MacBook hijack story prompts criticism

Washington Post is sucking this guy off. He did what every report wants to do, draw huge attention to his media outlet. Whether the article is true or not, it has drawn a good size crowd to their site, possibly keeping readers.

I use an external USB wireless card for wardriving and packet-injection support. Granted that also means that the odds of me falling for this are a bit slimer as I have a better idea of whats going on with my machine at all times.

However in response to one of the comments that alked about it being unrealistic to get people to connect to the hacker's network that not true. Run yourself as a rogue AP, odds are you're physically closer to the person and he'll access everything through you -- MiM

still though this is just sensationalistic news (what isn't these days) and its pretty unlikely, but then so are most security flaws. that is until someone exploits them and then that 1 in a million possibility doesn't matter cause you're system got owned.

I'll make that fast and easy: Johny want to get 1000 USD in Cash?

http://deepquest.code511.com/blog/comments.php?id=P395_0_1_0

What a nob. NOBODY uses 3rd party wireless cards on any MacBook because they all have built in wireless so that is ridiculous.As Hiram said, anyone can 'hack' a computer if it is right in front of them. What would have made it half credibile is if the mac was on the other side of the room with someone else entering commands.

TOTALY fake

-Old powerbook during the demo
-3rd party card is like ????
-Lied becase he ALREADY has a already a networked folder check top icon under hd icone.

Hmmm, let's see... The washington post web site has lots of advertising on it, WWDC is next week, the tech media is scouring the web for any bit of Apple news, no-one bothers to read any stories these days before reposting them to their blog of choice, so it seems like a great strategy for Krebs and the post to drive advertising revenue to their site. You all fell for it. Again.

The only commands he used was a command to connect to the network, rather then using the airport icon, many of my friends do this, and the other was to check the ip address matches, which i do occasionally, so he didnt need the access he just did what a user would likely do but in his own way.
The 'hacker' also clearly states its not a error with a mac or anything its just 3rd party error but it does prove that it is still possible, unlikely to happen but if someone found a exploit similer in the internal airport then there could be problems. i agree with Hiram, just dont let anything connect by default.

Taken from the follow up article linked in the post and regarding the use of a third party wireless card:

"During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported."

There's really nothing to see here. A third party wireless card is used, which no MacBook owner will do, as WIFI is built-in. The MacBook is handled during the demonstration; actual commands are typed in Terminal.app, without which the 'attack' would not be possible. If physical access to a device is needed for an attack, it cannot be said to be vulnerable. Your coffee machine is just as vulnerable, then.

Of course, it may still be wise to edit System Preferences > Network > Airport so that the user is asked before joining an open network and networks are not automatically added to the 'preferred networks' list. At least, that's what I did, just because it's better to err on the safe side.

So all this video is just a fake?