Initial configurations (only once at the first time) Click the network icon on the top-right side on the Mac screen. Click 'Open Network Preferences.'
2018-8-27 10.投标产品VPN设备具有中国信息安全测评中心颁发的《国家信息安全测评 信息技术产品安全测评证书》(EAL3+),提供有效证明材料得1分,不提供材料不得分.
Click the '+' button on the network configuration screen. Select 'VPN' as 'Interface', 'L2TP over IPsec' as 'VPN Type' and click the 'Create' button. A new L2TP VPN configuration will be created, and the configuration screen will appear. On this screen, you have to specify either hostname or IP address of the destination SoftEther VPN Server. After you specified the 'Server Address', input the user-name on the 'Account Name' field, which is the next to the 'Server Address' field.
Next, click the 'Authentication Settings.' The authentication screen will appear. Input your password in the 'Password' field. Specify the pre-shared key also on the 'Shared Secret' field. After you input them, click the 'OK' button. After return to the previous screen, check the 'Show VPN status in menu bar' and click the 'Advanced.'
The advanced settings will be appeared. Check the 'Send all traffic over VPN connection' and click the 'OK' button.
On the VPN connection settings screen, click the 'Connect' button to start the VPN connection.
What is supposed to happen is that only the app authorized to access a particular password can decrypt it. But Wardle his app was able to extract and decrypt passwords for Twitter, Facebook, and Bank of America. The app is able to do this without any user intervention.
The demonstration video shows it running in an unsigned app, which are blocked by default in macOS, but Wardle says this was only to demonstrate how low the security bar is set. It works equally well in signed apps. As a responsible researcher, Wardle reported the vulnerability to Apple on September 7 and will not disclose the method used until Apple has patched it. He told that the company is likely to do so soon.
He also says that this is not a reason to hold off on upgrading to High Sierra: it’s not a newly-introduced bug. I think everyone should update. There’s a lot of good built-in security features. This attack works on older versions of macOS as well. There’s no reason for people not to upgrade. Check out the video demo below.
Patrick Wardle is a former NSA staffer who last year demonstrated Mac malware that could tap into. He also discovered Mac malware in the wild that allowed access to, and a separate exploit that would let someone with local access to a Mac.