PDA

View Full Version : Wireless Macbook Security Exploit?


MacRumors
Aug 2, 2006, 04:18 PM
http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com)

A blog notes (http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html) that two hackers are demonstrating a security flaw in the Macbook's device driver that would allow them to "seize total control over the machine".

...this attack can be carried out whether or not a vulnerable targeted laptop connects with a local wireless network. It is, they said, enough for a vulnerable machine to have its wireless card active for such an attack to be successful.


Similar vulnerabilities have also been found in corresponding Windows wireless drivers but the two are demoing the vulnerability on the Mac due to Apple's recent advertising (http://www.macrumors.com/pages/2006/05/20060501211004.shtml) on Mac OS X's security.

The vulnerability has not been described to be "in the wild", and the two have been in touch with Apple, Microsoft and other companies responsible for the drivers.

ModestPenguin
Aug 2, 2006, 04:20 PM
Dirty whiney windows users messing with our macs.

Back off.

spicyapple
Aug 2, 2006, 04:21 PM
In under a minute, no less. :o

bigmc6000
Aug 2, 2006, 04:26 PM
In response to the advertisements my @$$! Figures they'd try to go after something that isn't written into the OS since we all know how hard that is. So big deal - put out a firmware update for the AirPort Extreme card and it's fixed - Next please!!

Mammoth
Aug 2, 2006, 04:28 PM
It's nice to know that they're trying to rid this problem.

dizastor
Aug 2, 2006, 04:30 PM
It's nice to know that they're trying to rid this problem.

The wireless hack or the onslaught of windows switchers?

;)

longofest
Aug 2, 2006, 04:34 PM
The exploit is apparently in the device driver, and so its more of an issue with Atheros than with Apple. I mean, a vulnerability is a vulnerability, and it still needs to be fixed, but the compromised code is most likely not Apple's at least.

ebuc
Aug 2, 2006, 04:39 PM
So what happens when the owner of the MacBook closes the computer?

yellow
Aug 2, 2006, 04:39 PM
but the compromised code is most likely not Apple's at least.

I concur. They simply chose a Mac to be a cock. How's that for smugness?

So what happens when the owner of the MacBook closes the computer?

Exploit defeated. :)

Compatiblepoker
Aug 2, 2006, 04:40 PM
Saw that one coming. I cringe everytime I see an Apple security commercial. It's like spitting in the hackers face.

bluetorch18
Aug 2, 2006, 04:41 PM
So what happens when the owner of the MacBook closes the computer?

That'll show the bastards...:mad:

Derekasaurus
Aug 2, 2006, 04:58 PM
Figures they'd try to go after something that isn't written into the OS since we all know how hard that is.

Do you know what a computer without drivers is? A paperweight. The OS is not a single monolithic thing; it's made up of many components. The notion of what is "written into the OS" is more complicated than you seem to think, and it's childish to dismiss a vulnerability because it's in a driver.

They simply chose a Mac to be a cock. How's that for smugness?

Actually it's the smug attitude of so many Mac owners that makes them such satisfying targets. You reap what you sow. I've been using Macs since 1984 (and PCs about as long) and Mac users get on my nerves sometimes.

yellow
Aug 2, 2006, 05:07 PM
Well, which is it?

There aren't enough Macs and Mac users out there to count as anything, or they're all smug and worthy of a slap in the face?

People can't have it both ways.

gauchogolfer
Aug 2, 2006, 05:14 PM
So have they shown this homemade video yet? It's midnight where I am, so I guess I'll just find out the results in the morning. It would be funny if today's updates patched the exploit, though.

I'm interested what kind of control over the machine they can achieve, or if it's only to make it turn off/reboot, etc.

schenz
Aug 2, 2006, 05:20 PM
Do you know what a computer without drivers is? A paperweight. The OS is not a single monolithic thing; it's made up of many components. The notion of what is "written into the OS" is more complicated than you seem to think, and it's childish to dismiss a vulnerability because it's in a driver.

Well... but at least it's not Apple's fault, because they didn't produce the driver. Therefore it's actually not a concern of Apple's but of the driver's producer's.

On the other hand Apple did include it into it's OS seemingly without testing it thorougly, and that is, of course, a concern of Apple's. So they will have to work together to get rid of that - and I'm sure they will - and I may be smug again. :p

WildCowboy
Aug 2, 2006, 05:24 PM
Well... but at least it's not Apple's fault, because they didn't produce the driver. Therefore it's actually not a concern of Apple's but of the driver's producer's.

On the other hand Apple did include it into it's OS seemingly without testing it thorougly, and that is, of course, a concern of Apple's. So they will have to work together to get rid of that - and I'm sure they will - and I may be smug again. :p

It doesn't really matter if wasn't "Apple's fault." It's their machine that ends up being compromised and so it's their responsibility to take care of the problem. How they do that is up to them...getting Atheros to patch things is the first step, but then they could evenutally switch vendors, move to an in-house solution entirely if they aren't happy with the job Atheros is doing.

It's the end-product with a big honkin' Apple logo on it...it most certainly is their concern.

bigmc6000
Aug 2, 2006, 05:27 PM
Do you know what a computer without drivers is? A paperweight. The OS is not a single monolithic thing; it's made up of many components. The notion of what is "written into the OS" is more complicated than you seem to think, and it's childish to dismiss a vulnerability because it's in a driver.

That it, comparitively speaking, won't be as hard to apple to plug the vulnerability since all they have to do is limit the control granted via the card and/or just update the driver... You can get off your high horse now... :-P

ChrisA
Aug 2, 2006, 05:32 PM
The exploit is apparently in the device driver, and so its more of an issue with Atheros than with Apple.

The drivers are part of the OS.

Apple did not write all of the OS much of it comes from BSD UNIX and some more of it comes from CMU's Mach. Many (most?) of the hundreds of applications that ship with Mac OSX are Open Source that Apple did not write.

We shouldn't care much about if Apple employees wrote the code or if they hired the job out of it the downloaded an Open Source application off the Internet. If the software has a problem it needs to be fixed.

ifjake
Aug 2, 2006, 05:35 PM
so is a paperweight with drivers a computer?

:p

shadowfax
Aug 2, 2006, 05:36 PM
Well, which is it?

There aren't enough Macs and Mac users out there to count as anything, or they're all smug and worthy of a slap in the face?

People can't have it both ways. Actually, I would say it's the easiest thing in the world to have it both ways in this case, because the scenarios you describe aren't mutually exclusive. Remember, the hacker world is not monolithic. While the majority of hackers may consider mac users a waste of time, it only takes one with some time on her hands and a beef against (smug) Mac zealots to write a virus for OS X, and that's that. I can tell you as someone who works with hackers (half of my buddies are at BlackHat this week) that OS X is NOT inherently secure, and that there are plenty of vulnerabilities that surface on it that are well-known in the "hacker" community long before they are made "public," and also long before they are also repaired by Apple.

OS X is definitely inherently more secure than Windows, but the near-complete lack of viruses/use of other exploits for them is definitely not because they are ironclad in terms of security. That should be abundantly clear from a cursitory reading of the kbase article on the latest security update. Many of those fixes were to rootkit holes! As in, god-sized sized security holes...

I'm not trying to rant or anything, but I've definitely realized in the last few months of my internship that OS X is not nearly as secure as I'd previously assumed, and also that there are a growing number of hackers that are pissed off--or at least find it amusingly laughable-- that Apple and followers are so brazenly smug about security. I hate Symantec just as much as the rest of you for their shameless plugs of their USELESS mac software, but that doesn't mean that OS X is anywhere near impenetrable, especially if you use simple word passwords--and you bet your butt the average mac user does this, if he even sets a password at all.

gekko513
Aug 2, 2006, 05:37 PM
So what happens when the owner of the MacBook closes the computer?
The computer goes to sleep, I suppose. If the attacker has installed something like a rootkit on the computer before that, the MacBook will still be compromised when it wakes up.

swingerofbirch
Aug 2, 2006, 05:37 PM
Let my voice ring clear, loud, and somber: this is not the time to be an Apple apologist. To sit back and blame a component manufacturer is to lose the point of power which comes from taking total responsibility for a shipping product, a feat which no PC manufacturer or Microsoft have ever attempted or likely will.

We and Apple should take our lumps as they have been served to us, thank these people for pointing out a weakness, apologize, strengthen and move on.

longofest
Aug 2, 2006, 05:39 PM
The drivers are part of the OS.

Apple did not write all of the OS much of it comes from BSD UNIX and some more of it comes from CMU's Mach. Many (most?) of the hundreds of applications that ship with Mac OSX are Open Source that Apple did not write.

We shouldn't care much about if Apple employees wrote the code or if they hired the job out of it the downloaded an Open Source application off the Internet. If the software has a problem it needs to be fixed.

The danger of only quoting part of a post is that you will miss the fact that the poster said pretty much the exact same thing. I was pointing out that it wasn't Apple's code, but I pointed out that they still needed to fix it.

ChrisA
Aug 2, 2006, 05:40 PM
...all they have to do is limit the control granted via the card..

What? How to do that? This is likely a buffer overflow exploit where a small part of the driver gets overwritten with hacker-incerted code, this code then runs inside the kernel at that point nothing can be done.

They will have to fix the defect that alowed the buffer to overflow. No other option.

This really shows the value of Open Source. So many peopl have loked for this type of stuff in Linux and other OSes that I'm sure most of it is been found and fixed but closed souce drivers are so hard to examine that there could be a hundred more of these waiting to be discovered.

MattyP
Aug 2, 2006, 05:41 PM
I think the question of fault is moot, if there is a security problem it needs to be fixed, and if it is a simple fix, that happens before any real life security problems occur, then all the better! What I wonder is are macbooks the only macs with the issue, or only intel macs with wireless cards, or all models using a wireless card. -for example would my powerbook g4 be vulnerable.

hmm...

mkrishnan
Aug 2, 2006, 05:46 PM
So the concept of this attack seems similar to Bluetooth exploits that target "discoverable" phones. And the solution for many people was to make their phones non-discoverable, since they were already paired to all the important devices anyway.

In the Airport preferences, there is the "By default, join: Preferred networks" option. In addition, when you click options, you can select to keep searching for preferred networks when one does not find a preferred network. But I'm not sure... is this enough? Or is the system vulnerable even when it is only looking for preferred networks? It would seem like one could spoof enough of the signal of a preferred network in some cases (e.g. when it's a company network with a known name as opposed to my hidden network at home, the name of which no one else really knows).

It seems like, in the long run, there needs to be something like a "non-discoverable" mode for 802.11 to solve this issue....

yellow
Aug 2, 2006, 05:52 PM
but that doesn't mean that OS X is anywhere near impenetrable

I don't think that anyone who has A Clue™ doesn't know this already.
The ilk of people who think it's immune are the same ilk of people that don't understand why their WindowsPC is running so "slowly".

I just resent being called smug.

I also resent blackhatters who are new to the OS X game getting all rightous. Where were they the last 5 years?
They're part of the REASON "mac users are so smug about security".

yanniboy
Aug 2, 2006, 06:00 PM
People make money from the Micrapplesoft when they discover a flaw and sell it to them. So it is in their interest to approach these guys and not the card manufacturer, as well as creating hype around their case.

hulugu
Aug 2, 2006, 06:00 PM
...Actually it's the smug attitude of so many Mac owners that makes them such satisfying targets. You reap what you sow. I've been using Macs since 1984 (and PCs about as long) and Mac users get on my nerves sometimes.

Um, hello?

You've been using Macs since their inception, therefore you are a Mac user, who is according to you a smug and satisfying target.

Maybe, not all Mac users are the same monolithic group.

hulugu
Aug 2, 2006, 06:05 PM
...I can tell you as someone who works with hackers (half of my buddies are at BlackHat this week) that OS X is NOT inherently secure, and that there are plenty of vulnerabilities that surface on it that are well-known in the "hacker" community long before they are made "public," and also long before they are also repaired by Apple.

OS X is definitely inherently more secure than Windows, but the near-complete lack of viruses/use of other exploits for them is definitely not because they are ironclad in terms of security. That should be abundantly clear from a cursitory reading of the kbase article on the latest security update. Many of those fixes were to rootkit holes! As in, god-sized sized security holes...

I've always told, or at least tried to say, that Macs were more secure than Windows and did not have the same vulnerabilities, nor the number of viruses and other associated bits of malware. Macs are immune to many things, but you're absolutely right, they're not invulnerable.

One thing to note is this particular vulnerability also affects Windows, so if we're still comparing the two against each other this vulnerability doesn't exactly tip the scales.

shadowfax
Aug 2, 2006, 06:07 PM
I don't think that anyone who has A Clue™ doesn't know this already.
The ilk of people who think it's immune are the same ilk of people that don't understand why their WindowsPC is running so "slowly".

I just resent being called smug.

I also resent blackhatters who are new to the OS X game getting all rightous. Where were they the last 5 years? They're part of the REASON "mac users are so smug about security".
I did not intend to call you smug; I apologize if you took it that way... I was responding to your assessment of how "hackers" view Mac Users/The Mac Community.

I think that there are actually a good deal of people with A Clue™ (in general) that don't understand much about OS X security. I was speaking with hyperbole--I think a lot of people who do have this clue thing think that it's somewhat hard to write viruses for OS X... Apple certainly advertises it horrendously these days.

As for blaming BlackHatters for our ignorance about security issues, I think that you need to get that clue thing for saying that. And as for smug OS X newcomers, you would do well to remember that OS X is MOSTLY *nix at the base. You don't have to be a hardened OS X developer to futz around in it.

bigmc6000
Aug 2, 2006, 06:07 PM
Hackers rank up there with drug dealers as the scum of the earth. Pathetic, cocky wastes of human life. And no - there's no way you can convince me otherwise and I know I'm not in the minority on this one.

Side Note: Of course I'm talking about the ones who release their stuff into the wild and don't just notify the software company about the problem and keep it to themselves (those are good people and should be commended - it's the other ones that are a waste of flesh)

edoates
Aug 2, 2006, 06:08 PM
Well... but at least it's not Apple's fault, because they didn't produce the driver. Therefore it's actually not a concern of Apple's but of the driver's producer's.

On the other hand Apple did include it into it's OS seemingly without testing it thorougly, and that is, of course, a concern of Apple's. So they will have to work together to get rid of that - and I'm sure they will - and I may be smug again. :p

EDIT: Bzzzt to me for my prior comments about it being Apple's issue; apparently, the vulnerability is caused by a third party card driver. Does anyone know if that's apple's driver or the third party card driver which must be installed by the user?

guzhogi
Aug 2, 2006, 06:15 PM
This is kinda creepy. It's good they're trying to fix the problem, but it sucks that there is a problem. I work in an elementary school as its computer tech and the district is going to give me & the techs @ the other schools in the district a MacBook to administer tests and stuff. If someone hacked into my MacBook, they can get a lot of info on both all the kids as well as the faculty. :eek:

gauchogolfer
Aug 2, 2006, 06:32 PM
The video is now posted on the Washington Post blog to see how they go about it. I'm watching it now. They do seem to stress that it's not an Apple vulnerability, but an 802.11 driver issue. Anyways, let's see what they can do.


1,000th post, sweet.

EDIT: Holy crap, that was pretty convincing to a relative amateur like me. They seemed to basically do whatever they wanted to the system. Was there something underhanded here that I didn't catch that would make this unusable in reality, or is there valid concern based on this demo?

Demoman
Aug 2, 2006, 06:55 PM
Do you know what a computer without drivers is? A paperweight. The OS is not a single monolithic thing; it's made up of many components. The notion of what is "written into the OS" is more complicated than you seem to think, and it's childish to dismiss a vulnerability because it's in a driver.



Actually it's the smug attitude of so many Mac owners that makes them such satisfying targets. You reap what you sow. I've been using Macs since 1984 (and PCs about as long) and Mac users get on my nerves sometimes.

"Make believe" Mac supporters get on my nerves ALL the time. I doubt many of the readers here need to be schooled about the services device drivers provide. When I read the post you criticized, my impression was the author was simply stating that Apple did not write the driver. You seem to want to focus the blame on Apple. So, what is your agenda? Are you just here to bust on Apple?

gekko513
Aug 2, 2006, 06:59 PM
EDIT: Holy crap, that was pretty convincing to a relative amateur like me. They seemed to basically do whatever they wanted to the system. Was there something underhanded here that I didn't catch that would make this unusable in reality, or is there valid concern based on this demo?
I haven't seen the video. But if the description of the vulnerability says "seize control" or "aribtrary code execution", it's the real thing. They can do whatever they want, although sometimes restricted by the privileges of the user that the compromised process is running as.

Anawrahta
Aug 2, 2006, 07:06 PM
Hackers rank up there with drug dealers as the scum of the earth. Pathetic, cocky wastes of human life. And no - there's no way you can convince me otherwise and I know I'm not in the minority on this one.

Side Note: Of course I'm talking about the ones who release their stuff into the wild and don't just notify the software company about the problem and keep it to themselves (those are good people and should be commended - it's the other ones that are a waste of flesh)


I agree....but wouldn't it be better to say, malicious hackers? I think that most hackers are good people and just like to tinker with things. Of course there's always going to be some bad apples.

gauchogolfer
Aug 2, 2006, 07:11 PM
I haven't seen the video. But if the description of the vulnerability says "seize control" or "aribtrary code execution", it's the real thing. They can do whatever they want, although sometimes restricted by the privileges of the user that the compromised process is running as.

Here's the link to the main blog page, with video: link (http://blog.washingtonpost.com/securityfix/)

What do you think?

gekko513
Aug 2, 2006, 07:12 PM
I agree....but wouldn't it be better to say, malicious hackers? I think that most hackers are good people and just like to tinker with things. Of course there's always going to be some bad apples.
Yeah, hacking is just taking something and tinkering with it to make it do something that it's not really designed to do, isn't it? This can sometimes be useful and fun, but can obviously also be done for malicious purposes, and that's sometimes referred to as "cracking" and the ones who do it as "crackers".


Here's the link to the main blog page, with video: link (http://blog.washingtonpost.com/securityfix/)

What do you think?
Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

He also said that the exploit isn't as trivial as a generic buffer overflow. Now, to exploit a generic buffer overflow, you need to have a certain level of l337ness to begin with, so that means you don't have to worry about your neighbour braking into your wireless network, just yet. Unless someone releases premade tools to do the exploitation, I'd say that normal people and small businesses don't have to worry at the moment.

Zadillo
Aug 2, 2006, 07:40 PM
Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

Yeah, I'm curious about that too. I have to admit, I didn't even know you could use a third party wireless card with a Mac. It does seem kind of misleading, cause I just can't imagine how many people are even out there with MacBooks that are using this third party wireless card.

Is this at least a driver that is built into OS X anyway, or is it something you would also have to install along with the third party wireless card?

It does seem pretty misleading to me, because I think the way this story is being presented is that Apple is basically shipping MacBooks that could be exploited right out of the box, and that doesn't sound like it's actually the case.

-Zadillo

Analog Kid
Aug 2, 2006, 07:42 PM
Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

He also said that the exploit isn't as trivial as a generic buffer overflow. Now, to exploit a generic buffer overflow, you need to have a certain level of l337ness to begin with, so that means you don't have to worry about your neighbour braking into your wireless network, just yet. Unless someone releases premade tools to do the exploitation, I'd say that normal people and small businesses don't have to worry at the moment.
Can't get the video to play right now, but the text sounds like Atheros writes the drivers for the built in Airport.

Sounds like a protocol bug to me if it works on different platforms and different vendors.

nagromme
Aug 2, 2006, 07:51 PM
Mass attacks--viruses/worms/etc.--are by far the most likely threat to encounter, but you can also be individually attacked, or tricked by someone's WiFi trap. Mac owners too should keep that in mind. Just because we are so safe from viruses doesn't mean security is ever 100%.

And the people doing this demo seem to have been responsible about it--telling Apple and the other affected companies the details, but NOT telling the public.

So... good catch!

gekko513
Aug 2, 2006, 07:52 PM
Can't get the video to play right now, but the text sounds like Atheros writes the drivers for the built in Airport.

Sounds like a protocol bug to me if it works on different platforms and different vendors.
Hm, perhaps, the article is a bit vague on the subject.
Apple -- like many computer manufacturers -- outsources the development of its wireless device drivers to third parties. In Apple's case, the developer in question is Atheros, a company that devises drivers for a number of different wireless cards, each designed with drivers specific to the operating systems on which they will be used.
You're right, they make it sound like Atheros also writes the drivers for the built in Airport, but it doesn't say so specifically.

OS X ships with lots of default drivers for third party hardware, external wireless cards too, I'd imagine, and those could be the one we're talking about here.

Isn't the internal wireless device made by Intel? It's not sure Apple and Intel needs the help from Atheros to get drivers for that.

But even what the article says, I don't see why the demo would use a 3rd party wireless card if they could just as well have attacked the built in Airport.

Analog Kid
Aug 2, 2006, 07:57 PM
Wow! It's really disturbing how many people are so quick to call this an unfair attack on Apple-- and how quickly the argument on this board gets labeled as "apologists" against "bashers".

What's next? The code was written at Apple, but by a contractor? The guy who wrote that code has only been with the company for a year? None of the other coders like the guy responsible for that one, so it doesn't count?

Look: I don't care who wrote what code-- if it makes my machine vulnerable then it's bad. It's not whether Apple wrote it, or whether or not they tested sufficiently (which is nuts because most stuff like this needs to be designed properly-- it's nearly impossible to test all the possible vectors)-- it's that my Mac isn't secure.

Or someone else's, as I don't have a Macbook, but you get the idea...

When Apple started advertising its security, we knew this would start to happen. If you tell someone they can't, they'll want to prove they can. The question isn't whether vulnerabilities turn up, because they certainly will, it's how Apple handles it from here. Are they upfront and quick to respond, or do they forward you to Symantec?

Analog Kid
Aug 2, 2006, 08:02 PM
Isn't the internal wireless device made by Intel? It's not sure Apple and Intel needs the help from Atheros to get drivers for that.

But even what the article says, I don't see why the demo would use a 3rd party wireless card if they could just as well have attacked the built in Airport.
Sorry to ask such basic questions, but I can't get the video to play through our firewall... Do they explicitly show an external WiFi card plugged into the slot?

WildCowboy
Aug 2, 2006, 08:04 PM
Sorry to ask such basic questions, but I can't get the video to play through our firewall... Do they explicitly show an external WiFi card plugged into the slot?

Yes...he holds it up and then sticks it into the slot.

Analog Kid
Aug 2, 2006, 08:09 PM
Yes...he holds it up and then sticks it into the slot.
Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.

thestaton
Aug 2, 2006, 08:12 PM
So lets see, I just bought a new mac book however I really don't like the built in antenna for some unknown reason and I go to walmart and buy an external card not made by apple. I then go the airport, where I'm hacked and my life is ruined there is no going back. Riiiiiiiiight.

What a crock, the odds of someone getting hacked is about .1% or less. What gets headlines? A Mac getting hacked not windows who cares. These guys are tools, and I love the links to the ads & the ad in the video they make you watch. Nice touch, way to make money off of Apples good name.

ezekielrage_99
Aug 2, 2006, 08:17 PM
Saw that one coming. I cringe everytime I see an Apple security commercial. It's like spitting in the hackers face.

I think everyone did it was just a matter of time until there was a wireless exploit. I personally think with the uptake of more Apple systems and the perception of better security on Apple systems many people see this as a challange to break a Mac (ala Hack a Mac).

Either way it still isn't as bad as Windows :cool:

gekko513
Aug 2, 2006, 08:17 PM
Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.
It's a usb wireless card, I presume. He holds it up, flicks out the (usb) connector and plugs it into the left side of the Macbook. While he sticks in the card he says:
Don't think, however, just because we're attacking an Apple, the flaw itself is in an Apple. We're actually using a 3rd party wireless card.

I hope you're not referring to me when you say "people are so quick to call this an unfair attack on Apple". :confused:

WildCowboy
Aug 2, 2006, 08:22 PM
Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.

Sorry...it looks like it attaches by USB.

Unspeaked
Aug 2, 2006, 08:39 PM
Wait - so this guy ISN'T using AirPort extreme?

I haven't seen the video, but it sounds to me like he found some crappy third party card that's Mac compatible, which has a security problem, and deliberately decided to show this card's security problem on a Mac.

In other words - it's not an Apple issue, it's not an AirPort issue, it's not an OS X issue, it's not a MacBook issue - it's an issue with some weird USB Wireless card that could have been shown on any number of computers, but was recorded for the public in use on a MacBook.

Is that correct?

If I'm right, that's so lame...

JAT
Aug 2, 2006, 08:42 PM
Interesting... I was about to edit my last post that Apple's site doesn't claim the Macbook has any slots... I can't see any in the Macbook QTVR images either.
It's a USB wireless card.

Seriously, boys. This thread is an amazing pile. "You hate Apple." "No, I don't, you hate hackers." "It's Apple's fault." "It's Bob's fault." "You got your chocolate in my peanut butter!" Blah, blah blah....

It's just a typical security report. Get your panties out of a bunch and have a glass of water.

I will say, the Page 1 report is rather misleading, considering the video. MacRumors should probably modify that.

Unspeaked
Aug 2, 2006, 08:45 PM
It's just a typical security report. Get your panties out of a bunch and have a glass of water.


I think the issue here is that this story has been a big deal in the tech world all day (it was in the Post and had a front page story on CNet) and all of those stories make a big deal about it being an Apple vulnerability.

Then we see he's using a combination of hardware and software that I reckon not a single Mac user has installed, and it all seems a little, um, faux.

mrblah
Aug 2, 2006, 08:51 PM
so is a paperweight with drivers a computer?

:p
how do you install drivers on a paperweight?

noservice2001
Aug 2, 2006, 09:17 PM
its capable of xp.... are we suprised it has flaws?

Tommyg117
Aug 2, 2006, 09:25 PM
bad news. I better tell my girlfriend. How many macbooks does this affect? All of them?

gekko513
Aug 2, 2006, 09:34 PM
bad news. I better tell my girlfriend. How many macbooks does this affect? All of them?
None, it would seem.

kcmac
Aug 2, 2006, 09:41 PM
Good lord people. Watch the video for crying out loud. Why would you stick a usb or firewire or whatever kind of card like this is into a MacBook? It already comes with a card for free right inside!

Now, what would have been more impressive, is if this guy would have attacked the MacBook straight up as ALL PEOPLE USING A MACBOOK WOULD BE USING IT.

Criminy. Is the world really this hung up on trying to blast a hole into Apple's products?

This guy is just sour that he ain't in Vegas.

sonictonic
Aug 2, 2006, 09:57 PM
How can a completely B.S. story like this make it on the front page? :confused:

Can someone explain that to me? :mad:

johnny_g
Aug 2, 2006, 10:09 PM
Well, they find a problem and Apple responds in less than a day! No matter whose fault it was, Apple's computers had an obscure security hole and I applaud them for fixing it... not sure why everyone is getting all defensive over this one. Apple has already fixed the problem with the latest OS X security update, and I would guess Microsoft has done the same thing:

The update to WebKit resolves an issue where a maliciously-crafted HTML document could cause a previously deallocated object to be accessed, leading to an application crash or arbitrary code execution.

Really seems like a non-event to me as Macbook users (I wouldn't be scared to claim 100% of them) use their internal airport cards, not the silly USB one that opened up a security hole before this seurity update existed.

I mean if you install ARD and give someone the password then they can have complete control over your computer maybe that should reach front page as the main headline.

Yvan256
Aug 2, 2006, 10:10 PM
Let's just wait to see how long it will take for Apple to supply an update to fix this problem. I'm betting it won't take long.

Edit: seems it's already fixed.

Edit 2: It's a USB wireless card hack? Oh wow, ALL THE MACBOOK USERS ARE IN DANGER! RUN AWAY! :rolleyes:

Edit 3: in other news, putting your Macbook in the oven at 300 celcius for 5 hours WILL BURN IT! APPLE HARDWARE IS FLAWED! :rolleyes:

benthewraith
Aug 2, 2006, 10:13 PM
Where exactly is this video? :confused:

dejo
Aug 2, 2006, 10:20 PM
I personally think with the uptake of more Apple systems and the perception of better security on Apple systems many people see this as a challange to break a Mac (ala Hack a Mac).

But wait! Doesn't Apple's miniscule market-share mean that hackers won't target Macs because there is nothing to be gained? Better off targeting the 95% of Windows-running machines out there? I think this story proves again that the "security through obscurity" argument is just a myth. :)

WildCowboy
Aug 2, 2006, 10:24 PM
Where exactly is this video? :confused:

Here (http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html).

benthewraith
Aug 2, 2006, 10:27 PM
Here (http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html).

I found it, though it was rather tricky. :S

This is shocking how? Who is going to use a third party usb key for wireless when the notebook has it built in? Meaning, yes, it can be done, but the circumstances are almost impossible. :rolleyes:

Even then, it's difficult to prove due to things such as Remote Desktop, etc.

bloodycape
Aug 2, 2006, 11:07 PM
Is this just the only for the Macbook, or is the macbook pro also affected?

Westside guy
Aug 2, 2006, 11:12 PM
Some of you should consider getting a smug-ectomy - this looks like a proof of concept more than anything else. Depending on exactly where the point of vulnerability is (which is not totally clear, perhaps intentionally) down the road this could have implications for built-in airport cards as well.

A couple years ago a security researcher discovered an Internet Explorer exploit that took advantage of a jpeg vulnerability. For this exploit to work, a user had to drag the image from the browser and onto their desktop, so many people blew it off - I mean, who would be stupid enough to do that? Well, after a bit more time other hackers (please don't bother "correcting" that) figured out how to take advantage of this exploit with some specially crafted script that could leverage the vulnerability without actual user interaction required.

I would agree that, at this moment, it's not a problem most Mac users need to worry about. But blowing it off completely is sophomoric at best.

hulugu
Aug 2, 2006, 11:23 PM
Yeah, hacking is just taking something and tinkering with it to make it do something that it's not really designed to do, isn't it? This can sometimes be useful and fun, but can obviously also be done for malicious purposes, and that's sometimes referred to as "cracking" and the ones who do it as "crackers".



Wait a second. They use a 3rd party wireless card, and he said in the end that "the flaw is not in the Apple operating system as we used 3rd party hardware". I'd say that's quite different from the impression I got from reading the macrumors headline here. A default MacBook using the built in Airport isn't vulnerable as far as I can tell.

He also said that the exploit isn't as trivial as a generic buffer overflow. Now, to exploit a generic buffer overflow, you need to have a certain level of l337ness to begin with, so that means you don't have to worry about your neighbour braking into your wireless network, just yet. Unless someone releases premade tools to do the exploitation, I'd say that normal people and small businesses don't have to worry at the moment.

This appears to be a variation of another wireless attack in which you decoy the wireless network. In the old attack you could create your own wireless network that appeared as the one you'd expect. This attack uses similar principles.

The lesson here is: wireless networks are not secure. What bugs me most about this story is how it was presented as an Apple flaw, when really this is the fault of a buggy device driver and the OS. Windows and possibly Linux would fall under the same flaw.

Using wireless networks is inherently risky and if you're concerned about attacks, say in a financial or security environment, you don't use it.

Of course, all the people who pointed out how 'smug' Mac users are and how they deserved such an attack won't notice this particular situation and will merely cheer and clap in their glee that Apple hasn't built a Olympian-OS.

qualleyiv
Aug 2, 2006, 11:33 PM
Hey guys, allow me to redirect the conversation here because I think you're all missing the point a little bit:

OK, so I just watched the video and all I can say is that the video demo IN NO WAY proves that they've done what they say they can do. First, the BIGGEST thing in this exploit was that this hack was supposed to work without having to connect the hacked machine to any network, yet the first thing they did in the demo was CONNECT the Mac to the Dell!!! Not to mention that they attached a third-party network adaptor (if that was even what it was). Even then, all they got was a shell for the current user.

That doesn't even start to get to the issue of what the video actually showed--which was VERY LITTLE. Just watch it, where is the proof that they even actually did the things which they claimed? I could have made that video EASILY. When I first read the report, I thought the video was going to be one of something that was done LIVE! Hardly...

wyatt23
Aug 3, 2006, 12:15 AM
this was really nice to rant and rave about nothing. some frivilous fighting each other. some flaming. some misinformation. some information.

but mostly garbage that EVERYONE argues and over reacted about. once the fog settled, turns out to be less than a days worth of argrivation.

new rule: take all os x vulnerabilities with a grain of salt, [in some situations with a whole bag of salt]



someone call me once my macbook is ACTUALLY comprimised.

xPismo
Aug 3, 2006, 12:16 AM
...at this moment, it's not a problem most Mac users need to worry about. But blowing it off completely is sophomoric at best.

Yup. As others have said, this isn't an Apple specific problem, but its good to expose the flaws found and get them sorted. Nothing really to see here, move along.

Dang video keeps stalling on me. We much be flooding it with requests.

gserrano
Aug 3, 2006, 01:24 AM
I just saw the video about the hack in cNet. David Maynor used a third party wireless card to do the hack. My question is Why did he used a third party card?

Why use a third party card while the Macbook has built-in wireless already. Can he hack the built-in wireless card? It looks like that he cannot hack the built-in card so he used a third party card. My other question is Who would buy a third party wireless card for the MacBook? By doing so, makes no sense. I would like him to show us a video hacking the Macbook using Macbooks airport card.

Phil A.
Aug 3, 2006, 01:45 AM
I think the point the video is trying to make is that buggy device drivers are a big hole into the OS (nothing earth shattering about that!). Presumably they did it against a Mac to get more publicity (and to be fair, if it had been a PC we'd have had people on here shouting about how insecure Windows is!), but the fact they used a 3rd party card raises lots of questions in my mind. The first is that it could be a single wireless card on the market that has such bad drivers that there are holes in all versions of their drivers. The second is that it is possible that they actually wrote the drivers themselves complete with holes they could "exploit". The thinking behind this suggestion is why on earth would any 3rd party manufacturer create a USB wireless card with Intel OSX drivers for it? (I don't think kernel device drivers can work under rosetta) - there wouldn't be a market for it at all. The other option is that the driver is the same one used for Airport, but in that case why not just exploit the Airport card?

IMO the message is a valid but simple one - your OS is only as secure as the device drivers it's using, but beyond that it's full of FUD

redAPPLE
Aug 3, 2006, 01:45 AM
This guy is just sour that he ain't in Vegas.

this guy is not in vegas because his exploit has as much holes as this story.

i just wasted 20 minutes of my life reading the blog, watching the video. and dare i say, reading this thread?

ok. got to get back to work. catch you guys later.

Analog Kid
Aug 3, 2006, 02:16 AM
It's a usb wireless card, I presume. He holds it up, flicks out the (usb) connector and plugs it into the left side of the Macbook. While he sticks in the card he says: "...we're using 3rd party hardware..."

I hope you're not referring to me when you say "people are so quick to call this an unfair attack on Apple". :confused:
Not referring to you at all, Gekko. You're adding the kind of informed discussion I look forward to here. And thanks for helping the "blind" and cluing me in on what was going on.

I'm finally out from behind the firewall and watched the video, which I have to say is very well done.

The title of the demo is "Device Drivers: Don't build a house on shaky ground." They are drawing attention to a serious problem and most people here are missing the point because all the blood rushed to their heads when they saw the Mac logo.

They clearly say this is not Apple's problem, it's because of buggy code in a 3rd party driver. They're using the Mac for a reason here-- they are specifically making the point that it doesn't matter how much trust you put into your OS vendor, you can get hosed by any poorly made USB thingy that you stick in the side.

Take that home with you-- Apple may have a more secure OS but all of that can go out the window with a bad peripheral. This could just as easily have been a video camera that had a malicious file loaded onto it and a bad driver. Or, it could have been a printer with a bad print driver and a bad Bluetooth implementation that let an attacker pass through the printer into your machine.

They didn't run this demo live because they didn't want anyone in the audience to sniff the traffic and release it into the wild. Very responsible to the verge of being paranoid.

If there is a problem here it with the Washington Post who didn't clearly explain the problem. Maybe they didn't understand it themselves...


Drivers are an achilles heel of any OS. They give direct access to the kernel and bypass any security the OS can try to provide. They almost have to do that if you're going to allow 3rd party hardware to work with the machine. It was also a poorly written driver that allowed the DVD encryption to be cracked-- the vendor left the keychain available in plaintext.

This is a very difficult problem to solve. MS has talked about only allowing "signed drivers" to be run-- meaning that MS has to approve anything before it's loaded and that caused a developer outcry because it made MS the gatekeeper of all new hardware.

One way to minimize the exposure is to rely on a small number of standard interfaces. Less interfaces mean less points of entry that need to be tested. Apple does this very well-- almost out of necessity. Ever notice how every new piece of hardware comes with a disc you need to install under Windows but just seems to work with your Mac? It's because Apple connects through a standard interface (say, Mass Storage, or Digital Camera) and the vendor tries to get fancy for Windows and roll their own. They do it for windows because they think it's worth the effort to "differentiate" themselves in that crowded market while Mac users can see that those bells or whistles aren't necessary.

The point of the video is to show that the bells and whistles can also be dangerous.

ezekielrage_99
Aug 3, 2006, 02:54 AM
But wait! Doesn't Apple's miniscule market-share mean that hackers won't target Macs because there is nothing to be gained? Better off targeting the 95% of Windows-running machines out there? I think this story proves again that the "security through obscurity" argument is just a myth. :)

I wasn't disputing the fact that Apple doesn't have it's share of problems with security. Everyone is sick of hearing Windows problems so as soon as a problems arises with Apple, Linux, UNIX, etc everyone jumps on it.

hulugu
Aug 3, 2006, 02:55 AM
...The title of the demo is "Device Drivers: Don't build a house on shaky ground." They are drawing attention to a serious problem and most people here are missing the point because all the blood rushed to their heads when they saw the Mac logo.

They clearly say this is not Apple's problem, it's because of buggy code in a 3rd party driver. They're using the Mac for a reason here-- they are specifically making the point that it doesn't matter how much trust you put into your OS vendor, you can get hosed by any poorly made USB thingy that you stick in the side.

I totally agree with you and I blame the Washington Post for the initial insanity. The headline and article made it sound as if the MacBook was the problem and not the third-party device driver. Obviously, there is a security hole that needs to be addressed by vendors like Apple, but this isn't an Apple hardware problem.

I may have be initially too dismissive of the article, but that's because of the sudden yellow tint to all the articles regarding Macintosh security. The tech-press is ready to wet themselves the moment a Macintosh hole is discovered and far too many people, offended by the Get A Mac commercials, have their long knives sharpened and are just waiting for the opportunity to use them. Some were so quick on the draw I suspect they merely read the headline.

thestaton
Aug 3, 2006, 03:13 AM
any idea who the 3rd party vendor was? perhaps the hate mail should start flying there way!

Analog Kid
Aug 3, 2006, 03:26 AM
any idea who the 3rd party vendor was? perhaps the hate mail should start flying there way!
That's the rub, isn't it. My first instinct was that they should have named the vendor by name so we know not to buy their products and all could see the smoking ruins of their company and heed the warning: write good software.

Then I realized why they didn't release the name... It's the same problem as for OS vendors-- if you release the details of the attack before it's patched then users pay the price.

That's the publicity vs security debate in a nutshell, methinks.

thestaton
Aug 3, 2006, 04:01 AM
Instead of the headline reading macbook hacked in 60 seconds it should of read x vendor welcome to your lawsuit we promise it wont last 60 seconds!

macidiot
Aug 3, 2006, 05:10 AM
Is this just the only for the Macbook, or is the macbook pro also affected?

Seems like the pro would be affected too. But I have no idea why you would want to use a SECOND wireless card on a pro. The one built-in seems like it would be enough. :rolleyes:

In other words, this attention-craving hacker decided to use a Mac to demonstrate an exploit that is far more threatening to a PC. The chances of a Macbook user a) buying a 3rd party wireless card and b) hooking it up to a Macbook are slim and none.

Now if this exploit was demonstrated using the internal wireless, it would be a whole different level of seriousness.

And don't even get me started on wifi security... :D

superted666
Aug 3, 2006, 05:26 AM
maybe i miss understood that but there using a 3rd party wireless card, so not the one in the macbook?

also there on the same network as he has setup the ip's already....

Dunepilot
Aug 3, 2006, 05:50 AM
As many others have pointed out, this isn't the event it's being made out to be. The fact it's a macbook is pretty much an irrelevance.

fixyourthinking
Aug 3, 2006, 06:54 AM
I totally agree with you and I blame the Washington Post for the initial insanity. The headline and article made it sound as if the MacBook was the problem and not the third-party device driver. Obviously, there is a security hole that needs to be addressed by vendors like Apple, but this isn't an Apple hardware problem.

I may have beeen initially too dismissive of the article, but that's because of the sudden yellow tint to all the articles regarding Macintosh security. The tech-press is ready to wet themselves the moment a Macintosh hole is discovered and far too many people, offended by the Get A Mac commercials, have their long knives sharpened and are just waiting for the opportunity to use them. Some were so quick on the draw I suspect they merely read the headline.

The problem is that it was also from a third party device driver from something that almost ZERO people will use with MacBooks ... a USB to wireless adapter. Further, the driver for the third party device had to be installed "PRIOR" to the hack and then also had to access the wireless access point via the terminal ... who does that? And how many people just have the terminal open?

bryanc
Aug 3, 2006, 06:54 AM
In other words, this attention-craving hacker decided to use a Mac to demonstrate an exploit that is far more threatening to a PC. The chances of a Macbook user a) buying a 3rd party wireless card and b) hooking it up to a Macbook are slim and none.

+++

Quoted for truth.

This is the key to this story, and I'm very disappointed in the media for completely missing this. The 3rd party peripheral being used was not secure, and *ANY* computer using this device could be compromised...even a Mac. But they really should point out that Mac's don't need these devices, so it's really a hypothetical demonstration.

Mac OS X has become the Everest of hacking challenges... these guys just took a helicopter to the top rather than climbing. But eventually, malware that affects OS X will start to create some issues... however, regardless of market-share, the design characteristics of OS X will keep malware from ever becoming the issue it is for Windows.

Cheers

MacFinn
Aug 3, 2006, 07:03 AM
1) Using USB Wlan card.
2) Connects the Mac to the Dell using similar card (can you say self written drivers?) using already set up IPs and settings.
3) Attacks the Mac (how do we know he just doesn't have Windows sharing on and log into existing account on the Mac?).
4) Had they used two Dells', who'd go see their video? Using Macbook gave them maximum exposure and hits.

Cheap publicity stunt!

mrplow
Aug 3, 2006, 07:24 AM
I have to agree with the last post as that's immediately what I thought last night- different devices have different drivers, he supposedly exploited a bug in the drivers for the external wifi card plugged into the macbook- first of all, who wrote those drivers? second of all, this fails to mention *ever* that apple's airport extreme card/drivers has such a bug to be dealt with-- merely that a mac using such an external card is vulnerable.

and ultimately, he never does load up the Sharing preferences to prove that shell/afs/smb/etc aren't running.

mkrishnan
Aug 3, 2006, 07:27 AM
Okay, I mostly agree with the comments that this is being overblown because the AE card inside the Mac is not being used. But....

Two things:

1) I re-iterate my comment much earlier that this does point to a long-term problem that has to do with the fact that there is no real non-discoverable mode available in most implementations of the Wi-Fi client driver, as there is with Bluetooth devices and with Wi-Fi host drivers in routers (why? because I'm pretentious! :p ).

2) I don't completely understand this business of an external card being used. Can anyone help me out? So an external card was used in OS X, correct? Don't most OS X external cards that do work, work based off the driver that is shipped with OS X and not with a driver provided separately by the card vendor? Installing drivers in OS X is very rare. Does the unnamed external card use the same OS X driver used for the AE card, or does it use a different one? If it uses the same one, it's not clear that the driver in OS X is completely safe.

Not panicking here...but this seems like an opportunity to improve computer security for us all...

MacFinn
Aug 3, 2006, 08:02 AM
I did a quick google search. Seems to me that USB wlan cards NEED to have their own drivers.

And of course the USB wlan sticks a cheap and it followes that the drivers were also developed cheap. Cheap and quality don't mix.

gnasher729
Aug 3, 2006, 08:14 AM
2) I don't completely understand this business of an external card being used. Can anyone help me out? So an external card was used in OS X, correct? Don't most OS X external cards that do work, work based off the driver that is shipped with OS X and not with a driver provided separately by the card vendor? Installing drivers in OS X is very rare. Does the unnamed external card use the same OS X driver used for the AE card, or does it use a different one? If it uses the same one, it's not clear that the driver in OS X is completely safe.

99.9999% of MacBook and MacBook Pro users don't have an external wireless card. The only reason why you would have an external card is either a meeting of a very clever salesman and an exceedingly stupid customer, who never realised that he doesn't need an external card, or a MacBook with a broken wireless card that is more expensive to repair than buying an external one. But then I think all MacBooks in existence should still be under warranty, so that shouldn't happen.

So why did they use an external wireless card? The only reasonable explanation is that whatever they did doesn't work with the built-in airport.

What I think that happened: They found a wireless card with USB connector that will make wireless connections even when it is not explicitely told to do so. Next, they prepared a Macintosh to allow remote login, which is dangerous if you are connected to any network. Remember, it was their Macintosh, and anyone can make their Macintosh as vulnerable as they like if they know how to. And these two things combined are enough.

No danger for anyone without an external wireless card, and no danger for anyone who hasn't messed around with their Macintosh and made it vulnerable.

mkrishnan
Aug 3, 2006, 08:26 AM
So why did they use an external wireless card? The only reasonable explanation is that whatever they did doesn't work with the built-in airport.

Yes, this had certainly occurred to me, and I think it's a fair guess. But I don't think I'd gallop off to "this is a total non-issue" from here. That's all I'm saying. Again, not panicked, but I think this should be pursued in the long term. There is a valid point in that the "seeking a network" activity of wifi cards in general offers a potential vector for exploits.

bigmc6000
Aug 3, 2006, 08:50 AM
I think they are using the "we don't want this to get out into the wild" thing as a scam. If you do it in person people might actually ask questions like 1) Why not use the built in wireless card? ('cause we're not good enough to hack that) 2) What are the security settings on the Mac? (everything open and enabled, making it childs play to "hack" in 3) Why would anyone ever use a USB external wifi-card with a MacBook? (They wouldn't - this is about as hypothetical a "hacK" as there ahs ever been).

It's really funny to see earlier in the thread how some of the hacker friends were claiming victory about how the Mac is vulnerable and Mac users are just smug blah blah blah. Strangely, there aren't any posts like that after it was discovered about the 3rd party card and all of the other inconsistencies. This smells just like that "Hack a Mac" contest. Lets make this thing as easy to crack as possible and see if someone can do it - DUH!

Passante
Aug 3, 2006, 09:32 AM
From http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
quote
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported. end quote

Watch what you connect to!

Some_Big_Spoon
Aug 3, 2006, 09:34 AM
Discussion hit /. with more informed people than we: http://it.slashdot.org/it/06/08/03/129234.shtml

Kiddies on this board will be frothing at the mouth with Ann Coulter-esque murderous rage.

Why did they have to use a third party WiFi card if it's the OS's problem. My understanding is that it's Intel's deal, not Apple's.

We're apparently too smug to figure that out?

benthewraith
Aug 3, 2006, 09:36 AM
Hey guys, allow me to redirect the conversation here because I think you're all missing the point a little bit:

OK, so I just watched the video and all I can say is that the video demo IN NO WAY proves that they've done what they say they can do. First, the BIGGEST thing in this exploit was that this hack was supposed to work without having to connect the hacked machine to any network, yet the first thing they did in the demo was CONNECT the Mac to the Dell!!! Not to mention that they attached a third-party network adaptor (if that was even what it was). Even then, all they got was a shell for the current user.

That doesn't even start to get to the issue of what the video actually showed--which was VERY LITTLE. Just watch it, where is the proof that they even actually did the things which they claimed? I could have made that video EASILY. When I first read the report, I thought the video was going to be one of something that was done LIVE! Hardly...

Indeed, the question of whether this hack actually works is called into question, but I doubt they'd go through the stuff just to fool us. What they were getting at is the Mac just has to have it's airport card connected. A computer will connect to any network it detects that has the same SSID. So if the mac had connected to the network belkin54g sometime in the past, they can spoof the SSID on the Dell to be a belkin54g, thereby allowing them to hack the mac, so to speak.

However, the video does lack a little bit of detail, mainly, was a third computer outside the room using a Mac with Apple Remote Desktop.

bigmc6000
Aug 3, 2006, 09:45 AM
From http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
quote
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported. end quote

Watch what you connect to!


NOT! Are you serious??? - some guy writes in his blog that Apple was leaning heavily on him not to point out the problems with apples drives. Wow - it's on the internet it must be true. Oh wait - it that were right I'd have a true video iPod, a PB G5, an iPhone, and a 12 GB Nano in my ownership right now.

Give me a break - it's a blog for crying out loud - it's about as accurate as MacOSRumors.

Also, as pointed out on page 3 (I think) - the latest security update fixes this vulnerability - even tho it's still a 3rd party USB driver and I don't believe for 1 second that he used a 3rd party card out of respect for apple's wishes...

ejb190
Aug 3, 2006, 10:02 AM
I used to build a lot of fences for livestock farms. No matter how well we thought we built the fence, the only way to make sure the pigs couldn't get out was to put the pigs in...

And that's my feelings about computer security. At least these guys are going public with their findings. Now it's time for the computer savy public to put them through their paces.

OMGteh.nterweb
Aug 3, 2006, 10:08 AM
Herr go an ABC news story where it's mentioned.

Experts Discuss Wireless Vulnerability (http://abcnews.go.com/Technology/wireStory?id=2266507)

matznentosh
Aug 3, 2006, 10:49 AM
I think they are using the "we don't want this to get out into the wild" thing as a scam. If you do it in person people might actually ask questions like 1) Why not use the built in wireless card? ('cause we're not good enough to hack that) 2) What are the security settings on the Mac? (everything open and enabled, making it childs play to "hack" in 3) Why would anyone ever use a USB external wifi-card with a MacBook? (They wouldn't - this is about as hypothetical a "hacK" as there ahs ever been).

I completely agree. It would be a big surprise to me that any method of connecting to an OS X Mac would allow it to be controlled without specific permissions granted by the administrator account, suggesting these guys left the account open on purpose or allowed remote access with the password known. In other words, once you access the computer you still have to get the operating system to give you permission to screw around.

On the other hand, if this exploit is actually true, it doesn't really matter who's driver is to blame: somehow they were able to subvert OS X's security. THAT would be an issue for Apple and for all of us.

All things considered, I don't believe they did what they claim they did.

ChrisA
Aug 3, 2006, 11:08 AM
I completely agree. It would be a big surprise to me that any method of connecting to an OS X Mac would allow it to be controlled without specific permissions granted by the administrator account, suggesting these guys left the account open on purpose .

No, the way this works is to effectly by-pas all that. All buffer overflow "hacks" do this.

What you do is send a poorly formatted, out of spec network packet. The driver reads the packet which is oversized and places it in memory. The packet being over sized over writes some of the driver code. Some of this over written code is an entry point to the driver. So the next time that entry point is called the hackers code is executed. One you are able to incert your own code into the Kernel all that "permissions stuff" is moot because you have effectiviely loaded your own operating system code over top of Mac OS. In a real-world exploit the little bit of code in the first oversized packet would contain a loader that would read following packets.

This kind os hack is very, very hard to do. and very easy to patch the driver so it can't happen. In fact any code review should have caught it. Kind of proves that whoever wrote the wireles driver didn't bother with a peer review code walkthrough.

edoates
Aug 3, 2006, 11:41 AM
No, the way this works is to effectly by-pas all that. All buffer overflow "hacks" do this.

What you do is send a poorly formatted, out of spec network packet. The driver reads the packet which is oversized and places it in memory. The packet being over sized over writes some of the driver code. Some of this over written code is an entry point to the driver. So the next time that entry point is called the hackers code is executed. .

Some of this points out the wisdom of the IBM AS400 design: code and data were separately tagged entities. It was not possible to execute "data," nor was it possible to tag "data" as "code" without OS intervention; even drivers could not do this since the tagging was a hardware function and drivers ran at a different security level. Of course, the machine was exceedingly slow, but it was an interesting hardware/software design decision to tag all contents of memory.

sparkleytone
Aug 3, 2006, 11:48 AM
There's no use whining. It makes our community look bad and doesn't do anything positive. These things happen and vulnerabilities exist. Its not about who's driver it is or if its part of the OS. Its about how quickly Apple responds, how they respond, and the vulnerability being fixed.

deconai
Aug 3, 2006, 11:53 AM
But wait! Doesn't Apple's miniscule market-share mean that hackers won't target Macs because there is nothing to be gained? Better off targeting the 95% of Windows-running machines out there? I think this story proves again that the "security through obscurity" argument is just a myth. :)
Well, going on national TV and basically challenging the hacker community doesn't really qualify as obscure, now does it?

yellow
Aug 3, 2006, 11:54 AM
OK, so their inital aim was implicitly to get in-the-face of smug Mac users. And then Apple "leans" on them, so they go all nicey-nice and 'decide' to a USB wifi card instead? Doesn't this seem slightly odd to anyone else?

yellow
Aug 3, 2006, 11:55 AM
Well, going on national TV and basically challenging the hacker community doesn't really qualify as obscure, now does it?

People keep mentioning this.. does anyone have a link to the add that specifically challenges hackers?

deconai
Aug 3, 2006, 12:06 PM
People keep mentioning this.. does anyone have a link to the add that specifically challenges hackers?
No, not a direct challenge. I'm sorry, I was using hyperbole to drive a point home. Apple's not obscure anymore. Even though they control a small portion of the total PC market, I'm seeing more Apple commercials on TV and online than I ever have. They're extremely high visibility now.

And as for the hacker challenge, many believe that the new commercials present a "smug" image of Apple, and one of the commercials specifically touches on the nonexistence of Mac viruses. Now I realize that this is not exactly an open invitation to challenge the OSX 20-ton gorilla, but to some hackers, this does indeed make Apple a target.

kcmac
Aug 3, 2006, 12:06 PM
People keep mentioning this.. does anyone have a link to the add that specifically challenges hackers?
Do you ever watch TV? Seen the latest I'm a Mac, I'm a PC Ads?

yellow
Aug 3, 2006, 12:11 PM
No, I don't watch TV in the summer. Reruns are lame. Reality shows are stupid. TiVo is God.

So.. when Microsoft challenges me to figure out "Where I Want To Go Today?", I should be pissed because Windows won't take me to Peoria?

yellow
Aug 3, 2006, 12:16 PM
So...

The statements by the "Mac"

"I'll be fine" &
"PCs, not Macs"

Constitutes a "challenge to the hacker community"??!

:rolleyes:

Whatever.

frozencarbonite
Aug 3, 2006, 12:33 PM
So do you have to be connected to an unknown network (like in a coffee shop or bookstore) for this to work?

I'm actually not in the city, so I don't have anyone around me that would be close enough to connect. Could it still work though? :confused:

Aztechian
Aug 3, 2006, 12:41 PM
The same washington post blog mentions in the next article that the default ("built-in") wireless cards in the macbook have the same flaw. So this is a bit bigger deal than a few odd people using external cards...

yellow
Aug 3, 2006, 12:42 PM
Let's theorize: So why didn't they use the internal card?

Aztechian
Aug 3, 2006, 12:45 PM
Let's theorize: So why didn't they use the internal card?

Supposedly because apple said "please, please, pretty please dont"

Edit: Or maybe it was just an offer they couldnt refuse...

gauchogolfer
Aug 3, 2006, 12:46 PM
OK, so their inital aim was implicitly to get in-the-face of smug Mac users. And then Apple "leans" on them, so they go all nicey-nice and 'decide' to a USB wifi card instead? Doesn't this seem slightly odd to anyone else?

It certainly strikes me as being a bit off, as well. I didn't think about it until you mentioned it, though. Seems like a pretty abrupt about-face.

yellow
Aug 3, 2006, 12:49 PM
Supposedly because apple said "please, please, pretty please dont"

Then how is it an 'in-your-face-you-smug-apple-using-retards'?
Why would these "blackhats" be listening to Apple, particularly when they appear to have an axe to grind?

Aztechian
Aug 3, 2006, 12:52 PM
Then how is it an 'in-your-face-you-smug-apple-using-retards'?
Why would these "blackhats" be listening to Apple, particularly when they appear to have an axe to grind?

yeah, I don't see how they can make their smugness quotes, and then go to apple and microsoft first before demoing. It does seem odd, since they would know that all companies involved would "pressure" them like that.

dejo
Aug 3, 2006, 12:52 PM
From the blog:
"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said.
With this kind of angst, why wouldn't they use the internal Airport card?

yellow
Aug 3, 2006, 12:58 PM
With this kinda of angst, why wouldn't they use the internal Airport card?

Exactly.

Something does not add up.

Either it's much harder to do with built-in drivers in both Windows/OS X that they want to make claim of..

frozencarbonite
Aug 3, 2006, 01:48 PM
So do you have to be connected to an unknown network (like in a coffee shop or bookstore) for this to work? Or do you just have to be connected to the internet via wireless?

I'm actually not in the city, so I don't have anyone around me that would be close enough to connect. Could it still work though? :confused:


Does anyone know the answer to this?

appleguru1
Aug 3, 2006, 01:55 PM
This is not a hack at all.. unless you have SSH ("Remote Login" in Sharing prefs) on and the attacker knows your password, they can't do crap.

Now, by all means I'd like to see proof that this hack can actually exploit a user's system without SSH on and without knowwing their password, but from what I've seen I wouldn't think so.

yellow
Aug 3, 2006, 02:01 PM
Does anyone know the answer to this?

There's precious little details on what the actual exploit is, so no.. I don't think anyone here knows, yet.

frozencarbonite
Aug 3, 2006, 02:04 PM
There's precious little details on what the actual exploit is, so no.. I don't think anyone here knows, yet.

Yeah, I bet there are no more details released on the vulnerability until a patch is released.

AnthonyKinyon
Aug 3, 2006, 02:21 PM
http://www.macfixit.com/article.php?story=20060803094301394

Also see: http://www.sci-tech-today.com/story.xhtml?story_id=003000002WEF

Passante
Aug 3, 2006, 02:27 PM
http://www.macfixit.com/article.php?story=20060803094301394

Also see: http://www.sci-tech-today.com/story.xhtml?story_id=003000002WEF


Well I'm back to being a smug Mac user :eek:

frozencarbonite
Aug 3, 2006, 02:36 PM
I'm getting more confused. In one paragraph is says, He said the technique could be useful in targeting specific people or specific groups of people who are in close proximity to an attacker -- for instance, a cafe that is frequented by executives of a particular company.

Then in another paragraph is says, A computer need not be connected to the Internet to be infected. All that's required is that it have certain wireless devices installed and that those devices be turned on.

And I'm still confused about whether or not the native Airport drivers are affected by this.

Nothing has been cleared up to me. There so many different reports.

bigandy
Aug 3, 2006, 02:36 PM
Well I'm back to being a smug Mac user :eek:
as am i :D

WildCowboy
Aug 3, 2006, 02:39 PM
And I'm still confused about whether or not the native Airport drivers are affected by this.

They are (http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html).

I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.

frozencarbonite
Aug 3, 2006, 02:40 PM
They are (http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html).

Powerbook drivers? hahaha

Passante
Aug 3, 2006, 04:01 PM
Powerbook drivers? hahaha


Well now I'm not as certain ha ha .....um himmmm

http://www.macfixit.com/article.php?story=20060803094301394

gekko513
Aug 3, 2006, 04:04 PM
Now I'm confused, too. :(

frozencarbonite
Aug 3, 2006, 04:11 PM
Sorry they are not hahaha

http://www.macfixit.com/article.php?story=20060803094301394

hahaha Don't be sorry. Powerbooks not being affected by this is a good thing to me. I'm still holding tight to my PPC.

MS bulldog
Aug 3, 2006, 04:17 PM
i love all of this "fact" posting about whether the vulnerability works on native parts or not...its soooo...scientific.

well this blog said this
well this blog said that
well such and such downstairs said [insert claim]

WildCowboy
Aug 3, 2006, 04:21 PM
hahaha Don't be sorry. Powerbooks not being affected by this is a good thing to me. I'm still holding tight to my PPC.
What's your source that says PowerBooks (or any other machines) aren't affected?

frozencarbonite
Aug 3, 2006, 04:27 PM
What's your source that says PowerBooks (or any other machines) aren't affected?

I don't have any. I wish I did. The only thing I can go by is that there haven't been any mention of Powerbooks in ANY of the articles. They probably haven't mentioned it, because they don't know the details either. I wouldn't be suprised if it all machines with Airport. Not just the intel macs. So I guess in other words, I have no source. hahaha

deconai
Aug 3, 2006, 05:00 PM
Something to take into consideration:
If these guys didn't want Apple to be embarrassed, why did they go ahead and use an Apple computer? That was quite polite of them not to show how vulnerable the Airport card is...or just plain bull. I don't believe this for one second. It's all to easy to say something, but a little harder to back it up with actions.

Not all drivers are created equal.

frozencarbonite
Aug 3, 2006, 05:25 PM
I guess I'll connect to my ethernet for now to be on the safe side until we get more information.

yellow
Aug 3, 2006, 05:32 PM
I seriously doubt this is a major concern ATM for home users with secured wifi access points (and by that, I mean wifi APs that filter MAC addresses). In order for someone to use this exploit, they would undoubtedly have to be on your network..

WildCowboy
Aug 3, 2006, 05:36 PM
I seriously doubt this is a major concern ATM for home users with secured wifi access points (and by that, I mean wifi APs that filter MAC addresses). In order for someone to use this exploit, they would undoubtedly have to be on your network..

I thought the point of their claim was that you don't have to be connected to ANY network. As long as the wireless is on (and not necessarily connected to anything), they can connect to the computer.

Whether or not it's true is a separate matter, but it's what they're claiming.

yellow
Aug 3, 2006, 05:37 PM
Ah, OK, my misunderstanding.

appleguru1
Aug 3, 2006, 07:33 PM
If anyone is curious, here's the 'exploit' script they used...

http://appleguru.org/bad_apple.sh

yellow
Aug 3, 2006, 07:37 PM
??

sleep and echos?
Is this a joke?
It must be a joke.

savar
Aug 3, 2006, 07:40 PM
Well... but at least it's not Apple's fault, because they didn't produce the driver. Therefore it's actually not a concern of Apple's but of the driver's producer's.

On the other hand Apple did include it into it's OS seemingly without testing it thorougly, and that is, of course, a concern of Apple's. So they will have to work together to get rid of that - and I'm sure they will - and I may be smug again. :p

The moral of the story is that to hack OS X you have to focus your effort on the closed-source software that's in there.

Everybody thinks Macs are safe because Darwin is open source, tried and tested. But we forget about all the closed-source software that is running with elevated privileges.

backdraft
Aug 3, 2006, 08:19 PM
Here's a work around maybe. Under Systems Preferences > Network > Airport

Click on Configure and then Options...

I wonder if this is a specific to X86 hardware... Does this effect ppc based hardware?


Oh, probably should ask for admin psswd to change networks as well...

backdraft
Aug 3, 2006, 08:21 PM
The moral of the story is that to hack OS X you have to focus your effort on the closed-source software that's in there.

Everybody thinks Macs are safe because Darwin is open source, tried and tested. But we forget about all the closed-source software that is running with elevated privileges.

Or the hardware exploits... Been down hill since Intel... X86 hardware exploits likely on the way

mkrishnan
Aug 3, 2006, 08:34 PM
I wonder if this is a specific to X86 hardware... Does this effect ppc based hardware?

These options have always been there, but I'm not sure they're sufficient to divert this type of exploit (assuming it exists/works, since people are arguing fervently that it's a hoax). The way I understand it, a WiFi device looking to join a network is doing active sensing even when it will only join preferred networks -- this pretty much must be true, since it can join a preferred hidden network, which is not itself broadcasting its availability. So the problem comes when a malevolent entity responds to the ping that the WiFi card puts out. I'm not sure just telling your computer to not join open networks would make any difference at that level. For instance, in analogy, with the BT exploit, one was not required to pair with the device propagating the virus -- just be discoverable.

benthewraith
Aug 3, 2006, 08:44 PM
Here's a work around maybe. Under Systems Preferences > Network > Airport

Click on Configure and then Options...

I wonder if this is a specific to X86 hardware... Does this effect ppc based hardware?


Oh, probably should ask for admin psswd to change networks as well...

The issue is, the computer will automatically connect to a spoofed wireless network. Meaning, they can grab the SSIDs you've ever connected to in your preferred networks list right out from the air, as both OSX and XP broadcast such information. If they find an open network, they can broadcast on their computer as an Access Point with that SSID. A lot of people don't seem to understand this. Theoretically, you could be working on your computer at a non-wifi airport and someone else can come in, see your SSIDs being broadcast by your card, and create a faux wireless network with that access point name. This type of attack has been known for a VERY long time though, I'm surprised this has just come out as soon as it did.

backdraft
Aug 3, 2006, 08:48 PM
These options have always been there, but I'm not sure they're sufficient to divert this type of exploit (assuming it exists/works, since people are arguing fervently that it's a hoax). The way I understand it, a WiFi device looking to join a network is doing active sensing even when it will only join preferred networks -- this pretty much must be true, since it can join a preferred hidden network, which is not itself broadcasting its availability. So the problem comes when a malevolent entity responds to the ping that the WiFi card puts out. I'm not sure just telling your computer to not join open networks would make any difference at that level. For instance, in analogy, with the BT exploit, one was not required to pair with the device propagating the virus -- just be discoverable.

Well a computer to computer network must be set up; how else can he transfer files? One card acts as the gateway and assigns ip... from what I can tell in the video

backdraft
Aug 3, 2006, 08:51 PM
If anyone is curious, here's the 'exploit' script they used...

http://appleguru.org/bad_apple.sh

I'm not downloading a sh script to my mac. lol

backdraft
Aug 3, 2006, 08:54 PM
hahaha Don't be sorry. Powerbooks not being affected by this is a good thing to me. I'm still holding tight to my PPC.

PPC FOREVER!!! Intel must die a horrible death along w/ M$!

shawnce
Aug 3, 2006, 09:13 PM
I'm not downloading a sh script to my mac. lol

It contains...

#! /bin/sh
echo -n "Finding channel and signal strength....."
sleep 1
echo "DONE!!"
echo -n "Preparing shellcode."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
echo "Adding connection information for remote client."
echo -n "Sending attack"
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo "."
echo "Waiting for response"
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
sleep 1
echo -n "."
echo "Got Shell"
#Note, requires public key files on remote machine to connect without password
ssh bad@192.168.1.50 'ls'
ssh bad@192.168.1.50

appleguru1
Aug 3, 2006, 09:16 PM
??

sleep and echos?
Is this a joke?
It must be a joke.

You caught me, it is :P

But, if you run it, it should mimic the video those guys put out exactly...

point being, unless I see some hard evidence that really shows this exploit is viable, I'm calling BS.

jaduffy108
Aug 4, 2006, 12:39 PM
Well... but at least it's not Apple's fault, because they didn't produce the driver. Therefore it's actually not a concern of Apple's but of the driver's producer's.

On the other hand Apple did include it into it's OS seemingly without testing it thorougly, and that is, of course, a concern of Apple's. So they will have to work together to get rid of that - and I'm sure they will - and I may be smug again. :p


###Just my two cents.... it is exactly this kind of "attitude" that make tech and Windows people want to throw up. Of course, it's Apple's concern and it SHOULD be yours. If it comes with the Mac...it's Apple responsibility...period. As an Apple user, i'm embarrassed more and more by the Apple community. Gonna have to start painting over the Apple logo on my PB.

frozencarbonite
Aug 8, 2006, 03:47 PM
Just thought I'd post some information that I found about this. I don't understand a lot of the technical talk but the other stuff I do.

http://www.smallworks.com/archives/00000455.htm

Very interesting read.

Also take a look at this from the same site.

http://www.smallworks.com/archives/00000456.htm

wnurse
Aug 8, 2006, 10:26 PM
The exploit is apparently in the device driver, and so its more of an issue with Atheros than with Apple. I mean, a vulnerability is a vulnerability, and it still needs to be fixed, but the compromised code is most likely not Apple's at least.

Many windows exploits deals with third party software.. what's your point?.
Actually, the hackers were very nice to let microsoft and apple plus the device drivers know about the problem.

Still, Apple is ultimately responsible for putting the software in their machines and in advertisements, they never say "macs are safe except for third party software". Actually, even with this, macs are a lot safer than windows but i predict the assualt is coming. It's really only a matter of time.

wnurse
Aug 8, 2006, 10:31 PM
I completely agree. It would be a big surprise to me that any method of connecting to an OS X Mac would allow it to be controlled without specific permissions granted by the administrator account, suggesting these guys left the account open on purpose or allowed remote access with the password known. In other words, once you access the computer you still have to get the operating system to give you permission to screw around.

On the other hand, if this exploit is actually true, it doesn't really matter who's driver is to blame: somehow they were able to subvert OS X's security. THAT would be an issue for Apple and for all of us.

All things considered, I don't believe they did what they claim they did.

Yes, it's always good to bury your head in the sand.. makes the problem goes away or even better, makes the problem non-existent. Did you read the part where they are in contact with Apple and microsoft?.. you think apple employees have time to deal with a crackpot?. I believe if this was a joke, you'd know.

wnurse
Aug 8, 2006, 10:35 PM
Instead of the headline reading macbook hacked in 60 seconds it should of read x vendor welcome to your lawsuit we promise it wont last 60 seconds!

The macbook was hacked in 60 seconds. Why it was hacked or whoose software was responsible is irrelevant. The macbook was HACKED, PERIOD!.
End of story.

yellow
Aug 9, 2006, 07:46 AM
The macbook was HACKED, PERIOD!. End of story.

Please don't promote the FUD.

It's not entirely clear what happened, or how.

And it wasn't the Macbook (nor OS X) that got hacked..

JBot
Aug 9, 2006, 10:00 AM
It's not entirely clear what happened, or how.

And it wasn't the Macbook (nor OS X) that got hacked..
Than what did get hacked?
The wireless card that was plugged into the macbook.

I know what youre saying, and they have made it clear, this isnt an attack on macs that allowed this hack. any machine is supposedly open to be 'hacked.'

gwangung
Aug 9, 2006, 10:44 AM
Than what did get hacked?
The wireless card that was plugged into the macbook.

I know what youre saying, and they have made it clear, this isnt an attack on macs that allowed this hack. any machine is supposedly open to be 'hacked.'

Yeah, but their presentation was extremely poor. If it was to show that ANY system could be hacked, why choose a set up that is EXTREMELY improbable and unlikely? It weakens their case and encourages folks to dismiss them.

JBot
Aug 9, 2006, 10:46 AM
Yeah, but their presentation was extremely poor. If it was to show that ANY system could be hacked, why choose a set up that is EXTREMELY improbable and unlikely? It weakens their case and encourages folks to dismiss them.
How come it is extremely imporbable and unlikely?
They presented there script against a mac because the mac strives on the claim that they are the safest pc out there.
They said in there interview they targeted the mac because they hate the commercials.

Explain how that makes there presentation poor.

yellow
Aug 9, 2006, 10:55 AM
Why did they use a 3rd party USB wireless card then?

Do we really need to rehash all this?

What they put forth as a hack is fishy. There's a lot of missing information.
They could have hung it off a bar of soap with linux installed on it and done the same exploit. Because they hate soap and think linux is for girls.

It's just FUDtardery.

yellow
Aug 18, 2006, 12:14 PM
It's just FUDtardery.


And apparently now they admit that it was bull-****.

http://www.tuaw.com/2006/08/18/secureworks-admits-to-falsifying-macbook-wireless-hack/

;)

kugino
Aug 18, 2006, 12:20 PM
And apparently now they admit that it was bull-****.

http://www.tuaw.com/2006/08/18/secureworks-admits-to-falsifying-macbook-wireless-hack/

;)
yeah, using a third-party card AND driver software. stuff that 99.9% of macbook owners would never use anyway...if their goal was to show THAT a macbook could be hacked, they did show it. but they did not show that a macbook being used in a normal way using macbook drivers and hardware can be hacked. pretty piss-poor, IMO.

gekko513
Aug 18, 2006, 12:29 PM
And apparently now they admit that it was bull-****.

http://www.tuaw.com/2006/08/18/secureworks-admits-to-falsifying-macbook-wireless-hack/

;)
Now, isn't that something. What a great way of proving the 'Get a Mac' commercials wrong. If anything, the myth that Macs are invulnerable is strengthened when they make up lies and are caught.

benthewraith
Aug 18, 2006, 12:35 PM
And apparently now they admit that it was bull-****.

http://www.tuaw.com/2006/08/18/secureworks-admits-to-falsifying-macbook-wireless-hack/

;)

Busted. Boy do I hate to be those guys. :rolleyes:

plinden
Aug 18, 2006, 12:38 PM
I don't see this mentioned here, but Apple have told MacWorld (http://www.macworld.com/news/2006/08/17/wirelesshack/index.php) - my bolding:

“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,” Apple Director of Mac PR, Lynn Fox, told Macworld. “To the contrary, the SecureWorks demonstration used a third party USB 802.11 device–not the 802.11 hardware in the Mac–a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.”

gekko513
Aug 18, 2006, 12:38 PM
Busted. Boy do I hate to be those guys. :rolleyes:
Yeah, in the beginning I had some respect for what they did, because some parts of the Mac community needs to get some perspective, but now they just look pathetic.

hulugu
Aug 19, 2006, 12:26 AM
The macbook was hacked in 60 seconds. Why it was hacked or whoose software was responsible is irrelevant. The macbook was HACKED, PERIOD!.
End of story.

:eek: :mad:

That the MacBook was hacked using a third-party card and third-party drivers isn't irrelevant, it's the whole point. :rolleyes:

There's an important difference between standard configuration and this set-up which makes it so much easier for the MacBook to be hacked. Your cheerleading aside, no Mac is hack-proof, but there's a big difference between breaking a lock and opening it because someone left the keys in the door.

hulugu
Aug 19, 2006, 12:32 AM
How come it is extremely imporbable and unlikely?
They presented there script against a mac because the mac strives on the claim that they are the safest pc out there.
They said in there interview they targeted the mac because they hate the commercials.

Explain how that makes there presentation poor.

Simply put, by presenting the hack with a MacBook they made it appear as though the MacBook had a fatal flaw that was inherent to the system and they were poor at presenting this flaw as a problem with a particular third-party wireless card.
The addition of their complaining about the commercial made they appear as though they had a vendetta and a bias which security researchers should avoid. The flaw should have been presented with a multitude of systems, including the Mac, to show how the flaw affected Windows and the Mac, and they should have been more clear about the addition of a third-party USB wireless device as well as their tweaking of OSX's settings.
They went for a flashy presentation and got fried by it.