Apple keyboard firmware hack demonstrated [RISKS] Risks

[David Farber <dave () farber net>]

Begin forwarded message:

From: "David Lesher" <wb8foz () panix com>
Date: August 17, 2009 3:20:17 PM EDT
To: dave () farber net (David Farber)
Subject: Apple keyboard firmware hack demonstrated [RISKS] Risks


There's an obvious prophylactic, but one too late for Apple to retrofit
now. Just require hardware intervention to allow writing to the flash.

I know some Sun servers had this, because a friend was called in when a
big outfit's web page was had, with much public embarrassment. He was
upset to find [midst many issues...] the internal write-enable jumper  
had
been left in place; he replaced the server hardware rather than risk a
2nd compromise.

Apple previously required a button push to upgrade their firmware [The
G4 towers, and iMac's had such.] but seems to have abandoned such to
save money/space/etc. And it's not clear if that protected against this
attack. Of course, even this is of little use if the perpetrator had
private physical access and control of the box.






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com