Go Back   MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

 
 
Thread Tools Search this Thread Display Modes
Old Apr 25, 2007, 11:54 AM   #1
MacBytes
macrumors bot
 
Join Date: Jul 2003
10 questions for MacBook hacker Dino Dai Zovi




Category: Opinion/Interviews
Link: 10 questions for MacBook hacker Dino Dai Zovi
Description:: I caught up with security researcher Dino Dai Zovi to discuss his successful hijack of a MacBook Pro machine at last week's CanSecWest conference in Vancouver, Canada. We talk about the specific vulnerability, the motivation for the attack, Apple's response and his plans around Mac OS X research.

Posted on MacBytes.com
Approved by Mudbug
MacBytes is offline   0
Old Apr 25, 2007, 12:09 PM   #2
dejo
Moderator
 
dejo's Avatar
 
Join Date: Sep 2004
Location: The Centennial State
Quote:
On my site, I list several vulnerabilities I've found and reported to Apple and I've found them to be very responsive and upfront about verifying things and giving credit. Some things are fixed quicker than others and maybe you can say they take too long on some things but when there are interdependencies on components being fixed, it can be a month of two before you see a patch.

They do tend to be a little quiet when dealing with researchers. They'll communicate on an as-needed basis and if you don't provide adequate information, maybe they'll follow up and ask for more. When I report bugs to Apple, I send full details including an exploit. They've been very good about pinpointing the issue and providing a fix.

I had an issue once where their engineers had trouble reproducing a vulnerability and I had to send more information and an actual exploit. After that, they found it and fixed it. I've always received appropriate credit.
Sounds like a very different experience than David Maynor and Jon Ellch had. Hmm...
dejo is online now   0
Old Apr 25, 2007, 03:23 PM   #3
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by dejo View Post
Sounds like a very different experience than David Maynor and Jon Ellch supposedly had. Hmm...
I added a word there The failure of Maynor and Ellch to this day to reveal proof of their accusations against Apple is just one of the extremely suspicious aspects of their saga.

http://daringfireball.net/2007/04/in_my_world

http://daringfireball.net/2007/03/show_me
nagromme is offline   0
Old Apr 25, 2007, 03:33 PM   #4
miniConvert
macrumors 68040
 
miniConvert's Avatar
 
Join Date: Mar 2006
Location: Kent, UK - the 'Garden of England'.
Send a message via AIM to miniConvert Send a message via MSN to miniConvert
That was quite an interesting read, Dino Dai Zovi comes across quite well. I think his skills could be put to good use probing OS X much harder to ensure the continued reputation of the OS.
__________________
Where are we? What the hell is going on? --Hide And Seek, Imogen Heap
miniConvert is offline   0
Old Apr 25, 2007, 05:09 PM   #5
guitarmaster18
macrumors regular
 
Join Date: Mar 2007
Anyone know the details of how he did it? Like, what HTML code would be used to do that?
guitarmaster18 is offline   0
Old Apr 25, 2007, 10:06 PM   #6
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by guitarmaster18 View Post
Anyone know the details of how he did it? Like, what HTML code would be used to do that?
Yes Zovi and his partner know, the company they sold the details to knows, and Apple knows And that's as it should be until there's a patch.
nagromme is offline   0
Old Apr 25, 2007, 10:46 PM   #7
dartzorichalcos
Banned
 
Join Date: Mar 2007
Location: Atlantis
Is an Intel mac easier to hack into than a PPC Mac? Is it because of this (from Wikipedia):
Quote:
PowerPC processors enforce some restrictions on the alignment of executable code, which could make exploiting certain vulnerabilities less difficult on an Intel CPU, however most modern Intel chips offer similar security features. One possible loss of security that is fundamental to the architecture is that the return address is passed on the stack in x86, unlike PowerPC, which have a special Link Register to store the return address, which is only pushed on the stack if the procedure calls another procedure, which makes buffer-overflow attacks easier on x86, though Mac OS X supports the XD bit which make it harder to actually cause an buffer-overflow attack to execute code.
dartzorichalcos is offline   0
Old Apr 25, 2007, 11:30 PM   #8
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by dartzorichalcos View Post
Is an Intel mac easier to hack into than a PPC Mac? Is it because of this (from Wikipedia):
I don't believe any Mac exploits related to that have been found.
nagromme is offline   0
Old Apr 26, 2007, 12:46 AM   #9
winmacguy
macrumors 68020
 
winmacguy's Avatar
 
Join Date: Nov 2003
Location: New Zealand
Very interesting reading. A very reasonable guy.
__________________
With Windows iWork, with Apple iCreate
winmacguy is offline   0


 
MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 07:51 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC