Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: 'Universal' Wi-Fi Exploit Pure BS?

Roy Schestowitz wrote:
> MacBook Wi-Fi hack didn't use Apple drivers
>
> ,----[ Quote ]
> | In early August a senior researcher at SecureWorks said he had revealed
> | a vulnerability in Apple?s MacBook wireless software driver that would
> | allow him to take control of the machine.
> |
> | [...]

> http://www.macworld.com/news/2006/08/17/wirelesshack/index.php
>

> | The group, known as LSD, is now on Microsoft's payroll...
> `----
>
> http://www.eweek.com/article2/0,1759,2001963,00.asp?kc=EWRSS03119TX1K0000594

The joke is that it turned out that he had to directly access the
machine to be targeted, make substantial changes to permissions, and
make back-doors that every Unix administrator or even experienced Linux
users would tell you are absolute "no-no's".

There are a lot of "slight of hand" security hackers who claim to be
able to crack Linux or Mac, and even claim that they can crack WEP on
Linux hubs.  But most of these "cracks" involve getting root access to
the machine BEFORE actually "hacking" it, and setting up the
vulnerabilities.  In this case, I think they enabled login, set
hosts.allow to contain one line containing one *.  This is a well known
configuration which is used exclusively for configuring nodes within a
cluster which can only be accessed through a very restricted gateway
server node.

These days even most cluster nodes end up getting "locked down" because
it's easier to use message queues over a persistent encrypted
connection than to do (or not do) permission checking with thousands of
little connections (such as RPC or rsh commands).

Most *nix hacks depend heavily on social engineering rather than on
technical prowess.  If someone asks you for your root password, and you
don't pay attention to what he is doing, he can do all kinds of
interesting things that let him back in when you aren't looking.

This is opposed to Windows, where viruses such as NIMDA, Melissa,
ILOVEYOU, Sky, Bagel, and ... are able to slam into literally hundreds
of millions of machines, and get them to do lots of really nasty
administrator things, without your knowledge, even while you are
sitting on the machine, thinking you are the only one using it.


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index