> But according to Maynor and Ellch, this attack can be carried out
> whether or not a vulnerable targeted laptop connects with a local
> wireless network. It is, they said, enough for a vulnerable machine
> to have its wireless card active for such an attack to be successful.
> That's a trivial demand, given that most wireless devices embedded in
> laptops these days are switched on by default and are configured to
> continuously seek out available wireless networks.

Right, and if you know the device driver is susceptible to these types of
attack, AND you know the OS the computer is running then it's possible to
construct a hack that'll break into it. Things like buffer overflow
exploits are not trivial to create. They often require multiple steps to
essentially "build" the final attack vector. Think of it as putting small
pieces of the code into place, merely a few bytes at a time. Once all the
bytes are in place then execute them to open the door to a wider attack, or
the next stage. Like 'kill the firewall' or merely reset a login password.
If something can attack from the device driver level, and get code to
execute, then there's little in the OS is going to protect you.

All the more reason to NEVER use devices in their default or 'overly
promiscuous' modes. While some of the 'automagic' features are incredibly
convenient, they don't come without greater risks. Whether or not this hack
depends on such things is an open question.

But it does indicate that rigorously tested software, even at device-driver
levels, continues to be necessary. It's hard (impossible?) to make
completely bulletproof software. The steps necessary to ward off such
attacks are often as complicated, if not more so, than whatever the
program's actual purpose might be. Doing input and buffer checks, at every
level, adds to the complexity and slows the speed of the program; not to
mention the money to pay the developers to do it. But unless it's taken
into account at the basic level then hacks like this will continue to
appear.

But hey, I'm glad they took shots at first Apple for it.