New macbooks?
10-21-2008, 07:32 AM
#41
Contributors
Join Date: Mar 2005
Posts: 2,573
Likes: 0
Received 0 Likes
on
0 Posts
My Ride: 2006 530i Sport
Silver Gray - Black Leather - Anthracite Maple
Manual Transmission
Premium Audio
Cold Weather Package
Rear sunshade
Sirius Radio
Autobahnd Roadblock (3M) film kit
Originally Posted by BetterMakeWay' post='698661' date='Oct 21 2008, 04:30 AM
Maybe Apple decided to really be careful about their product as it is. I mean i prefer 100% a faster more stable product than a more complex and prone to failure product. The same could be said about the N95 and even WM 6.1 devices, be it HTC or whatever. I could simply not navigate faster, easier with other devices. But as i said to each of it's own. Taste is something too subjective.
About Blu Ray yes i think that's the major difference. Although i don't understand how can a Blu Ray disc cost 50 times more than a DVD. I mean what it has traces of gold in it?? Fifty times more than a DVD and it's virtually the same technology in it. Ok if the writer would cost lots more but the medium has no excuse for the ridiculous high price. At the beginning i thought it was a result of the Blu Ray vs HD DVD war but now that the war is over i expected the price to drop but that's not the case. So i assume this will not be widely (international) spread until it drops alot in price.
About firewire, i tthought that was a Sony thing. If you are refering to the connection type the rivals USB then i don't understand where the security hole comes from.
About Blu Ray yes i think that's the major difference. Although i don't understand how can a Blu Ray disc cost 50 times more than a DVD. I mean what it has traces of gold in it?? Fifty times more than a DVD and it's virtually the same technology in it. Ok if the writer would cost lots more but the medium has no excuse for the ridiculous high price. At the beginning i thought it was a result of the Blu Ray vs HD DVD war but now that the war is over i expected the price to drop but that's not the case. So i assume this will not be widely (international) spread until it drops alot in price.
About firewire, i tthought that was a Sony thing. If you are refering to the connection type the rivals USB then i don't understand where the security hole comes from.
I simply want to play my BluRay movies on PC hardware. There are combo BluRay ROM drives that can burn DVDs. That would be fine for now. In the US at least, the premium is not so much for movies, and a Sony player can be purchased for as little as $299, but if you're talking about burning onto discs for data storage, that's a big price jump.
Firewire is an Apple technology. They invented it. The security issues are well-documented in the attached pdf and they still exist today. In a nutshell, part of the -designed spec- is to permit direct hardware access to resources via Firewire. This is a gaping security hole, and one that is a "feature". In other words... you can't/shouldn't break this bad behavior, since it's a stipulated and planned characteristic as outlined by Apple. Very very bad.
I own 2 firewire iPods and a cardbus firewire adapter.
10-22-2008, 12:41 AM
#42
Senior Members
Join Date: May 2005
Location: Bucharest, Romania
Posts: 6,458
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by UUronL' post='698857' date='Oct 21 2008, 06:32 PM
I simply want to play my BluRay movies on PC hardware. There are combo BluRay ROM drives that can burn DVDs. That would be fine for now. In the US at least, the premium is not so much for movies, and a Sony player can be purchased for as little as $299, but if you're talking about burning onto discs for data storage, that's a big price jump.
Firewire is an Apple technology. They invented it. The security issues are well-documented in the attached pdf and they still exist today. In a nutshell, part of the -designed spec- is to permit direct hardware access to resources via Firewire. This is a gaping security hole, and one that is a "feature". In other words... you can't/shouldn't break this bad behavior, since it's a stipulated and planned characteristic as outlined by Apple. Very very bad.
I own 2 firewire iPods and a cardbus firewire adapter.
Firewire is an Apple technology. They invented it. The security issues are well-documented in the attached pdf and they still exist today. In a nutshell, part of the -designed spec- is to permit direct hardware access to resources via Firewire. This is a gaping security hole, and one that is a "feature". In other words... you can't/shouldn't break this bad behavior, since it's a stipulated and planned characteristic as outlined by Apple. Very very bad.
I own 2 firewire iPods and a cardbus firewire adapter.
So after reading that material i wondered if there are still present those firewire secuirty holes how can that translate into our day to day basis. I mean for example i will connect an external hdd via firewire with my new iMac especially for time machine. And then what? Yes i read that the hdd may carry within built in code to address the ram via firewire without my consent but once that happens what's the next step? If that hdd will stay for all it's life plugged in into my computer, what gives? Should i assume that after it makes let's say a screenshot or steals/adresses some data without my consent, it will simply start to act as a worm or torjan or spyware and send that private data to unknown (to me) locations??
As i understand, to do some harm or some prejudice it has to use that info in a way. And if we agree it can obtain it, how is the info distributed?
(BTW this is more a theoretical discussion, since as you said i will have nothing against using firewire regardless of the conclusions of that material).
10-22-2008, 11:40 AM
#43
Contributors
Join Date: Mar 2005
Posts: 2,573
Likes: 0
Received 0 Likes
on
0 Posts
My Ride: 2006 530i Sport
Silver Gray - Black Leather - Anthracite Maple
Manual Transmission
Premium Audio
Cold Weather Package
Rear sunshade
Sirius Radio
Autobahnd Roadblock (3M) film kit
Originally Posted by BetterMakeWay' post='699782' date='Oct 22 2008, 04:41 AM
Ok. Thanks for the lecture.
So after reading that material i wondered if there are still present those firewire secuirty holes how can that translate into our day to day basis. I mean for example i will connect an external hdd via firewire with my new iMac especially for time machine. And then what? Yes i read that the hdd may carry within built in code to address the ram via firewire without my consent but once that happens what's the next step? If that hdd will stay for all it's life plugged in into my computer, what gives? Should i assume that after it makes let's say a screenshot or steals/adresses some data without my consent, it will simply start to act as a worm or torjan or spyware and send that private data to unknown (to me) locations??
As i understand, to do some harm or some prejudice it has to use that info in a way. And if we agree it can obtain it, how is the info distributed?
(BTW this is more a theoretical discussion, since as you said i will have nothing against using firewire regardless of the conclusions of that material).
So after reading that material i wondered if there are still present those firewire secuirty holes how can that translate into our day to day basis. I mean for example i will connect an external hdd via firewire with my new iMac especially for time machine. And then what? Yes i read that the hdd may carry within built in code to address the ram via firewire without my consent but once that happens what's the next step? If that hdd will stay for all it's life plugged in into my computer, what gives? Should i assume that after it makes let's say a screenshot or steals/adresses some data without my consent, it will simply start to act as a worm or torjan or spyware and send that private data to unknown (to me) locations??
As i understand, to do some harm or some prejudice it has to use that info in a way. And if we agree it can obtain it, how is the info distributed?
(BTW this is more a theoretical discussion, since as you said i will have nothing against using firewire regardless of the conclusions of that material).
Practical issues:
1) A malicious person can slide a cardbus firewire card into a laptop that doesn't even have firewire and connect a drive (an iPod) that contains code that can suck off sensitive documents, or add an account, or create a back-door for later remote mischief. If the device already has a firewire adapter, you just plug the iPod/drive into the existing port.
2) Full disk encryption is used by most large governments and corporations. This prevents lost or stolen laptops from gushing sensitive information. Most good solutions don't load you directly into the OS, but rather require credentials prior to that. -IF- you carry your laptop around in hibernation or standby, the same hack in #1 above circumvents the crypto. This is very very bad.
Since Firewire is -supposed- to provide direct hardware level access, this isn't a bug - it's a feature... in the "Microsoft" definition of "feature". That means nobody is "fixing" it.
Bottom line, power down when you aren't using your laptop. Try to implement some of the filtering remedies in the deck. All of this rests on someone having physical access to your hardware.
I was pointing out that I have Firewire devices because I'm an information security professional, not because I don't have a problem with the level of security the interconnect provides.