Re: AUGD: Hijacking a Macbook in 60 Seconds or Less
Re: AUGD: Hijacking a Macbook in 60 Seconds or Less
- Subject: Re: AUGD: Hijacking a Macbook in 60 Seconds or Less
- From: "Randy B. Singer" <email@hidden>
- Date: Fri, 4 Aug 2006 11:41:46 -0700
"Mr. David Stempnakowski" said:
>>So yes, he does use a 3rd party device but it would also work on the
>>device drivers for the built-in Airport Extreme. My mistake.
Todays (8/4/06) MacFixIt covers this entire episode well.
http://www.macfixit.com/
(The article may be gone by tomorrow.)
> David Maynor -- the in-video demonstrator -- claims that the victim
>system does not need to be associated with an access point in order for
>the exploit to occur, but then proceeds to connect the MacBook (with the
>third-party wireless card) to a software access point, which resides on
>the Dell. In other words, for the purposes of the exploit that was
>actually demonstrated, not only does the MacBook need to be using a
>third-party wireless card, but it needs to associate with a hostile access
>point.
>
>As such, the basic prophylactic for this "security hole" would be to never
>join untrusted wireless access points.
...
> Another point of consideration is the level of access afforded by this
>hack. In the video demonstration, the hostile Dell machine was able to
>access user-level functions only. There was no indication as to whether
>any admin or root-user level tasks could be accomplished.
>
>Regardless, this re-emphasizes the importance of operating in a standard
>user account rather than an administrator account for daily tasks, as
>described in our tutorial "10 simple steps for securing your Mac."
>http://www.macfixit.com/article.php?story=20060308081610672
I highly recommend the "10 simple steps for securing your Mac." article
referenced at the above link.
Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)
MACINTOSH OS X ROUTINE MAINTENANCE
http://www.macattorney.com/ts.html
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Augd mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden