[olug] wifi device driver exploits

Kent Tegels ktegels at gmail.com
Thu Aug 24 17:02:09 UTC 2006


For consideration:

http://daringfireball.net/2006/08/curious_case
http://blogs.zdnet.com/Ou/?p=300

Thanks,
Kent

On 8/24/06, Rob Townley <rob.townley at gmail.com> wrote:
> Hijacking a MacBook in 60 Seconds or Less
> http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html
>
>
> In case you have not heard, there is very probably a probable
> (repetition intended) exploit of wifi devices no matter what operating
> system is used because it attacks device driver code based on FreeBSD
> that was used in Linux, Windows, and the Mac.
>
> Just like a Ford Mustang is almost completely made in Mexico of parts
> from who knows where.  Device drivers are often not made in the houses
> of Apple and Microsoft and RedHat.    Apple can say the Atheros driver
> was not Apple made, but it does come on the OS CD.  When Netgear uses
> FreeBSD source from Atheros and pays Microsoft to sign the driver, who
> owns the driver.  Because of this, they think they have deniability.
>
>
> Jon brought this up at a SecurityPosture/CompUSA meeting long before
> it came out at Blackhat, so i am particularly interested in what his
> position is on the issue.    Yes, i used "position" because the proof
> is not supposed to be released until manufacturers have a fix.  Based
> on prior experience, i am firmly in the camp that this is a real
> issue.  The point is that not many seem to be talking about the real
> issue of a class of exploits of device drivers that run on modifiable
> firmware.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>


-- 
Thank You,

Kent Tegels
Database Curriculum Lead
Blog: http://staff.develop.com/ktegels
DevelopMentor -- Advanced Training for Professional Software Developers



More information about the OLUG mailing list