|
I am going to guess that it is, since the airport cards are broadcom chipsets, just like most of the consumer wifi cards and routers out there are based off broadcom chips
The third party they refer too, is probably across and in all platforms in one shapre or another. How many "3rd party" devices work with macbooks? I am sure its probably not a lot, and I am also sure they probably all have technology based off the same chipset. Remember they really tried to standardize wireless networking, so there are standards across the board. This probably effects every computer user out there. |
That does make sense...it's more of a shock i guess if they can say, "hey, this effects every computer user with a wireless card"
I still think he should have clarified if it affects a stock MacBook though...the fact that it is left out i find quite curious, since he seems very anti-Mac. |
When I first read the article, I was left with the impression that the exploit would work on a MacBook where the card was on.
Quote:
Having seen the video I see that the exploit did not force association with the computer masquerading as the access point. The exploit was executed only once the MacBook had automatically associated with the AP and it appeared to be used to bypass the firewall. So why didn't they demonstrate forcing an association if they have this ability? Either we haven't been told the full story, or WP hasn't quite got its facts right. Going just by the video, it would seem that setting the MacBook not to automatically connect would prevent the exploit from being executed. Setting your computer not to connect to any old network it sees seems a standard bit of security to me. |
According to this guy, who spoke with Maynor for over an hour, the default MacBook wireless driver/card is susceptible to the same exploit, and they used a 3rd party card/driver at the request of Apple.
http://blog.washingtonpost.com/secur...book_post.html |
Quote:
If Apple had really successfully "leaned" on them, they'd have used a Dell portable as the "victim" as well, preferably running Vista. How do you fit together that the guys first publicly state something to the effect: "Apple zealots are arrogant bastards and we're so gonna 0wn their ass", and then, because Apple asked nicely, will do everything they can to embarass them a tiny little bit less ? Hello ? Reality check ? Hopefully we'll get some more hard facts on this story - as is, it's just deliberately vague and scary with next to none useful details on what is and how it is at risk. The published part of the demo is about as content-free as it possibly gets. We don't even know how he got his root-shell on the MacBook once the exploit was successful. Regardless of the real gravity of the exploit, the PR the authors make around it is anything but serious - let's wait and see. |
yip sounds dodgy to me
check out the Daring Fireball write up he brings up valid points as usual http://daringfireball.net/2006/08/krebs_followup |
Some more interesting investigation over at the.taoofmac.com
|
Update: They admit that their little "mac hacking" didn't even use Apple drivers. It was all 3rd party drivers just hanging off a Mac. FUDtards. :rolleyes:
http://www.macworld.com/news/2006/08...hack/index.php Smugness renewed. |
Quote:
Is this correct? They admitted in the video they were using a third party wifi device, and only the airport card uses airport drivers. However, it was also my understanding like every wifi card out there uses some of the same basic level of drivers hence the standardization of wifi networks... This is just what I got out of it, I could be wrong... |
Quote:
|
Quote:
okay but apple does not write their own drivers a third party does correct? that is what I have read online referring to this "hacking fiasco" |
There are a lot of comments still being written about this story, here's one with lots of links to others:
http://wifinetnews.com/archives/006880.html It's really bizarre how neither the "researchers" nor anybody else have been able to come up with a consistent, confirmable story. Unless important details have not been disclosed for valid reasons, David Maynor and Jon Ellch may very well be dead meat in the security community after this stunt which looks more and more like nothing but press-whoring rather than serious research. |
Quote:
I am kind of tired about this whole hacking the wifi driver vulnurability thing now. One good thing will come of it though, the devs will now test more thoroughly exploits in their drivers for security. Well, hopefully they will. |
Apple issues security update with regard to wifi security.
Notes are here: http://docs.info.apple.com/article.html?artnum=304420 I guess this is in response to the above hack. Note all Macs are in some way vulnerable. [EDIT I should add that I've installed the update (via SU) and haven't seen any problems] [FURTHER EDIT I see that the documentation actually states that no known exploits exist for each of the problems described - so that could mean that the original subject of this thread may not have been patched - assuming the exploit was genuine] |
Yeah, I believe Apple stated they released fixes for stuff they had found internally...and that SecureWorks never provided proof to them that they had something to fix.
|
Quote:
I guess the general thrust of the hackers claims has been proven but the specifics are still unclear. |
I think John Gruber made it pretty clear that Secure Works was disingenuous at best:
http://daringfireball.net/2006/08/curious_case |
| All times are GMT -5. The time now is 04:10 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.