David
No,there is another.
Premium,VIP
join:2002-05-30
Granite City, IL
clubs: | These aren't the droids you are looking for
For shame apple, for shame!! |
|
dadarkside
Premium
join:2006-05-20
The Moon
| Who ever said life was supposed to be fair?
Exposing the flaw is fine.
Pointing it out to Apple is fine.
Publishing your findings BEFORE Apple has a fix for it, not so fine.
Since the talented individuals who found the flaw intended to hold Apple's feet to the flame (so to speak), what did they expect Apple to do? Take it up the ass?
LOL, aint happenin.
If credit for finding a flaw was all they wanted, why did they threaten apple to expose their flawed drivers in a very public forum?
I don't have a whole lot of sympathy for these guys.
Props for finding the flaw, but, hey, it isn't too bright to threaten someone with deep pockets.
Life aint fair, stop expecting it to be fair and your life will get easier. |
|
Edrick
Premium
join:2004-09-11
Orlando, FL | Pirates
The team of people at apple are pirates.
"Pirates of Silicon Valley"
--
Ricky SmithVerizon FIOS User15 Mbit Down 2 Mbit Up |
|
voyager6868
join:2003-01-29
Lynnwood, WA | Apple is perfect
Huh? I thought Macs were invulnerable to any type of virus or intrusion because the TV ad says so. Clearly these wireless hackers are on dope, right Apple? |
|
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
| reply to dadarkside
Re: Who ever said life was supposed to be fair?
said by dadarkside  :I don't have a whole lot of sympathy for these guys. Props for finding the flaw, but, hey, it isn't too bright to threaten someone with deep pockets. So might makes right? These people had a right to expose this flaw. If Apple was refusing to acknowledge the flaw then they should come forward with the details to force Apple to fix it, which is essentially what they did. Just because Apple has more money than them doesn't give Apple the right to bully people around.
This is all barring what it was that Apple was able to do to silence the guy. Seeings how we don't know there is speculation that maybe there was something going on we don't know about.
--
"Padre, nobody said war was fun now bowl!" - Sherman T Potter
»www.cafepress.com/maxolasersquad
»maxolasersquad.com/
»maxolasersquad.com/network/ My DSL Network Guide
»myspace.com/mlsquad |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
1 edit | reply to voyager6868
Re: Apple is perfect
Transcript with a person I used to work with (now in a different dept.), when I informed him that his personal/at-home Macbook was siphoning spam/unsolicited mail through our corporate mail servers via an SSH tunnel on one of our shell machines:
"No! You're not listening! That can't be happening."
"Well, it's happening. I'm sitting here looking at the mail server queue, and I'm sitting here looking at the packets with tcpdump. It's like you've got a trojan or some malicious software on your home machine"
"That's impossible. There is no spyware, no trojans, no viruses. That can't happen, it's a Mac."
Turns out he had configured his mail server on his Macbook to push SMTP via the SSH tunnel (which redirected through one of our corporate shell machines to the corporate mail server) -- while at the same time, had port-forwarded an arbitrary port on his home router to his Macbook ""for testing purposes"". His mail server had no relay access rules configured in it, and was therefore acting an open proxy.
I'm amazed this guy still works here. He could've gotten our entire company added to an RBL/DNSBL. *sigh*
Ignorance is bliss...
--
Making life hard for others since 1977. |
|
digitalfreak
join:2005-12-09
49533
1 edit | reply to Maxo
Re: Who ever said life was supposed to be fair?
Exactly. If Apple refuses to even acknowledge that there was a problem, then these guys had every right to go public with it. Still amazes me that companies think "security by obscurity" works. Another fine example of the Steve Jobs "Reality Distortion Field". |
|
dadarkside
Premium
join:2006-05-20
The Moon
| reply to Maxo
Never said it was right. Clearly said that life wasn't fair.
Read a little more carefully...
The guy was free to speak.
I do believe, however, that doing so, would have been a job limiting decision.
However, Apple is also free to exert pressure. (most likely of a financial nature, and directed towards his place of employment.)
Again, threatening people with deep pockets can be risky.
Just sayin dude, not supporting Apple here, but, they threatened Apple, Apple threatened back, the dude chose employment. |
|
squid7
Premium
join:2006-09-02
2 edits | Vulnerability?
I must be mistaken but I thought they found a so-called flaw by using hacked drivers for non-Apple hardware...a fact that they overlooked when first bringing this vulnerability up. From what I understand the OEM drivers don't have the vulnerability.
They were able to take over a machine that they had installed the hacked drivers and USB wireless adapter on.
Is that really a vulnerability? |
|
Maxo
Your tax dollars at work.
Premium,VIP
join:2002-11-04
Tallahassee, FL
clubs:
| reply to voyager6868
Re: Apple is perfect
said by voyager6868 :Huh? I thought Macs were invulnerable to any type of virus or intrusion because the TV ad says so. Clearly these wireless hackers are on dope, right Apple? Anyone who touts that system X is invulnerable is fooling only themself. Even in the Linux world people take steps to ensure they have security tuned to high (if they are smart.) The idea your system can't be hacked is naive. Security is relative and more of an ideal than a reality.
--
"Padre, nobody said war was fun now bowl!" - Sherman T Potter
»www.cafepress.com/maxolasersquad
»maxolasersquad.com/
»maxolasersquad.com/network/ My DSL Network Guide
»myspace.com/mlsquad |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
 ·North State Commun..
| reply to squid7
Re: Vulnerability?
said by squid7 :I must be mistaken but I thought they found a so-called flaw by using hacked drivers for non-Apple hardware...a fact that they overlooked when first bringing this vulnerability up. From what I understand the OEM drivers don't have the vulnerability. They were able to take over a machine that they had installed the hacked drivers and USB wireless adapter on. Is that really a vulnerability? Yes, it's really a vulnerability: »docs.info.apple.com/article.html···m=304420 |
|
squid7
Premium
join:2006-09-02
1 edit | I'm confused then...if this vulnerability is in OEM drivers, why did they need hacked drivers or otherwise modify a Macbook to demonstrate this?
Shouldn't they have been able to demonstrate the existance of this vulnerability on an out of the box Macbook rather than a modified one as reported by Secureworks.
quote:
"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," the disclaimer says. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
So is Apple patching a non-Apple driver? |
|
squid7
Premium
join:2006-09-02
1 edit | nm |
|
squid7
Premium
join:2006-09-02 | reply to koitsu
Re: Apple is perfect
No OS, no matter how robust, can defend itself from a stupid user. |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| reply to squid7
Re: Vulnerability?
said by squid7 :I'm confused then...if this vulnerability is in OEM drivers, why did they need hacked drivers or otherwise modify a Macbook to demonstrate this? Shouldn't they have been able to demonstrate the existance of this vulnerability on an out of the box Macbook rather than a modified one as reported by Secureworks. quote:
"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," the disclaimer says. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
So is Apple patching a non-Apple driver? Did you read the link? Apple patched the AIRPORT. |
|
squid7
Premium
join:2006-09-02
3 edits | Did you read Secureworks' statement?
quote:
...was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook.
Cache demoed this using modified 3rd party drivers, not OEM Airport drivers. In order to accomplish what Cache accomplished in his demo, Cache would have had to obtain possession of the victims Macbook, installed his hacked drivers and USB device and return it without the victim noticing. Hardly a realistic vulnerability...expecially considering that all Macbooks include Airport Extreme (not 3rd party) hardware. Seems to me that if Cache was on the up and up he should have demoed this on an OEM Macbook if such a vulnerability existed as he claimed rather than try and pass this off as an easy OEM vulnerability. |
|
yabos
join:2003-02-16
Ingersoll, ON | reply to voyager6868
Re: Apple is perfect
The TV ads don't say they're invulnerable they say they don't have viruses or spyware in the wild which is 100% true. Stop making up stuff. |
|
yabos
join:2003-02-16
Ingersoll, ON
| reply to Matt
Re: Vulnerability?
Maybe you should read this link
»www.macworld.com/news/2006/09/29···ndex.php
"Apple released an update for its wireless drivers one week ago, but said that no known exploits existed for the issues addressed in the update"
and this link
»www.macworld.com/news/2006/09/21···ndex.php
"Apple said the issues found were the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update.
The internal audit came as a result of claims by a senior researcher at SecureWorks that said he had revealed a vulnerability in Apple’s MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple’s driver.
Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.
“They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today’s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.”" |
|
leedeeda
@verizon.net | The mac community will never believe the truth because they're obscured by what security really is, just like the company they so well support. |
|
squid7
Premium
join:2006-09-02
1 edit | reply to yabos
Re: Apple is perfect
More specifically, the "I'm a Mac, I'm a PC" commercials state that Macs aren't vulnerable to Windows viruses and spyware.
Mac to PC "I run OS ten so I don't have to worry about YOUR viruses and spyware..."
»movies.apple.com/movies/us/apple···x376.mov |
|
