[olug] wifi device driver exploits
Kent Tegels
ktegels at gmail.com
Thu Aug 24 17:02:09 UTC 2006
For consideration:
http://daringfireball.net/2006/08/curious_case
http://blogs.zdnet.com/Ou/?p=300
Thanks,
Kent
On 8/24/06, Rob Townley <rob.townley at gmail.com> wrote:
> Hijacking a MacBook in 60 Seconds or Less
> http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html
>
>
> In case you have not heard, there is very probably a probable
> (repetition intended) exploit of wifi devices no matter what operating
> system is used because it attacks device driver code based on FreeBSD
> that was used in Linux, Windows, and the Mac.
>
> Just like a Ford Mustang is almost completely made in Mexico of parts
> from who knows where. Device drivers are often not made in the houses
> of Apple and Microsoft and RedHat. Apple can say the Atheros driver
> was not Apple made, but it does come on the OS CD. When Netgear uses
> FreeBSD source from Atheros and pays Microsoft to sign the driver, who
> owns the driver. Because of this, they think they have deniability.
>
>
> Jon brought this up at a SecurityPosture/CompUSA meeting long before
> it came out at Blackhat, so i am particularly interested in what his
> position is on the issue. Yes, i used "position" because the proof
> is not supposed to be released until manufacturers have a fix. Based
> on prior experience, i am firmly in the camp that this is a real
> issue. The point is that not many seem to be talking about the real
> issue of a class of exploits of device drivers that run on modifiable
> firmware.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
--
Thank You,
Kent Tegels
Database Curriculum Lead
Blog: http://staff.develop.com/ktegels
DevelopMentor -- Advanced Training for Professional Software Developers
More information about the OLUG
mailing list