macos – How can I access a Mac as an administrator without knowing the current password?

I am sorry to hear from your father.

The administrator password can be easily reset to a Mac if you have the correct installation disc that matches the version of software running on the computer. Resetting the password does not clear any information on the Mac. However, you will not be able to access other passwords stored in the system for email accounts or wireless keys that were previously entered and saved by the original user.
Once you have changed the password, you will be asked to create a new keychain. This is the name of the place where these other passwords are stored.

Once you have administrator rights, you can create or delete accounts.
Visit the Apple Web site for a password-reset support article: http://support.apple.com/kb/HT1274

If you do not have the installation CD or need further assistance, we recommend that you book an appointment at the Genius bar in your Apple Store so you can reset it for free.

Keyboard – macOS Catalina LogOn screen The password has been selected and overwritten

When I wake up my MacBook Pro (early 2015 retina) with the latest MacOS version installed, I usually enter my password very quickly. However, as you type in my password, the entire password I've entered so far will be selected and if I press a new key, the part of the password I've already entered will be overwritten. Has anyone had similar problems or knows a solution to this problem?

boot – Crypsetup does not accept a password after installing another GPU driver

I have Ubuntu 18.04.3 with full disk encryption on my 2014 macbook per 15. To take advantage of the Nvidia GPU on my computer, I've decided to install the proprietary Nvidia driver (390), which is included in the additional drivers was marked as "tested" window (and replace the standard open source GPU driver provided by Ubuntu). To complete the installation, I had to restart the computer, but after I could no longer log in, cryptsetup did not accept my password as the correct one.

I assume the keyboard will continue to work as intended because the keyboard is expected to output the alphabet and symbols when I pause the boot sequence with ESC and enter the command prompt. I also tried pressing the key combination Caps + Shift + Alt to "reset" the keyboard, without success.

Any advice or links that might be useful would be greatly appreciated.

(In the worst case, I can always use a live USB port and access the encrypted drive, but would really prefer not to reinstall.)

amazon web services – How do I restore the administrator password on AWS Windows Server?

I do not have a key pair for the server, otherwise I have already found many password recovery / reset articles. And, as mentioned in one of these articles, there should be an "EC2 Agent" entry in the system logs to successfully recover the password – there is no such entry.

The AWS console indicates that the operating system of the instance is Windows_Server-2019-English-Full-Base-2019.08.16. Besides, I know from the system log that the username is Administrator – and that's all I know.

Is there a way to do something with this server?

Web application – Keep passwords in plain text in the Value attribute. Addons can use this for password leaks

Either there is a security hole or I miss information about something.

While I tested how the Surfingkeys addon works, I noticed that it has a command yf to copy form content to the current web page. I've been thinking about testing it on "login" and "sign up" forms on some websites to see if it's able to retrieve entered passwords in plain text. It was successful when standardized

Tags were used.

Then I noticed that in most web applications the password is kept A plain-text attribute that seems like a standard vulnerability for the entire W3 stack (HTML, CSS, JS, etc.). If this addon was able to get a password from DOM, any addon can do that. The only thing missing is sending this data to the third-party server that owns such a malicious add-on – something that Stylish already had.

The attack scenario looks like this:

  1. Company "mal1c1ous" buys popular web addon.

  2. They complete the addon generic

    Parser script that fetches data ,

  3. For each well-known web site, they have their addon "decorate" the submit buttons with a script that sends a request with credentials to their server and then to the host of that site at the first click. Or they simply send requests each time the parser script can retrieve new data.

  4. After some time, they will perform an attack with collected credentials.

I think this scenario is possible, show me that it can not happen. Also my question is: Is the web security by design flawed?

The thing is that no one stops to use as a password owner, there seems to be no other option by default. Web developers can only bring their own ideas to disguise where a password is stored before a request is made.

Password seal through paper or password manager?

In my current company, the IT Risk Team has decided to provide root passwords for about 90 systems using the following conventional method:

  1. The length of each password must be 16 characters and 8 characters must be entered while the IT infra team enters the remaining one.
  2. Each team prints the part password on paper and seals it with an envelope. So there are two envelopes to combine the entire password for each account
  3. The plenipotentiaries sign and seal the envelopes. Without the permission of the IT Security Officer, these envelopes can not be unsealed or disclosed to third parties.

My question is, is this way so manual and time consuming? I suggested using Password Manager, but no one shared the same idea.

Exploit – Can not the password for root be used when installing Linux?

Recently, I've been thinking about how to install my Linux system (I chose Debian). During the installation, I decided not to enter a password for root and just a password for my account. My question is whether it can somehow be exploited and whether it is possible to log in as root if I did not specify a password. I tried

su
Password:

but my password obviously did not work. Thanks!

Wi-Fi – recover WiFi password file Android Pie

I know that Android (at least Pie) uses a WifiConfigStore.xml file to store Wi-Fi access points and passwords. It is located in / data / misc / wifi /.

I saved it before deleting and reinstalled everything. The idea was to copy it back to this place. While the phone is on, it does not seem to use the information from this new file. But after the reboot it is gone and overwritten.

So my question: is there a special trick? Or is not this the right place? Is there a backup file stored elsewhere?

(I have a rooted LineageOS 16 device with Magisk, I even tried to change the file in TWRP with no better result.)

Edit: Found that this file is also in
/ data / misc_ce / 0 / wifi,
/sbin/.magisk/mirror/data/misc/wifi and
/sbin/.magisk/mirror/data/misc_ce/wifi

And there are also files
WifiConfigStore.xml.encrypted-checksum. After naming it sounds like it contains a checksum to avoid errors in XML?
I did not save this file. Am I lost now? Can I delete it and it will be created?

What is the function of this misc_ce folder?

Thank you so much!