|
Hacker Conference: Remotely Hijacking a Macbook in 60 Seconds on Stage
http://blog.washingtonpost.com/secur...60_seco_1.html
Note that the exploit being talked about is related to an industry-wide wireless card driver. But still...what do you think? |
If the exploit is even remotely as good as promoted, a lot of vendors, including, but not limited to Apple, have a serious problem they should fix really fast.
It looks like a book about the subject from the same authors is in the pipeline as well... I particularly like this quote: "Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS. Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security." " Security-wise, Apple really should strive to swim faster than the sharks, not just faster than the stupid dorks swimming next to them... |
wow good read...
|
The flaw was announced a month and a half ago and this is merely the conference where they said they were going to present it. I wonder how much work Apple and others have put into solving this since the world has known about it for a month and a half already. Was any kind of fix included in yesterday's Apple Security Update?
|
Here are the problems fixed with yesterdays security update:
http://docs.info.apple.com/article.html?artnum=304063 Scary reading, fixes bugs of stunning stupidity in some cases, but even the BT fix mentioned does not relate to the drivers, so nothing fixed for now. |
if you read the full article it states that apple does not develope these drviers, in fact they have nothing to do with them. They are developed by a thirdy party, so it will be up the third party to remedy this.
It also states that the same problems occur with in MS windows with the exception that microsoft is actually trying to rectify the problem by digitaly signing drivers and testing their security, now. Where in the past they would digitally sign a driver and not test for security loop holes it might have. I think this guy shed some light on the whole industry. |
Quote:
|
Quote:
Come on, everyone jokes about the 'stereotypical mac user' don't they? Even in the IT field? Don't they? We do at my work.... Its all in good fun as long as you don't take it personally... Its a stereotype, and not true to every mac user, which makes it more of a joke. |
I never equated historical "superior" security to smugness.. but no one here is that dude, so I won't whine anymore.
|
Yellow, some people (I think their people…) say things about teh M$ \/\/indoz for the exact same reason.
Edit: Didn't see you reply. |
Quote:
|
Quote:
|
bramley, it's not all about security…
Quote:
Quote:
|
I'm just releived to know that there are some hard core hackers out there who are finding weaknesses and then turning them in. I mean honestly, how many people are going to be doing work that eventually goes into a Mac? Hundreds? Thousands? Someone, somewhere, is going to do something stupid. And it's nice to know that there are hundreds of good hackers out there finding these weaknesses and telling the designers to fix them.
|
On a side note...did anyone actually read the release notes of the Security Update from last night?
Scary stuff... Edit: voldenuit apparently has...whoops :D |
The video is now up.
http://news.com.com/1606-2_3-6101573...1573&subj=news I thought this was supposed to work on the stock Apple airport card. He plugs in some third party wireless card in the beginning. Mac users probably shouldn't worry, since if you have a MacBook you're not going to be plugging in some third party wireless card anyway. Still, it's an interesting way to show Apple should make sure the components they use are thoroughly tested prior to plopping them in their computers. |
The demo is indeed very weird:
He uses an extremely clunky, USB-connected WLAN-card. At no point it has become clear so far: • what chipset(s) are compromised • whether the problem is with firmware or with driver code We still need a lot more information to correctly assess the threat level of the discovered problem. I don't have a very good gut feeling given the extreme lack of detailed information, rather unusual for presentations on hacker conferences. |
Yeah...i felt the same way.
He just says "3rd party wireless card" I mean, i'm not saying it's fake...but i am very skeptical about it now that i've actually seen it. The only thing he mentions about the actual exploit is that "it's not as trivial as a buffer overflow" |
Intel has posted three security bulletins with vulnerabilities of the kind discussed by the authors,
http://support.intel.com/support/wir.../CS-023068.htm but the authors of the presentation would not confirm having worked with Intel: http://www.mercurynews.com/mld/mercu...s/15183450.htm Really curious how this will turn out. I don't quite understand why they didn't use a stock *book rather than their custom WLAN-stick... |
I'm guessing the stock *Book's wlan card isn't vulnerable to this exploit.
:sigh: |
I am going to guess that it is, since the airport cards are broadcom chipsets, just like most of the consumer wifi cards and routers out there are based off broadcom chips
The third party they refer too, is probably across and in all platforms in one shapre or another. How many "3rd party" devices work with macbooks? I am sure its probably not a lot, and I am also sure they probably all have technology based off the same chipset. Remember they really tried to standardize wireless networking, so there are standards across the board. This probably effects every computer user out there. |
That does make sense...it's more of a shock i guess if they can say, "hey, this effects every computer user with a wireless card"
I still think he should have clarified if it affects a stock MacBook though...the fact that it is left out i find quite curious, since he seems very anti-Mac. |
When I first read the article, I was left with the impression that the exploit would work on a MacBook where the card was on.
Quote:
Having seen the video I see that the exploit did not force association with the computer masquerading as the access point. The exploit was executed only once the MacBook had automatically associated with the AP and it appeared to be used to bypass the firewall. So why didn't they demonstrate forcing an association if they have this ability? Either we haven't been told the full story, or WP hasn't quite got its facts right. Going just by the video, it would seem that setting the MacBook not to automatically connect would prevent the exploit from being executed. Setting your computer not to connect to any old network it sees seems a standard bit of security to me. |
According to this guy, who spoke with Maynor for over an hour, the default MacBook wireless driver/card is susceptible to the same exploit, and they used a 3rd party card/driver at the request of Apple.
http://blog.washingtonpost.com/secur...book_post.html |
Quote:
If Apple had really successfully "leaned" on them, they'd have used a Dell portable as the "victim" as well, preferably running Vista. How do you fit together that the guys first publicly state something to the effect: "Apple zealots are arrogant bastards and we're so gonna 0wn their ass", and then, because Apple asked nicely, will do everything they can to embarass them a tiny little bit less ? Hello ? Reality check ? Hopefully we'll get some more hard facts on this story - as is, it's just deliberately vague and scary with next to none useful details on what is and how it is at risk. The published part of the demo is about as content-free as it possibly gets. We don't even know how he got his root-shell on the MacBook once the exploit was successful. Regardless of the real gravity of the exploit, the PR the authors make around it is anything but serious - let's wait and see. |
yip sounds dodgy to me
check out the Daring Fireball write up he brings up valid points as usual http://daringfireball.net/2006/08/krebs_followup |
Some more interesting investigation over at the.taoofmac.com
|
Update: They admit that their little "mac hacking" didn't even use Apple drivers. It was all 3rd party drivers just hanging off a Mac. FUDtards. :rolleyes:
http://www.macworld.com/news/2006/08...hack/index.php Smugness renewed. |
Quote:
Is this correct? They admitted in the video they were using a third party wifi device, and only the airport card uses airport drivers. However, it was also my understanding like every wifi card out there uses some of the same basic level of drivers hence the standardization of wifi networks... This is just what I got out of it, I could be wrong... |
Quote:
|
Quote:
okay but apple does not write their own drivers a third party does correct? that is what I have read online referring to this "hacking fiasco" |
There are a lot of comments still being written about this story, here's one with lots of links to others:
http://wifinetnews.com/archives/006880.html It's really bizarre how neither the "researchers" nor anybody else have been able to come up with a consistent, confirmable story. Unless important details have not been disclosed for valid reasons, David Maynor and Jon Ellch may very well be dead meat in the security community after this stunt which looks more and more like nothing but press-whoring rather than serious research. |
Quote:
I am kind of tired about this whole hacking the wifi driver vulnurability thing now. One good thing will come of it though, the devs will now test more thoroughly exploits in their drivers for security. Well, hopefully they will. |
Apple issues security update with regard to wifi security.
Notes are here: http://docs.info.apple.com/article.html?artnum=304420 I guess this is in response to the above hack. Note all Macs are in some way vulnerable. [EDIT I should add that I've installed the update (via SU) and haven't seen any problems] [FURTHER EDIT I see that the documentation actually states that no known exploits exist for each of the problems described - so that could mean that the original subject of this thread may not have been patched - assuming the exploit was genuine] |
Yeah, I believe Apple stated they released fixes for stuff they had found internally...and that SecureWorks never provided proof to them that they had something to fix.
|
Quote:
I guess the general thrust of the hackers claims has been proven but the specifics are still unclear. |
I think John Gruber made it pretty clear that Secure Works was disingenuous at best:
http://daringfireball.net/2006/08/curious_case |
| All times are GMT -5. The time now is 04:10 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.