[PCWorld]

Post your comments for A Hacker Speaks: How Malware Might Blow Up Your Laptop here

[42n81]

Wait a minute!!!!

"Someone" could hack into my MacBook, trash my battery (or worse), and APPLE is the bad guy?

Either our value system is totally broken or our brains have been replaced with mashed potatoes.

Granted, Apple should know better. Come to think of it, we all should know better. Since when has it become expected, even mandatory that every vulnerability be exploited?

All the exploit "geniuses" who ferret out weaknesses in someone else's work, in my books anyway, are several notches below ambulance chasers looking for their fifteen seconds of glory.

[melgross]

Two problems with this. First of all TI is in the wrong here. Since these passwords only need to be known by the manufacturers using their chips, there is no reason why the passwords should be on their site at all. And there is no reason why there needs to be one default password from them either. They could have different passwords for each batch of chips. As these passwords are automatically generated, there is no reason why not.

In addition, as has been pointed out, you need physical access to the computer to do this. The article should have made a bigger deal about this, as it's well understood that if you have physical access to any machine, not matter how secure, you can break in.

[AWawro]

42n81, on 29 July 2011 - 05:31 AM, said:

Granted, Apple should know better. Come to think of it, we all should know better. Since when has it become expected, even mandatory that every vulnerability be exploited?

Right! I think Apple has a responsibility to ensure their products are reasonably secure, but consumers are also responsible for staying informed and proactively protecting themselves.

To that end, Dr. Miller will soon release a free piece of software you can use to scramble the passwords on your battery firmware, and we will link it here when he does.

melgross, on 29 July 2011 - 05:39 AM, said:

In addition, as has been pointed out, you need physical access to the computer to do this. The article should have made a bigger deal about this, as it's well understood that if you have physical access to any machine, not matter how secure, you can break in.

The firmware governing your battery can be modified without physical access to your laptop.

Apple can release downloadable firmware updates that improve how your battery functions, which means it's also possible for hackers to trick you into downloading malicious code that rewrites your battery firmware.

[dstarfire]

42n81, on 29 July 2011 - 05:31 AM, said:

Wait a minute!!!!

"Someone" could hack into my MacBook, trash my battery (or worse), and APPLE is the bad guy?

Either our value system is totally broken or our brains have been replaced with mashed potatoes.

Granted, Apple should know better. Come to think of it, we all should know better. Since when has it become expected, even mandatory that every vulnerability be exploited?

All the exploit "geniuses" who ferret out weaknesses in someone else's work, in my books anyway, are several notches below ambulance chasers looking for their fifteen seconds of glory.

Yes, Apple is the bad guy because they've put their customers at risk by ignoring a standard security procedure (always change passwords from the default). Even if the senior management didn't know, you can be pretty sure that at least one person noticed it and reported the danger to his/her supervisor. Even if he didn't pass it along, Apple is still at fault for creating a corporate culture that encourages ignoring product flaws and dangers.

I'm not even going to touch your suggestion to ignore vulnerabilities or vilify the people who discover them. I just hope your doctor doesn't follow that same "what you don't know can't hurt you" philosophy.

[Evildave]

So why the double standard?

Apple is the 'bad guy' if there's a hypothetical vulnerability that someone could perhaps exploit, but Microsoft is ALWAYS given a free pass for MILLIONS of active, real-world exploits all the time, and people just say 'Yuh shoulda used antiviruszes!' and claim it's not the OS's fault it lets your computer be so thoroughly and continuously raped.

[Razor91869]

Evildave, on 29 July 2011 - 11:41 AM, said:

So why the double standard?

Apple is the 'bad guy' if there's a hypothetical vulnerability that someone could perhaps exploit, but Microsoft is ALWAYS given a free pass for MILLIONS of active, real-world exploits all the time, and people just say 'Yuh shoulda used antiviruszes!' and claim it's not the OS's fault it lets your computer be so thoroughly and continuously raped.

Apple has just as many flaws, if not more, than Microsoft. Microsoft has had many years to patch their stuff considering all the attacks they receive every day. Apple has barely been touched. As for why Microsoft gets a free pass, they scrambled their battery passwords, Apple did not. Microsoft immediately scrambles to fix any exploits and vulnerabilities that are "major" atleast, perhaps not the small ones, but *MAJOR* holes in their OS, they fix asap. On top of that, they provide comments and say "Hey, we're working on it!" Apple just keeps their mouth shut, they say nothing and eventually meander their way to a patch. The other issue is.. APPLE cannot fix this in previous laptops. They can only patch future laptops. Which means that if someone wants to exploit this, and most people don't know about it.. they are going to get RAILED.

As for the diff between Microsoft and Apple.. Microsoft lets you do what you like on their systems, heck you can even use Itoons. Apple.. you need VMWARE so you can run Linux, Ubuntu, or Windows just to use something that's Microsoft. I don't use apple simply because apple like to think they can tell me what I can and cannot do with my system. Then they charge me out the a$$ for it.

[artzy65]

42n81, on 29 July 2011 - 05:31 AM, said:

Wait a minute!!!!

"Someone" could hack into my MacBook, trash my battery (or worse), and APPLE is the bad guy?

Either our value system is totally broken or our brains have been replaced with mashed potatoes.

Granted, Apple should know better. Come to think of it, we all should know better. Since when has it become expected, even mandatory that every vulnerability be exploited?

All the exploit "geniuses" who ferret out weaknesses in someone else's work, in my books anyway, are several notches below ambulance chasers looking for their fifteen seconds of glory.

The expression is actually 'fifteen minutes of fame'
http://en.wikipedia....minutes_of_fame

Just saying

[waldojim]

Razor91869, on 29 July 2011 - 11:57 AM, said:

Apple has just as many flaws, if not more, than Microsoft. Microsoft has had many years to patch their stuff considering all the attacks they receive every day. Apple has barely been touched. As for why Microsoft gets a free pass, they scrambled their battery passwords, Apple did not. Microsoft immediately scrambles to fix any exploits and vulnerabilities that are "major" atleast, perhaps not the small ones, but *MAJOR* holes in their OS, they fix asap. On top of that, they provide comments and say "Hey, we're working on it!" Apple just keeps their mouth shut, they say nothing and eventually meander their way to a patch. The other issue is.. APPLE cannot fix this in previous laptops. They can only patch future laptops. Which means that if someone wants to exploit this, and most people don't know about it.. they are going to get RAILED.

As for the diff between Microsoft and Apple.. Microsoft lets you do what you like on their systems, heck you can even use Itoons. Apple.. you need VMWARE so you can run Linux, Ubuntu, or Windows just to use something that's Microsoft. I don't use apple simply because apple like to think they can tell me what I can and cannot do with my system. Then they charge me out the a$$ for it.

Microsoft has nothing to do with the battery. It is up to Acer, Asus, MSI, Lenovo, et al. to change that password. The hacker tinkered with Apple systems to stay consistent during testing (that and he got them for free from pwn2own competitions). How many PC's are affected? Who knows. Does anyone here know how to check their firmware password?

Most important question here: What is the ACTUAL risk factor here? Can anyone actually come up with numbers detailing just how LIKELY a hacker will gain access to the battery to do this? How many exploits are there in a position to do this? What is the chance for REMOTE execution? What I am pointing out here, is that a person needs to get through ALL CURRENT security to even get to a stage where they can even concern themselves with the battery firmware. Is this even FEASIBLE at the current junction?

[Evildave]

Razor91869, on 29 July 2011 - 11:57 AM, said:

Evildave, on 29 July 2011 - 11:41 AM, said:

So why the double standard?

Apple is the 'bad guy' if there's a hypothetical vulnerability that someone could perhaps exploit, but Microsoft is ALWAYS given a free pass for MILLIONS of active, real-world exploits all the time, and people just say 'Yuh shoulda used antiviruszes!' and claim it's not the OS's fault it lets your computer be so thoroughly and continuously raped.

Apple has just as many flaws, if not more, than Microsoft. Microsoft has had many years to patch their stuff considering all the attacks they receive every day. Apple has barely been touched. As for why Microsoft gets a free pass, they scrambled their battery passwords, Apple did not. Microsoft immediately scrambles to fix any exploits and vulnerabilities that are "major" atleast, perhaps not the small ones, but *MAJOR* holes in their OS, they fix asap. On top of that, they provide comments and say "Hey, we're working on it!" Apple just keeps their mouth shut, they say nothing and eventually meander their way to a patch. The other issue is.. APPLE cannot fix this in previous laptops. They can only patch future laptops. Which means that if someone wants to exploit this, and most people don't know about it.. they are going to get RAILED.

As for the diff between Microsoft and Apple.. Microsoft lets you do what you like on their systems, heck you can even use Itoons. Apple.. you need VMWARE so you can run Linux, Ubuntu, or Windows just to use something that's Microsoft. I don't use apple simply because apple like to think they can tell me what I can and cannot do with my system. Then they charge me out the a$$ for it.

You think that Microsoft makes batteries for the notebooks that a hundred different manufacturers sell? Wow.

Actually, 'Parallels' makes VMWARE look like pathetic, slow, buggy crap (which it is). You could also use VirtualBox. But to run Linux along-side your windoze junk, you need VMware or VirtualBox, as well.

BTW, you didn't know a mac could boot Linux? Wow. It can even boot windows natively, if you just wanted the best notebook possible, but are hopelessly mired in Windows junk.

But hey, Apple doesn't prevent you from running anything on a Mac, either. If you don't like iTunes, use VLC. LibreOffice, and pretty much 100% of everything else open source works fine on a Mac. The GNU tools run very well, since OS X is UNIX and POSIX compliant (i.e. most tools made for Linux just recompile and work natively, so there's little need to 'run linux' when you can just get the OSX build for it). You think Apple prevents any of this? Wow.

Microsoft and Google are 100% as 'evil' with their own phones and tablets. You think you can use a 'Windows' phone or Android phone or tablet and just upload anything you like to it??? Think again. Yes, you can get around the marketplace and upload 'whatever' to an Android device, but they had a big outbreak of malware, too. Microsoft has said outright that open source content is INCOMPATIBLE with their mobile devices, and will be rejected outright. Didn't you know that, either?

So now you've learned lots of new things. But it sounds like you just hate Apple. So no matter what you learn of the openness of OSX tools, the freeness of the development tools (as opposed to spending a grand for a Microsoft development tool that isn't GIMPED), etc., you'll hate Apple anyways, and keep your precious Microsoft up on a pedestal, ignoring anything that you 'learn'.

[artzy65]

Razor91869, on 29 July 2011 - 11:57 AM, said:

Apple.. you need VMWARE so you can run Linux, Ubuntu, or Windows just to use something that's Microsoft.

There are plenty of MS products built for the Mac; no VMWare needed thank you.

[nonseq]

artzy65, on 29 July 2011 - 02:01 PM, said:

Razor91869, on 29 July 2011 - 11:57 AM, said:

Apple.. you need VMWARE so you can run Linux, Ubuntu, or Windows just to use something that's Microsoft.

There are plenty of MS products built for the Mac; no VMWare needed thank you.

You mean like MS office including Word and Excel, which were first released for Mac OS?

[42n81]

dstarfire, on 29 July 2011 - 10:31 AM, said:

42n81, on 29 July 2011 - 05:31 AM, said:

Wait a minute!!!!

"Someone" could hack into my MacBook, trash my battery (or worse), and APPLE is the bad guy?

Either our value system is totally broken or our brains have been replaced with mashed potatoes.

Granted, Apple should know better. Come to think of it, we all should know better. Since when has it become expected, even mandatory that every vulnerability be exploited?

All the exploit "geniuses" who ferret out weaknesses in someone else's work, in my books anyway, are several notches below ambulance chasers looking for their fifteen seconds of glory.

Yes, Apple is the bad guy because they've put their customers at risk by ignoring a standard security procedure (always change passwords from the default). Even if the senior management didn't know, you can be pretty sure that at least one person noticed it and reported the danger to his/her supervisor. Even if he didn't pass it along, Apple is still at fault for creating a corporate culture that encourages ignoring product flaws and dangers.

I'm not even going to touch your suggestion to ignore vulnerabilities or vilify the people who discover them. I just hope your doctor doesn't follow that same "what you don't know can't hurt you" philosophy.

I'm not saying to ignore vulnerabilities. I'm saying it's not OK to call the homeowner the "bad guy" for not putting bars on his windows and imprisoning himself in his house.

Since when has it become OK to break into somebody's property and damage it. Who would you rather have locked up, the lowlife who violated your property or the home builder?

This has nothing to do with my doctor discovering an illness and telling me about it. If you want an analogy, it's like your shrink finding a weakness and using it to have you get rid of his wife.

Like I said, Apple should have known better and should have locked the barn door. But unless you have mashed potatoes for brains, you know that the bad guys are the horse thieves and not the rancher.

[42n81]

artzy65, on 29 July 2011 - 01:50 PM, said:

42n81, on 29 July 2011 - 05:31 AM, said:

Wait a minute!!!!

"Someone" could hack into my MacBook, trash my battery (or worse), and APPLE is the bad guy?

Either our value system is totally broken or our brains have been replaced with mashed potatoes.

Granted, Apple should know better. Come to think of it, we all should know better. Since when has it become expected, even mandatory that every vulnerability be exploited?

All the exploit "geniuses" who ferret out weaknesses in someone else's work, in my books anyway, are several notches below ambulance chasers looking for their fifteen seconds of glory.

The expression is actually 'fifteen minutes of fame'
http://en.wikipedia....minutes_of_fame

Just saying

Glory is ephemeral as a spark. Fame lingers like smoke from the spark.

This post has been edited by 42n81: 29 July 2011 - 04:20 PM

[TheOldTopkick]

I can't help but wonder if we are being reasonable about the things that are computer controlled. I fully expect to read in the paper where some drunk caused an accident and his lawyer claims the accident was not the drunk's fault. The control module on his car had been hacked. While you are lying on the floor laughing, think about it for a minute.

[Evildave]

When a car can drive its self, should it even matter that the passenger is intoxicated?

[Razor91869]

Evildave, on 29 July 2011 - 06:24 PM, said:

When a car can drive its self, should it even matter that the passenger is intoxicated?

Yes. Drinking is stupid, being drunk while in a vehicle that you may have to take hold of is even more stupid. And in my opinion, if you're drunk and behind the wheel, you're 100% responsible no matter what happened or who's fault it would have been.

This post has been edited by Razor91869: 29 July 2011 - 06:59 PM

[Razor91869]

Evildave, on 29 July 2011 - 02:00 PM, said:

You think that Microsoft makes batteries for the notebooks that a hundred different manufacturers sell? Wow.

Actually, 'Parallels' makes VMWARE look like pathetic, slow, buggy crap (which it is). You could also use VirtualBox. But to run Linux along-side your windoze junk, you need VMware or VirtualBox, as well.

BTW, you didn't know a mac could boot Linux? Wow. It can even boot windows natively, if you just wanted the best notebook possible, but are hopelessly mired in Windows junk.

But hey, Apple doesn't prevent you from running anything on a Mac, either. If you don't like iTunes, use VLC. LibreOffice, and pretty much 100% of everything else open source works fine on a Mac. The GNU tools run very well, since OS X is UNIX and POSIX compliant (i.e. most tools made for Linux just recompile and work natively, so there's little need to 'run linux' when you can just get the OSX build for it). You think Apple prevents any of this? Wow.

Microsoft and Google are 100% as 'evil' with their own phones and tablets. You think you can use a 'Windows' phone or Android phone or tablet and just upload anything you like to it??? Think again. Yes, you can get around the marketplace and upload 'whatever' to an Android device, but they had a big outbreak of malware, too. Microsoft has said outright that open source content is INCOMPATIBLE with their mobile devices, and will be rejected outright. Didn't you know that, either?

So now you've learned lots of new things. But it sounds like you just hate Apple. So no matter what you learn of the openness of OSX tools, the freeness of the development tools (as opposed to spending a grand for a Microsoft development tool that isn't GIMPED), etc., you'll hate Apple anyways, and keep your precious Microsoft up on a pedestal, ignoring anything that you 'learn'.

Thank you for the information. I never dislike to learn new things. It's actually one of my goals in life; to acquire as much information as I possibly can. I do not hate Apple, I just dislike their tactics. Microsoft is just as "evil" as apple is, if not more. However Microsoft does not pretend otherwise. And I do use VLC, even on my Windows computer. And no, I don't think microsoft makes their own batteries, I do believe, from the information in the article and other sources, that Microsoft scrambles their batteries' passwords. If I'm wrong, so be it. I was mis-informed. I do however, dislike that you felt you needed to attack me for my opinions. You are free to like or dislike whatever you want, don't act that knowledge will not change my opinion about something just because it doesn't change yours.

[Evildave]

Razor91869, on 29 July 2011 - 06:58 PM, said:

Evildave, on 29 July 2011 - 06:24 PM, said:

When a car can drive its self, should it even matter that the passenger is intoxicated?

Yes. Drinking is stupid, being drunk while in a vehicle that you may have to take hold of is even more stupid. And in my opinion, if you're drunk and behind the wheel, you're 100% responsible no matter what happened or who's fault it would have been.

So, in a world with self-driving cars, when taxi cabs without drivers pick up drunks to take them home, the drunk snoozing in the back seat gets the legal liability if the robot hits someone?

Doesn't seem fair.

[Razor91869]

Evildave, on 29 July 2011 - 08:33 PM, said:

Razor91869, on 29 July 2011 - 06:58 PM, said:

Evildave, on 29 July 2011 - 06:24 PM, said:

When a car can drive its self, should it even matter that the passenger is intoxicated?

Yes. Drinking is stupid, being drunk while in a vehicle that you may have to take hold of is even more stupid. And in my opinion, if you're drunk and behind the wheel, you're 100% responsible no matter what happened or who's fault it would have been.

So, in a world with self-driving cars, when taxi cabs without drivers pick up drunks to take them home, the drunk snoozing in the back seat gets the legal liability if the robot hits someone?
Doesn't seem fair.

No, it doesn't does it. Neither does 3 years for jaywalking and 6 months for murdering a pedestrian in the street with a car. Looks like the world aint fair all around. And perhaps if the cab gets in an accident, you shouldn't trust it to drive you while you're passed out in the back seat. However, to be realistic, there's a difference in completely automated vehicles and vehicles that drive themselves with a driver present. If that driver is drunk, he goes to jail.. no questions asked. But to be further fair.. I hold a strong dislike for drinking, and I hate drunks, but I loath drunk drivers. Drivers are not the same as passengers though.

This post has been edited by Razor91869: 29 July 2011 - 09:09 PM