Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Denies Wi-Fi Flaw, Researchers Confirm

Zonk posted more than 8 years ago | from the not-as-bad-as-it-seemed dept.

267

Glenn Fleishman writes "Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."

Sorry! There are no comments related to the filter you selected.

When in need of security commentary (1, Funny)

Anonymous Coward | more than 8 years ago | (#15934451)

Ask Bruce Schneier [geekz.co.uk] .

WWBS? (What Would Bruce Say?) (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15935174)

Oh, this could be a fun game. I'll start:

This is not mere grandstanding it is also an interesting twist on the ever-raging debate on full disclosure of security vulnerabilities. Eschewed were the two classic positions usually assumed by professionals in the field:
  • disclose in public sufficient detail to demonstrate and reproduce (and sometimes fix) the vulnerability, which might or might not include sample exploit code, and
  • disclose those details in secret to the vendor).
Rather than adopt a classic position, these two, ahem, security researchers...

ahem, ahem... I have something stuck in my throat, ahem...

have staked out territory previously reserved for crackers (aka black-hat hackers), that being: "we know about a vulnerability and will not disclose its details to the community at large, but also will not share with the product vendor details sufficient to allow them to find, reproduce, and fix the problem". Traditionally the cracker also reserves the right to exploit the vulnerability if desired, or sell it to other crackers.

Never fear! The security researchers are here. Ahem.

OK, that's entirely too much like something I would say. To Win the Game, WWBS, enter something succinct and pity.

What a relief. (5, Funny)

A. Bosch (858654) | more than 8 years ago | (#15934471)

So I can go back to being "smug" now about security on my mac?

Re:What a relief. (1, Funny)

Anonymous Coward | more than 8 years ago | (#15934659)

Only VM/370 (VM/CMS) and Multics users can be smug about security. Everyone else... watch out.

No, Cower in Fear (TM) (1)

Gary W. Longsine (124661) | more than 8 years ago | (#15935129)

Smug? No, you should Cower in Fear(TM) like The Rest of Them (TM).

...or alternatively... (0, Troll)

Anonymous Coward | more than 8 years ago | (#15934484)

...Apple bought them off / threatened them with a lawsuit.

Oh, and btw, I am sure no Apple users ever use third party hardware / drivers, so their little fantasy world of 100% safety and security is probably real, too! ;)

Re:...or alternatively... (4, Insightful)

jspectre (102549) | more than 8 years ago | (#15934597)

Wouldn't say no user, but as most macs come with built in airport they rarely use 3rd party wifi adapters and drivers. Infact it's damn hard to find 3rd party wifi adapters and drivers. In any case it certainly isn't any fault of Apples if 3rd party equipment has vulnerabilities.

Re:...or alternatively... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15935144)

Yet its Microsofts fault for being 'unstable' every time Nvidia, ATI, or Creative's buggy drivers crash (pretty much the only reason you'll see XP crash under normal use).

Apple is god though..

Re:...or alternatively... (0)

Anonymous Coward | more than 8 years ago | (#15935222)

Apple is god though
Mod parent up!

Re:...or alternatively... (5, Interesting)

Anonymous Coward | more than 8 years ago | (#15934872)

Allow me to provide some background on one of the researchers. David Maynor has never been credited with the discovery of a vulnerability, even after several years at ISS X-Force. I have seen him present at three security conferences (two Blackhats and CANSEC) and not once have I seen him support his claims with any evidence. I am acquainted with a number of his former coworkers in the vulnerability research community and have been told by all of them not to place any stock in his caims. Based on that on the refusal to provide proof, I question this whole situation.

And of course. . (0, Insightful)

Anonymous Coward | more than 8 years ago | (#15934494)

. . People should ALWAYS trust what a company has to say about its own products. If Dell says there's no problem with their laptop batteries, they must be telling the truth. . right? On the same token, if Apple says that there is no problem with their wireless adapters or software, who are we to question them?

who are we to question? (5, Insightful)

guet (525509) | more than 8 years ago | (#15934732)

Yeah, so they should also trust two jokers on the internet who want to create a buzz around their presentation, and frame their demo so that it is bound to do so...? It cuts both ways.

Although we'll see nothing but speculation in this article and its comments, eventually the truth will be known, and we'll have an exploit which is documented and proven to work, or not. If Apple have a flaw, and won't admit it, that would light a fire under them wouldn't it?

Given the hackers comments :

Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook.

It sounds like they were bullshitting to try to make a splash, which they did. Till I see proof, I'm not inclined to trust either side.

Re:who are we to question? (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15934805)

I did not say that people should trust "two jokers on the internet". Try not to read into things and let your fanboyism get the best of you.

On the subject of unquestioning conformity.. (-1, Offtopic)

Tracer_Bullet82 (766262) | more than 8 years ago | (#15934796)

I noticed you posting as AC.

Which is either..

1)you don't have an account

or

2)you're afraid of being modded down to hell by the apple fanboys.

One wonder's which one is it.

Two faces of trust (4, Insightful)

SuperKendall (25149) | more than 8 years ago | (#15934804)

. People should ALWAYS trust what a company has to say about its own products. If Dell says there's no problem with their laptop batteries, they must be telling the truth. . right? On the same token, if Apple says that there is no problem with their wireless adapters or software, who are we to question them?

Myself, I trust the people who actually have the code to look at. In this case that would be Apple. They have done little that would lead me to think this statement was misleading.

If you blindly mistrust any company just because it is a company, you are just as badly off as if you blindy accept anythign any company says. You need to use common sense in evaluation statements from anyone.

Re:Two faces of trust (1)

babbling (952366) | more than 8 years ago | (#15935014)

Why wouldn't you trust the researchers in this case? Apple has something to lose by admitting a flaw.

Re:Two faces of trust (2, Insightful)

cyber-dragon.net (899244) | more than 8 years ago | (#15935182)

Because as several posters have pointed out... these are not "researchers" with good reputations or a trusted security company or anyone else with any form of credibility. As such, to gain such credibility they must PROVE thier claims, which they flat out refuse to do.

Hell I would not even hold Microsoft, the king of security flaws, accountable for what some unknown guy did using a third party driver he will not produce to prove his claim. And if I would be scepticle about a security flaw in windows, which has a bad track record, you can bet I will be for OS X which has a good one.

Re:Two faces of trust (0)

Anonymous Coward | more than 8 years ago | (#15935133)

Myself, I trust the people who actually have the code to look at

This makes no sense at all. Having the code has nothing to do with trust. I'm sure you don't feel the same about M$ and they have the code. Trust is about past actions lining up with stated intentions as well as visible current actions being consistent with a non destructive agenda it doesn't have anything to do with whether or not someone can see/share/own/whatever code. Is that you in disguise RMS? ;-)

What a couple of dicks (5, Insightful)

Doctor Memory (6336) | more than 8 years ago | (#15934495)

And here I agreed that the Mac community was too complacent. I was hoping that this would be a rather benign wake-up call (given that it wasn't an exploit seen in the wild, and the hats were taking proper precautions to prevent it from becoming so). And now we see that they were just trying to leverage their exploit to make a (valid, but now diluted) point.

Well let me join karma suicide (0, Flamebait)

Ilgaz (86384) | more than 8 years ago | (#15934701)

Can you imagine a "real" (not lamely coded) OS X worm/spyware released 1 hour later to the public by some black hat? What would happen? There are security tools for OS X but they are used by people generally switched from other OSes and know how evil things can get if you got zero defence. Lets check download numbers of cheapest (and working great) application firewall on versiontracker: Downloads (this version): 16,753 (Little Snitch)

So if you code a spyware sending everything from users home directory to some third party site, 16.000 people will get alerted.

There isn't a heuristics performing OS X Antivirus too. I mean like those disassembling scripts and run them in virtual machine to check what is going on by running it before actually running it.

What saves OS X is Unix rights and clever choices by Apple but it can't stop a evil script/application to send your home directory to third party server. Also: Popularity.

As Macbook (ew that name) made Apple marketshare explode, one day, one of those sick minded (but clever) will think about coding a worm/trojan which really works. No Redmond conspiracy needed too. Mac zealots continuous trolling and personal attacks to anyone mentioning security will feed such a lamer.

As a OS X running Quad G5 owner I sometimes found myself posting as AC to mac related stories knowing they will hit -1. Some security companies must have same feeling after what happened to Intego, Symantec and even totally individual bloggers which has no agenda in their mind spoke about pseudo "I am secure because I run mac" feeling by end users.

Well as I see the production machines used all over DTP/TV without zero security measures (even ones running os 9! it really has viruses!) I can make you sure that if such nightmare scenario happens, we will all hear it somehow. It will also create a huge mess to fix. Apple can't sue all Dell trolls laughing about daily newspaper not being printed as result of it yes?

Just giving 20 mins to this story get "FUD" tag and we go -1 levels by some Mac zealot moderator ;)

Re:Well let me join karma suicide (4, Insightful)

gnasher719 (869701) | more than 8 years ago | (#15934787)

'' Just giving 20 mins to this story get "FUD" tag and we go -1 levels by some Mac zealot moderator ;) ''

I think there should be an automatic moderation to -2 levels for any post that predicts "I will be moderated down because some zealots don't like my opinion".

Re:Well let me join karma suicide (1)

Ilgaz (86384) | more than 8 years ago | (#15934900)

I use Macs only since 2003 (G5 convert) and it was enough to predict such things.

I have seen people transforming from complete Intel hater to Intel zealot just after WWDC Mactel announcement.

Re:Well let me join karma suicide (4, Insightful)

Yvan256 (722131) | more than 8 years ago | (#15935240)

I have seen people transforming from complete Intel hater to Intel zealot just after WWDC Mactel announcement.
The Pentium 4 was a POS from day one, there was no need to be an Apple / PowerPC zealot to see that. Clock-for-clock, the P3 was kicking the P4's ass.

As for Apple zealots turning into "Intel Zealots" at WWDC05, well, you have to admit the new Intel Core is quite a step-up from their previous CPUs. And the Core 2 is (again) a big step-up too.

Just because something was good/bad in the past doesn't mean it's gonna be good/bad in the future (i.e. Mac OS 9 sucked but OS X is really good, Apple used to suck with their proprietary hardware and software (ADC, Apple-specific PICT screenshots that won't even load correctly in regular programs, etc) but now they're supporting standards (DVI, USB2, Wi-Fi, Bluetooth, PDF, PNG, etc).

Re:Well let me join karma suicide (1)

mrxak (727974) | more than 8 years ago | (#15935256)

Heh, count me in that group (well, not to say that I'm an Intel zealot now, I just don't necessarily hate them). But you have to admit, the new intel chips are loads better than their offerings a couple years ago. Core 2 Duo Two Duplo 2 is a much better chip than the Pentium 4, even with a silly name. Although, the Quad Xeon vs. Quad G5 benchmarks I've seen weren't spectacular... Sure, there's improvement, but not as much as one might hope. Intel's killing the G4, but that chip was ancient to begin with. Anyway, when it comes down to it I'm conservatively optimistic about the Intel switch. Now if they'd get their acts together on graphics cards...

Re:Well let me join karma suicide (1)

evil_Tak (964978) | more than 8 years ago | (#15934932)

Yes! Make them self-fulfilling prophecies!

Re:What a couple of dicks (4, Insightful)

kaan (88626) | more than 8 years ago | (#15934751)

Furthermore, all this is going to do is bolster the view that Macs are invincible. ... Oh you say you found another new exploit or vulnerability? Psha! As if! Didn't you hear that the only "exploits" on Macs are total bullshit invented by a couple clowns who hate Steve Jobs? And dude, didn't you see that Apple commercial about "viruses"? The Mac didn't get sick at all! But the PC did!

The thing that's more concerning to me is that the tech news and media start sounding like CNN. It seems like anybody can step up and make a loud claim about something controversial, and the news sites just spread it around. Most other tech security claims are held accountable for documenting details and specifics, and being up-front about things like, "well, this only happens while using a random 3rd party wireless card, which would admitedly happen almost never on a Mac since most have built-in wireless...".

Re:What a couple of dicks (0)

jrockway (229604) | more than 8 years ago | (#15935151)

> I was hoping that this would be a rather benign wake-up call (given that it wasn't an exploit seen in the wild, and the hats were taking proper precautions to prevent it from becoming so).

It was. I realized it was time to wipe out OS X and replace it with OpenBSD. Incidentally, the "unnamed chip" (an Atheros USB) is supported by OpenBSD - with a 100% open source driver. I can safely browse the web at a coffee shop without being 0wned! Awesome!

(And sure Apple could do something - they could say, no closed drivers in the kernel. Works for OpenBSD, why not Apple?)

Uh... the "game's" rules are too strict (-1, Troll)

hesiod (111176) | more than 8 years ago | (#15934503)

It seems pretty ridiculous to say "We guarantee our OS is secure [unless you use hardware that wasn't made by us]." Well, then the OS isn't secure. If 3rd-party drivers can break your security, it wasn't really there to begin with, now was it?

Re:Uh... the "game's" rules are too strict (5, Insightful)

computertheque (823940) | more than 8 years ago | (#15934527)

When they have integrated wi-fi and the user decides on a third party usb option with questionable settings, I wouldn't say it was my fault either.

It's much like OpenBSD (1)

Quantum Fizz (860218) | more than 8 years ago | (#15934689)

OpenBSD's standard out-of-the-box install is very well-hardened security wise, AFAIK there haven't been any local or remote exploits for years. But once you start opening ports and running daemons (say even third-party daemons) then it's not necessarily secure anymore. But stupid actions by the administrator don't imply that the OS itself isn't secure.

the "game's" rules are set by the players (0)

Anonymous Coward | more than 8 years ago | (#15934542)

and this is how Apple plays... and this is why Apple plays this way... because they don't want to be Microsoft and have the ability to teach people not to blindly accept what a third-party makes without being aware that Apple isn't responsible for the outcome of stuff they didn't have a hand in...

Re:Uh... the "game's" rules are too strict (0)

Anonymous Coward | more than 8 years ago | (#15934548)

Since we haven't reach the zenith of perfection where any code (authorized or not) that is injected into a systems kernel still results in a secure system, then yes, it being designed by apple or NOT being designed by apple is a valid point. If they claim that OS X with their hardware and hardware drivers is secure, that's different then saying OS X itself is secure.

Reality (4, Insightful)

SuperKendall (25149) | more than 8 years ago | (#15934553)

It would not be rediculous if the device in question were something that someone were at least somewhat likley to use.

But in reality every laptop sold by Apple today ships with an Airport card, and most of the ones sold previously had one as well. What message are you really sending when you trumpet a flaw that affects 1/10 of 1% of Mac users?

The message that Mac users should be aware of possible security vulnerabilites is an excellent one but hyping a vulnerability that would simply not happen in reality was a poor vehicle to convey this message, and basically comes off as self-aggrandizing; that is to say they were far more interested in promoting themselves than warn Mac users about security flaws.

Re:Uh... the "game's" rules are too strict (3, Insightful)

XenoPhage (242134) | more than 8 years ago | (#15934557)

But you're assuming that the security is in the hardware not the software. It's pretty easy to write software that renders hardware vulnerable to all sorts of exploits. And since the OS maker doesn't control the developers, then it's impossible for them to say that the OS is completely secure.

So, in essence, this research only "proves" that if you take something that is secure out of the box and make alterations, it's possible to break that security.

Re:Uh... the "game's" rules are too strict (3, Insightful)

_typo (122952) | more than 8 years ago | (#15934575)

Third party drivers run inside the kernel. If they have security flaws there's nothing the rest of the kernel can do about it. Even a microkernel OS will have a hard time being completely secure without trusting the drivers. At some point it's going to have to touch hardware and it's not easy to abstract that away. After all that's what the device driver is there for in the first place. It's not Apple's fault if someone released a crappy device driver. This is why I like all my Linux drivers to be free instead of that binary crap ATI/Nvidia do. Go Intel!

Re:Uh... the "game's" rules are too strict (1)

Pulse_Instance (698417) | more than 8 years ago | (#15934637)

I'm not saying I'm a fan of the binary drivers, but has anyone seen a security issue from a video card driver? I can understand NIC and a few other ones but not video cards.

Re:Uh... the "game's" rules are too strict (2, Insightful)

Score Whore (32328) | more than 8 years ago | (#15934778)

Why couldn't you understand something like that? You've got to stop thinking about these things as network cards and video cards. Think of them as devices that take input, do some work, and produce output. Then you can see that any kind of device is susceptible to bad data.

Re:Uh... the "game's" rules are too strict (2, Informative)

TheRaven64 (641858) | more than 8 years ago | (#15934960)

As I recall, there was a privilege escalation vulnerability in some of the DRI drivers last year. The i810 driver is horribly insecure, but it is deprecated in favour of the i915 driver (which also supports older hardware).

Re:Uh... the "game's" rules are too strict (1)

kithrup (778358) | more than 8 years ago | (#15934875)

That's not strictly true in this case: On Mac OS X, USB drivers live in user space. My original thought was that this is why they used a third-party card -- it's a lot easier to get a shell process from a USB user-land driver than it is from a kernel-land driver. (Oh, it can be done... but it's nowhere close to being easy. Much easier to just change some file, or change the security level of an existing process.)

Re:Uh... the "game's" rules are too strict (5, Informative)

TheGreek (2403) | more than 8 years ago | (#15934586)

It seems pretty ridiculous to say "We guarantee our OS is secure [unless you use hardware that wasn't made by us]."
It's a good thing Apple doesn't guarantee that, then, because it would indeed be ridiculous. What they acutally said was:

"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," Apple Director of Mac PR, Lynn Fox, told Macworld. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device-not the 802.11 hardware in the Mac-a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."

Re:Uh... the "game's" rules are too strict (1)

Shisha (145964) | more than 8 years ago | (#15934680)

If you have a driver that's loaded as a kernel extension (or a module in Linux), then it executes with kernel privileges. If there is a flaw in the driver then you can "get root". No mainstream OS that I'm aware of provides the level of separation, between kernel space and drivers, that would prevent this kind of exploit from "getting root".

Re:Uh... the "game's" rules are too strict (1, Insightful)

peragrin (659227) | more than 8 years ago | (#15934603)

Here just play this sony music cd on your computer.

It's not Apple's or MSFT's fault for faulty software someone else wrote.

Re:Uh... the "game's" rules are too strict (1, Insightful)

sammy baby (14909) | more than 8 years ago | (#15934837)

[sarcasm: on]

Right. Because trying to play a music cd on your computer and installing third party hardware and drivers are, like, exactly the same.

[sarcasm: off]

(How did the parent get modded insightful?)

Re:Uh... the "game's" rules are too strict (4, Informative)

ThinkFr33ly (902481) | more than 8 years ago | (#15934615)

Drivers typically run in kernel mode. Kernel mode simply can't be "secure". Those drivers can do anything the kernel can do, including write directly to memory (ANY memory), disk, etc.

This applies any ANY OS that allows code to be loaded into the kernel... in other words, allows kernel mode drivers.

In other news... (5, Funny)

Logger (9214) | more than 8 years ago | (#15934630)

In other news today, a faulty air bag was blamed for the death of a driver in a recent accident. The auto manufacturer's safety claims for the car were obviously overblown, and their smugness is now revealed.

Update later that day: As a side note to this story, the owner of the vehicle replaced the OEM airbag with one from Orval Reddenbacker, so she could eat popcorn in case she was in an accident. We originally decided we would overlook this aspect, because we have an axe to grind with this manufacturer and to create buzz generating free advertising for our company.

Re:Uh... the "game's" rules are too strict (2, Insightful)

dgatwood (11270) | more than 8 years ago | (#15934632)

Except that drivers either run in the kernel's address space (in which case security is impossible) or they don't (in which case performance is diminished). The only way to protect an OS from driver malfunctions is use a microkernel, so the question is whether you want slow and secure or fast and ever so slightly less secure....

Re:Uh... the "game's" rules are too strict (1)

jellomizer (103300) | more than 8 years ago | (#15934641)

Well we can assume that OpenBSD is a secure OS. But if I say configure openSSH to allow root logins with no password, should I blame OpenBSD for making an unsecure product. Drivers usually need high level access, because drivers do things the kernel cannot do nativly. If the driver made by a third party then installed by the user, has a security risk then you cant blame, Apple, Microsoft, Linux, *BSD or whatever for being unsecure just because someone elses program that demmands to have high level access is unsecure.

Re:Uh... the "game's" rules are too strict (2, Insightful)

timster (32400) | more than 8 years ago | (#15934679)

I'm amazed at the sheer audacity of your post. What you are saying is that any OS MUST have a security model that prohibits the machine's administrator from installing any software which could conceivably break the OS's security. While such systems do exist, I find it hard to believe that anyone would think that such a system would make sense for a consumer or business computer. You're talking military security here, and it would be plain stupid for Apple or Microsoft to design their systems that way.

Who modded parent to +5? (3, Insightful)

Viol8 (599362) | more than 8 years ago | (#15934691)

Insightful my arse. The guy obviously has no clue about how (non microkernel) operating systems and drivers work or tie together.

Maybe he hasn't Hurd of one... (1)

EccentricAnomaly (451326) | more than 8 years ago | (#15935159)

Insightful my arse. The guy obviously has no clue about how (non microkernel) operating systems and drivers work or tie together.

So the monolithic kernel OS's are immune to this? Can you name one non-toy OS that isn't vulnerable to security flaws in a badly written driver?

Re:Uh... the "game's" rules are too strict (3, Insightful)

frankie (91710) | more than 8 years ago | (#15934694)

Except that 3rd party WiFi is pointless when every mobile Mac comes with AirPort.

What the hackers are actually claiming is: "I can take over any Mac. All I need to do is add this 3rd party hardware, install 3rd party drivers, disable the built-in version, and sneak away without you noticing several inches of antenna sticking out the side."

Re:Uh... the "game's" rules are too strict (1)

mitchell_pgh (536538) | more than 8 years ago | (#15934717)

It seems pretty ridiculous to say "We guarantee our OS is secure [unless you use hardware that wasn't made by us]." Well, then the OS isn't secure. If 3rd-party drivers can break your security, it wasn't really there to begin with, now was it?


Actually, that seems very reasonable to me. Regardless of the OS, if I introduce bug ridden code at the driver level, you are introducing problems.

Analogy Time: If I replaced the built in firewall of OS X with something I code myself, should I get upset with Apple when a buffer overflow is found in my code... resulting in the possible execution of code or some other vulnerability?

P.S. I'm in litigation with Ford because the cardboard tires I made out of old refrigerator boxes caused damage to the car.

Re:Uh... the "game's" rules are too strict (1)

dafz1 (604262) | more than 8 years ago | (#15934720)

It's not ridiculous.

The problem lies in the fact that they used a third party wireless adapter. People buy Macs for a number of reasons, one of which being integration(the "Everything just works" argument). No one buys a wireless adapter for a Mac laptop, because they all come with one. If the Airport Extreme card stops working, almost all Mac users will either send it to Apple or take it to an Apple Store/Authorized Apple Service Center to be replaced.

Is OS X 100% secure? If you use a undocumented hack, on a third party wireless adapter, that's known to EXACTLY TWO people, no.

Is OS X 100% secure to the average user? Yes(so far).

Re:Uh... the "game's" rules are too strict (1)

gnasher719 (869701) | more than 8 years ago | (#15934749)

'' It seems pretty ridiculous to say "We guarantee our OS is secure [unless you use hardware that wasn't made by us]." Well, then the OS isn't secure. If 3rd-party drivers can break your security, it wasn't really there to begin with, now was it? ''

The problem with this argument is that we have no idea what the "exploit" actually was (if there was any; I mean these guys have been caught lying, so why would you believe anything? )

My suspicion is that the WiFi card + driver can be convinced to set up a wireless connection from the outside, without being told so by the user. Now you might have set up your computer in a way that is inherently insecure, under the assumption that it is not connected to anything and therefore nothing can happen. If this computer then enters into a connection without being told to do so, you have a problem (the user knew all the time that a connection was dangerous, but had no intention to set up any connections). Something like this would be an "attack" that would work against any operating system, but it would be just an exploit of user stupidity, nothing else.

Re:Uh... the "game's" rules are too strict (1)

b1t r0t (216468) | more than 8 years ago | (#15934760)

It seems pretty ridiculous to say "We guarantee our OS is secure [unless you use hardware that wasn't made by us]." Well, then the OS isn't secure. If 3rd-party drivers can break your security, it wasn't really there to begin with, now was it?

That's a pretty weak argument. That implies that the OS would even have to protect against a 3rd-party driver that intentionally opens a root shell on a random TCP port.

A flaw in a 3rd-party driver is the fault of the driver vendor, not the OS vendor. Or we could go with the "signed code or NO DRIVER FOR YOU!" model that Microsoft wants.

The user is the weakest link. (0)

Jerk City Troll (661616) | more than 8 years ago | (#15934845)

If I give elevated privileges to arbitrary code, and that code breaks my security, it does not mean the operating system is insecure. It means that I created an attack vector that did not exist previously. If the operating system let that arbitrary code run privileged without my permission, then the system would be insecure. Do not confuse PEBKAC [wikipedia.org] with inherent weakness.

Re:Uh... the "game's" rules are too strict (1)

ceejayoz (567949) | more than 8 years ago | (#15934945)

You really find "we can't be responsible for other people's fuckups" to be unreasonable?

Re:Uh... the "game's" rules are too strict (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15935045)

That's the dumbest thing I've read in a long time.

Philipaustin.co.uk (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15934513)

UK TECHNOLOGY BLOG

http://www.philipaustin.co.uk/ [philipaustin.co.uk]

So was this just a lie? (5, Informative)

Anonymous Coward | more than 8 years ago | (#15934521)

Security Fix [washingtonpost.com] :

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

Re:So was this just a lie? (3, Insightful)

Anonymous Coward | more than 8 years ago | (#15934577)

Brian Krebs has been proven to be a fraud many times over when it comes to security. Take what he says with a large grain of salt... like maybe one the size of your house. As for the test, I'm surprised the rest of the Black Hat community didn't call Maynor and Ellch out and get them to do the exploit live. Probably because they can't....

So some "facts" were just made up... (5, Interesting)

gnasher719 (869701) | more than 8 years ago | (#15934539)

We were told that all Macs are vulnerable. And not only all Macs, but also all Linux machines, and all Windows machines. It seems this was not the case. Apparently there is no exploit at all against a bog standard Macbook with built-in wireless, and that covers about 99.999 percent. Using an external card was essential to the exploit, the claimed "pressure from Apple" was just made up. Remember, these guys _did_ claim that a Macintosh with built-in wireless adapter was vulnerable, and they didn't demonstrate that because of pressure from Apple! I didn't believe it then, nobody should have ever believed it without evidence, and now they have been caught with their lies.

Shame on everyone who reported it without checking the facts.

Re:So some "facts" were just made up... (1)

ack154 (591432) | more than 8 years ago | (#15934579)

Shame on everyone who reported it without checking the facts.

Since when do "reporters" check facts anyways?

Re:So some "facts" were just made up... (1)

_pi-away (308135) | more than 8 years ago | (#15934883)

So, the company that was reported to be vulnerable, who admits that they have no idea how the exploit works, says they're untouchable. Well then, they must be right!

I'm not saying they are vulnerable mind you (I simply don't know), but if you're going to be so skeptical about the claim then you might want to apply that skepticism to both sides of the fence.

Re:So some "facts" were just made up... (-1, Flamebait)

dfghjk (711126) | more than 8 years ago | (#15934968)

..."and now they have been caught with their lies."

Have they been?

"...I didn't believe it then, nobody should have ever believed it without evidence,..."

Where is the evidence now?

"Shame on everyone who reported it without checking the facts."

What facts have you checked? The truth is there, but it's not clear we've seen any of it yet.

Careful now... (1, Insightful)

Savage-Rabbit (308260) | more than 8 years ago | (#15935073)

Remember, these guys _did_ claim that a Macintosh with built-in wireless adapter was vulnerable, and they didn't demonstrate that because of pressure from Apple! I didn't believe it then, nobody should have ever believed it without evidence, and now they have been caught with their lies.


I have done enough debugging work to know that there is always a chance somebody screws up and screws up badly... That goes for Apple just like anybody else (I'm one of their customers by the way). Just because these hackers may have slipped up (at the moment I only have your word for it) and explicitly claimed that built in Apple Wifi cards were vulnerable without checking on it first (which incidentally violates one of the golden rules of professional bug-hunting: Never claim a vulnerability must exist on operating system A because it has been demonstrated on operating system B. Create tests and prove it!) So don't get to carried away in your 'Schadenfreude' Apple is no more incapable of fucking up any more than IBM/Lenovo,HP or any other high end PC manufacturer.

Something I'd like to know (4, Interesting)

Cyborg Ninja (954796) | more than 8 years ago | (#15934554)

I'd like to know if the fact that a third-party driver was used was reported when the exploit came out, or if this senior researcher at SecureWorks withheld that information deliberately. He stated he doesn't want to reveal the name of the device for legal reasons, but I don't know if this is just an excuse to hide behind or not. It sounds like he set out with a purpose, that is to make Mac users feel less "smug" about security, rather than point out vulnerabilities to increase security in the long-run. Sort of like a scientific researcher who comes up with a conclusion and will do anything to reach it.

The presenter did mention it (2, Insightful)

porkchop_d_clown (39923) | more than 8 years ago | (#15934773)

but that fact was pretty thoroughly buried in the avalanche of "OS X is worse than Windows" news reports.

Y'all are a bunch of suckers (2, Insightful)

WhiteWolf666 (145211) | more than 8 years ago | (#15934563)

I told you so [slashdot.org]

75% of people on Slashdot all tout the party line, "Don't believe everything you read in the mainstream media." It doesn't matter whether the discussion involves Iraq, Microsoft, SCO, Linux, IBM, the U.S. government, or CmdrTaco. If it's on CNN, don't believe it.

Well, here I am, to tell you, be skeptical of regular Joes, as well.

In this discussion [slashdot.org] , the only people not agreeing with the article said things like, "it was a 3rd party card." The thing is, I don't understand why you would believe ANY of it without some kind of proof, or evidence.

A video is easy to doctor. A video without any techniques and methods is monumentally stupid. I could have made the video in question in about 10 minutes.

Anyways, this is a big "FUCK YOU" to all the naysayers out there who continually announce that the end of OS X's relative security is on the horizon. I'm not saying that OS X is without flaw, and I'm not even saying there won't be widespread virus outbreak (however unlikely). But for godsakes, at least demand a shred of evidence before you proclaim the end of an era.

Re:Y'all are a bunch of suckers (1)

_pi-away (308135) | more than 8 years ago | (#15934777)

If you had read the above blurb at all, you'd have seen that apple isn't claiming the video is fake, so your discussion about how easy it would be to fake the video is completely irrelevant. They always stated that in the video they were using a third party device, they truly couldn't have been clearer about it.

That said, they also stated at DEFCON (where they gave the same talk) that the built-in apple wifi was also vulnerable. So you ask why we believed that, because the people who found the vulnerability said so. Frankly I am still inclined to believe it considering it's taken weeks for apple to deny it, but we'll see I suppose.

Too bad I don't have mod points (1, Interesting)

SuperKendall (25149) | more than 8 years ago | (#15934929)

Good vent, these people that constaly jump any any apperance of weakness in OS X are far worse (nad more numerous) than the mythical user who thinks the Mac is invincible to any attack.

Re:Too bad I don't have mod points (0)

Anonymous Coward | more than 8 years ago | (#15935164)

than the mythical user who thinks the Mac is invincible to any attack.

i.e. The typical smug Mac users I run in to.

I do a lot of photoshop work for a living. On a Dell. I also work as a network administrator for a ~200 person company with about 50 workstations and 8 servers running Windows and Linux. I get to hear smug statements by Mac using counterparts consistently (NOT occasionally) about how it must be tough to secure a Windows network compared to their Mac that takes no effort to secure because "Apple designed it right". Nice part is, most of them are typical Apple art snobs who have precisely 0 clue about how computers and security work. And Apple likes it that way.

"Mythical" my ass.

Big surprise. (4, Funny)

supabeast! (84658) | more than 8 years ago | (#15934569)

So if this report is true it means that computer security professionals are grandstanding and misstating the facts to get attention and advance their own personal agendas. I am shocked that such a thing could happen! If we can't trust computer security nerds when they present at Black Hat, how can we trust them when they release proof-of-concept code, call it virus in the wild, and then try to sell us antivirus tools to remove it? How can we trust their products for *nix operating systems?

My God - what if the computer security folks are often just full of shit?

Confusing Headline (2, Funny)

Anonymous Coward | more than 8 years ago | (#15934576)

Researchers "confirm" the denial or "confirm" the flaw?

ahhhh, not so confusing....the headline drew me in to read it for clarification...verrrry clever.

No Surprise (5, Insightful)

ar (109152) | more than 8 years ago | (#15934590)

Anyone who thought about it for more than a second or two would have realised that it was never going to be a vulnerability in the default MacBook Pro hardware or drivers. If it wasn't, why would they need to introduce a third-party wireless adapter at all?

Frankly, the disclosure here was pretty amateurish. Surely they would have known that demoing the vulnerability on Apple hardware would have implicated Apple. In fact based on the "aura of smugness on security" comment it looks like they deliberately *chose* Apple hardware to be falsely implicated.

Do these guys have *any* credibility left?

Re:No Surprise (2, Insightful)

gnasher719 (869701) | more than 8 years ago | (#15934663)

'' Anyone who thought about it for more than a second or two would have realised that it was never going to be a vulnerability in the default MacBook Pro hardware or drivers. If it wasn't, why would they need to introduce a third-party wireless adapter at all? ''

Remember that when the "researchers" were confronted with this very reasonable argument, they claimed that they didn't demonstrate their "exploit" with the standard hardware because (as they claimed) "Apple had leaned on them". At that time I thought: If I was in that position, and Apple "leaned" on me, they could do as much leaning as they wanted, I would demonstrate that I can crack a standard Macintosh, as sold to customers. On the other hand, if Apple "leaned" on me by waving huge amounts of banknotes at me, I would have taken the money; and I wouldn't have used a Macintosh at all, but would have showed how vulnerable Windows is!

Re:No Surprise (1)

Weedlekin (836313) | more than 8 years ago | (#15934776)

Yeah. it's like having MS lean on your three-man software company by buying it for a few million greenies. Oh, woe is me, Micro$soft have used anti-competitive tactics on my poor little company, I'll now have to spend time crying into my cocktail on a beach in Barbados instead of writing C++ and answering phones. Ba$tards!

Special spl0itz! (5, Funny)

Nijika (525558) | more than 8 years ago | (#15934621)

I have found this amazing security flaw in OSX. If you take a specially crafted driver, and you use a specially crafted peice of hardware and insert it into the system you want to compramise, you can then compramise it remotely!

Gad Zukes!

This is almost as good as the Debian exploit I found last year. I found that if you built a specially crafted PC, and then installed a specially crafted version of Debian, it would prompt you to set the root password during the install, leaving the system open to compramise by the person installing the OS.

Next year's Black Hat conference, here I come!

OMG Speling hax (1)

iceperson (582205) | more than 8 years ago | (#15935105)

Does your hack exploit the keyboard to mispell "compramise"?

Heres how you get an exploit developped for Mac. (-1)

DoctorDyna (828525) | more than 8 years ago | (#15934650)

Let's see what happens to "security" if the market share ever heads north of the 80% mark. All the system needs is a couple million coders bent on stealing or propagating a virus, and they will be fucked.

The only people currently testing the security of the system are a few black hat guys, maybe some dev's from Apple, but the biggest threat to security isn't the architechture or the OS or any of that junk.

Black Hat, you have a choice. You need to code a virus / worm, or develop something to take advantage of an exploit. Your goal is: Make as much money as possible. Your choices are: 1.) attack 2% of the market. 2.) Attack 6% of the market. 3.) Attack 92% of the market.

This is the question that black hats make, subconciously. Imagine, how many exploits there would be for Mac or Linux if either of those two platforms had even 10% of the revenue possibility due to their infection rate / payoff rate?

Re:Heres how you get an exploit developped for Mac (0)

Anonymous Coward | more than 8 years ago | (#15934874)

Let's see what happens to "security" if the market share ever heads north of the 80% mark. All the system needs is a couple million coders bent on stealing or propagating a virus, and they will be fucked.

The Problem with this assessment, and I've heard it against Linux as well, is that it assumes that all security models are created equal and that therefore the only difference in number of exploits is attention.

Sorry but a big bank safe is not going to have just as many break-ins as a a child's piggy bank simply if more people are trying to break in, at some point the strength of the security model and approach will make a difference

Numbers (4, Insightful)

SuperKendall (25149) | more than 8 years ago | (#15934887)

Black Hat, you have a choice. You need to code a virus / worm, or develop something to take advantage of an exploit. Your goal is: Make as much money as possible. Your choices are: 1.) attack 2% of the market. 2.) Attack 6% of the market. 3.) Attack 92% of the market.

That's a poor way to look at it, and masks the situation you have with the Mac market today.

Any of those 92% of computers may vary wildly in terms of OS loaded or software used.

With the Mac you have tens of millions of computers (fourteen million registered OS X users). Lots of them are running the same software, the same browser, at the same OS rev.

Looking at the cost of renting botnets on the grey market those millions of computers represent millions of dollars of revenue, even if you crack just a percentage of them. So the question is why would someone leave that money on the table?

The answer is obvious - because it's a lot harder to hack a Mac to use in such a way. So it's not really numbers that are preventing the serious development of attacks today so much as a stronger security model. This would potentially be true even beyond the 80% marketshare point.

Basically the reason the Mac is safer today and will continue to be so even as market share climbs is the same philosophy behind avoiding being eaten by a bear - you just have to be able to run faster than the guy next to you. Windows is puffing something fierce.

Re:Heres how you get an exploit developped for Mac (2, Insightful)

FLAGGR (800770) | more than 8 years ago | (#15935195)

Okay Einstein, then why did people make viruses for Mac prior to OS X, when there was even *less* marketshare?

Like another poster said, not all security models are built equal. Add up all the BSD, Linux and Mac marketshares, and there is still no exploits. The *nix crowd has a higher server marketshare than desktop, which makes them even more attractive for people to crack.

And btw, not all of 'em do it for money.

In other news... (1, Offtopic)

b1t r0t (216468) | more than 8 years ago | (#15934713)

In other news, Cisco can't reproduce the security flaw from last month's Black Hat conference. [csoonline.com.au]

...and now we've got some guy claiming to be Jon Benet's murderer when there are big holes in his story (claimed he took her home from school, but it was Christmas vacation, and there is little evidence that he was even in Boulder at the time)

What we seem to have here is an epidemic of Attention-Whore-Itis.

Here are the unpublished details on this hack (4, Funny)

sjonke (457707) | more than 8 years ago | (#15934714)

1. Take your MacBook and sit it on table
      2. Log in to the MacBook with your username and password
      3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
      4. Select your wireless network from the menu in the menubar and enter the password
      5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
      6. Take a different computer of yours and connect to the same wireless network and enter the password
      7. Bring up a terminal and type in ssh://
      8. At the login prompt enter your username and password
      9. You're in baby, have a fuckin' field day!!!

Re:Here are the unpublished details on this hack (0)

Anonymous Coward | more than 8 years ago | (#15935063)

Actually, that is what they may have done. If you watch the video, the first thing they did was set up a network connection between the two computers. They claim they did not have to set do it, but they did. If they could do the more difficult demonstration, why didn't they?

If you set up a network connection between the two computers, you have access between them. I did not see anything that could not be done if I set up a network connection between two computers.

Re:Here are the unpublished details on this hack (3, Funny)

Tarmas (954439) | more than 8 years ago | (#15935205)

1. Take your MacBook and sit it on table
2. Log in to the MacBook with your username and password
3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
4. Select your wireless network from the menu in the menubar and enter the password
5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
6. Take a different computer of yours and connect to the same wireless network and enter the password
7. Bring up a terminal and type in ssh://
8. At the login prompt enter your username and password
9. You're in baby, have a fuckin' field day!!!


10. ???
11. Profit!

I am suprised (0)

Anonymous Coward | more than 8 years ago | (#15934721)

That people are being taken in by theis bullshit. Apple confirmed that the exploit in the video did not affect a Mac, no shit, the guy doing it said that several times. They did not in any way claim that there were no bugs in OSX wifi drivers. Apple's quote exactly is:

"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," Apple Director of Mac PR, Lynn Fox, told Macworld. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device-not the 802.11 hardware in the Mac-a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."

This entire quote is focused on the demo video, which the researcher in the video confirms does not affect the Mac. If Mac wasn't affected at all why not just say that, when be so narrow and specific. I am guessing there is a flaw in the default macbook and Apple in now trying to spin this.

Tar and feather RESPONSIBLY (5, Insightful)

davidwr (791652) | more than 8 years ago | (#15934767)

Before you tar and feather someone publicly, make darn sure you don't leave the wrong impression or it will boomerang on you later.

This is true in any industry.

If these guys had made it CLEAR that they were using a NON-APPLE network device from the get-go we wouldn't be having this discussion today.

What they should have said:
"We found a wireless exploit in a major-brand wireless network device. We will be releasing the name and model number of the device after responsible notification to the vendors involved. The videotape you are watching shows this device connected to an Apple Macintosh. We have also tested a device containing the same chipset connected to a Windows-based PC and found similar problems."

Re:Tar and feather RESPONSIBLY (0)

Anonymous Coward | more than 8 years ago | (#15935260)

They did say that, watch the video.

Which is sadder? (4, Insightful)

david.emery (127135) | more than 8 years ago | (#15934790)

1. The inconsistent position of the original demonstration?
2. The willingness of everyone to jump on an actual vulnerability in MacOS X (schadenfreude) ?
3. People who believe that the only reason software is vulnerable is its market share?
4. People who think that a company should be able to warrant/guarantee an OS regardless of what you do to the machine it's running on?

Does /. have a polling mechanism? Can we actually vote on these?

        dave

p.s. my Mini, that runs continuously 24 hours/day including web server, iTunes broadcast, etc, had a kernel panic yesterday. First time, too! I think it was because I was in the middle of LDAP client configuration and left the machine in an inconsistent state, i.e. -operator error-. No, OS X isn't perfect, but it's a damn site better than -any other OS- I've used on personal hardware. The only things I've used in almost 30 years in the business that have been more reliable are VAX/VMS, Ultrix and SunOS 4.0.3...

Re:Which is sadder? (1)

dfghjk (711126) | more than 8 years ago | (#15935075)

how can a user error produce a kernel panic without there being a flaw?

I run all my machines 24/7, they share resources on networks, and my mini isn't any more robust than my XP systems. It locks up periodically just like everything else. What is interesting is how frequently it goes unresponsive for long periods of time. The color wheel is one of it's most familiar mouse pointers to me. Perhaps it's a dying harddrive, but, considering that it's on its second motherboard and second harddrive, I'd say my mini isn't a paragon of home computing virtue. Quite the opposite.

Re:Which is sadder? (1)

david.emery (127135) | more than 8 years ago | (#15935177)

I never said OS X was without flaws. The fact that I got a kernel panic is evidence of a significant bug somewhere. I just see them -much less often- on Mac OS X than on other PC based OSs I've worked with (since 1978, when I bought my TRS 80 Model 1).

Your experience with machines on your network is very different from mine. The token PC locks up much more frequently, and there's NOTHING running on it 99% of the time besides WinXT, antivirus, and Folding@Home.

My Macs, on the other hand, get lots and lots of work, and I tend to stretch them. Right now I'm moving individual per-machine accounts over to networked accounts with home directories hosted on an X Server machine. This has proven to be more difficult than I expected (by a long shot!). However, now that I have the X Server LDAP stuff working correctly, my problems are with applications, such as Mozilla, that don't work correctly when the user home directory is not a local file system.

          dave

Not exactly surprising (4, Insightful)

Durandal64 (658649) | more than 8 years ago | (#15934819)

These guys had a demonstrable bias against Apple's platform and users from the get-go. They specifically chose the MacBook because they didn't like Mac users' supposedly smug attitude about security, so they wanted to make a public example of a Mac getting 0wned. But oh wait, they used a third-party wireless device with a third-party driver, a setup that's about as common on Mac hardware as steaming shit in Antarctica. When asked why they chose this, they claimed that Apple had put pressure on them to not demonstrate the flaw with Apple hardware ... but to go ahead and tell everyone that the same flaw existed in Apple hardware anyway. Why Apple would ask them to do that is anyone's guess. This was a highly dubious claim at the least. It's not surprising at all that it turned out to be total bullshit.

With the statements from Apple, the questionable reasons given by the researchers and their ire about the Mac community in general, I think the most probable conclusion is that these guys are full of shit. What I can't understand is why they'd risk their reputations on something seemingly so petty.

Re:Not exactly surprising (1, Insightful)

dfghjk (711126) | more than 8 years ago | (#15935160)

"It's not surprising at all that it turned out to be total bullshit."

Apple made no statement denying the claims. All the said was that a 3rd party adapter was used and that no flaw in their product had been demonstrated to them. Both could be telling the truth and both could be lying. Nothing new here.

"in general, I think the most probable conclusion is that these guys are full of shit."

What stake do you, or anyone here, have in Apple being shown innocent here?

"...their ire about the Mac community in general..."

When did they display that?

You clearly have an axe to grind with anyone who dares threaten the reputation of Apple. Ire indeed.

Headline misleading (5, Insightful)

Microsift (223381) | more than 8 years ago | (#15934832)

The headline's construction is confusing (paraphrasing) Apple Denies, Researchers Confirm. Since deny and confirm are antonyms, the headline implies that the two parties, Apple and the researchers are in disagreement, which is not the case.

I have been wondering (4, Insightful)

cyfer2000 (548592) | more than 8 years ago | (#15934849)

I have been wondering from the beginning, if they could insert an third party wireless card into my computer, why don't they insert a OS X boot DVD and enable root on my computer? Or simply grab my computer, they can gain TOTAL control of my computer much faster.

Bad PR for SecureWorks (1)

Alexander (8916) | more than 8 years ago | (#15934893)

I guess that's not the publicity they were looking for....

To bad

Well, Duh (4, Funny)

MidKnight (19766) | more than 8 years ago | (#15934910)

Anyone who did some passing research into the original posting [slashdot.org] could've seen that. As I said originally, these guys just did their demonstration on a Mac in order to get a publicity storm started. They certainly accomplished that, and probably raised the visibility of their security company as a result. Good for them, I guess.

This is a very real exploit... just not one that the Mac is vulnerable to unless you're using 3rd party wireless hardware. And how many Mac users do you know that use 3rd party wireless hardware? Yeah, me either.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?