Turns out the latest “Mac security hole” does Windows
You play with FireWire, you’re gonna get burned…
Remember that “critical” Mac OS security exploit we told you about last week? Well as it turns out, it isn’t just a problem for the Mac. Windows XP is apparently vulnerable as well, and Windows users may actually have more to worry about than we Mac geeks.
According to theage.com, a New Zealand security consultant named Adam Boileau discovered and reported the same flaw (having to do with the way passwords are stored in a computer’s RAM, over TWO YEARS ago on the Windows platform) and it remains unpatched today. Boileau’s method is more or less identical to the one described by the Mac hackers, and is based on FireWire’s ability to directly tap a computer’s RAM which holds on to user’s password much longer than you might think. Of course, to use FireWire on a computer, you first need the computer, and odds are this is largely why both Microsoft and Apple haven’t tripped over themselves patching this hole.
So why is it worse for Windows users?
Since all Macs have shipped with FireWire for about 8 years now, it’s natural to for someone to assume a FireWire-based hack is more of a threat to Macs than PCs, but they’d be wrong. Apparently Windows PCs have begun catching up thanks to the digital video revolution, and most Windows laptops sold in recent years have FireWire now. But the real reason Windows users should be worried is Adam Boileau is apparently so fed up with the fact that Microsoft has done nothing to plug this potential security hole after 2 years, he has made the code available to exploit this vulnerability on his website for all hackers to download.
What a guy.
Jacob Appelbaum, the fellow who discovered the Mac version of this exploit last month, has announced he too will make his code available on the web, but has given Apple a sporting 3 months to first try to plug the hole.
Apple initially has said that it was aware of the “bug” and does not consider the exploit to be a very dangerous one. Perhaps this is a reaction to Microsoft’s inaction to the same problem. After all, if after 2 years on the much more popular Windows platform it hasn’t become an issue, odds are Apple can wait a couple decades to patch it. Still, I’m not sure I like seeing ANY computer company drag its feet patching security holes, however obscure, that have been proven to do something as ominous as obtain an administrator’s password in a couple minutes.
Based on Apple’s recent hardware moves and Apple’s phasing out of FireWire, perhaps we Mac users will have nothing to worry about. Looks like right about now the MacBook Air is Apple’s most secure computer. I smell a new marketing campaign…
Isn’t this half the reason that Leopard got ASLR? (http://en.wikipedia.org/wiki/ASLR)
What’s the bet the Firewire exploit was done on a Tiger/Pre-Tiger machine? 😉
This “bug” seems very elaborate, pointless and unecessary and just a poor attempt at getting a bit of 5 minutes of fame.
If you really wanted to get into a machine you could just put the mac OS X install disk in and reset the password for any of the accounts on the machine…
Talk about long winded…
You forget to mention that you can perform the exploit by litterally freezing the memory of a computer a few second after the poor user turned it off. Now I understand that colleague of mine wandering around the office with that giant tank of liquid nitrogen.
So basically Jacob Applebaum is a douche for re-discovering something that’s been known about firewire for over 2 years? Maybe the reason no one else tried it out on a Mac was because who in their right mind is going to make an exploit that requires you to carry a Power Mac out of your office under your shirt.
“If you really wanted to get into a machine you could just put the mac OS X install disk in and reset the password for any of the accounts on the machine…”
Which does nothing for you if you want to get into the keychain, unless the password is sitting around on the disk unencrypted. Or if FileVault is in use. This totally gets around them. Are you saying that those two technologies are a waste of time?
Who’s getting an administrator password? This hack gets the user password.
It depends on who’s logged in. A lot of people run as users with elevated privileges. And besides, for most people keeping personal data safe is a more “real” threat than having their system compromised.