- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Dude! You Say I Need an Application-Layer Firewall?!
Market Trends: Multienterprise/B2B Infrastructure Market | Worldwide | 2008
Web Security SaaS: The Next Generation of Web Security
Why Security SaaS Makes Sense Today
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Radicati Market Quadrant 2008 on Corporate Web Security
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
More than a year after claiming to have found a way to take over a Macintosh computer using a flaw in the system's wireless card, David Maynor has published details of his exploit.
The details were included in a paper published in the September issue of Uninformed.org, an online hacking magazine. The lengthy paper describes how to run unauthorized software on a Macintosh by taking advantage of a flaw in Apple's AirPort wireless drivers.
Apple patched the bug in September 21 without crediting Maynor for discovering the problem. Instead, Apple's engineers found the bug during an internal audit, the company said.
Maynor and researcher Jon Ellch first described this type of problem during an August 2006 presentation at the Black Hat security conference in Las Vegas. He was widely criticized by the Apple community for failing to back up his claims with technical details, and for presenting a video demonstration that used a third-party wireless card instead of the one that ships with the Mac.
On Tuesday, Maynor said that at the time of the Black Hat demonstration, he had found similar wireless bugs in a number of wireless cards, including Apple's AirPort and that he had been told to use the third-party card in the video because it was deemed "the least offensive to people."
So why publish the Mac hack now?
Maynor said that he had been under a nondisclosure agreement, which had previously prevented him from publishing details of the hack. The security researcher wouldn't say who his NDA was with, but that agreement is no longer in force, allowing him to talk about the exploit. "I published it now because I can publish it now," he said.
By going public with the information, Maynor hopes to help other Apple researchers with new documentation on things like Wi-Fi debugging and the Mac OS X kernel core dumping facility. "There's a lot of interesting information in the paper that, if you're doing vulnerability research on Apple, you'd find useful."
Maynor will soon publish a second paper on Uniformed.org explaining how to write software that will run on a compromised system, he said.
As for his detractors, who will say that this disclosure comes too late, Maynor says he just doesn't care what they think. "Let them tear me apart all they want but at the end of the day the technical merit of the paper will stand on its own."
Computerworld Member Login
IT Security as a business enabler?
Download CA's white paper
Link IT services with business goals.
Download CA's white paper
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 2008-08-29 12:31:00+10
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 2008-08-29 12:00:00+10
Nortel and LG Electronics are First in World to Demonstrate Mobile LTE Handover 2008-08-29 11:30:00+10
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 2008-08-29 09:59:00+10
Sybase and Logica Partner To Mobilise The Supply Chain 2008-08-29 09:47:00+10
SOA and Agility
Organizations need agility to maintain strategic advantages in businesses operating on faster and faster time-scales. The difference between gaining and losing market share may very well depend on the ability of organizations to deploy updated or new applications before their competitors. Read on to discover how SOA-based application development can meet the promise of reduced application development and maintenance costs through service reuse.
