You Laptop Battery is not safe.

[Elfen]

Lets see how much churn I can create here?

According to this article, your laptop better cab be used as a hacking device against you and your Apple Laptop. Though this applies to newer more advanced laptop batteries with a smart chip in them, this hack can in theory work for both older Apple and PC Laptops. It all depends on the complexity and sophistication of the smart chip in the battery. Mind you, this article was written in 2011. Not much was done to improve the situation as it stans.

But they have to get into your machine somehow first to do this... Then they own you.

https://threatpost.com/apple-laptop-batteries-can-be-bricked-firmware-hacked-072211/75464

 

[techknight]

Lol. Old news

 

[Elfen]

Old news to you, I just found it yesterday... LOL!

 

[johnklos]

There are lots of ways that an intruder can do nefarious things, including but not limited to making the magic smoke come out of things, creating a network over an air gap, downloading firmware to the webcam so that it can be turned on without the LED lighting up and so on.

Many people used to think that those of us who came up with seemingly theoretical scenarios were just paranoid, but thanks to the true American hero, Edward Snowden, we know they're not only worth worrying about but they're actually used in real life. We should ALWAYS be wary of who and what we trust.

 

[techknight]

Old news to you, I just found it yesterday... LOL!

Yea, well... Keep up to pace, would ya? LOL

 

[commodorejohn]

There are lots of ways that an intruder can do nefarious things, including but not limited to making the magic smoke come out of things, creating a network over an air gap, downloading firmware to the webcam so that it can be turned on without the LED lighting up and so on.

But hey! The Internet of Things is totally the future! What could go wrong!?

 

[johnklos]

But hey! The Internet of Things is totally the future! What could go wrong!?

Ha ha ha... Exactly! When I hear "cloud" this and "cloud" that, I just think of how it's nothing more than a convenient way to not take responsibility. Sorry, but my servers run a clean OS directly on iron - virtualization just adds another layer of possible intrusion.

The movement to decentralize everything just means that most people are screwed when some big security problem comes down the pipe.

 

[Elfen]

Exactly! On the Linux Linked Pages I pounce on all "I'm building/I want a cloud..." and I post "There has not been a cloud system to date that has not been hacked." And then watch the fur fly!

 

[Cory5412]

Wow. There is so much misinformation in this thread. I'll just list a few things.

• The Cloud and The Internet of Things are different things.
• Often, when people talk about wanting to build a cloud, they're actually talking about wanting to build a high-availability cluster of application servers in order to be able to do software patches on a product without bringing a server. This is how OpenVMS works at an operating system level, and this is how almost all Microsoft services and applications work at an application level. (Microsoft Distributed File System, Exchange, SharePoint, SQL Server replication, etc.) In fact, most really good applications do this.
• The thing about "the cloud" that gets those providers attacked is that they're a high value target, not because they're using a "cloud" (clustered) methodology, but because they're a service provider. Their systems are vulnerable to the same kinds of things that, well, all systems are vulnerable to.
• The special case is that some kinds of Cloud services are not only clustered application servers, but they're hosting a custom or proprietary application. (let's use Dropbox as an example here.) Dropbox is just an application, a piece of code, and is subject to human errors. Dropbox is actually really good at fixing and fessing up to their errors. I'm sure you all remember when there was an error that let somebody who had the exact same file as you know that that file was also in your account.
• Virtualizatoin adds another layer of possible intrusion, and so does out-of-band remote management hardware. You should probably switch away from server computers to home desktops in order to prevent any possible security issues.

I'm going to skip some of the more obvious conspiracy theories, but this all goes to show why it's important to be security-aware. You don't have to be a security professional to follow best practices on your systems and make good judgement calls about where you put your information.
I personally like cloud services a lot, and before I stood up my own SharePoint and Exchange servers at home, I was a happy user of a lot of cloud services. I still recommend them to a lot of people, because they're easy to use and most people weren't ever going to , say, spend any money, time, or effort doing things like making backups of their home computers, just as an example of the kind of thing these services can be used for.

Fortunately, I think that it's going to remain fairly uncommon for the most exotic of problems, such as air-gap networking and rewritten firmware, to be a thing that most people have to worry about. This is especially true given that the original poster linked to an article from three years ago.

In much the same way that when you drive around in a car you just kind of have to suspend your anxiety about the fact that you're driving in a very heavy death box, there are some security vulnerabilities that make it worth examining just how tightly your tin-foil hat is.

If you're not worried about pushdo/cutwail or poisoned DNS servers, but you are worried about air gap networks and rewritten firmware on your local peripherals, then I would be legitimately interested in hearing why.

 

[commodorejohn]

If you're not worried about pushdo/cutwail or poisoned DNS servers, but you are worried about air gap networks and rewritten firmware on your local peripherals, then I would be legitimately interested in hearing why.

There's a difference between "not worried about" in the sense of "don't think it's a problem" and "not worried about" in the sense of "don't think it's something to get openly worked up about because nobody is under the illusion that it's a good thing in the first place." Poisoned DNS servers are definitely a potential problem and ought to be dealt with when they're discovered, to be sure, but nobody is going around promoting poisoned DNS servers as The Wave Of The Future, so there's no point in bothering about them beyond dealing with them when they are an issue.

 

[commodorejohn]

(Also, as concerns the "cloud" discussion: yes, in the grand scheme of things they're no more or less inherently vulnerable than any Internet-facing system. But, as you say, they're a high-value target - and more importantly, they're a high-value target that a disconcertingly large number of people seem to think of as the next Future Of All Computing Forever and also as some kind of ethereal digital fairyland removed across a rainbow bridge from the actual real world of Internet-facing servers with their own potential vulnerabilities, where as much data as possible should be kept, simultaneously safe forever and readily available from everywhere, secured by the magical Cloud Pixies. The whole thing would be a lot less unsettling if most of the people stumping for it gave any indication that they understood what it is, how it works, or what the potential risks are.)

 

[AppleIIGuy]

My theory of cloud computing is Use it but keep at least one backup of the data you have on the cloud.