Topher Kessler writing about the [same FileVault 2 vulnerability that I just posted a Macworld link to](, writes about the sensationalist headline, but not the information that readers need to know. Macworld specified the conditions under which the hack can happen: FireWire port and user needs to be logged in.

Kessler just says that anyone with this $995 software can crack a FileVault 2 disk in no more than 40 minutes using a FireWire port. Which is a line of bullshit. The most important part is that the user must already be logged in — that gives every FileVault 2 user an easy way around the security hole: logging out.

It’s one thing to write a craptastic-linkbaiting headline, but it’s an entirely worse offense to not even give readers the full details of the story you are writing about.


Posted by Ben Brooks