Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Denies Wi-Fi Flaw, Researchers Confirm

Posted by ryuzaki0 on from the not-as-bad-as-it-seemed dept.

Glenn Fleishman writes "Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."

14 of 267 comments (clear)

  1. When in need of security commentary by Anonymous Coward · · Score: 1, Funny

    Ask Bruce Schneier.

  2. What a relief. by A.+Bosch · · Score: 5, Funny

    So I can go back to being "smug" now about security on my mac?

    --
    Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains.
    1. Re:What a relief. by Anonymous Coward · · Score: 1, Funny

      Only VM/370 (VM/CMS) and Multics users can be smug about security. Everyone else... watch out.

    2. Re:What a relief. by CaptDeuce · · Score: 1, Funny
      So I can go back to being "smug" now about security on my mac?

      Only if you continue to smell your own farts.

      --
      "Where's my other sock?" - A. Einstein
  3. Big surprise. by supabeast! · · Score: 4, Funny

    So if this report is true it means that computer security professionals are grandstanding and misstating the facts to get attention and advance their own personal agendas. I am shocked that such a thing could happen! If we can't trust computer security nerds when they present at Black Hat, how can we trust them when they release proof-of-concept code, call it virus in the wild, and then try to sell us antivirus tools to remove it? How can we trust their products for *nix operating systems?

    My God - what if the computer security folks are often just full of shit?

  4. Confusing Headline by Anonymous Coward · · Score: 2, Funny

    Researchers "confirm" the denial or "confirm" the flaw?

    ahhhh, not so confusing....the headline drew me in to read it for clarification...verrrry clever.

  5. Special spl0itz! by Nijika · · Score: 5, Funny
    I have found this amazing security flaw in OSX. If you take a specially crafted driver, and you use a specially crafted peice of hardware and insert it into the system you want to compramise, you can then compramise it remotely!

    Gad Zukes!

    This is almost as good as the Debian exploit I found last year. I found that if you built a specially crafted PC, and then installed a specially crafted version of Debian, it would prompt you to set the root password during the install, leaving the system open to compramise by the person installing the OS.

    Next year's Black Hat conference, here I come!

    --
    Luck favors the prepared, darling.
  6. In other news... by Logger · · Score: 5, Funny

    In other news today, a faulty air bag was blamed for the death of a driver in a recent accident. The auto manufacturer's safety claims for the car were obviously overblown, and their smugness is now revealed.

    Update later that day: As a side note to this story, the owner of the vehicle replaced the OEM airbag with one from Orval Reddenbacker, so she could eat popcorn in case she was in an accident. We originally decided we would overlook this aspect, because we have an axe to grind with this manufacturer and to create buzz generating free advertising for our company.

  7. Here are the unpublished details on this hack by sjonke · · Score: 4, Funny

    1. Take your MacBook and sit it on table
          2. Log in to the MacBook with your username and password
          3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
          4. Select your wireless network from the menu in the menubar and enter the password
          5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
          6. Take a different computer of yours and connect to the same wireless network and enter the password
          7. Bring up a terminal and type in ssh://
          8. At the login prompt enter your username and password
          9. You're in baby, have a fuckin' field day!!!

    --
    --- What?
    1. Re:Here are the unpublished details on this hack by Tarmas · · Score: 2, Funny

      1. Take your MacBook and sit it on table
      2. Log in to the MacBook with your username and password
      3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
      4. Select your wireless network from the menu in the menubar and enter the password
      5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
      6. Take a different computer of yours and connect to the same wireless network and enter the password
      7. Bring up a terminal and type in ssh://
      8. At the login prompt enter your username and password
      9. You're in baby, have a fuckin' field day!!!

      10. ???
      11. Profit!

      --
      Signature has left the building.
  8. Well, Duh by MidKnight · · Score: 4, Funny

    Anyone who did some passing research into the original posting could've seen that. As I said originally, these guys just did their demonstration on a Mac in order to get a publicity storm started. They certainly accomplished that, and probably raised the visibility of their security company as a result. Good for them, I guess.

    This is a very real exploit... just not one that the Mac is vulnerable to unless you're using 3rd party wireless hardware. And how many Mac users do you know that use 3rd party wireless hardware? Yeah, me either.

  9. Re:So some "facts" were just made up... by podperson · · Score: 2, Funny

    Shame on everyone who reported it without checking the facts.

    Nah, they're just on to the next unchecked story. This is old "news" ... why beat a dead horse ... er ... try to unring a bell? We all know that the Macbook was hacked remotely, we found WMDs in Iraq, Saddam Hussein was directly involved in 9/11, and John Kerry inflicted wounds on himself to get a Purple Heart.

    Pretty much the only story that's ever been "corrected" successfully was George W. Bush's being AWOL from the National Guard. He was AWOL, but because *some* of the evidence turned out to be bogus, this was somehow construed as meaning he wasn't AWOL. The glove didn't fit, so we must acquit

  10. Re:Not exactly surprising by atrocious+cowpat · · Score: 2, Funny

    Er... while I basically agree with what you wrote I'd like to note that if you want to be 100% sure that your shit will steam, antarctica probably is the place to go on this planet.

    ;)

    --
    sig? Oh, that sig...
  11. Re:Heres how you get an exploit developped for Mac by skingers6894 · · Score: 2, Funny

    "Let's see what happens to "security" if the market share ever heads north of the 80% mark."

    Now THERE'S a security problem Apple would like to have...