Interesting People mailing list archives
Apple keyboard firmware hack demonstrated [RISKS] Risks
From: David Farber <dave () farber net>
Date: Mon, 17 Aug 2009 16:01:55 -0400
Begin forwarded message: From: "David Lesher" <wb8foz () panix com> Date: August 17, 2009 3:20:17 PM EDT To: dave () farber net (David Farber) Subject: Apple keyboard firmware hack demonstrated [RISKS] Risks There's an obvious prophylactic, but one too late for Apple to retrofit now. Just require hardware intervention to allow writing to the flash. I know some Sun servers had this, because a friend was called in when a big outfit's web page was had, with much public embarrassment. He wasupset to find [midst many issues...] the internal write-enable jumper had
been left in place; he replaced the server hardware rather than risk a 2nd compromise. Apple previously required a button push to upgrade their firmware [The G4 towers, and iMac's had such.] but seems to have abandoned such to save money/space/etc. And it's not clear if that protected against this attack. Of course, even this is of little use if the perpetrator had private physical access and control of the box. ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Apple keyboard firmware hack demonstrated [RISKS] Risks David Farber (Aug 17)