ropeguru
Premium
join:2001-01-25
Bridgeport, WV
clubs: | NO!! Tell me it isn't so...
Blackhatters lying and cheating??? 
--
FWD#: 223611 |
|
hayabusa3303
Over 200 mph
Premium
join:2005-06-29
clubs:
 ·QuantumVoice
 ·AT&T Southeast
 ·RoadRunner Cable
| Mac vs pc.
Goes to show you a mac is still better then a windows machine when it comes to hackers.
Also is shows you that third party software still needs improvement over mac software.
--
8-14-2006 Family's loved and behold cat named "hayabusa" past away. He will be forever missed. 6 1/2 years old. |
|
93254336
Weapons Of Masturbation
Premium
join:2001-10-20 | Perhaps they should change the name of the conference...
...to "Ass Hat."
- Dan |
|
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
·AT&T DSL Service
| The flaw is still there of course.....
The flaw was suppose to be in the device drive and it still is, just not the default one the mac came with. It's still a valid problem they demonstrated, which is, don't let the OS give too much trust to a device driver.
If plugging a USB drive into a windows laptop gave you full control of it all of a sudden, expect a lot of media coverage for that. Then later of course, they show they "modded" the USB drive to exploit some kind of USB device driver related code for Windows and every yells fake.
This isn't the time to yell fake. It's still a valid problem for the Mac (and Windows and everything else that gives device drivers root access).
So.... points for bringing up problem, sure. Minus points for "rigging" the test to make it look spectacular, certainly. The problem still exist though and anything as easy as “plug it in real fast and take over” is still a major problem for Mac user that is using the same chipset they demonstrated with. The real problem this bring up, when “that” chipset is finally found out, how many Mac users will bother to upgrade the software to defend against it? Will it be part of a Mac update? How will Microsoft respond if the same chipset is available for a Windows machine? |
|
wowok1234
join:2004-07-25
Chicago, IL
1 edit | My view...
My view....
There are only a few mainstream chipsets for 802.11, and even fewer come with Mac drivers. There's Ralink, TI, Broadcom, Atheros, Intersil, and Atmel. This pretty much covers perhaps 98% of all wireless cards for computers. Out of these, Mac OS X includes support for Atheros and Broadcom chipsets, since that is what Apple uses for wireless built into its computers.
While this is a serious issue, consider that most Macs sold since 2003 have had wireless built-in, and Macs since 2000 have had a slot for an Apple-made wireless card. This includes both the desktop line and the notebook line. How likely is it that an average Mac user would purchase a 3rd party (non-Apple) wireless card, plug it into their computer, and install the drivers for it? Not very likely, although there are a few geeks out there that would go for something cheaper. Most people would go for something that is supported by Apple.
Also note that the default for Mac OS X is to ask the user for permission before joining any open wireless AP. |
|
insomniac84
join:2002-01-03
Schererville, IN | Not news.
Even if there was an exploit here, Not enough people use macs for this to be considered news. |
|
DarnellP
join:2004-10-12
Las Vegas, NV | Obviously DSLR disagrees with your narrow-minded opinion.... |
|
MacSux
@mchsi.com | reply to insomniac84
Good point. |
|
foo65536
@cox.net
|  a bright idea...
look. these guys modded the software to give themselves an entry point to the macbook. so no, there is no vulnerability in the mac drivers that has been exposed - yet. all drivers must run in kernel level. how else do you think that the mac os x modified bsd kernel could access the devices? think, people. vulnerability? no. cheap trick? of course. |
|
insomniac84
join:2002-01-03
Schererville, IN | reply to DarnellP
Re: Not news.
It's not narrow minded, it's called being realistic. No point in pretending mac issues are major news. Do you want to see every little exploit for every distro of linux as a news item? It would be pointless. |
|
Morac
join:2001-08-30
Riverside, NJ
·Comcast
| reply to wowok1234
Re: My view...
quote:
Also note that the default for Mac OS X is to ask the user for permission before joining any open wireless AP.
Just of note, that the flaw does not require the user to connect to an AP so it doesn't matter if Mac OS X asks permission or not. If it means anything Windows XP SP2 puts up the same warning. |
|
firephoto
KDE
Premium
join:2003-03-18
·Verizon west (ex G..
| reply to insomniac84
Re: Not news.
said by insomniac84  :It's not narrow minded, it's called being realistic. No point in pretending mac issues are major news. Do you want to see every little exploit for every distro of linux as a news item? It would be pointless. A story about a device that allows you direct connection to the internet and supposedly had security issues is news to people interested in broadband which is why we're here. It's even more relevant when the news weeks ago was all about how these black hats exposed some major flaw in the Macbook's wifi which turns out to be a lie.
And no we don't want to see "every little exploit for every distro of linux as a news item" because then we'd have every little/moderate/big exploit from windows as news and it would dilute all the interesting news like this story.
--
Location: +48° 5' 23.40", -119° 48' 30.00" |
|
lucky644
Premium
join:2002-02-04
| said by firephoto :It's even more relevant when the news weeks ago was all about how these black hats exposed some major flaw in the Macbook's wifi which turns out to be a lie. It's not entirely a lie, exploit still exists. |
|
anonMacLover
@cox.net | reply to hayabusa3303
Re: Mac vs pc.
Goes to show you the Mac OS isn't as secure as most think, 3rd party driver or not, it still became insecure. If the OS was truly secure, it wouldn't have let the 3rd party driver create such a hole. |
|
BuriedCaesar
It's Not Polite To Stare.
join:2004-03-27
Richardson, TX
 ·AT&T U-Verse
·AT&T Yahoo
| reply to lucky644
Re: Not news.
said by lucky644 :said by firephoto :It's even more relevant when the news weeks ago was all about how these black hats exposed some major flaw in the Macbook's wifi which turns out to be a lie. It's not entirely a lie, exploit still exists. Okay, yes, the ability to make use of this exploit has been shown to "exist" - but with what third-party card in what configuration? No one outside SecureWorks knows yet because they are not telling - they say it's for the sake of waiting until a patch is available. Right.
As of yesterday, they hadn't even told Apple, apparently.
»www.breakingwindows.com/new/2006···i_ha.php
So what is SecureWorks waiting for? Hmmmmm? 
--
That was preposterous! Utter Nonsense! Totally unsupportable drivel! You can't be serious!....Um, what did you say? |
|
XknightHawkX
join:2003-02-13
Morton, IL
clubs: | reply to ropeguru
Re: NO!! Tell me it isn't so...
I don't care what they did to hack the system. The fact is no OS is completely safe from being hacked. Even if they cheated now someone down the line will find out how to hack the OS. There will never be a completely safe system. |
|
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| said by XknightHawkX :I don't care what they did to hack the system. The fact is no OS is completely safe from being hacked. Even if they cheated now someone down the line will find out how to hack the OS. There will never be a completely safe system. While I agree with you're assertion that no OS is completely safe and that the "shoulda got a Mac" crowd live under a false sense of security that could largely be the direct result of the relative obscurity their OS exists in; we don't need people confusing the issue by making stuff up or exaggerating the real world implications of a flaw. All that does is make the "Mac's are impervious" crowd even more sure of themselves.
--
Early to rise, early to bed;
Makes a man healthy but socially dead. |
|
yabos
join:2003-02-16
Ingersoll, ON
| reply to knightmb
Re: The flaw is still there of course.....
Device drivers are loaded into the kernel so that's how the flawed driver can be exploited to gain root access. Plus they had to install a rootkit first before they could even exploit the 3rd party driver. The problem with their demo was they said how every Mac was vulnerable which wasn't true since it's highly unlikely they'd be using this 3rd party wireless card. All Apple laptops have built in wireless cards so there's not much of a need to use another card.
Since they say the same problem can happen on Windows, how many Windows users will update their drivers? Microsoft doesn't usually distribute 3rd party drivers and neither does Apple. |
|
yabos
join:2003-02-16
Ingersoll, ON
| reply to BuriedCaesar
Re: Not news.
For all we know the guy just had a shell script output some jargon like generating code(I watched the video), waiting for reply etc. and meanwhile they just ssh'd to the machine. This isn't a Mac problem, it's a problem with the 3rd party wireless driver. The problem exists on Windows as well according to those guys. |
|
M A R K
Premium
join:2001-06-15
Long Island
clubs:
| reply to Combat Chuck
Re: NO!! Tell me it isn't so...
said by Combat Chuck :"the relative obscurity their OS exists in" hahahah
--
DEATH TO 'ZOG' |
|
