Forums temporarily locked down! Please read!

Author Topic: Have I missed something or is there security missing?  (Read 2038 times)

Bilbo

  • Script Kiddie
  • ***
  • Posts: 5
    • View Profile
Have I missed something or is there security missing?
« on: August 14, 2012, 08:59:16 PM »
Hi Guys!

I had to shutdown my Mac abnormally and after the restart Espionage could not mount the file I had under its control. The message in Console looked like this (skipped the full path):

"14/08/2012 21:37:59.968 Espionage: ERROR (+[DiskMaster mountDiskForFolderFace:silently:mountpoint:updateUI:error:]:433): mount failed for: file://localhost/Users/...... "

After scratching my head I fired up Disk Utility and mounted the sparsebundle file there and it did work without a problem, but I haven't been asked to enter passphrase?! Why is that? What sort of security is there if all one need is to get the file which is simply stashed away in ~/Library/Application%20Support/Espionage/Data/<UUID>.sparsebundle

Have I missed something in the security model of the application? If all there is to it is the unlock password for the UI, I think we can do much better with just encrypted sparsebundle. Please, tell me that I'm wrong and have missed something obvious here ;-)

By the way, after this manual mount/umount via Disk Utility, Espionage was able to mount the file again. Scratching my head.....  :?
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »

zsolt

  • Global Moderator
  • Veteran
  • *****
  • Posts: 823
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #1 on: August 15, 2012, 01:06:17 PM »
Hello, it does happen that we have sometime this unable to mount problem, there will be a fix in the upcoming release. But so far nobody reported that he managed to mount it using the disk utility, what I do know is that we managed to mount it using hdiutil, which is probably what Disk Utility is using too.

What is indeed strange is that you were not asked for password, can you please check if the password is stored in the keychain?
Can you try to mount it again using disk utility?

Thanks
Zsolt
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

Bilbo

  • Script Kiddie
  • ***
  • Posts: 5
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #2 on: August 15, 2012, 03:42:21 PM »
Quote from: "zsolt"
What is indeed strange is that you were not asked for password, can you please check if the password is stored in the keychain?
Can you try to mount it again using disk utility?

Hi Zsolt!

The password is not in keychain. I have just checked.
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »

zsolt

  • Global Moderator
  • Veteran
  • *****
  • Posts: 823
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #3 on: August 15, 2012, 05:03:18 PM »
And can you mount it again using disk utility?
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

Bilbo

  • Script Kiddie
  • ***
  • Posts: 5
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #4 on: August 15, 2012, 07:22:39 PM »
Quote from: "zsolt"
And can you mount it again using disk utility?

Yep. Just did it again:
1) unlocked Espionage
2) locked the folder in it
3) quit Espionage
4) started Disk Utility and mounted the sparsebundle file from there. No password asked.

I can repeat it as many times as I like. Always the same result - never asked for a password when mounting allegedly encrypted sparsebundle.

What really puzzles me is that diskinfo file says it's encrypted:

Code: [Select]
$ cat ~/Library/Application Support/Espionage/Data/20389430-877D-40E0-90B3-2374F939D548.sparsebundle/diskinfo
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>capacity</key>
<integer>10737418240</integer>
<key>encryption</key>
<string>AES-256</string>
<key>filesystem</key>
<string>HFS+J</string>
<key>password</key>
<data>
blah... blah... blah...
</data>
</dict>
</plist>
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »

zsolt

  • Global Moderator
  • Veteran
  • *****
  • Posts: 823
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #5 on: August 15, 2012, 07:55:39 PM »
OK, can you please try the same thing with another disk image, i.e. can you take a test folder, add it to espionage, let it encrypt and then unlock with espionage, lock it, and then try with disk utility?

Sorry for bothering you but I need more info to localize the problem.

Thanks
Zsolt
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

Bilbo

  • Script Kiddie
  • ***
  • Posts: 5
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #6 on: August 15, 2012, 09:12:09 PM »
Quote from: "zsolt"
OK, can you please try the same thing with another disk image, i.e. can you take a test folder, add it to espionage, let it encrypt and then unlock with espionage, lock it, and then try with disk utility?

This is interesting now... I added a test folder into Espionage and then did the same I did with the other one (i.e. locked it in Espionage; quit Espionage; opened the disk image with Disk Utility) and now I was asked to enter the password.

The original folder I was talking about still opens in Disk Utility without prompting for password. I wonder if this has something to do with the abnormal shutdown of my Mac and subsequent inability of Espionage to mount that disk image... Hmmm....  :?


Hope this helps you to find out what has gone wrong here.

If you want to try and reproduce the case unlock an folder in Espionage and then cut the power. See what happens.

I'll see if removing the folder from Espionage and adding it back in produces a different result... Will keep you posted  ;)
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »

zsolt

  • Global Moderator
  • Veteran
  • *****
  • Posts: 823
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #7 on: August 15, 2012, 09:24:57 PM »
Before removing thr folder from espionage pls save the disk image for later check. Tx Zsolt
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

Bilbo

  • Script Kiddie
  • ***
  • Posts: 5
    • View Profile
Re: Have I missed something or is there security missing?
« Reply #8 on: August 15, 2012, 11:22:10 PM »
Quote from: "zsolt"
Before removing thr folder from espionage pls save the disk image for later check. Tx Zsolt

I have sent you a PM. Hope you can catch the bug and fix it.
« Last Edit: December 31, 1969, 11:00:00 PM by Guest »