Macs More Vulnerable Than Windows For Enterprise 281
sl4shd0rk writes "At a Black Hat security conference in Las Vegas, researchers presented exploits on Apple's DHX authentication scheme which can compromise all connected Macs on the LAN within minutes. 'If we go into an enterprise with a Mac and run this tool we will have dozens or hundreds of passwords in minutes,' Stamos said. Macs are fine as long as you run them as little islands, but once you hook them up to each other, they become much less secure."
Re:And? (Score:3, Interesting)
Read TFA. It is possible (trivially, supposedly) to force Macs to use DHX (the insecure protocol). So, essentially, even if you use the secure system, it doesn't matter. That is a bit troubling for OS X enterprise users, to say the least.
I suppose the lesson here is that after 15 years of being the #1 target, M$ might finally be starting to get its shit in a respectable state, while Apple, for all its theoretical security, has very little experience dealing with actual security issues. Or maybe it's just a random bug, IDK.
Re:A virus? In my MAC? (Score:2, Interesting)
Also, one can lodge malicious code in a Mac that would require physical replacement of components, such as the flash ROM of the keyboard, or even the battery of a Macbook.
This isn't new to Macs either. Back in the System 6 days, where the OS would read from the SCSI drive code to execute a hard disk driver, it would be trivial to hide a malicious payload there, and because it ran before anything else, there would be no way to stop it. Had a virus that did that been combined with WDEF (which infected machines the second a floppy disk was inserted), it would have caused extreme pain for a lot of users. Think bad MBR code is an issue with PCs, this was a glaring hole. Thankfully, nobody exploited it.
Thankfully's Apple's pants are shown down only at the cons. However it won't be long until stuff that lodges in a keyboard HID ROM or other places hard to dislodge goes to the wild.