« Corrupt Safari RSS databases | Main | How to make Acrobat 7 stop dinking with Office »

So thanks to a session at Black Hat, the MacMacs are all a-twitter over the fact that there's a serious hole in the wireless drivers on the MacBooks.

They even demoed how you can use the hole in the drivers, from Atheros, to crack into a Mac in about a minute.

Oh

My

God

The spinmeistering has come out. The MacMacs are losing their little damned minds over this, to which I say: "GET OVER IT"

Holy crap people, it's a vulnerability in a device driver. What, did you think those things were perfect? Or that Apple was? Note that it's not just Apple here. From Brian Krebs' article:

The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market.

What are the dangers of subverting a device driver?

Because the software that powers these wireless devices operates at such a fundamentally low level of the operating system, traditional system safeguards like firewalls and anti-virus software most likely will not stop the operating system from accepting a maliciously crafted network probe from an attacker seeking to exploit device driver-specific flaws. The result, said Maynor, is that a system using poorly designed device drivers is vulnerable to compromise just by doing what it was programmed to do.

This is nothing more than a vulnerability in a particular driver set used by Apple and other manufacturers:

While those device driver flaws are particular to the Macbook -- and presently not publicly disclosed -- Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS. It's not just an Apple problem by a long shot.

But the vulnerability isn't what's making all the MacMacs cry though. This is:

Still, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the "Mac user base aura of smugness on security."

"We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said.

And the headline:

Hijacking a Macbook in 60 Seconds or Less

So now, because of this, it's an attack on the Mac's sterling security rep. It's a hack article, and folks are starting to imply that the vulnerability may not be legit. The fact that there's a real problem in the wireless drivers isn't worrying people. No, it's "THEY'RE BEING MEAN TO APPLE!!!111". THAT'S what's pissing people off.

Good fucking grief people, Mac users have been total smug assholes about being "invulnerable" to harm, (don't even TRY to tell me they haven't. I've heard far too many fanboys saying this. Deal.), and gee, what a shock, someone decided to tweak them on it while pointing out a real problem. Oh my stars and garters, why ever would someone do that. Get real here. It's a real problem, and it affects Macs as well as other systems.

Luckily, I have more faith in the maturity level at Apple than I do in the Mac community. I'm pretty sure they'll do what has to be done to patch it. I'm just as sure that MacMacs will apply the patch and say "See, there was no problem, it's been patched".

Three sure bets:

Greed
Stupidty
MacMacs ability to whine like a pack of overprivileged three year olds

Let me ask you this. Would you have rather found out about this the HARD way?

Technorati Tags: Apple, Mac OS X, MacMacs, Conferences, Security, TEH STOOPUD

Comments