O'Grady's PowerPage » Hack

Researchers demonstrate proof of concept for firmware worm that can directly target Macs

Posted by:
Date: Monday, August 3rd, 2015, 16:00
Category: Hack, MacBook, MacBook Air, MacBook Pro, News, security, Software


It’s generally been accepted that Apple’s computers are much more secure than their Windows PC counterparts.

This isn’t entirely true, as a part of researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of Macs. The researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.


Hack: User pulls off ROM hack, runs Mac OS 6.0.1 on Amiga 500 computer

Posted by:
Date: Wednesday, July 29th, 2015, 08:28
Category: Hack, News, Software


This is one of the cooler old-school projects out there.

And it seems to have worked.

Apparently, Reddit and imgur user “wowbobwow” was able to get Mac OS 6.0.1 running on an Amiga 500 computer. This was achieved by using an emulator called “A-Max” that allowed Mac ROM chips to be run on the Amiga.


Developer adapts Apple Watch to run Mac OS 7.5.5

Posted by:
Date: Tuesday, June 23rd, 2015, 08:32
Category: Apple Watch, Fun, Hack, News, Software, Wearables


I’m not sure how he did it, but developer Nick Lee managed to get Mac OS 7.5.5 running on his Apple Watch.

The developer started by updating his Apple Watch to the developer version of watchOS 2, and then ported the Mini vMac emulator so it would run on the device.

The icons are really too small to use, the screen is hard to see, but it works. And that’s all that matters.


Starbucks app compromised, hackers using auto-reload feature, weak passwords to siphon funds

Posted by:
Date: Friday, May 15th, 2015, 07:11
Category: Hack, News, Software


If you’re going to use the Starbucks mobile app, have a strong password behind it.

This seems to be what’s necessary as thieves have begun accessing users’ Starbucks mobile apps and siphoning money from their credit cards, bank and PayPal accounts. The Starbucks app, which ties into a rewards account, also lets you reload the account by automatically drawing off your bank account, credit card or PayPal account. Once a Starbucks account has been accessed, hackers can add a new gift card, transfer funds over and repeat the process every time the original card reloads.


Hacker offers proof of concept of web browser running on Apple Watch

Posted by:
Date: Tuesday, May 12th, 2015, 07:41
Category: Apple Watch, Hack, iOS, News, Software


It’s hard to say whether you’ll want a web browser on your wrist, but the hack’s been sorter out.

iOS developer Nicholas Allegra, better known by his handle “comex” within the jailbreaking community, presented a short video that shows a web browser running on the Apple Watch. The fifteen-second clip shows Allegra tapping, panning and zooming on the Google homepage on the Apple Watch, but the functionality is limited as to be expected because of the small screen size and lack of an on-screen keyboard.


Security researcher demonstrates Thunderbolt firmware hack proof of concept at Chaos Computer Congress

Posted by:
Date: Monday, January 5th, 2015, 10:15
Category: Hack, Hardware, News, security, Thunderbolt


As great as Thunderbolt is, there are vulnerabilities to consider.

Per 9to5Mac, a security researcher speaking at the Chaos Computer Congress in Hamburg demonstrated a hack that rewrites an Intel Mac’s firmware using a Thunderbolt device with attack code in an option ROM. Known as Thunderstrike, the proof of concept presented by Trammel Hudson infects the Apple Extensible Firmware Interface (EFI) in a way he claims cannot be detected, nor removed by reinstalling OS X.

Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the hard drive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware.


iFixit programmer drills 60 small holes in MacBook Pro to help resolve overheating issues

Posted by:
Date: Tuesday, December 30th, 2014, 11:35
Category: Hack, Hardware, MacBook Pro, News


This is somewhat psychotic.

And it just might work.

Per 9to5Mac, a programmer over at iFixit was able to resolve an overheating problem with a MacBook Pro notebook by drilling a ring of holes under each of its fans.

With a 1/16” bit, the group drilled holes in the bottom case, under the fans (they figured out where the blades of the fan were exposed based on the dust pattern stuck to the inside of the bottom case). The speed holes worked: The boot chime rang. The screen glowed. The fans blew.


Is Apple doing anything about iCloud breach?!

Posted by:
Date: Tuesday, May 27th, 2014, 08:16
Category: Apple, Hack, iCloud, iOS, iPhone, security

icloud-iconUnfortunately, Apple has not acknowledged the supposed hack into the iCloud systems, and rarely comments publicly on such matters, so we’ll just have to hope they are working towards protecting users’ accounts. The incursion was claimed by two hackers going by the handles AquaXetine and MerrukTechnolog, who form Team DoulCi (derived by spelling “iCloud” backwards-ish). The hack exploits an iCloud security flaw that allows someone to bypass Apple’s Activation Lock system to unlock a lost or stolen iPhone. By utilizing the DoulCi web site, and making a simple change to a file on your computer, the iPhone can be fooled into thinking DoulCi’s site is actually Apple’s iCloud servers.


Critical update for Flash released

Posted by:
Date: Thursday, February 6th, 2014, 09:56
Category: Hack, Mac, Malware, News, security, Software, Windows

adobe-flash-playerEarlier it was Java, now it has been discovered that Adobe’s Flash software also has a vulnerability that gives complete control over compromised systems to hackers. This vulnerability, fixed in the just released version, affects Adobe Flash Player and earlier versions for Windows and Macintosh and Adobe Flash Player and earlier versions for Linux, although Linux was listed as having a lower priority rating. Adobe has detailed the problem in a security bulletin. All users are recommended to update Flash on their computers, as well as Google’s Chrome browser which has it’s own Flash component. The version of Chrome that includes this fix is 32.0.1700.107 and should update this automatically, but you may have to restart the browser for the correct version to register in the “About Google Chrome” window. If you want to check which version you are running before going through the update process, you can go to this page on Adobe’s site. You can download OS specific installers from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply two Flash updates, one for IE and one for any alternative browsers (Firefox, Opera, e.g.). Both updaters can be found on the download page. On a Mac, if you already have Flash installed, you can also go to the Flash Player settings in System Preferences and click on the Check for Updates button in the Advanced tab. Our friends at Kaspersky Labs make another appearance in the Acknowledgements of the security bulletin where Adobe thanks them for discovering the vulnerability;

“Adobe would like to thank the following individuals for reporting the relevant issues and for working with Adobe to help protect our customers:

Alexander Polyakov and Anton Ivanov of Kaspersky Labs (CVE-2014-0497)”

So if you’ve got the time now, and you probably should make the time, get those updaters downloaded and installed. Almost makes you want to remove both Java and Flash doesn’t it?

New malicious Java app aims to infect Mac and Linux systems

Posted by:
Date: Tuesday, February 4th, 2014, 09:34
Category: Announcement, Apple, Desktop Mac, Hack, Mac, Malware, OS X, security, Software

target-javaIt’s a long held belief that unless you are using the Windows platform, you are more or less immune to the average virus, trojan, or hack that you might encounter out in the wilds of the internet. There is some truth to the notion that Windows is more vulnerable to attacks, but there really is no such thing as safe, only safer. Check out this article on How-To Geek for a historical perspective on Windows’ malware woes. While Linux and OS X have more inherent defenses against infection, there are still some avenues that hackers can take advantage of to breach them, one of them being Java.