Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Apple Denies Wi-Fi Flaw, Researchers Confirm 267

Posted by Zonk from the not-as-bad-as-it-seemed dept.
Glenn Fleishman writes "Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."
This discussion has been archived. No new comments can be posted.

Apple Denies Wi-Fi Flaw, Researchers Confirm More

Apple Denies Wi-Fi Flaw, Researchers Confirm

Comments Filter:

  • When in need of security commentary (Score:1, Funny)

    by Anonymous Coward on Friday August 18, 2006 @10:29AM (#15934451)
    Ask Bruce Schneier [geekz.co.uk].

  • What a relief. (Score:5, Funny)

    by A. Bosch ( 858654 ) <anonymous.bosch@ g m a il.com> on Friday August 18, 2006 @10:31AM (#15934471) Homepage
    So I can go back to being "smug" now about security on my mac?

  • Big surprise. (Score:5, Funny)

    by supabeast! ( 84658 ) on Friday August 18, 2006 @10:44AM (#15934569)
    So if this report is true it means that computer security professionals are grandstanding and misstating the facts to get attention and advance their own personal agendas. I am shocked that such a thing could happen! If we can't trust computer security nerds when they present at Black Hat, how can we trust them when they release proof-of-concept code, call it virus in the wild, and then try to sell us antivirus tools to remove it? How can we trust their products for *nix operating systems?

    My God - what if the computer security folks are often just full of shit?

  • Confusing Headline (Score:2, Funny)

    by Anonymous Coward on Friday August 18, 2006 @10:45AM (#15934576)
    Researchers "confirm" the denial or "confirm" the flaw?

    ahhhh, not so confusing....the headline drew me in to read it for clarification...verrrry clever.

  • Special spl0itz! (Score:5, Funny)

    by Nijika ( 525558 ) on Friday August 18, 2006 @10:51AM (#15934621) Homepage Journal
    I have found this amazing security flaw in OSX. If you take a specially crafted driver, and you use a specially crafted peice of hardware and insert it into the system you want to compramise, you can then compramise it remotely!

    Gad Zukes!

    This is almost as good as the Debian exploit I found last year. I found that if you built a specially crafted PC, and then installed a specially crafted version of Debian, it would prompt you to set the root password during the install, leaving the system open to compramise by the person installing the OS.

    Next year's Black Hat conference, here I come!

  • In other news... (Score:5, Funny)

    by Logger ( 9214 ) on Friday August 18, 2006 @10:52AM (#15934630) Homepage
    In other news today, a faulty air bag was blamed for the death of a driver in a recent accident. The auto manufacturer's safety claims for the car were obviously overblown, and their smugness is now revealed.

    Update later that day: As a side note to this story, the owner of the vehicle replaced the OEM airbag with one from Orval Reddenbacker, so she could eat popcorn in case she was in an accident. We originally decided we would overlook this aspect, because we have an axe to grind with this manufacturer and to create buzz generating free advertising for our company.

  • Re:What a relief. (Score:1, Funny)

    by Anonymous Coward on Friday August 18, 2006 @10:56AM (#15934659)
    Only VM/370 (VM/CMS) and Multics users can be smug about security. Everyone else... watch out.

  • Here are the unpublished details on this hack (Score:5, Funny)

    by sjonke ( 457707 ) on Friday August 18, 2006 @11:03AM (#15934714) Journal
    1. Take your MacBook and sit it on table
          2. Log in to the MacBook with your username and password
          3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
          4. Select your wireless network from the menu in the menubar and enter the password
          5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
          6. Take a different computer of yours and connect to the same wireless network and enter the password
          7. Bring up a terminal and type in ssh://
          8. At the login prompt enter your username and password
          9. You're in baby, have a fuckin' field day!!!

  • Well, Duh (Score:5, Funny)

    by MidKnight ( 19766 ) on Friday August 18, 2006 @11:27AM (#15934910)
    Anyone who did some passing research into the original posting [slashdot.org] could've seen that. As I said originally, these guys just did their demonstration on a Mac in order to get a publicity storm started. They certainly accomplished that, and probably raised the visibility of their security company as a result. Good for them, I guess.

    This is a very real exploit... just not one that the Mac is vulnerable to unless you're using 3rd party wireless hardware. And how many Mac users do you know that use 3rd party wireless hardware? Yeah, me either.

  • Re:Here are the unpublished details on this hack (Score:2, Funny)

    by Tarmas ( 954439 ) on Friday August 18, 2006 @11:56AM (#15935205) Homepage
    1. Take your MacBook and sit it on table
    2. Log in to the MacBook with your username and password
    3. Turn on "Remote Login" in the "Sharing" system preferences pane if it isn't already on
    4. Select your wireless network from the menu in the menubar and enter the password
    5. Write down the IP address that you see in the TCP/IP tab of the airport settings on the MacBook. You'll need it later.
    6. Take a different computer of yours and connect to the same wireless network and enter the password
    7. Bring up a terminal and type in ssh://
    8. At the login prompt enter your username and password
    9. You're in baby, have a fuckin' field day!!!

    10. ???
    11. Profit!

  • Re:So some "facts" were just made up... (Score:3, Funny)

    by podperson ( 592944 ) on Friday August 18, 2006 @12:50PM (#15935615) Homepage
    Shame on everyone who reported it without checking the facts.

    Nah, they're just on to the next unchecked story. This is old "news" ... why beat a dead horse ... er ... try to unring a bell? We all know that the Macbook was hacked remotely, we found WMDs in Iraq, Saddam Hussein was directly involved in 9/11, and John Kerry inflicted wounds on himself to get a Purple Heart.

    Pretty much the only story that's ever been "corrected" successfully was George W. Bush's being AWOL from the National Guard. He was AWOL, but because *some* of the evidence turned out to be bogus, this was somehow construed as meaning he wasn't AWOL. The glove didn't fit, so we must acquit

  • Re:Not exactly surprising (Score:2, Funny)

    by atrocious cowpat ( 850512 ) on Friday August 18, 2006 @01:10PM (#15935773)
    Er... while I basically agree with what you wrote I'd like to note that if you want to be 100% sure that your shit will steam, antarctica probably is the place to go on this planet.

    ;)

  • Re:What a relief. (Score:2, Funny)

    by CaptDeuce ( 84529 ) on Friday August 18, 2006 @01:13PM (#15935791) Journal
    So I can go back to being "smug" now about security on my mac?

    Only if you continue to smell your own farts [wikipedia.org].

  • Re:Heres how you get an exploit developped for Mac (Score:3, Funny)

    by skingers6894 ( 816110 ) on Friday August 18, 2006 @01:18PM (#15935825)
    "Let's see what happens to "security" if the market share ever heads north of the 80% mark."

    Now THERE'S a security problem Apple would like to have...

Slashdot Top Deals

I've noticed several design suggestions in your code.

Close