"Last summer, when I wrote 'Vicious orchestrated assault on MacBook wireless researchers', it set off a long chain of heated debates and blogs. I had hoped to release the information on who orchestrated the vicious assault, but threats of lawsuits and a spineless company that refused to defend itself meant I couldn't disclose the details. A lot has changed since then: Researcher David Maynor is no longer working for SecureWorks, and he's finally given me permission to publish the details."
To read all comments associated with this story, please click here.
Member since:2005-06-29
Member since:2005-07-07
Has Apple claimed to be invulnerable?
1) Maynor and gang demonstrated an attack using a 3rd party card. This is not in question.
2) Maynor and gang claim that it also affects stock Macbooks. This is the point in question, and to date he has yet to demonstrate this.
Your link to FreeBSD's bug doesn't prove that the wireless card in the Macbook suffered from the same exploit. This has yet to be proven, however Maynor and gang have constantly alluded to their exploit working on stock Macbooks, and have not provided *any* evidence of it.
Why wouldn't Apple come down hard on these guys for making unsubstantiated claims? As it is Maynor and gang are spouting FUD about Apple.
Member since:2006-04-12
I appreciate your reply, let me explain myself a little better here, if I'm too long winded for you, at least see my SUMMARY at the end.
> Has Apple claimed to be invulnerable?
Oh please, Apple's ads have always touted that they were impervious to attack, which is known to no longer be the case. I think you're reading a bit too much into this however, you see, I own 2 Macs, and my first ever computer was an Apple //e. I'm far from a Mac hater, but come on, let's drop the marking BS and leave that to the experts. Here's a post from apple.com circa 2005:
"By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, 850 new threats were detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious."
http://www.apple.com/getamac/viruses.html
(and yeah, I love that they use viruses and contagious in the same paragraph!)
Are Macs still less vulnerable? Sure, but only due to their popularity. To try an imply that they (or their hardware) are inherently more secure than other systems (AIX, Sun, MS, Linux, *BSD) is pure marketing. Plus the software isn't want I think was the main point here (again, see SUMMARY for explanation)
> 2) Maynor and gang claim that it also affects stock
> Macbooks. This is the point in question, and to date
> he has yet to demonstrate this.
Did they make such claims or not? That seems to be the question, otherwise I agree with you.
> Your link to FreeBSD's bug doesn't prove that the
> wireless card in the Macbook suffered from the same
> exploit. This has yet to be proven, however Maynor
Agreed, it doesn't prove anything, but as an educated person the inference is there, and Apple's history of its response to such things have always been less than forthcoming, so the pattern COULD fit. Plus, look at Apple's denials "it's never been proven" doesn't mean that it hasn't been done. Perhaps Maynor and company are just being smug and enjoying the limelight, but I don't think that's the case. And that's my point, no, I can't back it up, but it's what I think, thus it's a valid comment.
> Why wouldn't Apple come down hard on these guys for
> making unsubstantiated claims? As it is Maynor and
> gang are spouting FUD about Apple.
And that's a good point, one that I think points to the fact that Apple doesn't want the truth to be known; they want to keep the tarnish of exploits away.
SUMMARY:
Look, during the talk here is the OVERALL point they were TRYING to make; with manufacturing trying to keep up with marketing companies are pushing third party drivers that aren't fully tested onto a public that assumes the device is as safe as the BRAND NAME, and not of the DRIVER'S unknown performance. This is what has been lost in all of this, it doesn't matter if it's Apple, HP, Dell or Franklin (!), the point is the hardware is only as secure as a firmware has been tested, which if often not much. You can call this a coverup Maynor and company they dreamed up post-Black Hat or whatever, but it's what I took home from it.
That's the FUD right there, the point they made, which was a VERY GOOD ONE, has been completely lost, regardless of if that was the original working theory or not.
Thanks for your reply.
fak3r
Member since:
2006-04-12
I was at the talk at Defcon 14, and I can tell you there was no question that they WERE NOT using the built in Apple wireless, they were very clear about this. It really seems that Apple tried (too hard) to keep straight with their 'secure' marketing.
If you read this post closely http://blogs.zdnet.com/Ou/?p=300 you'll see:
"Brian Krebs who himself had been flamed by Mac enthusiasts defended himself by releasing a word-for-word transcript of an audio tape interview he had with David Maynor in his hotel room. The transcript clearly reveals that Maynor had demonstrated the same exploit on a Mac without any third party wireless hardware! It also turns out Maynor chose an external third party hardware wireless adapter to avoid focusing attention on possible Apple hardware and software issues which may endanger Mac users."
So that it could be used against a precious Apple system seems more likely. Finally, if you think I'm grasping, it seems like far too much of a coincidence that a FreeBSD patch came out to address a very similar vuln:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05...
Come on, all software has bugs, why does Apple have to continue to pretend theirs does not, even when
"So what was the end result of all this? Apple continued to claim that there were no vulnerabilities in Mac OS X, but came a month later and patched its wireless drivers http://blogs.zdnet.com/Ou/?p=326 (presumably for vulnerabilities that didn't actually exist). Apple patched these "nonexistent vulnerabilities" but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The result was that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007, including last week's megapatch of 45 vulnerabilities."
whatever, funny, if Apple would have just owned up to it they could have blamed upstream (freebsd) and crowed about how quickly they addressed an issue brought up the community. Instead they let it drag on for 6 months causing more "in the know" to doubt their side even more.
fak3r