more on Breaking into a laptop via Wi-Fi

[David Farber <dave () farber net>]

Begin forwarded message:

From: Roger Weeks <rjw () mcn org>
Date: August 4, 2006 3:32:35 PM EDT
To: dave () farber net
Subject: Re: [IP] more on Breaking into a laptop via Wi-Fi

It's my understanding that this demonstration was made using an  
Atheros wireless card, which is the same wireless chipset used in the  
MacBook.  It's also my understanding that the demonstration was made  
using the default wireless drivers in the MacBook that ship with Mac  
OS X 10.4.

Why they chose to use an external Atheros-based wireless card rather  
than the internal card is a mystery to me.

--
Roger J. Weeks
Systems & Network Administrator
Mendocino Community Network

On Aug 4, 2006, at 12:09 PM, David Farber wrote:

> Begin forwarded message:
>
> From: Glenn Tenney CISSM CISM <gt_IP060804 () think org>
> Date: August 4, 2006 2:45:18 PM EDT
> To: David Farber <dave () farber net>
> Subject: Re: [IP] Breaking into a laptop via Wi-Fi
>
> On Fri, Aug 04, 2006 at 02:13:11PM -0400, David Farber wrote:
> > Maynor, along with researcher Jon "Johnny Cache" Ellch, showed a
> > video of a successful attack on an Apple Computer MacBook. However,
> > the attack is possible also on other computers, both laptops and
> > desktops, and not just MacBooks, the researchers said.
>
> In some of the news I've seen on this the headlines make
> it seem that this is a MacBook vulnerability when instead,
> they chose to use a third-party WiFi card in a MacBook because,
> as they say in
> http://blog.washingtonpost.com/securityfix/2006/08/ 
> hijacking_a_macbook_in_60_seco_1.html
>
> "Maynor said the two have found at least two similar flaws in device
> drivers for wireless cards either designed for or embedded in machines
> running the Windows OS. Still, the presenters said they ultimately
> decided to run the demo against a Mac due to what Maynor called the
> "Mac user base aura of smugness on security." "
>
> and, in http://abcnews.go.com/Technology/wireStory?id=2266507
>
> "Maynor said the MacBook used in the demonstration was not using the
> wireless gear that shipped with the computer."
>
> In other words: They did this by plugging in a non-Apple WiFi card
> into a MacBook (that comes with Apple's WiFi card) and acknowledge
> that the problem exists on Windows machines too -- and chose to do it
> on the MacBook just to show that in a roundabout way they could attack
> a Mac... with non-Apple hardware.
>
> I think that, if true (and I don't have reason to doubt it), I'd be
> even more worried about plugging in a WiFi card to a Windows machine
> than I would for plugging in a WiFi card into a MacBook (I don't know
> anyone who does that).
>
> If they could have actually exploited this using a stock MacBook with
> stock Apple WiFi, why didn't they?
>
>
> --
> Glenn Tenney CISSP CISM
>
>
> -------------------------------------
> You are subscribed as rjw () mcn org
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/