Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Wireless Macbook Security Exploit?
- Thread starter MacRumors
- Start date
- Sort by reaction score
more confused now
I'm getting more confused. In one paragraph is says,
Then in another paragraph is says,
And I'm still confused about whether or not the native Airport drivers are affected by this.
Nothing has been cleared up to me. There so many different reports.
I'm getting more confused. In one paragraph is says,
Then in another paragraph is says,
And I'm still confused about whether or not the native Airport drivers are affected by this.
Nothing has been cleared up to me. There so many different reports.
frozencarbonite said:
Well now I'm not as certain ha ha .....um himmmm
http://www.macfixit.com/article.php?story=20060803094301394
Passante said:
hahaha Don't be sorry. Powerbooks not being affected by this is a good thing to me. I'm still holding tight to my PPC.
i love all of this "fact" posting about whether the vulnerability works on native parts or not...its soooo...scientific.
well this blog said this
well this blog said that
well such and such downstairs said [insert claim]
well this blog said this
well this blog said that
well such and such downstairs said [insert claim]
What's your source that says PowerBooks (or any other machines) aren't affected?frozencarbonite said:
WildCowboy said:
I don't have any. I wish I did. The only thing I can go by is that there haven't been any mention of Powerbooks in ANY of the articles. They probably haven't mentioned it, because they don't know the details either. I wouldn't be suprised if it all machines with Airport. Not just the intel macs. So I guess in other words, I have no source. hahaha
Something to take into consideration:
If these guys didn't want Apple to be embarrassed, why did they go ahead and use an Apple computer? That was quite polite of them not to show how vulnerable the Airport card is...or just plain bull. I don't believe this for one second. It's all to easy to say something, but a little harder to back it up with actions.
Not all drivers are created equal.
If these guys didn't want Apple to be embarrassed, why did they go ahead and use an Apple computer? That was quite polite of them not to show how vulnerable the Airport card is...or just plain bull. I don't believe this for one second. It's all to easy to say something, but a little harder to back it up with actions.
Not all drivers are created equal.
I guess I'll connect to my ethernet for now to be on the safe side until we get more information.
I seriously doubt this is a major concern ATM for home users with secured wifi access points (and by that, I mean wifi APs that filter MAC addresses). In order for someone to use this exploit, they would undoubtedly have to be on your network..
yellow said:
I thought the point of their claim was that you don't have to be connected to ANY network. As long as the wireless is on (and not necessarily connected to anything), they can connect to the computer.
Whether or not it's true is a separate matter, but it's what they're claiming.
schenz said:Well... but at least it's not Apple's fault, because they didn't produce the driver. Therefore it's actually not a concern of Apple's but of the driver's producer's.
On the other hand Apple did include it into it's OS seemingly without testing it thorougly, and that is, of course, a concern of Apple's. So they will have to work together to get rid of that - and I'm sure they will - and I may be smug again.
The moral of the story is that to hack OS X you have to focus your effort on the closed-source software that's in there.
Everybody thinks Macs are safe because Darwin is open source, tried and tested. But we forget about all the closed-source software that is running with elevated privileges.
Potential Fix???
Here's a work around maybe. Under Systems Preferences > Network > Airport
Click on Configure and then Options...
I wonder if this is a specific to X86 hardware... Does this effect ppc based hardware?
Oh, probably should ask for admin psswd to change networks as well...
Here's a work around maybe. Under Systems Preferences > Network > Airport
Click on Configure and then Options...
I wonder if this is a specific to X86 hardware... Does this effect ppc based hardware?
Oh, probably should ask for admin psswd to change networks as well...
Attachments
backdraft said:
These options have always been there, but I'm not sure they're sufficient to divert this type of exploit (assuming it exists/works, since people are arguing fervently that it's a hoax). The way I understand it, a WiFi device looking to join a network is doing active sensing even when it will only join preferred networks -- this pretty much must be true, since it can join a preferred hidden network, which is not itself broadcasting its availability. So the problem comes when a malevolent entity responds to the ping that the WiFi card puts out. I'm not sure just telling your computer to not join open networks would make any difference at that level. For instance, in analogy, with the BT exploit, one was not required to pair with the device propagating the virus -- just be discoverable.
backdraft said:
The issue is, the computer will automatically connect to a spoofed wireless network. Meaning, they can grab the SSIDs you've ever connected to in your preferred networks list right out from the air, as both OSX and XP broadcast such information. If they find an open network, they can broadcast on their computer as an Access Point with that SSID. A lot of people don't seem to understand this. Theoretically, you could be working on your computer at a non-wifi airport and someone else can come in, see your SSIDs being broadcast by your card, and create a faux wireless network with that access point name. This type of attack has been known for a VERY long time though, I'm surprised this has just come out as soon as it did.