Slashdot Mirror
Apple Denies Wi-Fi Flaw, Researchers Confirm
Glenn Fleishman writes "Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."
Ask Bruce Schneier.
So I can go back to being "smug" now about security on my mac?
Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains.
...Apple bought them off / threatened them with a lawsuit.
;)
Oh, and btw, I am sure no Apple users ever use third party hardware / drivers, so their little fantasy world of 100% safety and security is probably real, too!
. . People should ALWAYS trust what a company has to say about its own products. If Dell says there's no problem with their laptop batteries, they must be telling the truth. . right? On the same token, if Apple says that there is no problem with their wireless adapters or software, who are we to question them?
And here I agreed that the Mac community was too complacent. I was hoping that this would be a rather benign wake-up call (given that it wasn't an exploit seen in the wild, and the hats were taking proper precautions to prevent it from becoming so). And now we see that they were just trying to leverage their exploit to make a (valid, but now diluted) point.
Just junk food for thought...
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
When they have integrated wi-fi and the user decides on a third party usb option with questionable settings, I wouldn't say it was my fault either.
We were told that all Macs are vulnerable. And not only all Macs, but also all Linux machines, and all Windows machines. It seems this was not the case. Apparently there is no exploit at all against a bog standard Macbook with built-in wireless, and that covers about 99.999 percent. Using an external card was essential to the exploit, the claimed "pressure from Apple" was just made up. Remember, these guys _did_ claim that a Macintosh with built-in wireless adapter was vulnerable, and they didn't demonstrate that because of pressure from Apple! I didn't believe it then, nobody should have ever believed it without evidence, and now they have been caught with their lies.
Shame on everyone who reported it without checking the facts.
and this is how Apple plays... and this is why Apple plays this way... because they don't want to be Microsoft and have the ability to teach people not to blindly accept what a third-party makes without being aware that Apple isn't responsible for the outcome of stuff they didn't have a hand in...
Since we haven't reach the zenith of perfection where any code (authorized or not) that is injected into a systems kernel still results in a secure system, then yes, it being designed by apple or NOT being designed by apple is a valid point. If they claim that OS X with their hardware and hardware drivers is secure, that's different then saying OS X itself is secure.
It would not be rediculous if the device in question were something that someone were at least somewhat likley to use.
But in reality every laptop sold by Apple today ships with an Airport card, and most of the ones sold previously had one as well. What message are you really sending when you trumpet a flaw that affects 1/10 of 1% of Mac users?
The message that Mac users should be aware of possible security vulnerabilites is an excellent one but hyping a vulnerability that would simply not happen in reality was a poor vehicle to convey this message, and basically comes off as self-aggrandizing; that is to say they were far more interested in promoting themselves than warn Mac users about security flaws.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'd like to know if the fact that a third-party driver was used was reported when the exploit came out, or if this senior researcher at SecureWorks withheld that information deliberately. He stated he doesn't want to reveal the name of the device for legal reasons, but I don't know if this is just an excuse to hide behind or not. It sounds like he set out with a purpose, that is to make Mac users feel less "smug" about security, rather than point out vulnerabilities to increase security in the long-run. Sort of like a scientific researcher who comes up with a conclusion and will do anything to reach it.
But you're assuming that the security is in the hardware not the software. It's pretty easy to write software that renders hardware vulnerable to all sorts of exploits. And since the OS maker doesn't control the developers, then it's impossible for them to say that the OS is completely secure.
So, in essence, this research only "proves" that if you take something that is secure out of the box and make alterations, it's possible to break that security.
XenoPhage
Technological Musings
I told you so
75% of people on Slashdot all tout the party line, "Don't believe everything you read in the mainstream media." It doesn't matter whether the discussion involves Iraq, Microsoft, SCO, Linux, IBM, the U.S. government, or CmdrTaco. If it's on CNN, don't believe it.
Well, here I am, to tell you, be skeptical of regular Joes, as well.
In this discussion, the only people not agreeing with the article said things like, "it was a 3rd party card." The thing is, I don't understand why you would believe ANY of it without some kind of proof, or evidence.
A video is easy to doctor. A video without any techniques and methods is monumentally stupid. I could have made the video in question in about 10 minutes.
Anyways, this is a big "FUCK YOU" to all the naysayers out there who continually announce that the end of OS X's relative security is on the horizon. I'm not saying that OS X is without flaw, and I'm not even saying there won't be widespread virus outbreak (however unlikely). But for godsakes, at least demand a shred of evidence before you proclaim the end of an era.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
So if this report is true it means that computer security professionals are grandstanding and misstating the facts to get attention and advance their own personal agendas. I am shocked that such a thing could happen! If we can't trust computer security nerds when they present at Black Hat, how can we trust them when they release proof-of-concept code, call it virus in the wild, and then try to sell us antivirus tools to remove it? How can we trust their products for *nix operating systems?
My God - what if the computer security folks are often just full of shit?
Third party drivers run inside the kernel. If they have security flaws there's nothing the rest of the kernel can do about it. Even a microkernel OS will have a hard time being completely secure without trusting the drivers. At some point it's going to have to touch hardware and it's not easy to abstract that away. After all that's what the device driver is there for in the first place. It's not Apple's fault if someone released a crappy device driver. This is why I like all my Linux drivers to be free instead of that binary crap ATI/Nvidia do. Go Intel!
Pedro Côrte-Real.
Researchers "confirm" the denial or "confirm" the flaw?
ahhhh, not so confusing....the headline drew me in to read it for clarification...verrrry clever.
Brian Krebs has been proven to be a fraud many times over when it comes to security. Take what he says with a large grain of salt... like maybe one the size of your house. As for the test, I'm surprised the rest of the Black Hat community didn't call Maynor and Ellch out and get them to do the exploit live. Probably because they can't....
Anyone who thought about it for more than a second or two would have realised that it was never going to be a vulnerability in the default MacBook Pro hardware or drivers. If it wasn't, why would they need to introduce a third-party wireless adapter at all?
Frankly, the disclosure here was pretty amateurish. Surely they would have known that demoing the vulnerability on Apple hardware would have implicated Apple. In fact based on the "aura of smugness on security" comment it looks like they deliberately *chose* Apple hardware to be falsely implicated.
Do these guys have *any* credibility left?
Here just play this sony music cd on your computer.
It's not Apple's or MSFT's fault for faulty software someone else wrote.
i thought once I was found, but it was only a dream.
Drivers typically run in kernel mode. Kernel mode simply can't be "secure". Those drivers can do anything the kernel can do, including write directly to memory (ANY memory), disk, etc.
This applies any ANY OS that allows code to be loaded into the kernel... in other words, allows kernel mode drivers.
Gad Zukes!
This is almost as good as the Debian exploit I found last year. I found that if you built a specially crafted PC, and then installed a specially crafted version of Debian, it would prompt you to set the root password during the install, leaving the system open to compramise by the person installing the OS.
Next year's Black Hat conference, here I come!
Luck favors the prepared, darling.
In other news today, a faulty air bag was blamed for the death of a driver in a recent accident. The auto manufacturer's safety claims for the car were obviously overblown, and their smugness is now revealed.
Update later that day: As a side note to this story, the owner of the vehicle replaced the OEM airbag with one from Orval Reddenbacker, so she could eat popcorn in case she was in an accident. We originally decided we would overlook this aspect, because we have an axe to grind with this manufacturer and to create buzz generating free advertising for our company.
Except that drivers either run in the kernel's address space (in which case security is impossible) or they don't (in which case performance is diminished). The only way to protect an OS from driver malfunctions is use a microkernel, so the question is whether you want slow and secure or fast and ever so slightly less secure....
Check out my sci-fi/humor trilogy at PatriotsBooks.
I'm not saying I'm a fan of the binary drivers, but has anyone seen a security issue from a video card driver? I can understand NIC and a few other ones but not video cards.
Well we can assume that OpenBSD is a secure OS. But if I say configure openSSH to allow root logins with no password, should I blame OpenBSD for making an unsecure product. Drivers usually need high level access, because drivers do things the kernel cannot do nativly. If the driver made by a third party then installed by the user, has a security risk then you cant blame, Apple, Microsoft, Linux, *BSD or whatever for being unsecure just because someone elses program that demmands to have high level access is unsecure.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I'm amazed at the sheer audacity of your post. What you are saying is that any OS MUST have a security model that prohibits the machine's administrator from installing any software which could conceivably break the OS's security. While such systems do exist, I find it hard to believe that anyone would think that such a system would make sense for a consumer or business computer. You're talking military security here, and it would be plain stupid for Apple or Microsoft to design their systems that way.
I have seen the future, and it is inconvenient.
If you have a driver that's loaded as a kernel extension (or a module in Linux), then it executes with kernel privileges. If there is a flaw in the driver then you can "get root". No mainstream OS that I'm aware of provides the level of separation, between kernel space and drivers, that would prevent this kind of exploit from "getting root".
OpenBSD's standard out-of-the-box install is very well-hardened security wise, AFAIK there haven't been any local or remote exploits for years. But once you start opening ports and running daemons (say even third-party daemons) then it's not necessarily secure anymore. But stupid actions by the administrator don't imply that the OS itself isn't secure.
Insightful my arse. The guy obviously has no clue about how (non microkernel) operating systems and drivers work or tie together.
Except that 3rd party WiFi is pointless when every mobile Mac comes with AirPort.
What the hackers are actually claiming is: "I can take over any Mac. All I need to do is add this 3rd party hardware, install 3rd party drivers, disable the built-in version, and sneak away without you noticing several inches of antenna sticking out the side."
Can you imagine a "real" (not lamely coded) OS X worm/spyware released 1 hour later to the public by some black hat? What would happen? There are security tools for OS X but they are used by people generally switched from other OSes and know how evil things can get if you got zero defence. Lets check download numbers of cheapest (and working great) application firewall on versiontracker: Downloads (this version): 16,753 (Little Snitch)
;)
So if you code a spyware sending everything from users home directory to some third party site, 16.000 people will get alerted.
There isn't a heuristics performing OS X Antivirus too. I mean like those disassembling scripts and run them in virtual machine to check what is going on by running it before actually running it.
What saves OS X is Unix rights and clever choices by Apple but it can't stop a evil script/application to send your home directory to third party server. Also: Popularity.
As Macbook (ew that name) made Apple marketshare explode, one day, one of those sick minded (but clever) will think about coding a worm/trojan which really works. No Redmond conspiracy needed too. Mac zealots continuous trolling and personal attacks to anyone mentioning security will feed such a lamer.
As a OS X running Quad G5 owner I sometimes found myself posting as AC to mac related stories knowing they will hit -1. Some security companies must have same feeling after what happened to Intego, Symantec and even totally individual bloggers which has no agenda in their mind spoke about pseudo "I am secure because I run mac" feeling by end users.
Well as I see the production machines used all over DTP/TV without zero security measures (even ones running os 9! it really has viruses!) I can make you sure that if such nightmare scenario happens, we will all hear it somehow. It will also create a huge mess to fix. Apple can't sue all Dell trolls laughing about daily newspaper not being printed as result of it yes?
Just giving 20 mins to this story get "FUD" tag and we go -1 levels by some Mac zealot moderator
In other news, Cisco can't reproduce the security flaw from last month's Black Hat conference.
...and now we've got some guy claiming to be Jon Benet's murderer when there are big holes in his story (claimed he took her home from school, but it was Christmas vacation, and there is little evidence that he was even in Boulder at the time)
What we seem to have here is an epidemic of Attention-Whore-Itis.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
1. Take your MacBook and sit it on table
2. Log in to the MacBook with your username and password
3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
4. Select your wireless network from the menu in the menubar and enter the password
5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
6. Take a different computer of yours and connect to the same wireless network and enter the password
7. Bring up a terminal and type in ssh://
8. At the login prompt enter your username and password
9. You're in baby, have a fuckin' field day!!!
--- What?
Actually, that seems very reasonable to me. Regardless of the OS, if I introduce bug ridden code at the driver level, you are introducing problems.
Analogy Time: If I replaced the built in firewall of OS X with something I code myself, should I get upset with Apple when a buffer overflow is found in my code... resulting in the possible execution of code or some other vulnerability?
P.S. I'm in litigation with Ford because the cardboard tires I made out of old refrigerator boxes caused damage to the car.
It's not ridiculous.
The problem lies in the fact that they used a third party wireless adapter. People buy Macs for a number of reasons, one of which being integration(the "Everything just works" argument). No one buys a wireless adapter for a Mac laptop, because they all come with one. If the Airport Extreme card stops working, almost all Mac users will either send it to Apple or take it to an Apple Store/Authorized Apple Service Center to be replaced.
Is OS X 100% secure? If you use a undocumented hack, on a third party wireless adapter, that's known to EXACTLY TWO people, no.
Is OS X 100% secure to the average user? Yes(so far).
That people are being taken in by theis bullshit. Apple confirmed that the exploit in the video did not affect a Mac, no shit, the guy doing it said that several times. They did not in any way claim that there were no bugs in OSX wifi drivers. Apple's quote exactly is:
"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," Apple Director of Mac PR, Lynn Fox, told Macworld. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device-not the 802.11 hardware in the Mac-a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."
This entire quote is focused on the demo video, which the researcher in the video confirms does not affect the Mac. If Mac wasn't affected at all why not just say that, when be so narrow and specific. I am guessing there is a flaw in the default macbook and Apple in now trying to spin this.
Yeah, so they should also trust two jokers on the internet who want to create a buzz around their presentation, and frame their demo so that it is bound to do so...? It cuts both ways.
Although we'll see nothing but speculation in this article and its comments, eventually the truth will be known, and we'll have an exploit which is documented and proven to work, or not. If Apple have a flaw, and won't admit it, that would light a fire under them wouldn't it?
Given the hackers comments :
Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook.
It sounds like they were bullshitting to try to make a splash, which they did. Till I see proof, I'm not inclined to trust either side.
'' It seems pretty ridiculous to say "We guarantee our OS is secure [unless you use hardware that wasn't made by us]." Well, then the OS isn't secure. If 3rd-party drivers can break your security, it wasn't really there to begin with, now was it? ''
The problem with this argument is that we have no idea what the "exploit" actually was (if there was any; I mean these guys have been caught lying, so why would you believe anything? )
My suspicion is that the WiFi card + driver can be convinced to set up a wireless connection from the outside, without being told so by the user. Now you might have set up your computer in a way that is inherently insecure, under the assumption that it is not connected to anything and therefore nothing can happen. If this computer then enters into a connection without being told to do so, you have a problem (the user knew all the time that a connection was dangerous, but had no intention to set up any connections). Something like this would be an "attack" that would work against any operating system, but it would be just an exploit of user stupidity, nothing else.
It seems pretty ridiculous to say "We guarantee our OS is secure [unless you use hardware that wasn't made by us]." Well, then the OS isn't secure. If 3rd-party drivers can break your security, it wasn't really there to begin with, now was it?
That's a pretty weak argument. That implies that the OS would even have to protect against a 3rd-party driver that intentionally opens a root shell on a random TCP port.
A flaw in a 3rd-party driver is the fault of the driver vendor, not the OS vendor. Or we could go with the "signed code or NO DRIVER FOR YOU!" model that Microsoft wants.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
Before you tar and feather someone publicly, make darn sure you don't leave the wrong impression or it will boomerang on you later.
This is true in any industry.
If these guys had made it CLEAR that they were using a NON-APPLE network device from the get-go we wouldn't be having this discussion today.
What they should have said:
"We found a wireless exploit in a major-brand wireless network device. We will be releasing the name and model number of the device after responsible notification to the vendors involved. The videotape you are watching shows this device connected to an Apple Macintosh. We have also tested a device containing the same chipset connected to a Windows-based PC and found similar problems."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
but that fact was pretty thoroughly buried in the avalanche of "OS X is worse than Windows" news reports.
Clear, Dark Skies
Why couldn't you understand something like that? You've got to stop thinking about these things as network cards and video cards. Think of them as devices that take input, do some work, and produce output. Then you can see that any kind of device is susceptible to bad data.
1. The inconsistent position of the original demonstration?
/. have a polling mechanism? Can we actually vote on these?
2. The willingness of everyone to jump on an actual vulnerability in MacOS X (schadenfreude) ?
3. People who believe that the only reason software is vulnerable is its market share?
4. People who think that a company should be able to warrant/guarantee an OS regardless of what you do to the machine it's running on?
Does
dave
p.s. my Mini, that runs continuously 24 hours/day including web server, iTunes broadcast, etc, had a kernel panic yesterday. First time, too! I think it was because I was in the middle of LDAP client configuration and left the machine in an inconsistent state, i.e. -operator error-. No, OS X isn't perfect, but it's a damn site better than -any other OS- I've used on personal hardware. The only things I've used in almost 30 years in the business that have been more reliable are VAX/VMS, Ultrix and SunOS 4.0.3...
. People should ALWAYS trust what a company has to say about its own products. If Dell says there's no problem with their laptop batteries, they must be telling the truth. . right? On the same token, if Apple says that there is no problem with their wireless adapters or software, who are we to question them?
Myself, I trust the people who actually have the code to look at. In this case that would be Apple. They have done little that would lead me to think this statement was misleading.
If you blindly mistrust any company just because it is a company, you are just as badly off as if you blindy accept anythign any company says. You need to use common sense in evaluation statements from anyone.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
These guys had a demonstrable bias against Apple's platform and users from the get-go. They specifically chose the MacBook because they didn't like Mac users' supposedly smug attitude about security, so they wanted to make a public example of a Mac getting 0wned. But oh wait, they used a third-party wireless device with a third-party driver, a setup that's about as common on Mac hardware as steaming shit in Antarctica. When asked why they chose this, they claimed that Apple had put pressure on them to not demonstrate the flaw with Apple hardware ... but to go ahead and tell everyone that the same flaw existed in Apple hardware anyway. Why Apple would ask them to do that is anyone's guess. This was a highly dubious claim at the least. It's not surprising at all that it turned out to be total bullshit.
With the statements from Apple, the questionable reasons given by the researchers and their ire about the Mac community in general, I think the most probable conclusion is that these guys are full of shit. What I can't understand is why they'd risk their reputations on something seemingly so petty.
The headline's construction is confusing (paraphrasing) Apple Denies, Researchers Confirm. Since deny and confirm are antonyms, the headline implies that the two parties, Apple and the researchers are in disagreement, which is not the case.
My other sig is extremely clever...
[sarcasm: on]
Right. Because trying to play a music cd on your computer and installing third party hardware and drivers are, like, exactly the same.
[sarcasm: off]
(How did the parent get modded insightful?)
If I give elevated privileges to arbitrary code, and that code breaks my security, it does not mean the operating system is insecure. It means that I created an attack vector that did not exist previously. If the operating system let that arbitrary code run privileged without my permission, then the system would be insecure. Do not confuse PEBKAC with inherent weakness.
Join Tor today!
I have been wondering from the beginning, if they could insert an third party wireless card into my computer, why don't they insert a OS X boot DVD and enable root on my computer? Or simply grab my computer, they can gain TOTAL control of my computer much faster.
There is a spark in every single flame bait point.
Let's see what happens to "security" if the market share ever heads north of the 80% mark. All the system needs is a couple million coders bent on stealing or propagating a virus, and they will be fucked.
The Problem with this assessment, and I've heard it against Linux as well, is that it assumes that all security models are created equal and that therefore the only difference in number of exploits is attention.
Sorry but a big bank safe is not going to have just as many break-ins as a a child's piggy bank simply if more people are trying to break in, at some point the strength of the security model and approach will make a difference
That's not strictly true in this case: On Mac OS X, USB drivers live in user space. My original thought was that this is why they used a third-party card -- it's a lot easier to get a shell process from a USB user-land driver than it is from a kernel-land driver. (Oh, it can be done... but it's nowhere close to being easy. Much easier to just change some file, or change the security level of an existing process.)
Black Hat, you have a choice. You need to code a virus / worm, or develop something to take advantage of an exploit. Your goal is: Make as much money as possible. Your choices are: 1.) attack 2% of the market. 2.) Attack 6% of the market. 3.) Attack 92% of the market.
That's a poor way to look at it, and masks the situation you have with the Mac market today.
Any of those 92% of computers may vary wildly in terms of OS loaded or software used.
With the Mac you have tens of millions of computers (fourteen million registered OS X users). Lots of them are running the same software, the same browser, at the same OS rev.
Looking at the cost of renting botnets on the grey market those millions of computers represent millions of dollars of revenue, even if you crack just a percentage of them. So the question is why would someone leave that money on the table?
The answer is obvious - because it's a lot harder to hack a Mac to use in such a way. So it's not really numbers that are preventing the serious development of attacks today so much as a stronger security model. This would potentially be true even beyond the 80% marketshare point.
Basically the reason the Mac is safer today and will continue to be so even as market share climbs is the same philosophy behind avoiding being eaten by a bear - you just have to be able to run faster than the guy next to you. Windows is puffing something fierce.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I guess that's not the publicity they were looking for....
To bad
"oohhh... I didn't know Schopenhauer was a philosopher!"
Anyone who did some passing research into the original posting could've seen that. As I said originally, these guys just did their demonstration on a Mac in order to get a publicity storm started. They certainly accomplished that, and probably raised the visibility of their security company as a result. Good for them, I guess.
This is a very real exploit... just not one that the Mac is vulnerable to unless you're using 3rd party wireless hardware. And how many Mac users do you know that use 3rd party wireless hardware? Yeah, me either.
Good vent, these people that constaly jump any any apperance of weakness in OS X are far worse (nad more numerous) than the mythical user who thinks the Mac is invincible to any attack.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You really find "we can't be responsible for other people's fuckups" to be unreasonable?
As I recall, there was a privilege escalation vulnerability in some of the DRI drivers last year. The i810 driver is horribly insecure, but it is deprecated in favour of the i915 driver (which also supports older hardware).
I am TheRaven on Soylent News
I have done enough debugging work to know that there is always a chance somebody screws up and screws up badly... That goes for Apple just like anybody else (I'm one of their customers by the way). Just because these hackers may have slipped up (at the moment I only have your word for it) and explicitly claimed that built in Apple Wifi cards were vulnerable without checking on it first (which incidentally violates one of the golden rules of professional bug-hunting: Never claim a vulnerability must exist on operating system A because it has been demonstrated on operating system B. Create tests and prove it!) So don't get to carried away in your 'Schadenfreude' Apple is no more incapable of fucking up any more than IBM/Lenovo,HP or any other high end PC manufacturer.
Only to idiots, are orders laws.
-- Henning von Tresckow
Does your hack exploit the keyboard to mispell "compramise"?
Smug? No, you should Cower in Fear(TM) like The Rest of Them (TM).
If you mod me down, I shall become more powerful than you could possibly imagine.
Insightful my arse. The guy obviously has no clue about how (non microkernel) operating systems and drivers work or tie together.
So the monolithic kernel OS's are immune to this? Can you name one non-toy OS that isn't vulnerable to security flaws in a badly written driver?
There are 10 types of people in this world, those who can count in binary and those who can't.
This is not mere grandstanding it is also an interesting twist on the ever-raging debate on full disclosure of security vulnerabilities. Eschewed were the two classic positions usually assumed by professionals in the field:
- disclose in public sufficient detail to demonstrate and reproduce (and sometimes fix) the vulnerability, which might or might not include sample exploit code, and
- disclose those details in secret to the vendor).
Rather than adopt a classic position, these two, ahem, security researchers...ahem, ahem... I have something stuck in my throat, ahem...
have staked out territory previously reserved for crackers (aka black-hat hackers), that being: "we know about a vulnerability and will not disclose its details to the community at large, but also will not share with the product vendor details sufficient to allow them to find, reproduce, and fix the problem". Traditionally the cracker also reserves the right to exploit the vulnerability if desired, or sell it to other crackers.
Never fear! The security researchers are here. Ahem.
OK, that's entirely too much like something I would say. To Win the Game, WWBS, enter something succinct and pity.
If you mod me down, I shall become more powerful than you could possibly imagine.
Okay Einstein, then why did people make viruses for Mac prior to OS X, when there was even *less* marketshare?
Like another poster said, not all security models are built equal. Add up all the BSD, Linux and Mac marketshares, and there is still no exploits. The *nix crowd has a higher server marketshare than desktop, which makes them even more attractive for people to crack.
And btw, not all of 'em do it for money.
This entire quote is focused on the demo video, which the researcher in the video confirms does not affect the Mac. If Mac wasn't affected at all why not just say that, when be so narrow and specific. I am guessing there is a flaw in the default macbook and Apple in now trying to spin this.
We already had the spin - it was from the hackers who tried to claim they couldn't use a stock Macbook because Apple "leaned on them".
Come on, use Occams Razor. What hold would Apple have to lean on these guys? Isn't the simplist explanation that the Macbooks have no vulnerability and the whole thing was set up to promote the hackers?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported."
c overage.html
That's not exactly what's being said on their website...
"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers. Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
http://www.secureworks.com/newsandevents/blackhat
You put far too grand a face on the "researchers", who have a lot more to gain in reputation from "cracking the Mac".
Go back and read the whole story this thing is about.
Use Occams Razor and the truth may come to you.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Their security model is much better than Windows, that's true, so it helps but an interesting question is: what is the percentage of the users getting security updates on the computer? Because in case of remote exploitable vulnerabilities, the security model does'nt matter..
Actually the patching percentage on the Mac is much better, because by default a Mac is configured to check once a week and install updates. I have seen many Windows users turn off updates for a variety of reasons, but mostly because they were more annoying. Strong patching adherance is one aspect that I think makes the Mac security model much stronger.
As for remote exploits the default packaging of OS X is no open ports or services - you have to explicitly enable any kind of service you want listening externally. That custs down on a whole category of attacks and leaves the browser as the primary target, which has been fairly hardened as well in a number of ways (though of course there always is the possibility of some opening there, but the layered scurity model helps to insure that a rootkit installation is much less likey and therefore a browser exploit is of less use to an attacker who wants to take over the whole computer).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If any of you had watched the conference video when it was first made public, you would know that the two researchers made it quite obvious in the video that the problem was with the 3rd party's card/drivers, NOT with the mac itself.
The mac was just being used as a host system for the attack, and the video explains/made it quite clear that the flaw was in the driver and would effect all operating systems. Look back to the news right after the conference about this, numerous articles have links (probably youtube) to the actual video that this is all about. All Apple is doing is saying "hey, they're right. The problem isn't in our software or hardware, so lets just make that clear"
You're right, except that most web servers in the world are Apache running on some kind of un*x. Mac OS X is basically a sweet GUI on top of un*x.
If someone could come up with a virus that would take down most web servers, you think they would do so. Why hasn't their been a UnixNuke, or LinuxNuke, or LinuxWorm.bin? Hmm. Maybe because un*x is inherently more secure?
And even if it's not, and this problem is entirely marketshare related, does that really matter? It's not like Apple is going to get 20% or even 10% marketshare in the next few years... even if MS totally dropped Vista, it wouldn't matter in the near term.
In the meantime, you can enjoy computing without McAfee taking up all those CPU cycles.
rm -rf
Another corked demo. So what's new about that?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
No one buys a wireless adapter for a Mac laptop, because they all come with one. Not true. A couple of months ago I was asked by some starving-student acquaintances to help them set up wifi in their apartment. They had two older PowerBooks neither of which had wireless of any sort built into them. Faced with spending either $20 x 2 (on sale at Fry's) for USB adapters with an ralink rt2500 chipset and a c.$70 Linksys-WRT54G router versus c.$80 x 2 (now reduced to $50)for the apple brand cards and c.$200 for the Airport Extreme Base Station they decided to save the money and go with the $250 cheaper solution. Yes, the PowerBooks were "Airport Extreme Ready", but all that means is that they have the antenna built into the casing and a space inside for the card. I wouldn't mind betting there are quite a few people in a similar situation. I'm hoping that it's not the rt2500 driver that's compromised... that would suck as ralink have been pretty good about releasing open drivers.
They certainly accomplished that, and probably raised the visibility of their security company as a result. Good for them, I guess.
Given how this has all panned out, would you trust these guys?
Read the EFF's Fair Use FAQ
came across the following comments (apparently from the author) at the Washingtonpost.com's Security Fix blog.
"As I said, the comments they made to me were ALL about the demo that Maynor and Ellch gave in their video (Apple would not address any of the questions I had about what I saw in person). When pressed about whether Apple was disputing similar vulns reported to be present in their Macbooks, Apple said they'd have to get back to me. Their PR people said explicitly they were only prepared and briefed to talk about the demonstration shown in the video. They were not prepared to talk about whether their current code base was vulnerable.
Your last question is the main reason I have not updated the blog yet with Apple's comments. Apple claims that SecureWorks has only shown this to be a problem with 3rd party cards, which as we all know, isn't really an issue for Mac users. But they have not responded to my requests for comments on whether or not the flaws Secureworks pointed out to them as existing in the Macbooks are indeed valid or exploitable. So, right now it is a "who shot John?" game. Until Apple replies with some direct responses to my questions, the post will remain as is."
I was at OSCON last month with my MacBook Pro and had several instances of kernel panics in the airport driver. This machine has never paniced before the conference and has not paniced since. During one session alone, the presenters mac paniced 3 times and my MBP paniced twice. If there is no remote control exploit, there certainly is some kind of DoS vector. I talked to over a dozen other people using Apple laptops and they also had issues with sporadic kernel panics in the airport driver. All the people I talked to and myself were using the built-in airport card, so no, this wasn't a third-party wireless card or driver. At the time of the panics, the airport browser was showing networks being advertised with garbage for the SSID. Take this for what you will, but there *ARE* issues with Apple's airport drivers.
SE Linux policies get rid of this sort of thing, after all the wireless networking driver doesn't need total root access. Apple could have easily implemented a similar system in mac os to prevent this 3rd party flaw from ever becomming an issue.
I fear the Y2038 bug
but the biggest threat to security isn't the architechture or the OS
... successful exploitations) and it is a small percentage of the installed Windows servers, as compared with the percentage of successful exploitations on Windows desktops.
You are correct, but don't expect aknowledgement in these parts - heck, you are lucky you weren't modded troll or flamebait. Now, you never said OS security or architecture was not a factor, only that it isn't the biggest factor. I agree with you. I think the main reasons Windows is such a target are the following:
1. the sheer number of Windows boxes [providing monetary motivation as you pointed out]
2. operated by non-technical people [this dramatically amplifies the danger]
3. with a huge range of 3rd party hardware, drivers and applications [another amplifying factor]
4. hate [this gets at another kind of motivation]
The *nix crowd is always quick to point out how servers are the higher value target, and *nix has significant marketshare in that area, so why aren't there lots of *nix exploits from those juicy targets? Answer: see #2 above - servers are almost always professionally cared for and that matters a great deal. Note, compare the number of successful Windows server exploits (not "known" exploits
I believe that #4 above is also significant factor that should not be underestimated: hate. Heck, you only have to hang out in these forums for a day or so to witness the vitriolic hate Microsoft inspires in people. There are many, many hackers who *hate* Microsoft and will go out of their way to harm them. This group is not motivated by money. Rather, they see themselves as soldiers in a religious war.
The more you regulate a company, the worse its products become.
"Let's see what happens to "security" if the market share ever heads north of the 80% mark."
Now THERE'S a security problem Apple would like to have...
I haven't read all of the posts, so my apologies to anyone who posted it first, but... Wouldn't it be smart of Apple to pay these guys a consulting fee to spend a few days with their networking geeks and see if A) they can replicate it on an Airport card, and B) if there's a way to patch the problem, if it exists, in the OS? The hackers get paid, Apple patches a potential security flaw... everybody wins.
Someday a real rain is gonna come...
Well, duh, if you take your new mac out of the box, access your email, then open up a trojan attachment, then you've immediately broken all security associated with your brand new system. The same is true for windows boxes, even less user interaction is required. For windows, if you take your new computer out of the box, turn it on, turn it on and start up an internet connection, you'll break it's security just by leaving it connected for 30 seconds.
They are exactly the same in the sense that anyone would assume, rightly, that you have nothing to worry about security-wise when doing either of those things.
(He got modded insightful because most people understood the comparison)
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
A defect which can be exploited.
*ba-dmp-chnk*
Just kidding. Sure, various defects exist on Mac OS X. It's interesting that they don't get exploited with a frequency that represents their market share. People always say Mac are more expensive, so Mac users much be richer, so we might think that they would be "juicy" targets for identity theft.
If you mod me down, I shall become more powerful than you could possibly imagine.
So if someone posted a Windows vulnerability, would you disbelieve it until you saw a live demonstration of the exploit? Didn't think so... Apparently Macs are innocent until proven guilty, not so much for anything coming out of Redmond.
"But this one goes to 11!"
If somebody claimed a Windows vulnerability but insisted on demoing it using Wine, then no, I would not believe them.
The vulnerability can affect you system under Wine, but so far only 1 person has been able to get it to actually foul things up, and only after days of messing with the configurations.
"But this one goes to 11!"
The interesting part of this entire story, not just today but since the Black Hat conference, is how misunderstood the issue really is. The presenters were not indicating that there was a specific issue found with Mac OS X, but rather, by showing that Mac OS X was susceptible to the attack, other OS's were also susceptible. In essence, they were stating "Hey, if we can do it on a Mac, then we can do it elsewhere." They were not attack hardware on a Mac or on a PC but rather a specific Wireless card and driver. That is the real issue. I wish people would stop freaking out and making this bigger than it really is.
you should really check the crash logs and see why this is happening.
I have a number of macs, all of them running 24/7, two of them Internet-facing servers. One has been running for 3 years, and the other between 17 and 14 months. I have had 1 (ONE) kernel panic on one machine because of faulty USB drivers.
A kernel panic for unknown reasons once every month would make me very suspicious. Get your machines checked, Ford Prefect.
blog
There can't be that many USB wifi dongles out there with new universal binary drivers. Googling is kind of useless, the results tend to be just online stores with all the keywords. Looking at vendor sites hasn't turned up any universal binary driver upgrades.
So which ones have been updated and work with macbooks and MBPs? I'm asking because I've had several people wanting better reception ask me that same question. The reception in my MBP is certainly not quite good enough except for very local communication. I've tried the D-Link G122, but they only support (poorly) the older power books.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
"A number of news outlets and blogs have picked up on these various statements and clarifications, but nowhere have I seen this tidbit: Apple's Fox said that prior to the Black Hat demo, SecureWorks did contact Apple about a wireless flaw in FreeBSD, the open-source code upon which Apple's OS X operating system is based. In January, FreeBSD released a patch to fix the problem, which according to the accompanying advisory, related to a flaw in the way FreeBSD systems scanned for wireless networks that could be exploited to allow attackers to take complete control over the targeted machine.
I looked through the last eight months of patches from Apple and could not find any evidence that it also shipped an update to correct this flaw. Fox said she would check with Apple and get back to me. Fox also said Apple staff were already aware of the flaw when SecureWorks contacted them about it prior to their Black Hat presentation, and that Apple had already determined that the wireless flaw addressed in the FreeBSD patch was not exploitable on any of the Mac products.
"SecureWorks has not be able to exploit this for us," Fox said. "No one has been able to show us a way to exploit our internal [wireless] device drviers with that flaw."
...because you never know who you're dealing with.
[joke]
:-)
Well, once again this is mostly due to market share. If more people actually used Macs, there would be more Mac users thinking they are invincible.
[/joke]
See, now that was funny! Why can't more people be lighthearted about this stuff.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
There's a really, really legitimate reason for not doing the demo live: they'd basically be releasing the exploit. After all, they were giving the talk to a large room full of people with notebooks, and if they started doing a demo, you know damn well that at least a fourth of them would start a wireless packet capture.
...and now we've got some guy claiming to be Jon Benet's murderer when there are big holes in his story (claimed he took her home from school, but it was Christmas vacation, and there is little evidence that he was even in Boulder at the time)
i ndex.html
Except that now its being said that he has revealed details about Jon Benet's corpse that were only otherwise known to the medical examiner and investigators. I'd say its more likely he was misquoted/confused about the details of taking her home from school, than it is that he was able to come up with graphic and accurate details about the corpse that were never made public.
http://www.cnn.com/2006/LAW/08/18/karr.questions/
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
These guys were not caught lying. They state in the video that it's a third party driver. Stop spreading FUD.
Your claim that you "don't know what the exploit was" and then give that crazy scenario really only proves that you don't know anything about the presentation they gave. They explicitly stated that they turned on the ability to connect to any access point so that they could get a remote shell, however if that feature wasn't on, they'd still be capable of delivering a payload to the remote machine.
The only thing more pathetic than a PC user is a PC user trying to be a Mac user. We have a name for you people: switcheurs.
There's a good reason for your vexation at the Mac's serial bus interface: You don't speak its language. Remember that the Mac was designed by artists, for artists, be they poets, musicians, or avant-garde mathematicians. A shiny new Mac can introduce your frathouse hovel to a modicum of good taste, but it can't make Mac users out of dweebs and squares like you.
So don't force what doesn't come naturally. You'll be much happier if you stick to an OS that matches your personality. And you'll be doing the rest of us a favor, too; you leave Macs to Mac users, and we'll leave beige to you.
1) Apple stands to lose a lot more than the researchers have to gain. The researchers gain credibility for discovering a remote-code execution bug in an Apple product--big deal. There have been other remote-root bugs in Apple products. Do you remember any single person who discovered it? Do you even remember the flaws? Apple is building a reputation for being rock-solid and secure, but it's pretty unreasonable to believe that there are NO remote code executions in their products.
Come on, Apple's rep is not hurt at all but one vulnerability - after all there have been others found and patched before - the claim to fame is that there are no exploits in the wild.
Furthermore again I have to ask, what hold does Apple have over these people that they would have held off? Given all the grief they have received over this you'd think they would come out and demonstrate the flaw using only the airport card.
It's far, far easier to believe some very smart guys stretched the truth a little to make thier claims more notcable than a VERY heavily used dirver in OSX has that kind of open flaw that has remained undiscovered to this point. It's very hard to believe that Apple leaning on them had any effect, because Apple simply has no leverage over them.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Actually, we should take companies very seriously, and any proof we can have against claims they make - claims that can jeopardize our security - is fertile ground for lawsuits.
Bruce Schneier's secure handshake is so strong, you won't be able to exchange keys with anyone else for days.
(From http://geekz.co.uk/schneierfacts/fact/26)
Read Heinlein's 1953 Revolt in 2100, now more than ever.
I miself have reported a security flaw to Apple which still being patched. I would suspect Apple is currently in the process of addressing well over a dozen security holes at the moment, and until these bugs are fixed, the system is vulnerable to anyone who knows about the security flaws. Granted, most of the people finding these vulnerabilities (myself included), are white hats, but that doesn't mean the OS is 100% secure.
Dude, you've posted at least two other times as an AC account. How about growing a pair and standing behind your statements with a name?
On the website, SecurityWorks now has a disclaimer admitting they used a modified MacBook with third-party WiFi and drivers, not Apple's drivers. They've not shared code with Apple. Can you explain it?
"Sufferin' succotash."
Although I agree OS X would be targeted more and would likely see an increase in vulnerability announcements, it's important to note that OS X's infrastructure has been built on UNIX-like security from the start, and it has that going for it. Windows sees a lot of flaws because of its kludgy architecture. Win32 was developed in the single-user days, and Vista is still vulnerable to the Win32 scatter attack, for instance.
Given a hypothetical comparison between the two in which both had equal market share, I suspect (though I obviously can't prove) that OS X would see less threats from hackers due to the fact its lineage, dating back to NeXTStep, relies on UNIX technology and practices.
"Sufferin' succotash."
It is, on the other hand, what was said during their talk at Defcon. I was there. I skipped it at Blackhat (didn't seem all that cutting edge) but due to popular demand from the home office, caught it at Defcon.
What they said there included:
1) They demoed using a third-party card (I don't recall why).
2) Exploitable flaws exist in the wireless drivers on an unspecified Mac platform, using builtin software and hardware.
3) Exploitable flaws also exist in unspecified Windows and Linux platforms.
So this is a significant reversal if they are not now claiming to be able to compromise the native drivers on OS X. And since these were supposedly the guys who did the work, I don't see how this could be the result of a miscommunication.
This guy has a higher-quality copy of the original exploit video, where he points out something pretty suspicious: though Maynor states they are using the unnamed third-party Wi-Fi card, the few seconds where the output of ifconfig is displayed indicate that the IP address they mention (192.168.1.50) is in fact attached to the internal Airport card (en1).
The idjits at SecureWorks cheerfully slammed Apple for a presumed, and now disproven, vulnerability discovery. But when asked to identify the "third party" of the USB wifi device they actually cracked, they suddenly get protective of the third party's reputation. The company name should be changed to SecureDorks.
"The researchers ... nose-thumbing at Apple users who were too secure in their security was misplaced"
... nose-thumbing at Apple users who were too secure in their security was juvenile and irresponsible"
when run through my Slashdot Story Bias Translator and Cabbage Slicer, reads"
"The researchers
"The researcher's claim that they were providing information to Apple now seems off-base, too."
translates to
"The researcher's claim that they were providing information to Apple is a bald-faced lie, too."
As shown the guy removed the Apple dirver and went with a third party driver. Clearly if you have access to the machine you can hack into it easily. Hell with access to the box I can root in about 30 seconds (enough time to reboot and load the MacOSX disk).
MacOSX, because making *NIX better is a lot better than waiting for Micro$loth to fix Windows
I've noticed that at the company I do IT work for, the incidences of machines crashing, slowing to immobility, or actually getting corrupted have gone down significantly. However, when I do run anti-spyware on people's machines, I generally do find several pieces of spyware. (We had an anti-spyware solution installed on all the machines, but it turned out to have a conflict with our antivirus software, so we tried another, which turned out to remove one of the files from the software product that WE PRODUCE. (No, we do not manufacture anything that anyone in his wildest dreams could call spyware.) At some point when things settle down a bit I will do some research and find another one to try.
Maybe what I'm seeing is that the spyware that is out there now is less intrusive and damaging than the spyware that was out there a year and a half ago?
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Oh god I hate x86. I really like Macs, and I'm certainly going to get one of the new x86 Macs eventually. And I'll even take some guilty pleasure in being able to play some of my old (but not DOSBox old) Windows games on the thing. But programming an x86 in assembly is to programming a PPC (or even 680x0) in assembly as writing a GUI program in Cocoa with Interface Builder is to writing the same program in Forth with no graphics libraries. Using ed as your text editor.
With no monitor.
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
(pretty reasonable idea, considering OS X's market share)
You mean the FOURTEEN MILLION OS X users?
People seem to forget that small percentgaes of very large numbers are in fact aso rather large numbers.
As for the "leverage".. maybe Apple just requested that they not release/show it and they agreed. It's not outside the realm of reason.
Why would they agree when the whole thing looked shoddy otherwise? It makes no sense from any angle, you (and anyone else believeing this still) are just grasping at straws.
"There is more worth loving than we have strength to love." - Brian Jay Stanley