__/ [ Hadron Quark ] on Friday 04 August 2006 09:23 \__
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> writes:
>> __/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Friday 04 August 2006 07:13 \__
>>> If you want to grab the attention of a roomful of hackers, one sure
>>> fire way to do it is to show them a new method for remotely
>>> circumventing the security of an Apple Macbook computer to seize total
>>> control over the machine. That's exactly what hackers Jon "Johnny
>>> Cache" Ellch and David Maynor plan to show today in their Black Hat
>>> presentation on hacking the low-level computer code that powers many
>>> internal and external wireless cards on the market today....
>>> The video shows Ellch and Maynor targeting a specific security flaw in
>>> the Macbook's wireless "device driver," the software that allows the
>>> internal wireless card to communicate with the underlying OS X
>>> operating system. While those device driver flaws are particular to the
>>> Macbook -- and presently not publicly disclosed -- Maynor said the two
>>> have found at least two similar flaws in device drivers for wireless
>>> cards either designed for or embedded in machines running the Windows
>>> OS. Still, the presenters said they ultimately decided to run the demo
>>> against a Mac due to what Maynor called the "Mac user base aura of
>>> smugness on security."
>>> End quote
>> I think that some subsequent articles argued the vulnerability could
>> potentially expose all platforms. This also reminds me of:
> And should go a long way to stop people thinking that all *IX
> deriviatives are somehow attack proof.
The level of damage should differ nonetheless. Windows exposes much of its
underlying function because it's pseudo-multi-users. The notion of roles,
capabilities and privileges is built into *IX.