Apple Laptops Vulnerable To Battery Firmware Hack 272
Trailrunner7 writes "Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple's iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries, could also be used for more malicious purposes down the road. Miller discovered the default passwords set on the battery at the factory to change the battery into unsealed mode and developed a method that let him permanently brick the battery as well as read and modify the entire firmware. 'You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though,' Miller said."
Why? (Score:5, Insightful)
In other news - batteries have firmware.
Re:Why? (Score:5, Informative)
Lithium Ion batteries are inherently unstable and have to be charged and discharged very carefully. Unlike the old school batteries you'd think of, these batteries have a controller to manage them built in. When that fails, you have big problems (remember the defective ones a few years ago that would just burst into flames?)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
This does not explain why it needs firmware.
Lithium Ion batteries are inherently unstable and have to be charged and discharged very carefully. Unlike the old school batteries you'd think of, these batteries have a controller to manage them built in.
Sounds like an explanation to me.
But why does the controller need firmware instead of hardware?
Re: (Score:2)
The firmware is so that Apple can make sure you are only using Apple-approved battery chargers to charge your i Device. They disabled many of the low-cost chargers on the iPhone/iPod platform with one of the early iOS 4.x releases. Suddenly the charger I had made by just hooking up a fairly hefty 5 volt supply to the power pins on an old synch cable ceased working. (Reverse engineers have discovered that there's a hack, using voltage divider reisistors in the data pins on the USB connection that 'fixes'
Re: (Score:3)
That's not quite true. The iPhone is capable of drawing more power than the USB spec allows to charge (USB allows 500mA at 5V, the iPhone can draw up to 1A, IIRC). However, so as not to fry a USB port that is not rated to drive the phone, it looks for the voltage divider resistors. The charger you made should have had 15k pull-down resistors on D+ and D- in it to be a compliant USB host interface. I suspect few, if any, devices check for it, but the charger you made does not meet the USB spec. Any cha
Re: (Score:2)
That's not quite true. The iPhone is capable of drawing more power than the USB spec allows to charge (USB allows 500mA at 5V, the iPhone can draw up to 1A, IIRC). However, so as not to fry a USB port that is not rated to drive the phone, it looks for the voltage divider resistors.
That is the "official Apple story", but as anyone who's read the USB spec can tell you - EVERY single certified USB controller has an over-current detector in it and will shut the USB port down if the current draw is too high for the rated USB port (note: not all ports have to supply 500mA; they can supply up to that amount, but must report their actual limits in the hardware descriptor. And there is no requirement that a port only supplies up to 500 mA, many are built with higher limits now to support ex
Re: (Score:2)
Every iDevice works with every USB spec charger, it just won't draw more than 500 mA. It wouldn't know how much more than 500 mA to pull without purposely tripping the over-current circuitry in the charger.
Re: (Score:3, Interesting)
In other news - batteries have firmware.
WHY!!?!?! I echo your sentiment because this is ridiculous.
1) Why would a device whose purpose is to provide electrical supply have to have firmware, or even some other-than-electrical relationship with the system.
2) Why would someone permit any communication from the 'firmw'a....
you know.. I could count out the reasons but its just too frustrating to conceive the stupidity in Apple's choices here.
THE REASON VULNERABILITIES ARE FOUND/EXPLOITED IS BECAUSE ENGINEERS/DEVELOPERS PERMIT THEM BY POOR DESIGN.
If t
Re: (Score:2)
1) Why would a device whose purpose is to provide electrical supply have to have firmware, or even some other-than-electrical relationship with the system.
2) Why would someone permit any communication from the 'firmw'a....
Let's see - so the user could have some idea what the battery charge was? So the user could have some idea what the 'health' of the battery is?
And notice that Charlie Miller (the hacker) could NOT figure out how to control the computer from the battery. It's possible that with more work he could, but that remains to be seen. Security is ALWAYS a tradeoff between useability. If you're so paranoid, unhook the battery, and run it off the wall wart.
And loosen the straps on the hat. The tinfoil is eating
Re: (Score:2)
Let's be more honest it all breaks down to "Government Regulation" vs "Corporate Greed". Corporations as run by psychopathic asshats, will seek every possible method to screw their customers for every possible cent of profit upon a completely amoral or sociopathic basis. Government regulation is then required to force morals onto those corporations in order to get them to treat the customers/voters in a somewhat reasonable fashion.
I for one think, that being able to remotely program a battery that is cap
Re: (Score:2)
Perhaps you should see someone to deal with your anger management and threats of violence.
If you bothered to check up on it, Battery firmware does more then just give you the percentage back on the battery.
For example if the voltage falls outside the safe range, then the battery disables itself from getting a charge (to stop it exploding/going on fire).
It will also prevent the battery from being completely discharged (which kills the battery).
That firmware needs to be programmed in, and editable at a later
Re: (Score:2)
So instead of spending an extra 6 months and some more people invested in a debug (so you could have a reliable finalized product that requires no patches), you just open doors and assume that only you will be the one going through it... yeah.... smart... oh wait.. we're talking about this for a reason.
The big point here is beyond batteries. And the solution will not come from shortsighted, uninventive, run-of-the-mill engineers and companies. The solutions will not be something you've seen before, but ma
Re: (Score:2)
What a moron you are. Come back when you understand the inherent problems of power sources and how digital (not analog) controls make them safer to use.
Actually, fuck that. Let me add another felony to my rap sheet. You're just another AC that won''t be missed. Where do you live?
Re: (Score:2)
It sounds like Sony made similar mistakes. Thanks.
Re:Why? (Score:5, Informative)
And you're the know-it-all guy who prematurely called it.
Figuring out Lion/NiMH cell charging by analog methods is actually quite difficult to do when you're charging the battery at stupidly high current, which is what's going on here. The NiCD way of measuring the voltage drop/resistance doesn't work as well - the change is too sharp. There's not one charging rate (fast and trickle), there's a "curve" to maximise battery life and minimise damage/risk of explosion. It changes over the life of the battery, so you can't just "assume" a common curve. You may have a fully-charged battery, so you have to know how much charge is in there before you start charging it at full current.
These laptop battery cells can double as exploding timebombs if you're not careful. Hence yes, there's a microcontroller in them to keep track of exactly what's going on.
Re: (Score:2)
The trick is balancing the charge in multi cell batteries (not necessary for NiMH which tolerate a little overcharging), thermal management, "gas gauge" status, etc.
Apple uses li-poly (soft pouch) cells in their batteries, which do require a battery m
Re: (Score:3)
If that was your main point you made a piss poor attempt at communicating it (Hint: communication does not involve yelling at people if they appear to not understand you).
You raised a valid point about battery firmware being easily writeable*, but look totally ignorant about modern battery technology by questioning the necessity of battery controllers with Lithium chemistry batteries.
* Making it not really firmware as far as I understand the definition. Most re-writeable firmware needs special high voltage
Re: (Score:2)
And you're a wannabe engineer without a clue.
Analog is garbage for cntrolling circuitry charge and discharge. Sure it's fine for mechanical devices, but for digital devices, you're a damned fool t use analog.
Re: (Score:2)
I never said for controlling charge and discharge, that would be something that would require absolutely no communication with the actual computer, thus the 'door' would not exist anyway.
What i'm talking about is an analog readout that is physically connected to the battery and simply reports the amount in it. Hell, it could even be a digital display, but the point being that it doesn't communicate with the computer/os, but rather directly to a small display somewhere on your device.
oh.. but that's me not
Re: (Score:2)
And you've never tried to implement a state of charge estimation algorithm. If you had, you'd understand that it is an extremely hard problem.
Re: (Score:2)
Why would a device whose purpose is to provide electrical supply have to have firmware
Now you're just trying to re-engineer the battery, what would make you think that you can? While it might seem to be a requirement, simply having a snarky know-it-all attitude doesn't quit
Re: (Score:2)
Here's the brainstorm you didn't have.... It took me 10 seconds.
Make access to battery firmware physical, and physical only - requiring specific access port ONLY.
Make important 'battery related' data that you would want only travel in one direction, to the computer itself. That way the battery operates completely independently, sending electricity, as its main purpose, and its status for your information.
I knew people with no imagination would tell me its gotta be this way... Good luck with that.
Re: (Score:2)
Make access to battery firmware physical, and physical only - requiring specific access port ONLY.
So if you worked for Apple would you want to deal with a recall of a million+ laptops? Previously, every other model has required an update. It simply is not practical. Much better to allow the firmware to be updated via software update. If you are worried about a virus being able to go from the battery to the computer then simply make sure the software that communicates with the battery is not filled with bugs. The communication protocols will be simple so it will not be a difficult task. It is not l
Re: (Score:2)
What he said , plus there is no way to compromise the OS through this vector and it is no more likely to be exploited then any other hardware firmware.
Re: (Score:2)
So you can harm your computer by running malicious code outside of a sandbox. Is this really news to anyone?
Well, there is a disturbing trend towards an increasing number of hardware components that can be irreversibly damaged by software. 15 years ago there wasn't anything software could do to your computer that couldn't be undone by booting off of a clean floppy and re-installing the OS.
Fast-forward to today. Now a virus can blast through write cycles on flash chips, permanently destroying them. It can wipe the BIOS, which on many motherboards cannot be recovered without changing chips. It can cycle your DV
Re: (Score:2)
You're not really going to try, at all, are you? You're talking about what we already know, and ignoring the fact that it is reckless/vulnerable for convenience.
Meh... you can scan all my other posts on this topic for some inspiration. Real inventors have ideas, and then make it reality -- they don't look at reality and accept it as is.
All you said was 'change the locks'. That's pretty lame.
Re: (Score:2)
Because Lithium Ion batteries are dangerous and require circuity and logic to make sure that they charge properly.
Cool. So you're sitting on a plane using the Wi-Fi and you go to some dubious web site which uses a browser vulnerability to download new firmware that makes your battery explode.
Ah, the joys of modern hardware design.
Re: (Score:2)
No, it doesn't have to be set like that to explode.
Just overtask the laptop and make the battery firmware fail. I'm sure thermodynamics will take care of the rest.
Re: (Score:2)
It doesn't really matter how well you secure the computer, if you have people that are weaker.
http://xkcd.com/538/ [xkcd.com]
Re: (Score:2)
Smart batteries are used by Apple [apple.com], Lenovo [lenovo.com], HP/Compaq [hp.com], and other companies.
Re: (Score:3)
hey, I just 'flashed' my battery.
is that good or bad?
and, if I crossflash to another model, can I overclock its volts?
Re: (Score:2)
You really need to get employed before you become a menace to society.
Re: (Score:2)
About 20kbytes of code so I was told. The uP has an analogue block called a coulomb counter. There is also some non volatile storage to keep
track of the # of cycles plus other pertinent facts about that battery pack.
Progress no? Certainly good for uP vendors since each battery needs one.
H.
Re: (Score:2)
My current MacBook Pro I bought in 2007 is on its 4th battery, which now only holds charge for 30 minutes, showing 'health' of 13%, and has had 170 cycles. I really can't be bothered to by a 5th one.
Meanwhile, my MacBook has had over 1,400 cycles and has a health of 80% of its original charge when new.
I'd like a way to fool the firmware in to thinking my cells were fine, I'm pretty certain they are fine, they are just being mis-reported and the chip kills them off.
One battery did do this though: http://www. [flickr.com]
Re: (Score:3, Interesting)
I had a similar problem with a macbook pro battery I bought in Jan 2010. By Jan 2011, it would barely hold 30 minutes of operating energy, and reported a health of 15%. The number of cycles reported was 49. Not a typo. Forty-nine.
No amount of "calibrating" the battery nor resetting the EPS would change this. I had to fork out $129 for a new battery. As it turns out, leaving the damn thing plugged in all the time and never draining the charge severely shortens the life of the cells.
Lesson: run the thi
Re: (Score:2)
As it turns out, leaving the damn thing plugged in all the time and never draining the charge severely shortens the life of the cells.
Yep, they have "memory". They have to be cycled or they won't hold a charge. But that's a separate issue from the firmware.
Re: (Score:2)
Citation?
http://en.wikipedia.org/wiki/Lithium-ion_battery [wikipedia.org] States "..no memory effect.." and http://en.wikipedia.org/wiki/Memory_effect [wikipedia.org] states: "battery memory, is an alleged effect observed in nickel cadmium rechargeable batteries.." and continues on with "True memory effect is specific to sintered-plate nickel-cadmium cells, and is exceedingly difficult to reproduce, especially in lower ampere-hour cells. In one particular test programâ"especially designed to induce memoryâ"no effect was found
Re: (Score:2)
On the other hand, Li-ion cells lose capacity with time, whether or not they are being used. The capacity loss is faster at higher temperatures and if the battery is kept at full charge - exactly the environment in a plugged-in laptop that sees a lot of use.
Re: (Score:2)
Re: (Score:2)
Re:Why? (Score:4, Insightful)
You got it right the first time - to control the charging process. That is the "non predatory" reason that lithium ion batteries have chips in them, and it is *absolutely* not unique to Apple.
Don't let facts get in the way of a good Apple bash though!
This is kinda weak without a patch.. (Score:2)
So, kudos for looking at the patches and finding the password, but without providing a tool to set the password to something else this is just kinda weak. 'Hai guys, I rooted your battery and you can't do anything about it!'. Clever but not helpful.
Re: (Score:3)
On the plus side, it might allow refurbished packs and cheap offbrand replacements.
PSP Pandora Battery (Score:3)
Isn't this sort of like how the Pandora Batteries worked on the PSP? I think they enabled a diagnostic mode as opposed to a direct hack, but the battery being used to corrupt the system thing isn't totally new.
On the plus side, the hard to replace batteries people complain about make this attack more difficult to perform, instead of just taking a few seconds.
Re: (Score:3)
Re: (Score:2)
Thats a minus, not a plus. A hard to replace battery isn't any harder to hack, its just harder to fix.
he was thinking of using it to hack a laptop you've gained access to.
Re: (Score:2)
Right. What I meant was that with an older MacBook Pro where you could just pop the battery out and pop a new one it, it would be easy to gain access to my laptop on my desk if I'm away for just a few minutes. With the newer MBPs, you'd have to remove the bottom case (8 torx screws?), unplug the battery cable, swap batteries, plug the new cable in, put the bottom back on, and put the screws back in... all before I walked by my desk and noticed.
As an end-user, yeah, it's a little annoying. But in this one r
No worries here (Score:5, Funny)
I don't have to worry about that. Not only am I using a Dell, but my battery exploded.
Re: (Score:2)
Not only am I using a Dell, but my battery exploded.
Don't worry, Apple laptop batteries do that too.
I'm already on my second Apple laptop battery after the first one bulged to the point it no longer fit within the laptop case. Thankfully I'm using the "old" MacBook: the one where you can replace the battery and hard drive on it, both things you can't do with the new ones.
Which makes me think that somehow I might be staying away from the new "sealed" MacBooks with the unreplaceable batteries, especially because searching for "bulging battery" [google.com] brings up nothin
Re:No worries here (Score:4, Informative)
Re: (Score:2)
Not terribly hard compared to what?
You know how I remove the battery on my Thinkpad? I slide the clasp into the unlocked position then slide the battery out. Same for the DVD drive (although I don't know who swaps theirs out, there doesn't appear to be an option to put a second battery there).
I can also use one screwdriver, a phillips, to replace the hard drive, memory, wireless card, keyboard, CPU, video card, etc.
Re: (Score:2)
Actually, it's not terribly hard to remove the batteries on the 2011 Macbook pros. Not something you could do easily on a plane, or in the car, but you can definitely do so with just two screwdrivers. Or one screwdriver with a replaceable bit.
You've missed the point.
It's harder then it should be. Dell, Lenovo and HP sell more laptops to enterprises in a day then Apple do in a year because they have better support and are better designed. If a Dell breaks at my workplace, all I do is move the HDD into a similar model, it's literally a two minute operation because Dell know the HDD is one of the parts that is more readily changed/serviced by the user. RAM and batteries also fall into this category.
If my boss takes a 12 hour flight to Europe,
Re: (Score:2)
You'd better be careful with all those facts. Slashdot mods might mod you 'troll'.
Re: (Score:2)
Which makes me think that somehow I might be staying away from the new "sealed" MacBooks with the unreplaceable batteries, especially because searching for "bulging battery" brings up nothing but horror stories about Apple batteries. Apparently they've had this problem for over five years and have never bothered fixing it.
The batteries used in the laptops today are completely different from the removable ones. They used to contract out for batteries, I believe to Sony but there were likely others involved as well. Now they build their own batteries. A huge investment on their part and likely the reason why it took 5 years to fix the problem. Current batteries are Li-Pol based and are far more durable then the Li-Ion batteries used on cheaper laptops. These batteries appear to be free of the "bulge" defects that effecte
Re: (Score:2)
The bulging is a symptom, not a problem. A lot of problems with lithium-polymer cells will cause them to swell up. Overheat them, they swell. Short them, they swell. Overcharge them (w
Firmware should have a write-enable switch (Score:5, Insightful)
This is just one more reason why software that's not designed to be frequently changed should be write-protected unless the user sets a specific hardware switch.
If the hardware switch is in its default location - "protect" - it should be mathematically provable that the firmware cannot be overwritten.
Re: (Score:2)
requires root? (Score:2)
Most firmware flashing requires the root password to perform, so I'm assuming that unless you're talking about removing the battery from the computer. So at least authentication is required for this, which lessens the threat considerably.
However, this is a very interesting angle. I can somewhat see where there's a password required for access, but it's more to keep the battery secure than the computer. Or possibly to prevent cycle-count tampering to get around warranty claims on consumed batteries that a
Re: (Score:2)
Until they patch it, yes. That itself is SOP industry-wide. It only attracts criticism when they drag their feet patching it, which Apple isn't known for.
You might want to read up on Apple Security [apple.com]
Upgradable firmware is upgradable... (Score:2)
Re: (Score:2)
in the modern world, that actually is news. I got plenty of devices with non upgradeable firmware(though the company that sold 'em originally could update)
Lulz (Score:3)
So does anyone know if the firmware can be upgraded to cause the battery to burst into fames? That would be funny and probably not covered by the apple warranty.
Re: (Score:2)
"I started out thinking I wanted to see if a bad guy could make your laptop blow up. But that didn't happen," he said. "There are all kinds of things engineers build into these batteries to make them safe, and this is just one of them. I don't know if you could really melt the thing down."
the concept of 'device management' (Score:2)
I used to work on 'network management' and the NMS systems would drill down and do queries on the equipment in the rack. equipment usually would support an 'environmental' data set that includes dynamic info (volts, current, fan-flow, temperature) but also static info (serial #, vendor #, batch #, pcb version, firmware version). its useful to have that.
I learned from experience that the closer to the device this info lives, the better. there can be multiple NMSs that walk the network or poll devices. if
Re: (Score:2)
... now pany batteries are chipped. 'for your protection' but they are authentication chipped for vendor lock-in (or lock-out, depending on POV).
Sometime 'for your protection' really means for your protection. If you put some cheap knock-off battery in the device, maybe it has different charge characteristics and the device will over-charge it, which can cause all kinds of problems.
Re: (Score:2)
Or, maybe it works just fine but it undercuts the vendor's market.
I'm not a big fan of protecting consumers from themselves, or vendors from competition.
And, why can't we just have standard-size batteries anyway? That and standard size oil filters while we're at it...
Re: (Score:2)
Thank the imaginary friend that SNMP didn't report the status of every spit-jet cartridge!
one hack to ruin them all.... (Score:4, Insightful)
If it's a problem at Apple then it's a problem with a number of other hardware devices that use the same battery controllers, so your windoze laptops isn't safe either. Someone could also hack my Logitech Mouse and brick it too, or any number of peripherals that have upgradeable firmware, like my router, printer, keyboard, the list goes on.
Note to self (Score:2)
Decades old news (Score:4, Insightful)
BTW, Apple batteries have had firmware for the last 10-15 years, so your info is a little late.
So, can we fix bad batteries then? (Score:2)
One of the problems with LiON cells is that the logic controller can get the wrong impression about the state of the cell it is controlling. (This is for various reasons, but the most common is that it uses a function of charge/discharge time, and voltage output per cell to determine if the cell is bad or not.)
Some charging solutions "Pulse charge" a cell to bring the voltage back up to the point where the charge logic will turn the cell back on again, but this is dangerous because the pulsing can make lith
Battery auth IC? (Score:2)
It wasn't mentioned in the article, but I'm curious whether this is a custom-for-Apple microcontroller/firmware, or one of the several off-the-shelf battery authentication ICs [google.com] currently on the market. Firmware on a battery is not entirely suprising - charge management, capacity counting, authentication and various safety checks can be cheaply integrated that way, and a little serial bootloader onboard for emergency bugfixes is a "why-not" feature. In the case of authentication, some manufacturers are now us
The circle of life (Score:2)
After Windowsupdate.com, now it will be Batteryupdate.com.
Somewhere in a basement in Guangdong or Beijing, keyboards are already at work to create a new Blaster.
BSD not Linux (Score:2)
One of the other problems is that Apple is running BSD in there instead of Linux so they wouldn't have to worry about GPL :-)
Re: (Score:2)
Re: (Score:2)
Let me point out the obvious.
*so you can have a working battery again*
Re: (Score:2)
This why you NEED battry packs that can be Removed from the systems.
Windows PHONE has this.
An operating system has removable battery packs?
Perhaps what you meant is "some (or all?) mobile phones not from Apple have this"; not all such phones run Windows.
Re: (Score:2)
Re: (Score:2)
The battery on my MBP is built-in. I'd expect most other brands to allow you to replace the battery without resorting to screwdrivers.
Screwdrivers are scary to you or something? I pulled the back off of my new MBP - took all of 5 minutes. Now, if you're one of those relatively few people that swaps out batteries to keep working, then a new MacBook isn't your best choice. You only have a couple of hundred others. For the rest of us, replacing a used up battery every three years (and cleaning out the fans) isn't such a hardship.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
But windows phone doesn't have spell check or working shift key.
Maybe you could hack the Win Phone's battery to install a spellchecker and a shift key.
Re: (Score:2)
The registry. Experience has taught me that everything in Windows is somewhere in the registry.
Where's the registry?
Re:Physical access? (Score:4, Interesting)
Obviously this is important, because it changes the attack vector significantly. There's a big difference between being vulnerable to the battery manufacturer or if a random infection could push code to the battery (or even brick it).
Re: (Score:3, Insightful)
I'm not worried, mine has never been anywhere near a Chinaman.
Re: (Score:3)
Re: (Score:2)
It would be a real shame if there was a major malware attack on OSX and Apple was forced to flip the switch to make OSX refuse to run code that isn't signed by Apple. That kind of stuff must keep people in Cupertino awake at night.
Re:OSX is the least secure OS in mainstream use (Score:5, Informative)
Re: (Score:2, Redundant)
Cool story bro.
Re: (Score:2)
No, I just posted something of equal value to your post. You certainly aren't interested in discussion but it's clear you wanted some interaction.
Re: (Score:2)
No, you really aren't interested in discussion:
To argue anything different would be to argue that Bakersfield, CA is more secure than NYC because they have had no terrorists crash their planes into buildings there.
So, your position is that your opinion is fact, and no amount of arguing will change that.
To all the apple guys out there who tell people that macs are inherently more secure than PCs - shame on you. And if you are a mac user who takes exception to that last sentence, be a flagrant non-conformist and re-read it before you hit the reply button.
Frothing anger whilst you type some variation of "I never do that, how dare you flame ALL mac users" makes you look like a entirely different type of fool than the ones described.
Again, your position here is a pre-emptive ad hominem. You're clearly not interested in discussion, you just wanted to flame Apple.
You cannot start from the position of "I am right, and if you try to say I'm not, you're a clueless fanboy who should be ashamed of holding a different opinion to me" and expect to be taken seriously.
Offtopic (Score:2)
This issue has absolutely nothing to do with OSX.
Re: (Score:2)
I could write all about over generalizations and bad metaphors, but I'll avoid that, since your comment does a good enough job of demonstrating your hyperbole and rhetoric without me having to add my thoughts. Instead, I'll link to someone who disagrees with you and cites experts who disagree with you.
http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/ [theregister.co.uk]
Now, I don't know enough about all of the Lion security upgrades to say that I necessarily agree with the article's claims that Lion is as secure
Re: (Score:2)
I wasn't attacking with my last two paragraphs (aside from the comment about decrying), nor was I attempting to twist your security comments into something about safety. Rather, I was merely attempting to add some additional information in a tangential direction that I thought might be nice to touch on, if not for you, than for anyone else who came along and read it. So, yes, wasted words, perhaps. I don't mind.
I caught your "inherently" comment the first time, and I understood your intent. I never tried to
Re: (Score:2)
To name just one random example, Windows Media Player can run scripts embedded in WMA/WMV/ASF files, and does by default - a feature intended to allow for DRMed files to fetch licence information from a
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
*/. cut off my sentence >,_,