Mac Specs: 2008 Mac Pro 8x2.8GHz Core, 8 Gig ram, 2TB, nvidia 8800GT, wifi, 2x Superdrives
Vansmith - unfortunately, the keyboard does have a firmware, and if there is enough space, it is possible to make it do something unintentional depending on the creativity and capability of the programmer - if you don't think that the keyboards do - check out this link even from Apple that refers to the keyboard firmware:
I'm not saying it'd be easy to hack, nor that it would be easy to write appropriate accompanying software to make it all work - but the fact that the firmware is updatable, and if the chips have enough spare space to allow the keyboard to continue to work even with malicious code; it may be possible. And if that person could prove it's possible (ie: hack a keyboard on one system, move the keyboard to another clean system and prove that it's for example logging keystrokes and sending them somewhere some how) then there is a risk that requires attention.
__________________
My Macs: Early 2008 8 core 2.8GHz 8gig ram Mac Pro; Mac mini G4, 1.25 GHz, 512m ram (server); Early '09 Mac Mini, 2GHz, 4Gig Ram, 120Gig HD, 9400m; 2010 13" MBP, 2.4GHz, 4Gig Ram, 640Gig HD, 320m; Powerbook 12" G4 1.33GHz running Debian as a server
Mac Specs: White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver
Sounds worrying at first, but it looks like another Mac OS X security hole that so many "security experts" regularly delight in writing up to spread the myth that a Windows style malware invasion is about to hit OSX.
Sure, OSX is not immune to all attacks, but it remains one of the most difficult platforms on which to spread malware. Notice the word spread. Infecting a few machines with trojans installed by users who are too stupid not to download software from an untrusted source will never be able to spread malware very widely.
It looks to me as the attack could take hold if you download and install keyboard firmware from a non Apple site
But more interestingly it links to other security pages that are full of the usual fud that security experts regularly put out.
"Rather than realizing that the relatively safety is afforded by Apple's still small market share, they believe that the security is somehow owing to an inherent security superiority in their operating system of choice"
Just read the rest of the article, including:
Quote:
"security expert and even Apple seems to acknowledge that its security may be lacking, warning that its iPhone can easily be hacked and used as a terrorist weapon."
Terrorist weapon! - what next, they are going to tell us next that the Mac will bring in Sharia Law, global warming and the return of flesh eating dinosaurs next.
They said the Mac's operating system will be an easier nut to crack once hackers start to focus on it. That is because it has a lot more code in it than Windows, leaving room for more vulnerabilities and bugs that hackers can exploit.
Really, if its so easy then why hasn't it been done yet.
Until we hear news that a virus is sucessfully spreading across OSX, there is no news, I for one will just be careful what I do online and keep my free ClamX up to date.
__________________
New here? Make sure you read the forum rules | Use the Rep system
Mac Specs: 2008 Mac Pro 8x2.8GHz Core, 8 Gig ram, 2TB, nvidia 8800GT, wifi, 2x Superdrives
That's one of the big things tho - being cautious is important, being aware of your system is important - being aware of what you are doing and where is important. Any security flaws, no matter how slight should be patched - regardless of how safe an OS is or potentially is, if there is a hole, there is an unsuspecting user who will get infected, and that user may have access to very private and personal data that can get out.
Plus, it sounds like since this updater can be triggered through other software, it is feasible for someone to write a seemingly safe app that would attempt to trigger a firmware update to install a non-so-safe firmware.
Now, I'm not saying a wide spread panic is right, nor that people should go running out to buy a different computer - I'm not going to swap to windows, or sell my Macs just because of this - but I think people should be aware of risks, and Apple should act as a responsible company to repair security flaws in their OS.
I will say, the thing that bothered me more then the flaw (as the amount of flaws discovered for OSX and the associated hardware is still significantly less then the ones for Windows) is that, according to the article, it appears that Apple takes a bit of a cavalier attitude that they don't seem to want to pay attention to the ethical hackers out there that bring to them the issues with their OS and hardware, and instead seem to wait until it is a broadcast issue (ie: now that it has been announced at BlackHat)
Just my $0.02.
I'm not looking for a panic, and I don't feel one is warranted, but people should be aware when there are issues and apple should fix them for both current and recent past versions of OSX (ie: tiger and maybe panther) since many people with G4 or G5 machines may never upgrade to Leopard due to system limitations...
__________________
My Macs: Early 2008 8 core 2.8GHz 8gig ram Mac Pro; Mac mini G4, 1.25 GHz, 512m ram (server); Early '09 Mac Mini, 2GHz, 4Gig Ram, 120Gig HD, 9400m; 2010 13" MBP, 2.4GHz, 4Gig Ram, 640Gig HD, 320m; Powerbook 12" G4 1.33GHz running Debian as a server
I will say, the thing that bothered me more then the flaw (as the amount of flaws discovered for OSX and the associated hardware is still significantly less then the ones for Windows) is that, according to the article, it appears that Apple takes a bit of a cavalier attitude that they don't seem to want to pay attention to the ethical hackers out there that bring to them the issues with their OS and hardware, and instead seem to wait until it is a broadcast issue (ie: now that it has been announced at BlackHat)
Agreed. One good thing about Microsoft is that they do tend to patch security holes very quickly. Apple is usually quiet about it, and when the fix is released, it's usually only after the hole has been exploited and publicized.
Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
