MacBook hack video draws ire of Mac fans

MacBook hack video draws ire of Mac fans

Summary: This particular Wireless hack shouldn't be pinned on Apple's products or Apple's programming, but remember that just this week there were 26 flaws patched by Apple and many of the flaws were critical. In fact, there were months when Apple patched more than 30 vulnerabilities a month so it's clear that security vulnerabilities on the Mac are abundant.

SHARE:
TOPICS: Apple
65

Here at the Blackhat hacker convention, I had a chance to talk with David Maynor and Jon "Johnny Cache" Ellch who hacked the Apple MacBook to get behind the story.  The video that was posted here on CNET videos .  Our own blogger Jason O'Grady dismissed the claims that it was a MacBook hack.

The truth of the matter is that this was a hack on a MacBook but it pertains to third party hardware and third party drivers.  While this isn't a flaw on the part of Apple [UPDATE: The same flaw also seems to affect Apple's drivers], it is an attack on a MacBook and it shouldn't be entirely dismissed either by the Mac community.  This particular Wireless hack shouldn't be pinned on Apple's products or Apple's programming, but remember that just this week there were 26 flaws patched by Apple and many of the flaws were critical.  In fact, there were months when Apple patched more than 30 vulnerabilities a month so it's clear that security vulnerabilities on the Mac are abundant.  David Maynor stated that he loves his Mac but it is a fact that the Mac has many security flaws.  The point is that no one should not be dismissing security issues on Mac and claiming that they are invincible.

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

65 comments
Log in or register to join the discussion
  • This should only be dismissed by...

    ...people who aren't using a 3rd party WiFi card on a Mac. Since most new Macs come with a card from Apple, that means 99% of us can ignore it.

    And, as I'm sure Harry Bardal will be along soon enough to point out, yes vulnerabilities exist and one should be aware of them, but in practical real world experience, so what? Another year goes by trouble free for Mac owners. Once again, their investment pays off in improved productivity and time usage.
    tic swayback
    • Both you and George are wrong on this one!

      http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html

      It seems the flaw exists in the Apple driver after all!
      ShadeTree
      • Perhaps

        The takehome message (assuming one can trust the hackers at their word) is that this is not a Mac problem, it's a problem with all computers.

        Wanna make a bet about which OS sees a real world exploit for this first?
        tic swayback
        • Here's my bet

          The one that the vast majority of people use.

          But because this appears to be a flaw that is just as exploitable on any platform, the Mac security in this instance seems to merely be a case of security by obscurity - nothing really to be proud of.

          I am not saying that Macs are not more secure than Windows systems, just that they have security issues of their own, and the lack of (known) exploits does not mean their users should just assume they are safe, now or especially if their market share continues to grow.
          brble
          • Incorrect definition

            ---The one that the vast majority of people use---

            Yep, and it's a great argument for buying a Mac. Why use the computer everyone is targeting? Why not instead use the computer everyone ignores so you don't have any problems?

            ---the Mac security in this instance seems to merely be a case of security by obscurity---

            I don't think this is the correct definition of "security by obscurity". That refers to trying to make a product more secure by keeping aspects secret:
            http://en.wikipedia.org/wiki/Security_through_obscurity

            It's usually the argument used against open source--if people can see the source code, they can exploit it, whereas non-open source software, the code is hidden, hence obscured, and supposedly more secure via this obscurity.
            tic swayback
          • I stand corrected

            Sorry - I had heard it used to represent the idea of being secure by being a minority, so that's the way I applied it. My mistake.

            Your arguement for buying a Mac is self-defeating, though. If everyone did that, it would no longer be the minority, and therefore be targeted. If that happened, exploits like this would threaten Mac users just as much as anyone else.

            And believe it or not, there are reasons for people to not buy Macs. Having one source for all hardware and OS needs produces a single point of failure, and (as has happened to people I know with Macs), you can get left behind if that one source decides to shift gears and abandon you.

            Not to mention software availablity, hardware expandability, and widespread support availability...
            brble
          • But everyone won't

            ---If everyone did that, it would no longer be the minority, and therefore be targeted---

            But everyone won't and even if they did, it would take years if not decades for Apple to reach the same level of ubiquity as Windows machines. So buying a Mac now makes sense. By the time the landscape changes enough to matter, the machine will be obsolete anyway.

            ---Having one source for all hardware and OS needs produces a single point of failure---

            Again an argument for the Mac. It can run OSX, Windows and Linux (not to mention BSD and other offshoots). No other hardware manufacturer gives you as much choice.

            ---Not to mention software availablity, hardware expandability, and widespread support availability...---

            I've never had an issue with any of these. Software--so the Mac has 5 variations of a program instead of 20, no big deal. Hardware--pretty much standard these days, all Mac internal parts other than the motherboard are the same ones everyone else uses, external devices work just fine (at least all the ones I've tried). Support--online support is great, most cities have an Apple store, and if your machine breaks, Apple will send you a box to send it in with. Problem solved.
            tic swayback
          • Different Experiences

            You say you've never had a problem with the things I've listed, but I have, so I guess that accounts for our different perspectives. Remember, just because something works for you doesn't mean it will work for everyone.

            I can't get some of the software and hardware I want to run for a Mac, whether it's native for OSX or even with sufficient performance running XP on an Apple box.

            For support, I would venture a guess that there is even more online support and more stores in any given city that support Windows, so you have more options. Plus, I know a lot more people who run Windows than Macs, so there is more support that way, too.

            For hardware, I've had friends with Macs where we couldn't find the hardware and/or software they needed, while it was available for my older PC, just because Apple decided to drop support for their iMac.
            brble
          • It's a new world

            Given that new Macs run OSX, Windows and Linux, you have more software available than on any other hardware out there.
            tic swayback
          • Your response...

            ...pretty much ignored most of the points of my post (i.e., [i]sufficient[/i] performance running XP, single-source issues, expanded support options, etc.).

            [i]Given that new Macs run OSX, Windows and Linux, you have more software available than on any other hardware out there.[/i]

            In a purely theoretical sense, this may possibly be the case in that you can just stack OSX on top of whatever any other x86 architecture may run, but that doesn't necessarily address what can realistically be run.

            Apple uses some propriatary chips that are not supported by everyone, nor does Apple publish all the info needed to make it run, so your options may not be as varied as it sounds (I don't think OpenSolaris runs on an Intel Mac, for example).

            Not to mention the fact that history does play a part in decision-making.

            I doubt you'd buy Vista, even if it was shown to be more secure than OSX for a few years after its release, if for no other reason than the way you've felt about Microsoft for years.

            I feel that way about Apple (I used to sell Apples, so it's not like I have never dealt with them before).

            Apple's policies and choices caused problems for me - recently, even - so I don't know that I buy the statement that "it's a new world." It's still Apple.

            You like Apple, and that's great, and I'm glad you have that option. Apple works well for many things and many people, but why is it so hard for you to accept that it won't work for everyone, or that there are better (yes, I said better) choices for other people?

            Trying to have a meaningful discussion when you choose to ignore the issues brought up is impossible, so I think I'll just stop trying.
            brble
          • The old tired line "Nobody gives you such choice" ...

            ... couldn't be more wrong. The fact you can run OSX on the Mac and not other platforms is about Apple taking away a choice. It is Apple that prevents people from OSX on the PC and not the other way arround. Apple has never been about giving you choices. Apple has been picking your hardware for you for so long you have come to believe that it is good for you and not just vendor lock-in. The spin is strong with the Cult of the Mac.
            ShadeTree
          • brble--

            ---...pretty much ignored most of the points of my post (i.e., sufficient performance running XP, single-source issues, expanded support options, etc.).---

            Let's address them then:

            Sufficient performance--every review I've seen shows the new Macs running Windows as fast, if not faster than the equivalent PC's from other OEMs. Not an issue.

            Single-source issues--in terms of software, what's the difference between tying yourself to Windows and tying yourself to OSX? In terms of hardware, as I pointed out, Apple uses the exact same pieces of hardware as any other OEM (other than the motherboard, and how often does one replace that). Again, no issue.

            Expanded support options--sure, there are probably more people around who can help you reinstall Windows. The question has to be--how much support is enough? In my experience, the Apple needs less support, and what is available is sufficient. Given that I've always worked in a major city and in a scientific setting, my views may be biased.

            ---In a purely theoretical sense, this may possibly be the case in that you can just stack OSX on top of whatever any other x86 architecture may run, but that doesn't necessarily address what can realistically be run. ---

            Are you claiming you can't run Windows and Windows compatible software on an x86 Mac? I've yet to see any claims about software not working. Please share them if you have them.

            ---I doubt you'd buy Vista, even if it was shown to be more secure than OSX for a few years after its release, if for no other reason than the way you've felt about Microsoft for years.---

            I don't really feel that much about Microsoft. I have a close friend who works for them. I chose Apple a long time ago because I felt then (and still feel now) that it is a superior design. If MS comes out with something that is massively better than OSX, I'll certainly give it a look. So far, what I've seen of Vista, it is not at that level.

            ---Apple works well for many things and many people, but why is it so hard for you to accept that it won't work for everyone, or that there are better (yes, I said better) choices for other people?---

            I don't have a problem accepting it. Good for you. The interesting thing is that this just strengthens my earlier point--because there are people like you, who will continue to buy Windows (for whatever reason), Apple's marketshare will remain low, and it will remain safer to use as it will be targeted less.

            ---Trying to have a meaningful discussion when you choose to ignore the issues brought up is impossible, so I think I'll just stop trying.---

            Sorry if I upset you. I tend to only comment when I have something to say.
            tic swayback
          • Shade--

            Sorry, I'm all about the real world. Show me any other hardware that's as versatile. Whine all you want about Apple's business practices, they've proven successful for a very long time. You sound like the typical ABM person, just pointing the same tired whining in a different direction.
            tic swayback
          • Tic, you didn't upset me

            I'm just tired of beating my head against a wall of clouded fanboy logic.

            Again, I'm not going to keep trying to discuss this rationally with you, because it is clearly pointless, but I will point out one item in hopes it makes clear why I'm giving up.

            You listed several OS's in trying to prove that Macs let you run more software than any other platform, (remember this line?: "[i] It can run OSX, Windows and Linux (not to mention BSD and other offshoots). No other hardware manufacturer gives you as much choice[/i]) but then edited my reply for your post to leave out the specific issues and example that I included, and instead focused only on Windows apps, which didn't appear to be the point you were trying to make to begin with (but I did find some Windows apps, like SolidWorks if I remember right, that had problems due to copy protection issues and the different motherboard chips while I was poking around).

            Plus, as has been pointed out elsewhere, the only reason you can't run OSX on another x86 platform is because Apple prevents it, not some technical problem. It's Apple doing the limiting here, not the other platforms.

            I could go on and provide examples about the performance issues, the real problems of a single-source hardware vendor, etc., but again, I doubt it would really be listened to objectively, so why bother?

            I'm not tic'd off (get it?), just tired of wasting time. :)
            brble
          • It's a balance, isn't it?

            ---I'm just tired of beating my head against a wall of clouded fanboy logic---

            Fine, but you seem to have a lot of anger at Apple, your own biases which you should realize make arguing against you much the same.

            ---You listed several OS's in trying to prove that Macs let you run more software than any other platform, (remember this line?: " It can run OSX, Windows and Linux (not to mention BSD and other offshoots). No other hardware manufacturer gives you as much choice) but then edited my reply for your post to leave out the specific issues and example that I included, and instead focused only on Windows apps, which didn't appear to be the point you were trying to make to begin with (but I did find some Windows apps, like SolidWorks if I remember right, that had problems due to copy protection issues and the different motherboard chips while I was poking around). ---

            Again, if you can show me a hardware platform that offers a wider array of software choices, I'm all ears. What specific example are you referring to, OpenSolaris? Okay, fine. That and SolidWorks, the other example you give here. Neither of those are things I use, so for me (and the vast majority of computer owners) they're irrelevant. Neither invalidates my point. More software is available to run on current Macs than any other hardware out there.

            ---Plus, as has been pointed out elsewhere, the only reason you can't run OSX on another x86 platform is because Apple prevents it, not some technical problem. It's Apple doing the limiting here, not the other platforms.---

            Very true, but also irrelevant. Again, you (and Shade) keep arguing about the reasoning behind things. I don't care about the background reasons, all I care about is the real world. Apple may have no exploits because it has small marketshare. So what. That means Apple has no exploits. End of story. Apple has the only computer that can run Linux, OSX and Windows, and maybe it's because Apple won't let anyone else run OSX. So what. That means Apple has the most diverse hardware platform out there. End of story.

            ---I could go on and provide examples about the performance issues, the real problems of a single-source hardware vendor, etc., but again, I doubt it would really be listened to objectively, so why bother?---

            And yet you ignore the points I've made regarding this (single-source vendor using the same parts as everyone else is not a big worry for me). Pot, kettle, black.
            tic swayback
          • Off balance....

            First, I don't anger with Apple, just real-world experiences that convince me that they have some issues that concern me as a consumer.

            As to the pot-kettle-black thing, the reason why I never responded to your single-source comment is because it completely ignored the original point I made, and other comments you made actually reinforced my comment.

            The original point I made was not issues at the component level, but overall system availability due to possible production issues (OSX won't run on anything but an Apple-made system, even if uses many of the parts in other types of PCs), and what happens when the one company making your systems decides to do things differently and abandon your existing architecture (as Apple has done on more than one occasion).

            If Dell, HP, etc., have production issues, or just change their pricing or policies, you can just go to someone else, or build it yourself in a pinch. If Apple changes something or has problems, you're stuck.

            You only said that they use the same parts as other systems [i]except the motherboard[/i], but the motherboard chipsets can have a lot to do with OS compatibility, so that item alone makes it questionable as to what might run, or be allowed to run, now or in the future.
            brble
          • Balancing single source

            Single source does indeed have its downside, and it's up to the individual to decide if the upside balances that out. For me, it does. Having one manufacturer of both the hardware and the OS makes things work better. The OS doesn't have to account for an infinite number of possible hardware combinations, which makes life simpler and makes things cleaner.

            Clearly you don't think this balances the other issues you mention, so be it, your choice is your choice.

            ---The original point I made was not issues at the component level, but overall system availability due to possible production issues (OSX won't run on anything but an Apple-made system, even if uses many of the parts in other types of PCs), and what happens when the one company making your systems decides to do things differently and abandon your existing architecture (as Apple has done on more than one occasion).---

            I guess it's a question of what you expect from your computer, and what you expect to be able to do with it (and for how long). I have owned a pre-PPC Mac when the switch went on there, and now own a G4 and a G5. Apple has switched to the x86 chips now, but that hasn't affected my use of the PPC machines at all. They both work just as well as they always did. I'm not really sure what the negative is that you're pointing out here. With any computer, at some point, you're going to find new software that's incompatible with older machines.

            ---You only said that they use the same parts as other systems except the motherboard, but the motherboard chipsets can have a lot to do with OS compatibility, so that item alone makes it questionable as to what might run, or be allowed to run, now or in the future.---

            Just as a note, I upgraded a G3 to a G4 with a 3rd party motherboard, so it is possible to get around this restriction.
            tic swayback
          • You're right, it's largely personal preference

            ...on which approach is most important to you, and I'm sure that's largely dependent on personal experience.

            In my opinion your comments again selectively address some things I said and not others that I think most consider at least as important, and I think we're just going in circles here because our experiences are more convincing to us than this discussion.

            We have different opinions and viewpoints, and that's what makes the world interesting.
            brble
          • Fair enough

            And I hope it's clear that there were no deliberate slights given to any of your arguments, I just applied my view to them, what I think is more or less important.

            And by all means keep buying Windows. As I've said, it's to my benefit that Apple stays in a fairly small minority.
            tic swayback
          • don't cave so easily, brble

            brble's use of "security by obscurity" is appropriate when applied not to Apple's security efforts, but to those (Tic Swayback) who claim that Macs are safer because there are less of them.
            JetJaguar