This could be fun...

http://blog.washingtonpost.com/secur...60_seco_1.html

The flaws have been documented previously. What got glossed over in the presentation is the fact that they used a 3rd party card to hack the MacBook. As the MacBook already has built-in wireless, why would you use a 3rd party card?

Because you want your video posted on washingtonpost.com.

There are third party wireless cards for the Macbook already? Doesn't it use a different interface than PC Card?

What card are they talking about? Is it some sort of special GPRS data service card? or why else would you not use the built in 54G wireless?

The "Mac user base aura of smugness on security."

and we still do:
http://digg.com/apple/Hijacking_a_Ma...ory_misleading

Its pretty foolish to think the OS its self will protect us...but you gotta admit, the BSD architecture itself is a bit more secure.

We're not smug, merely lucky and appreciative of relatively lack of virus infections, etc.

Sense some jealously or insecurity in your post....what did apple say or do to you to warrant same? Are you speaking on behalf of FT (moderator position) or private poster?

IMHO

He's just jealous and insecure....leave the poor fella alone

We ought to gang up on him like those Scientology people do when someone confronts them...they turn it right back in their face and start asking "what are you crimes, what is wrong with you?"


Just givin' ya a hard time ScottC! ...truly just joking around...

As a moderator: Lay off the personal attacks, no need for them.

As a private poster: I merely posted what I ran across online, I found the article funny.

To answer this, no I don't think so. First off, a MacBook (non-Pro, though I'm not sure which model they used, didn't see the video) has no slot at all. A MacBook Pro has the ExpressCard slot. I doubt there's a Wi-Fi card for it, but there will be some other things for it soon if not already.

Apparently the test hack was done with a third party USB-based wireless adapter.

Exactly what's going on here and if it's significant still doesn't seem clear to me. I've read that certain prefs are changed from the defaults, but I haven't seen which ones. I don't know if it affects other Mac models. I don't know what kind of access is gotten via this exploit. And I don't know what we're supposed to do as a workaround. And we don't even clearly know it works with the internal wireless card. In other words, we know very little useful about combating the exploit, just that there is one, and it used a third-party access point and required non-default prefs of some kind. I think the criticism of the reporter is valid, given that he focused only on the sensational parts of it without any note to the practicalities for actual users.

That whole story is very shady. He claims that the internal wireless drivers are vulnerable, but that Apple presssured him not to do his demo with them. In the same breath, he says that all OSs are vulnerable, but he did it on a Mac because Mac users are smug. He claims you don't need to have joined an access point, and then joins an accesss point. He claims he has full control of the machine, but then nevers really appears to have root. He claims all Macs are vulnerable, but then says he changed some default settings. Etc, etc.

None of this is to claim that the vulnerability doesn't really exist, that Macs have some magic shield that can't be penetrated, or that we Mac users aren't sometimes insufferably smug. I'd just take this particular demonstration with a grain of salt.

I'd also say that this demo proves that the old "Macs don't have viruses because nobody bothers to attack them" is just plain wrong. There's plenty of people attacking Macs. They are inherently more secure than Windows, though Windows is catching up. And, at some point, there will be a nasty Mac virus. Keep good backups, my smug Mac brethren.

My first post was a geniune question, the second had a smiley...in no way were they 'personal attacks'. The fact that you even consider it the same makes me wonder

And let me put another in case you interpret this response any other way.


PS - I'd be more than happy to retract both posts if you found them offensive.

I read that it's a defect with the driver for the 3rd party card and it exists for Windows as well.

All Macs come with their own internal wifi now, so don't get why anyone would need a USB wifi adaptor.

It looks like the jury is still out re whether this some-called defect was an intentional set up. Read on:



Wireless Driver Hack Could Target Macs and Windows
--------------------------------------------------
by Glenn Fleishman <[email protected]>

A potentially serious exploit of Mac OS X's wireless networking hardware
drivers has had a very limited demonstration[13]. The exploit, which
apparently relies on a flaw at the lowest level of the drivers'
interaction with Mac OS X's kernel, has not yet been independently
confirmed, nor has Apple released a statement on the matter. The flaw,
if proven, could allow an attacker to gain root access privileges via
Wi-Fi.

[13]<http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html#comments>

Researchers Jon Ellch and David Maynor found the flaw in Apple's
Intel-based Macs running Mac OS X and in PCs running Windows XP using
certain Wi-Fi adapters, and presented their findings at the Black Hat
USA 2006 Briefings[14] last week. They declined to show the exploit live
to avoid giving out details that could be turned into a security threat
in the wild.

[14]<http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch>

The researchers maintain that the flaw can affect any Wi-Fi equipped
computer as noted above, regardless of whether the computer is actively
connected or connecting to a network, and the exploit does not involve a
rogue access point - one that attempts to fake an identity to get a
connection from a client.

The videotape[15] that the researchers showed didn't demonstrate that.
The researchers connected what appears to be a covered-up USB device to
a MacBook, which is then connected to a network running on a Linux
computer. They then show files being manipulated on the desktop but no
other attack being carried out.

[15]<http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html>

There is lively discussion at the Washington Post's Security Fix
blog[16] about whether this is just a rigged demo or a real event,
although beware the personal abuse directed at the blog's writer, Brian
Krebs. (Many are taking this attack against a MacBook personally.
Surprise, surprise.)

[16]<http://blog.washingtonpost.com/securityfix>

According to two experts TidBITS has heard from, the videotape is
inconclusive and could be either a staged stunt or a real exploit. Jim
Thompson, a veteran Wi-Fi engineer and security expert, is dubious, and
he explains why in great technical detail[17]. Security expert Rich
Mogull[18], research vice president at Gartner, said that the exploit is
credible and that it's possible that similar exploits on multiple
platforms developed independently are already in the wild. Mogull has
seen reports that a similar exploit may have been used at a recent
conference that he declined to identify for security reasons. The
researchers who presented at Black Hat are taking significant
precautions to prevent their particular research from getting out of
their grasp, he said.

[17]<http://www.smallworks.com/archives/00000455.htm>
[18]<http://www.gartner.com/AnalystBiography?authorId=18722>

Lending credence to this potential flaw was the release by Intel in July
of driver updates[19] for three of their Centrino wireless products.
Notes for the release label the patch for their oldest adapter (an
802.11b-only model) as having an exploit that could allow a "malformed
frame," a packet-like chunk, to allow a hacker to gain control of a
machine. Two newer adapters seem to have a severe, but less frightening
flaw. Mogull said that these Intel patches show that this kind of
exploit is not an unknown issue.

[19]<http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm>

As noted, there is no confirmation of this exploit from anyone who has
seen the actual attack carried out in person, no separate validation of
the attack from third parties using different equipment and the same
approach, and no public response from Apple, Intel, or Microsoft,
despite the firmware patches from Intel. There is also no identified
attack of this sort in the wild.

At the moment, our suggestion is not to worry. The likelihood of this
flaw being exposed, becoming widespread, and threatening your particular
machine over the period of time it might take Apple to issue a patch is
extremely remote. The exploit also appears to be limited to Intel-based
computers at the moment, making it even less of a concern for many Mac
users.

We'll update this story as details become available, but if Apple
releases a security update that describes a fix for a malformed frame
and you travel around with your MacBook or MacBook Pro, you should
consider installing it as soon as is practical.