"Last summer, when I wrote 'Vicious orchestrated assault on MacBook wireless researchers', it set off a long chain of heated debates and blogs. I had hoped to release the information on who orchestrated the vicious assault, but threats of lawsuits and a spineless company that refused to defend itself meant I couldn't disclose the details. A lot has changed since then: Researcher David Maynor is no longer working for SecureWorks, and he's finally given me permission to publish the details."
To read all comments associated with this story, please click here.
Member since:2005-07-07
It turns out the Maynor and gang are confused themselves about what they actually achieved. From the Ou article:
So Maynor and SecureWorks have been telling the truth about this being a third party driver and hardware from the very beginning and they never misrepresented anything. If anything, Maynor went out of his way to avoid implicating any issues on the part of Apple because Brian Krebs of The Washington Post reported that Apple had leaned on Maynor and SecureWorks not to disclose the fact that the default Mac wireless hardware and default drivers were in fact vulnerable as well. When I asked Maynor about this at Black Hat, Maynor would not confirm or deny whether Apple had leaned on him or not saying that he didn’t want to discuss it at the moment. Brian Krebs who himself had been flamed by Mac enthusiasts defended himself by releasing a word-for-word transcript of an audio tape interview he had with David Maynor in his hotel room. The transcript clearly reveals that Maynor had demonstrated the same exploit on a Mac without any third party wireless hardware! It also turns out Maynor chose an external third party hardware wireless adapter to avoid focusing attention on possible Apple hardware and software issues which may endanger Mac users.
This is just from one paragraph in the Ou article. Notice the contradictions (highlighted in bold)? Maynor claims to Ou that the exploit doesn't work on stock Macbooks. To Krebs, he claims it does.
These guys don't tell a straight story. They have also failed to demonstrate their exploit working on a stock Macbook (i.e. one without an external card). All they've succeeded in doing is maligning Apple (ooh, big bad corporation trying to silence us!) without providing us with any proof that their exploit works.
Edited 2007-03-21 08:04
Member since:2006-06-03
There are no contradictions.
They claim that:
1. they exploited a bug on the Mac with the builtin wireless drivers. They also did it with 3rd party drivers.
2. Under threat of legal action from Apple (and in the defence of Apple users), they only showed the 3rd party hack at the Blackhat conference.
3. AT THE CONFERENCE, they explained that this was a 3rd party hack and that the DEMONSRATED exploit used a 3rd party driver/card.
4. In a SEPARATE interview, it was disclosed that the hack also worked on the built-in drivers, but that this hadn't been disclosed at the Blackhat demo.
See. No contradiction. Just a lack of understanding of complex paragraphs by you.
Member since:
2005-08-28
After having read that article, I'm now very confused as to what actually happened.
At the time, the press was up in arms about the guys claiming to have an exploit in Mac OS X's wireless system, and the dissection of the video that showed it was NOT a built-in wifi driver.
Now we get this: That it never was a flaw in Mac OS X, and was always supposed to have third-party drivers.
So was Apple merely trying to squash him for demonstrating that Mac OS X does not automatically guarantee all software running under it is free of security issues?
Or is this an attempt to re-write history, and back off from claims they never should have made?
Or were all those articles blissfully wrong about the video, and intentionally ignoring something supposedly clearly stated in the video?