Stop Microsoft
Operating Systems => macOS => Topic started by: _kill__bill on 3 August 2006, 07:43
-
http://www.informationweek.com/security/showArticle.jhtml?articleID=191601574&subSection=Viruses+and+Patches
Looks like the Mac isn't as secure as Apple says.
On Wednesday afternoon at the Black Hat computer security conference in Las Vegas, hackers Jon "Johnny Cache" Ellch and Dave Maynor plan to demonstrate (http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch) how to take over any Apple MacBook if its wireless card is turned on, even if the owner is not connected to a wireless network.
Nasty.
Wireless device drivers for computers running both Apple Computer and Microsoft operating systems appear to be full of holes, and a prominent security researcher recommends turning off wireless cards until the holes can be fixed.
Affects Windows as well.
[OFFTOPIC]Which confirms my suspicion that Apple is just like Microsoft with better PR.[/OFFTOPIC]
-
Well, it seems that Apple is just as vulnerable to haking via wireless card as M$, but still not as vulnerable to viruses, trojans, malware etc.
-
Which confirms my suspicion that Apple is just like Microsoft with better PR.
So Apple falls victim to a single problem involving Intel's wireless card (for which they probably don't write the drivers), and suddenly they are "like Microsoft?" That's quite a jump.
-
That's the big problem with the Apple switch to Intel. We get all the faulty buggy spying hardware that was supposed to only be for PCs.
(Yes, that's right, I said it - Intel is under contract to Microsoft to assist in data collection. As a part of their ongoing plan to create a Christian secular state which can then take over the world. Microsoft, Intel, Coca-Cola, GM, and AOL-Time-Warner are part of the global conspiracy to take over the world. It will begin in Rohan. I mean, it will begin in Lebanon.)
(you laugh, but you don't know I'm only 5% joking)
-
Yes, that's right, I said it - Intel is under contract to Microsoft to assist in data collection. As a part of their ongoing plan to create a Christian secular state which can then take over the world. Microsoft, Intel, Coca-Cola, GM, and AOL-Time-Warner are part of the global conspiracy to take over the world. It will begin in Rohan. I mean, it will begin in Lebanon.
I hate conspiracy theories being "in" again :(
-
Actually Linux isn't safe either:
slashdot.org
According to this story at ITwire.com, they were able to exploit Linux and Windows machines, too.
http://www.itwire.com.au/content/view/5182/53/ (http://www.itwire.com.au/content/view/5182/53/)
-
I hate conspiracy theories being "in" again
Get used to them, they ain't theories anymore.
-
I've seen this around at macrumors.com. There is a video of this exploit and the hacker plugs in a USB network card. The problem is not with Apple but with the external card.
EDIT: This (http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html) seems to be the orginal source.
EDIT 2: The video can be found here. (http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html)
-
so don't use the wireless cards...surely there's others which are compatible
-
My Apple actually came with a first party wireless card built in - the Airport Extreme card. It doesn't seem like the Airport cards are affected by this particular attack.
It sorta seemed like he was using Linux in that demo. Although it's probably possible to do it with some sort of DOS prompt. Does Windows even come with a real integrated shell anymore?
-
Take a look at this. (http://daringfireball.net/2006/08/krebs_followup)
-
Take a look at this. (http://daringfireball.net/2006/08/krebs_followup)
Apple issuing threats again ? to cover their asses ? :thumbdwn:
-
Interesting. I did notice that the guy in the demo actually made a point of saying at least twice that the fault was not in OSX. In fact, he specifically stated that the fault was in 3rd-party devices. If that's not true, and he just said it because Apple told him to, then David Maynor is a pussy. Pure and simple, a bonafide pussy.
-
Apple issuing threats again ? to cover their asses ? :thumbdwn:
Read the link again. How exactly did they threaten them? And with what? And why where they allowed to use a Mac and still say that there was a problem with the driver?
-
Ahhh, I dunno anymore it confuses me ... I'm sure most of it is lies anyway
-
The article speculates that Apple may have threatened the guys, but the author doesn't really know anything. David Maynor was contacted by Apple, and the author assumes they threatened him, which prompted him to remind viewers that OSX was not responsible, and use a 3rd party wireless card. But only David knows for sure. I still suspect that he's probably a pussy.
-
Yeah.
$10 it doesn't affect FLOSS drivers. I don't use wireless, too slow, but it concerns me that drivers are so flawed.
-
Here's the thing. The new Intel MacBooks and MB Pros no longer use Apple AirPort Extreme circuitry for wireless, and instead use Intel's circuitry designed for the Centrino. This means that the software is written by Intel. That would mean that by the strictest definition, the in-built WiFi is "third party".
There's a stupid semantic gotcha.
But in all seriousness, it's an issue. Whether or not Apple wrote the drivers is immaterial. They're very obviously part of the system, and if the OS' own drivers are flawed, then there we have a problem.
However, looking at the evidence: Identical vulnerability in Mac OS X, Windows, and Linux when using "third party" and in-built Centrino WiFi hardware and drivers; Lack of this vulnerability on PPC Macs running AirPort hardware and drivers (Made by Lucent); Poor writing on behalf of the original "journalist", I think it's safe to say that this is an issue with hardware and software made by a single source. Whoever supplies Intel with their WiFi circuits, whoever writes the drivers, or whatever.
Since the problems exist in Linux as well, which has drivers made by regular people who don't get to see the source code for the corporate drivers, maybe it's the hardware that's the problem.
-
Found some information that might interest you.
Presumably the same attack works on the iMac and mini as well, since they both use the same Atheros part, and the same driver.
More likely: it doesn't. In the presentation, Maynor uses a "third-party wireless card". It looks like a ExpressCard/34 802.11 card, but the non-'Pro' Macbook doesn't have Express Card slots, and the card they hold is too big to be a USB device, yet the Macbook they use is definitely black.
Something is already smells like day-old fish.
Read it here. (http://www.smallworks.com/archives/00000455.htm)
-
http://docs.info.apple.com/article.html?artnum=304420
looks like it's finally fixed..
-
So lets,recap...
- Johnny Cache of Secureworks demos an epxloit of a third party wireless card on a Macbook at Blackhat
- In interviews Johnny hints that there are flaws in Apples hardware too, but doesn't say it outright
- Apple denies that Secureworks ever told them of any problem with their wireless drivers
- Apple comes out with a patch to their wireless drivers (what a coincedence!)
- Johnny says he will give a presentation about the Apple wireless exploit at Toorcon
- The day before Toorcon, Johnny's company Secureworks tells him, he can't give the presentation.
Johnny's "Presentation" ---> http://blogs.zdnet.com/Ou/?p=335 (http://blogs.zdnet.com/Ou/?p=335)
Gee, I wonder what happened?
It amazes me how gullible Apple fans have been througuout this whole situation. They honestly think Securworks and Johnny Cache have made this whole thing up and Apple never did anything dishonest in the process.
Apple == Cisco, only with a massive fanboy following
-
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?
-
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?
He never did demonstrate the vulnerability [at blackhat] with the Mac wireless card. Instead, he used a third party card, all the while hinting at the fact that there was "more to it" than that.
-
He never did demonstrate the vulnerability [at blackhat] with the Mac wireless card. Instead, he used a third party card, all the while hinting at the fact that there was "more to it" than that.
Your reading comprehension needs work.
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?
-
Your reading comprehension needs work.
??? Why.
-
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?
I guess he out-smarted them and used a 3rd party card.
-
This is one time, I'd have to agree with toadlife.
It should've gone about differently. Both companies did the unethical. If they were ethical the problem would have been made public immediately and patch released ASAP. And they would not have restricted the rights of one poor guy that found the exploit to cover their asses.