Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Hijacking a Macbook in 60 Seconds or Less

__/ [ Hadron Quark ] on Friday 04 August 2006 09:23 \__

> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> writes:
> 
>> __/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Friday 04 August 2006 07:13 \__
>>
>>> Quote:
>>> -------------
>>> If you want to grab the attention of a roomful of hackers, one sure
>>> fire way to do it is to show them a new method for remotely
>>> circumventing the security of an Apple Macbook computer to seize total
>>> control over the machine. That's exactly what hackers Jon "Johnny
>>> Cache" Ellch and David Maynor plan to show today in their Black Hat
>>> presentation on hacking the low-level computer code that powers many
>>> internal and external wireless cards on the market today....
>>> 
>>> The video shows Ellch and Maynor targeting a specific security flaw in
>>> the Macbook's wireless "device driver," the software that allows the
>>> internal wireless card to communicate with the underlying OS X
>>> operating system. While those device driver flaws are particular to the
>>> Macbook -- and presently not publicly disclosed -- Maynor said the two
>>> have found at least two similar flaws in device drivers for wireless
>>> cards either designed for or embedded in machines running the Windows
>>> OS. Still, the presenters said they ultimately decided to run the demo
>>> against a Mac due to what Maynor called the "Mac user base aura of
>>> smugness on security."
>>> -----------
>>> End quote
>>> 
>>>
>>
http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html
>>
>> I think that some subsequent articles argued the vulnerability could
>> potentially expose all platforms. This also reminds me of:
>>
>> http://www.theregister.co.uk/2006/08/02/intel_wireless_vulns/
> 
> And should go a long way to stop people thinking that all *IX
> deriviatives are somehow attack proof.

The level of damage should differ nonetheless. Windows exposes much of its
underlying function because it's pseudo-multi-users. The notion of roles,
capabilities and privileges is built into *IX.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index