Author Topic: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack  (Read 5045 times)

worker201

  • Global Moderator
  • Member
  • ***
  • Posts: 2,810
  • Kudos: 703
    • http://www.triple-bypass.net
The article speculates that Apple may have threatened the guys, but the author doesn't really know anything.  David Maynor was contacted by Apple, and the author assumes they threatened him, which prompted him to remind viewers that OSX was not responsible, and use a 3rd party wireless card.  But only David knows for sure.  I still suspect that he's probably a pussy.

_kill__bill

  • VIP
  • Member
  • ***
  • Posts: 224
  • Kudos: 355
Yeah.

$10 it doesn't affect FLOSS drivers. I don't use wireless, too slow, but it concerns me that drivers are so flawed.
Long Live the Revolution!

hm_murdock

  • VIP
  • Member
  • ***
  • Posts: 2,629
  • Kudos: 378
  • The Lord of Thyme
Here's the thing. The new Intel MacBooks and MB Pros no longer use Apple AirPort Extreme circuitry for wireless, and instead use Intel's circuitry designed for the Centrino. This means that the software is written by Intel. That would mean that by the strictest definition, the in-built WiFi is "third party".

There's a stupid semantic gotcha.

But in all seriousness, it's an issue. Whether or not Apple wrote the drivers is immaterial. They're very obviously part of the system, and if the OS' own drivers are flawed, then there we have a problem.

However, looking at the evidence: Identical vulnerability in Mac OS X, Windows, and Linux when using "third party" and in-built Centrino WiFi hardware and drivers; Lack of this vulnerability on PPC Macs running AirPort hardware and drivers (Made by Lucent); Poor writing on behalf of the original "journalist", I think it's safe to say that this is an issue with hardware and software made by a single source. Whoever supplies Intel with their WiFi circuits, whoever writes the drivers, or whatever.

Since the problems exist in Linux as well, which has drivers made by regular people who don't get to see the source code for the corporate drivers, maybe it's the hardware that's the problem.
Go the fuck ~

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #18 on: 22 September 2006, 10:52 »
Found some information that might interest you.
Quote
Presumably the same attack works on the iMac and mini as well, since they both use the same Atheros part, and the same driver.

More likely: it doesn't. In the presentation, Maynor uses a "third-party wireless card". It looks like a ExpressCard/34 802.11 card, but the non-'Pro' Macbook doesn't have Express Card slots, and the card they hold is too big to be a USB device, yet the Macbook they use is definitely black.  

Something is already smells like day-old fish.
Read it here.
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #20 on: 3 October 2006, 07:27 »
So lets,recap...
  • Johnny Cache of Secureworks demos an epxloit of a third party wireless card on a Macbook at Blackhat
  • In interviews Johnny hints that there are flaws in Apples hardware too, but doesn't say it outright
  • Apple denies that Secureworks ever told them of any problem with their wireless drivers
  • Apple comes out with a patch to their wireless drivers (what a coincedence!)
  • Johnny says he will give a presentation about the Apple wireless exploit at Toorcon
  • The day before Toorcon, Johnny's company Secureworks tells him, he can't give the presentation.
Johnny's "Presentation" ---> http://blogs.zdnet.com/Ou/?p=335

Gee, I wonder what happened?


It amazes me how gullible Apple fans have been througuout this whole situation. They honestly think Securworks and Johnny Cache have made this whole thing up and Apple never did anything dishonest in the process.

Apple == Cisco, only with a massive fanboy following
:)

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #21 on: 3 October 2006, 07:54 »
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #22 on: 3 October 2006, 08:44 »
Quote from: Dark_Me
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?

He never did demonstrate the vulnerability [at blackhat] with the Mac wireless card. Instead, he used a third party card, all the while hinting at the fact that there was "more to it" than that.
:)

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #23 on: 3 October 2006, 15:48 »
Quote from: toadlife
He never did demonstrate the vulnerability [at blackhat] with the Mac wireless card. Instead, he used a third party card, all the while hinting at the fact that there was "more to it" than that.
Your reading comprehension needs work.
     
Quote
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

toadlife

  • Member
  • **
  • Posts: 730
  • Kudos: 376
    • http://toadlife.net
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #24 on: 3 October 2006, 18:37 »
Quote from: Dark_Me
Your reading comprehension needs work.

??? Why.
:)

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #25 on: 3 October 2006, 19:12 »
Quote from: Dark_Me
If Apple "leaned on him" then why in the world would they still allow him to demonstrate the exploit at all?
I guess he out-smarted them and used a 3rd party card.
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Apple MacBooks, Wintel Notebooks Vulnerable To Wireless Attack
« Reply #26 on: 4 October 2006, 00:55 »
This is one time, I'd have to agree with toadlife.

It should've gone about differently. Both companies did the unethical. If they were ethical the problem would have been made public immediately and patch released ASAP. And they would not have restricted the rights of one poor guy that found the exploit to cover their asses.