G+_Eddie Foy Posted August 4, 2015 Share Posted August 4, 2015 http://tinyurl.com/p9o8m54 Link to comment Share on other sites More sharing options...
G+_Eddie Foy Posted August 4, 2015 Author Share Posted August 4, 2015 Just that Macs are no more secure then Windows Yup. Clicking on crap is basically the only vectors these days into OS's. RCE's without user 'help' are rare on all OS's Link to comment Share on other sites More sharing options...
G+_Bernard Bout Posted August 4, 2015 Share Posted August 4, 2015 Agree Eddie. Its just that there are millions more Windows PC's than there are Macs that "bad guys" did not even bother. Same with Linux. Given that there are over 2 Billion windows PC's and just a few million Macs, who'd bother. Link to comment Share on other sites More sharing options...
G+_Eddie Foy Posted August 4, 2015 Author Share Posted August 4, 2015 The one and only virus/malware I have ever gotten (that I know of) was on Linux. Mac vulns/malware are growing quickly. OSX is far from secure, and Apple is lazy at patching. Link to comment Share on other sites More sharing options...
G+_Michael Heinz Posted August 4, 2015 Share Posted August 4, 2015 Eddy, while I'm sure you're enjoying your schadenfreude, as far as I can tell this is still very proof-of-concept. If nothing else, it depends on the victim having a thunderbolt device plugged in that the attacker already knows how to compromise and that has a re-writeable boot rom. Link to comment Share on other sites More sharing options...
G+_Michael Heinz Posted August 4, 2015 Share Posted August 4, 2015 Wayne Hobbins In this case, it's not Intel's or Microsoft's fault - it's the fault of the original Firewire standard and now the Thunderbolt standard - both allow peripherals RDMA access to system memory /and/ allow peripherals to alter the boot process. This means a malicious device, such as an infected docking station or external HD, could rewrite the OS on every boot. (Actually, hang on, Thunderbolt is an Intel design so, yeah, I guess this is Intel's fault.) HOWEVER - this is no different from other known vulnerabilities involving the firmware of internal hard drives. Really, the only solution is cryptographically signed boot code - which Intel has also tried to push only to get screamed at by linux users about how it was really an attempt to crush the free software movement. Link to comment Share on other sites More sharing options...
G+_John Phillips Posted August 6, 2015 Share Posted August 6, 2015 Sounds very similar to bad usb Link to comment Share on other sites More sharing options...
G+_Michael Heinz Posted August 6, 2015 Share Posted August 6, 2015 the tech is different but the result is similar. Link to comment Share on other sites More sharing options...
G+_Michael Heinz Posted August 7, 2015 Share Posted August 7, 2015 Eddie Foy, did you see the recent privilege escalation for OS X? Someone forgot to protect the sudoers file.... Link to comment Share on other sites More sharing options...
G+_Eddie Foy Posted August 10, 2015 Author Share Posted August 10, 2015 Yup. Doesn't work on mime. I'm a version behind, before they added that 'feature'. They also had it fixed in the beta of the next version. Once again Apple not caring so much about security. Link to comment Share on other sites More sharing options...
Recommended Posts