[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] Apple keyboard firmware hack demonstrated [RISKS] Risks
Begin forwarded message: From: "David Lesher" <wb8foz@panix.com> Date: August 17, 2009 3:20:17 PM EDT To: dave@farber.net (David Farber) Subject: Apple keyboard firmware hack demonstrated [RISKS] Risks There's an obvious prophylactic, but one too late for Apple to retrofit now. Just require hardware intervention to allow writing to the flash. I know some Sun servers had this, because a friend was called in when a big outfit's web page was had, with much public embarrassment. He wasupset to find [midst many issues...] the internal write-enable jumper had
been left in place; he replaced the server hardware rather than risk a 2nd compromise. Apple previously required a button push to upgrade their firmware [The G4 towers, and iMac's had such.] but seems to have abandoned such to save money/space/etc. And it's not clear if that protected against this attack. Of course, even this is of little use if the perpetrator had private physical access and control of the box. -------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC