Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:Obligatory (Score 1) 111

Because this is a brand-new Class of malware.

What is, Thunderstrike 2 or what I was referring to, Flashback? Because Flashback looks like a trojan installed via a Java flaw.

Thunderstrike. I was apparently not reading closely.

However, Thunderstrike (and I believe Thunderstrike 2) has already been patched months ago by Apple, in their OS X 10.10.2 Update. Also, apparently Macs sold after mid-2014 are immune.

By the way, there is a far more sinister fact that is completely glossed over here on Slashdot: These same vulnerabilities were first found in the UEFI firmware on "Windows/Linux" PCs. The "researchers" just wanted some notoriety; so, when they found the same vulnerability in Macs, they decided to develop a proof-of-concept for that platform and crow about it to the world. And BTW, "Option ROMs" are certainly not unique to Apple-compatible peripherals. Far from it. So, even if you don't use OS X, this exploit, or one very similar to it, can be coming to a computer on your desktop.

Comment Re:Firmware (Score 1) 111

I remember the day when ROM actually meant Read Only Memory.......and why Thunderbolt devices need to be re-writeable "flash" firmware instead of ROM is a mystery to me. I'm not aware of Apple issuing any firmware upgrades to these devices since their inception.

1. The "Option ROM" is a 35-year-old concept that is certainly not unique to Apple, hence the fact that these Vulnerabilities also pertain to Windows/Linux PCs (like the one you are probably using right now). Here is a quick explanation of the original intent behind the "Option ROM".

2. OS X 10.10.2, released in January, 2015, Fixed this vulnerability; so keep your systems Up-To-Date!!!

3. Because of the way that Apple patched this vulnerability, I would expect that Thunderstrike 2 will not infect Macs running OS X 10.10.2 or above. 4. If you're already infected, you are probably hosed.

What I would like to see is some way to detect whether a particular computer (of any type) is infected with Thunderstrike.

Comment Re:So, the actual attack surface is vanishingly sm (Score 1) 111

All current MacBook Pros (for the past few years actually) do not have built-in ethernet but would require either a Thunderbolt or USB adapter.

Also, what about Thunderbolt displays, especially in an office "hotel" situation where one shows up and grabs an empty spot to plug in? This is pretty common enough behavior.

NO Hotel is going to have a Thunderbolt Display. Not even one next door to Moscone Center.

So, no. Not gonna happen.

And besides, it is only certain TB devices (those with an "Option ROM") that are affected; in fact, the only two mentioned in TFA were the TB-Ethernet adaptor and certain External TB SSDs (which are REALLY rare, and wouldn't likely be passed-around anyway).

Comment Re:In other words... (Score 1) 111

So basically the target audience for said products?

If anything, people always say their products are for people who don't know what they're doing with tech.

People may say that; but do you really think that the average Windows user is more tech-savvy than the average Mac user?

I work in the Windows-world every day, and have for decades. I can say with authority that there is absolutely no difference between the average Windows user and the average Mac user. Some are very savvy; some are decidedly not. Platform choice simply does not enter into that demographic in any definable manner, period.

And if it ever actually became "The Year of the Linux Desktop", the same would be true of the average Linux user, too.

Comment Re:In other words... (Score 1) 111

Are you being serious right now? I guarantee that I can craft a spoofed e-mail to fool a good 60+% of office workers without trying. And That is being pessimistic on numbers. And, since it only takes one, your entire argument is invalid.

Users are in aggregate stupid. Using keywords and events around them to make a passable phishing is child's play for experienced hackers.

My question is: Since OS X and Safari (and likely Chrome and FireFox) are Sandboxed, how is this thing getting out to the TB device's Option ROM in the first place?

Seems like a simple OS update will plug this vulnerability.

Comment Re:Obligatory (Score 1) 111

Moreover, don't you think it's a fairly serious flaw if Macs cannot detect a trojan being installed? Why exactly are Macs incapable of detecting when Flashback gets installed?

Because this is a brand-new Class of malware.

And if you read TFA, you would know that pretty-much all "x86-based" (although that term doesn't mean what it used-to) computers (IOW, pretty much anything that doesn't use ARM) could be attacked in this manner, and in fact, IIRC, the researchers actually demonstrated the same vulnerabilities in those systems as well.

So, just because they decided to declare bragging-rights by targeting Macs first; don't think that this isn't just as dangerous for many other "PCs", too, regardless of OS Platform.

Comment Re:Obligatory (Score 1) 111

AV exists for mac becuz windows switchers are stuck on this idea of "needing antivirus" and so shysters have stepped in to provide the product. not to mention all macs come with antivirus supplied by apple.

This; and also because some Mac users that exist in primarily-Windows environments are nice enough to not want to pass-along Windows Viruses to their friends and colleagues.

Comment Re:So, the actual attack surface is vanishingly sm (Score 1) 111

And do you really want to see the list of Macs still being sold and/or still in common use that do have a Terrestrial Ethernet port? I assure you, it is a LOT more models than your measly little list.


Around 2/3 of all Macs sold are the laptops listed above.

Otherwise known as, "the majority of Macs sold."

Nice job of ignoring the part of the sentence that doesn't support your argument.

Note that I said "...and/or still in common use". So, in about 5 years or so, a good majority of Macs "still in common use" will not have Terrestrial Ethernet built-in; but for now, that still isn't the case. So, I stand by my original statement. And as I said, I would probably be safe in saying that the majority of Macs without built-in Terrestrial Ethernet are using WiFi instead; which isn't affected by this exploit.

And "now" is what matters to this vulnerability; because Apple will be sure to update their products to plug this vulnerability. In fact, according to TFA, the hacker team supposedly uncovered five vulnerabilities, and Apple has already patched three of them.

Comment Re:So, the actual attack surface is vanishingly sm (Score 1) 111

Most Macs still have built-in Ethernet connectors...

  • MacBook - No Ethernet Port
  • 11" MacBook Air - No Ethernet Port
  • 13" MacBook Air - No Ethernet Port
  • 13" Retina MacBook Pro - No Ethernet Port
  • 15" Retina MacBook Pro - No Ethernet Port

Nice use of the "li" tag. I'll have to remember that.

But, without telling me which version of the Airs, I can't tell you whether they have TB ports. The first-generation Airs only had USB. And I don't know if the new "MacBook" (non-"Pro") qualifies as "vulnerable" either; since (I think) it actually does "TB-Over-USB-C".

And, as I said, MOST of time, Macs without intrinsic Terrestrial Ethernet ports simply use WiFi; and so most of those people don't even know that there is a TB-Ethernet adapter.

And do you really want to see the list of Macs still being sold and/or still in common use that do have a Terrestrial Ethernet port? I assure you, it is a LOT more models than your measly little list.

So, actually, you proved my point, not yours. Thanks!!!

Comment Re:So, the actual attack surface is vanishingly sm (Score 1) 111

2. Those who fall for some unknown social-engineering trap.

Well, that's every Mac user. You bought into the idea that you were buying a lifestyle, but actually you were just buying a PC made by slaves at Foxconn like every other PC.

Actually, I thought I was buying a PC. I don't know what your problem is.

Oh, and nice job of artificially-increasing the attack surface, by ignoring one of the criteria "Must have a TB Ethernet Adapter" (or at least a TB Device with an "Option ROM").

Typical Slashtard. Hate, hate, hate. It's all some people know how to do.

Comment Re:So, the actual attack surface is vanishingly sm (Score 1) 111

This should work on any thunderbolt device, not just ethernet adapters. DMA for external devices is stupid.


Actually, any TB device with an "Option ROM" . Is that all of them? Somehow, I think not, or the Article would have been even more breathless.

In fact, according to TFA, it specifically mentioned External TB SSDs and the TB Ethernet Adapter. Both would be pretty rare in the Mac installed base.

Comment So, the actual attack surface is vanishingly small (Score 1) 111

This is not like the recent StageFright exploit for Android, where virtually every-single-device on the Platform is vulnerable (what was it, like 990 million?); but rather, is confined to the UNION of the sets:

1. The Macs that use a TB Ethernet adapter. That, my fine readers, is a REALLY small group. Most Macs still have built-in Ethernet connectors, and those that don't are usually connected through WiFi instead of a TB adapter.

2. Those who fall for some unknown social-engineering trap.

That's one small-ass percentage of the overall Mac-using population.

IOW, nasty as this could be, there really is nothing to see here.

Comment Re: Piss off systemd (Score 1) 391

systemd is somewhat like the Windows registry. Monoliths fuck your shit up for no good reason.

Not to defend systemd; but...

isn't the script run by initd a form of "monolithic" construction? If the script is broken, system doesn't boot, right?

If something happens with cron, some processes don't get launched. Etc.

Comment Re:MenuChoice and HAM (1992) (Score 1) 270

Except Apple never paid Xerox a dime.

You're right. It was an all-stock deal.

Here is the most complete telling of the story, in the words of those who were actually there, that I have ever seen. If you're really interested in the facts.

So, my counter-question to those who still insist that Apple somehow ripped-off Xerox PARC, is: "If Apple ripped off Xerox, did Xerox rip off SRI and Doug Englebert?"

Like punning, programming is a play on words.