I must have given him was pretty absurd. I told him no, I'll just take the risk and test it myself.


What if they install the keyboard but the drivers fail? Won't they need the admin password in order to complete the job?


They have physical access to the device. They can enter recovery mode by holding down command r when restarting. It gives them a different copy of the os with multiple apps that you can type in (like the terminal) and would allow superuser access to whatever they wanted, however your encrypted home directory would remain encrypted and they would not be able to read it. In the olden days you would stick in a recovery cd and reboot onto that... you could also (historically and presently) stick a USB drive into the thing and boot into an os on that.... NEVER give out your password.


If a keyboard needs drivers other than USB-HID, someone's doing something wrong.


I thought that too, until i bought a cheap netbook that came with windows (7? Student edition? I cannot remember). I plugged in a mouse and windows said it needed to connect to the internet to download the driver for my MS optical mouse. I practically fell out of my chair laughing.


The "driver" is for adding a gui for doing things like customizing buttons and sensitivity and stuff, not to make the basic mouse work.


Except the mouse wouldnt work. Either the os couldnt use it, or wasnt letting me. Either way, it was funny seeing one ms product not recognize another.


Many laptops use an SPI touchpad device, so they don't need to go through the relatively expensive and complex USB stack.


Or just boot into single user mode.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: