Apple keyboards are vulnerable to a hack that puts keyloggers and malware directly into the keyboard. This could be a serious problem, and now that the presentation and code is out there, the bad guys will surely be exploiting it.
The vulnerability was discovered by K. Chen, and he gave a talk on it at Blackhat this year. The concept is simple, a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working ram. For the intelligent, this is more than enough space to have a field day.
I wouldn't loose sleep over this or get worked up about Black Hat demonstrations. Compensating controls that continue to provide security in depth in this case would include network and host IDS/IPS so that the keystroke log files might be found stored on the host or being transmitted out of the enterprise. In the case of a shared public lab, like the university cited, the common safeguard is to wipe and rebuild each machine on a daily basis.
I'd agree that this is another serious vulnerability that should help heighten our awareness of the potential dangers.
The biggest danger I see in information assurance today is the belief that only good guys are finding these holes and the belief that sharing them at Black Hat educates the bad guys.
Anybody who has spent more than 10 minutes following the current exploits in the wild understands that the folks behind conflicker or the theft of the
F35 designs are very, very competent. They don't need Black Hat demos to find opportunities. They're finding more and better exploits on their own.
WE need the demos to help wake up and inform management as to what we're up against and how insanely insecure many systems are today.
The Twitter ddos, F35 design theft, multi-million node botnets, massive penetration of our power grid and 90% of all email as malicious (I consider all fraudulent mail including spam as malicious) should be enough of a wake-up call but it doesn't seem to penetrate.
Regards
Ken Kousky
TrackBack URI for this entry
Subscribe to this comment's feed
written by ugg sale, December 25, 2009
-
- +0
-
-
written by petty, December 28, 2009
-
- +0
-
-
written by ugg sale, December 29, 2009
International Online reports (Xinhua Jin Li): Holland 21, ugg sale began to appear nationwide culling of Q fever in pregnant sheep ranch in order to prevent the spread of the epidemic Q fever.
-
- +0
-
-
written by uggs outlet, January 11, 2010
Love is not a thing to feel.
Love is not a thing to give and receive.
Love is a thing only to become
And eternally be. ."
What keeps us alive, what allows us to endure?
I think it is the hope of loving,
or being Ugg Boots loved.
I heard a fable once about the sun going on a journey
to find its source, and how the moon wept
without her lover’s
warm gaze.
We weep when light does not reach our hearts. We wither
like Uggs Outlet fields if someone close
does not rain their
kindness
upon
us.--------------------《The Hope of Loving》
-
- +0
-
-
written by ugg boots on sale, January 15, 2010
-
- +0
-
-
written by Wholesale Ugg Boots, January 19, 2010
-
- +0
-
-
written by ugg online, January 20, 2010
Good sharing!
I don’t know whetherugg cheapyou can read this message, but I think I should ugg bootstell you something about my attitude for you! I am so grateful for your sharing.
-
- +0
-
-
written by ugg outlet store, January 26, 2010
A fierce earthquake struck Haiti late cheap uggs Tuesday afternoon, causing a crowded hospital to collapse, leveling countless shantytown dwellings and bringing uggs outlet even more suffering to a nation that was already the hemisphere’s poorest and most disaster-prone.
-
- +0
-
-
written by GingerHOGAN18, March 04, 2010
-
- +0
-
-
written by meng, March 07, 2010
-
- +0
-
-
written by wow gold, March 10, 2010
-
- +0
-
-
written by watches, March 10, 2010
-
- +0
-
-
written by watches, March 10, 2010
-
- +0
-
-
written by louis vuitton, March 10, 2010
-
- +0
-
-
