David Maynor and Jon ‘Johnny Cache’ Ellch aren’t telling the complete Mac Wi-Fi flaw story after all. At the last minute, under pressure from SecureWorks (Maynor’s employer) and Apple, a talk at ToorCon here was cancelled and replaced by a ‘rant’ from Ellch about what he described as an ‘unprofessional’ approach to the issue by both companies. Ellch, out of respect for his friend Maynor, declined to take questions or talk on-the-record about the brouhaha, but he did release the text of his rant, which was aimed squarely at Apple and SecureWorks.
Typical Apple move, will do anything they can to “save face”. Including buying silence.
We do not know that. We are talking about people here who ware pretending they are careful with naming companies by hiding the third party card and have no problem telling a journalist about a apple hack.. Also they insulted apple user directly (said they like too put cigarettes out in apple-user eyes that kind of thing) they do not seem like very trust-wordy persons to me. I know it is very hip with nerds to insult apple users and then say there all fan-boys or apple-fanatics but it is getting so boring.
seems like DM & JE have little ground to stand on when make statements about professionalism, maybe instead of throwing paddy fits about Apple and its users, they should prove there claims rather then crying, its a very boring and dull series of events that they have yet to prove they are correct
big companies are rarely fast at responding to any kind of complaint/request, its part of the nature of the beast. If you want action from them, keep calling them until they ‘get round to it’. A rant at a conference damages your own credability but wil have little effect on companys with established reputations.
Big companies reacts fast to public embarrassment, not to individual’s private complaints/requests.
And it’s because of crap like this that I won’t touch ANY Apple product. They can keep their overpriced POS products to themselves. GNU/Linux does it better anyway.
Does critisizing Apple automatically give you a -2?
This is ridiculous, the parent might not have explained his views, but that doesn’t automatically make his post a flame.
Apple is over prices. Not everyone values Apple’s software stack to spend an extra $1000 on a computer. The vast majority of things that can be done on an Apple can be done on Windows/Linux.
Macs overpriced ? Hey, the 90’s called, they want your opinion back.
How about doing some price research before bringing back that myth. Macs command maybe a $100-200 premium to similarly equipped Windows machines… which considering the vastly superior OS and form factors is well worth it.
Vastly superior in your view, in mine its not much better than windows.
Mac are still ridiculously expensive. Apple.com sells a 17″ MacBook Pro with 2.16 GHz, 1gb Ram, 120GB, and an Ati x1600 for $2800.
You can get a comparable PC notebook for $2200.
http://osnews.pricegrabber.com/search_techspecs_full.php/masterid=2…
Just surf throught pricegrabber to see what I mean, with Apple you are stuck with paying 2800, with the PC you can find the best possible solution.
And thats notebooks, in regular desktops, PC trash Apple in the dust. ANYTHING Apple can offer, you can get a comparable machine built that is faster, cheaper and looks better. That goes for all the product ranges that Apple has to offer, from mini to MacPro.
I think you are the one who needs to do the math. The difference between a Mac and a normal computer is more than $200. And even if it is $200, why the hell would you want to spend an extra $200 for marketing? Your supposed to be a person who knows how to use computers (that includes making smart buying decisions).
How I hate blind fanboyism… (that goes for all fanboys, from windows apolagists, to Linux Zealots to Apple slaves)
Ahh… The Mac versus PC flamewar again…
Any references to support your claims? (The same to the mac user…)
“which considering the vastly superior OS and form factors is well worth it”
Does everyone value form factor or think that OS X is more beautiful than say Gnome 2.10? (I can tell you that it is definitely less consistent when it comes to HIG)
“ANYTHING Apple can offer, you can get a comparable machine built that is faster, cheaper and looks better”
While everyone has different tastes, the majority of people wouldn’t bash Apple when it comes to the design. (Cite numerous articles about Apple’s computers)
“The difference between a Mac and a normal computer is more than $200. And even if it is $200, why the hell would you want to spend an extra $200 for marketing?”
The integration between different hardware and software components, the best example of which would be Applescript.
Edited 2006-10-02 03:18
The integration between different hardware and software components, the best example of which would be Applescript.
Don’t get this at all. Maybe someone more expert will help us? Surely Applescript is not integrated with Mac hardware in any way. Don’t you have Apple Events which you pick up from Applescript, but you can also equally pick them up from lots of other languages including Perl and Python? So first of all, AppleScript doesn’t seem to be integrated with Apple Events, which seem to be the way AppleScript communicates with the hardware.
Well, maybe Apple Events are somehow integrated with the hardware? But it is hard to see how Apple Events are specific to particular hardware configurations in a way that would merit the description ‘integrated’.
Not for the first time, and probably not for the last, one’s main reaction to the claims of superior Apple hardware/software ‘integration’ is simply puzzlement. What can they be talking about?
Which is not to deny that Applescript is a wonderful thing. Apple Events too. Just not particularly integrated with Apple hardware.
Refernces? Go to Apple.com and then to pricegrabber.com. Do a fair comparison… I can tell you from personal experience that if your tight on cash you will not buy a Mac. I lived in Russia where $$$ is the number one issue when people a computer. No one uses Apple computers in Russia. The same goes for the rest of the developing world. If Mac was worth its money, why doesn’t anyone buy them outside of Europe/USA?
Apple’s design is good. But that doesn’t mean I can’t build a slicker looking desktop. The point I was making was that you can build a desktop computer that is faster, looks better and is cheaper than the Mac.
Applescript? How many Mac users know how to us it? And what makes you think this sort of thing is exclusive for Apple’s platform? Just google Autoit…
You talk about this integration, what integration is unique on the Apple’s platform that it can’t be mirred on the PC? Maybe the iSight integration that only works with Apple’s iChat (as opposed to Messenger Mac).
I don’t understand why questioning Apple is such a taboo on osnews… Anytime anyone suggests that Apple isn’t the lord of all being, that they are just marketing fluff with only percieved value, they are made to shut up.
I can’t help myself with this one. My sense of humor was piqued by this:
“I lived in Russia where $$$ is the number one issue when people a computer. No one uses Apple computers in Russia.”
http://news.com.com/Russian+hackers+hawked+Windows+exploit+for+4,00…
Using your choice for shopping comparison, the 17″ MacBook Pro with 2.16 GHz, 1gb Ram, 120GB, and an Ati x1600 for less than $2500.
http://osnews.pricegrabber.com/search_techspecs_full.php/masterid=1…
BTW, the MacBook Pro has a faster processor and a larger hard drive, TOSlink Optical Digital, Bluetooth. Much more valuable than a TV tuner.
Edited 2006-10-02 03:37
Its not quite the correct criticism of Apple that “ANYTHING Apple can offer, you can get a comparable machine built that is faster, cheaper and looks better.” It is probably not true, and it is anyway irrelevant.
The way that Apple advocates typically do these comparisons is to take a given Mac configuration, and then try to duplicate it. If you do this with the Mini, you end up spending more. There has been a lot of correspondence seeming to show that if you do this with the new floorstander, you end up spending more. And finally, you cannot do it with the iMac, because no-one else is making all-in-ones. The laptops also seem to be roughly comparable.
However, leaving aside the merits of OSX, this is not the right way to do the comparison. Anyone who regularly buys computers for other people comes at it from a completely different angle, which is to assess the choices for a given sort of user.
When you do this, you discover that the Mac is not a cost effective solution, because the different configurations available are not the ones the user really needs. If you do not need to carry it around in your pocket, and you do not need the particular combination of dire graphics and a fast processor with 2.5inch drive that the Mini offers, you can get an equivalently functional machine for less than half the price.
Similarly, there are a host of notebooks which will, for most people, do the job better and cheaper than the Macs. No, they are not the exact same configuration as the Macs, and for less. This is irrelevant.
The same is true throughout the line. If you steer your user to a Mac, they will end up paying more than they need for something which is no better for them. Often, in the case of the all-in-ones, they will end up buying new screens when they already have perfectly good ones. In the case of the entry level MacIntel floor standers they will end up buying a weird sort of system with ridiculously overpowered processors paired with an underpowered graphics card, too little memory, and a too small hard drive. Previously when these were PPC, they ended up with a case so full of cooling that sounded like a jet engine at takeoff and had no space for anything else inside.
You also have to add in the software upgrade fees every 12-18 months.
Macs are more expensive, and worse value, but it is not because you can duplicate a Mac configuration cheaper. Its because that configuration is probably not going to be optimal for you, but to get a Mac you will have to buy it.
Edited 2006-10-02 06:20
I’m tired of such unfounded comparisons.
1. Of course you can always find a cheaper system. That goes for every PC, too.
2. At least for Joe Normalo who buys from Dell, HP, Acer or Lenovo, you claim is totally unfounded.
3. Comparison of components and prices is just too simple and doesn’t cut it when it comes to real world usage. If you like to go with the cheapest, do it – but please don’t claim that the value is the same.
I’ve yet to see PC hardware who offers the same amount of meaningful hardware features a Mac has, e. g.
– normalo PCs don’t have things like target disk mode which safes you hours of time e. g. if you move to new hardware.
– normalo PCs can’t boot from an external firewire drive (I use my iPod as “carry with me OS boot disk” which I can plug in on any Mac and boot from it)
– normalo notebooks – especially the cheap ones – don’t have de-mirrored screens (ever tried one of those magic-/ultra-/whatevertheycallit-bright screen in sunlight? – pitch dark!)
– you can check the charging level of a mac battery without pluging in the battery into a notebook and start the system (very handy if you have a second battery)
– plug in the power-chord on a mac laptop and you’ll see at once if the notebook needs charging – again without starting the system
– wake from sleep does not need more than a few seconds on a Mac
– hardware – OS integration is a given. You don’t have components barely working. You don’t have to hunt the net for drivers (Time is money, too)
– etc., etc.
Everybody has to do his own choice. But please do respect people who do not just want the “cheapest” but instead prefer a working system with reasonable features and are willing to pay for the time they safe.
Or better – try it out yourself so your “comparison” will have a more depth than just the usual price tag / spec sheet nature
– normalo notebooks – especially the cheap ones – don’t have de-mirrored screens (ever tried one of those magic-/ultra-/whatevertheycallit-bright screen in sunlight? – pitch dark!)
– you can check the charging level of a mac battery without pluging in the battery into a notebook and start the system (very handy if you have a second battery)
– plug in the power-chord on a mac laptop and you’ll see at once if the notebook needs charging – again without starting the system
that are great features and i enjoy them every time i use my 8 year old compaq armada e500
apple must be a litle late to the game
1. These are not new features
2. Nice that your armada has some of those features, but what about the rest?
– normalo PCs don’t have things like target disk mode which safes you hours of time e. g. if you move to new hardware.
You got me on this one. Is Apple marketing the fact that you can transfer data between to computers via a cable as innovation?
– normalo PCs can’t boot from an external firewire drive (I use my iPod as “carry with me OS boot disk” which I can plug in on any Mac and boot from it)
Have you ever heard of USB? And btw, not everyone uses the ipod. Some people like their HDD music players to act as simple storage devices and require any additional crap.
– normalo notebooks – especially the cheap ones – don’t have de-mirrored screens (ever tried one of those magic-/ultra-/whatevertheycallit-bright screen in sunlight? – pitch dark!)
If you can’t find notebooks at the nice price and with the right feature set, it’s your problem. It’s a matter of looking.
– you can check the charging level of a mac battery without pluging in the battery into a notebook and start the system (very handy if you have a second battery)
– plug in the power-chord on a mac laptop and you’ll see at once if the notebook needs charging – again without starting the system
No clue about this one, but I am not paying an extra $600 for this, I’d rather get more memory or better GPU/CPU. Matter of choice I guess.
– wake from sleep does not need more than a few seconds on a Mac
Same goes for my Fujitsu-Siemens Amilo M3438G. And this isn’t one of the best notebooks I’ve tried.
– hardware – OS integration is a given. You don’t have components barely working. You don’t have to hunt the net for drivers (Time is money, too)
Please be a bit more specfic about integration. Integration can be a great thing, but it can also cause problems. It depends on the issue at hand. Hunting for drivers shouldn’t really take a long time. Plus I’d rather hunt for driver, but be able to choose the hardware I want, not have Apple decide what components are good for me.
Except for the lack the mirring thing on some cheap notebooks, none of the stuff you mentioned is of great significance. And it’s all available on the PC platform as well.
I love hearing ‘time is money’ arguements from people who post on osnews and slashdot. It adds some much validity to their arguements…
P.S. I am not suggesting that Apple products have no uses. Their strategy is market skimming and their audience is rich people with too much time. Apple is a marketing/design company. It is not about technology, and I think it stupid to buy Apple products if you know better. I am college student, I’d rather spend an extra 2-3 hours doing research/configuration, than spending an extra $600-$100 on a computer.
The part about the Target Disk Mode is actually a little more elaborate than just communicating from one machine to another. It basically turns the Mac into a Firewire hard drive that should be able to mount on any Mac (since the filesystem is HFS+, something that Windows doesnt understand without third party software) and even on a Linux computer (if the hfsplus module is loaded). This is useful in case the Apple hardware has crashed and doesn’t allow you any other way to extract the data from that machine to another. It also allows you to take files from one computer and move it over to your Mac, especially if your Mac is a laptop. Sure, it’s overkill for small files but for large video files (if you’re dealing with video) or any other large-size files it’s actually a major time saver as mentioned by the original poster you were rebuttling.
Also remember that USB is a shared technology, so anything that is connected to the same USB hub along with your USB drive will affect the transmission. If you hoook it up to a USB port that has its own internal hub, then I guess it’s not an issue. But Firewire isn’t seen as a peripheral connection….it’s more like a network connection, so it’s more point to point as opposed to USB. (I hope this makes some sense.)
As far as integration goes, he’s referring to the “integration” between the OS and the computer (your immediate hardware, IMO). Sometimes with Windows, you have to deal with installing drivers from a supplied drivers disc or you have to download them (Boot Camp also creates the drivers disc for you since Microsoft isn’t supporting the Intel Macs just yet). Sure, for some it’s a non-issue but for other’s it’s not just a waste of time, but some people might not know how to do this. This is where Apple shines. Anything you need to work right out of the box is supported, EVEN IF YOU HAVE TO RE-INSTALL THE OS FROM A CRASH. While the PC already has the drivers pre-installed when first purchased, if something goes wrong (barring the System Restore feature) then you’re going to have to add those after installing Windows. This “integration” between OS and immediate hardware is also seen in Linux and other open source operating systems to a certain degree (thanks to the wonderful open source developers and supporters). As for any third party hardware that’s not supported, that’s up to the third party manufacturer to provide the driver since they make the third party hardware….it’s not Apple’s responsibility (nor is it Microsoft’s either).
At the same time, as much as I love Apple’s stuff (and have so for years) the fact that they’ve still not released any Core 2 Duo MacBooks and MacBook Pros is irking me a lot. I’m actually thinking of looking at some PC laptops other than Apple’s offerings because of this, but I might just wait and see what happens after Macworld in January (maybe some Core 2 Quad mobile chips? 😉 ). I do love my iMac G5 as well as OS X, but Linux does just as well for me on my work laptop and my home PCs so we’ll see what happens on the personal laptop front. 😀
My laptop tells me that the battery needs charging without turning on the laptop either, big deal.
My PC will boot off a firewire drive, it’s a BIOS option on the MB
Wake from hibernation takes only a few seconds on my PC
I don’t have components barely working, and I don’t have to spend hours scouring the web, for any of the OS’s I run, Windows, Ubuntu, or FreeBSD.
You seem tired of “tired of such unfounded comparisons”, perhaps you wore yourself out when you made yours.
Yes, both mac users are easily offended.
Yes, both mac users are easily offended.
Funny! But to go from the default 1 to -2, you need three offended users 🙂 (actually 3 more offended Apple users than Apple bashers, but you get the point)
Must be that third guy sympathising with the first two but just can’t afford a mac. b-) I can understand people bashing apple as a company, maybe the ipod for it’s marketing but bashing their computers or osX is beyond me, what’s not to like?
GNU/Linux does it better anyway.
Better user interface?
Better software installation (lack of dependency hell?)
What Linux does have is sheer number of apps and flexibility. What it does not have is a simple method of managing applications. Nor do they have an elegant UI. Even XP’s UI is more intuitive than Gnome/KDE.
Better user interface?
Better software installation (lack of dependency hell?)
<p>Dear god, did you ever used linux at all? I mean, to see that you are talking complete nonsense we only have to instal right about *ANY* linux distribution to realize you are so wrong it isn’t even funny. The main DE and WM people have done an amazing job at turning the linux GUI experience from the “hey, at least it works” level to the “hey, this is freaking amazing and beautifull” where it is now. If you don’t even want to bother with those 10-minutes it takes to do a fresh linux install on your system, you may even look at screenshots.
And what’s that “dependency hell” thing you talk about? In linux? I never had a single dependency hell issue in the past three years. You know why? Because the apt family tools are a godsend and they make installing apps in linux a walk in the park. Just search for the package, click install and voilá. Application installed and fully functional. I want to see you accomplish that in Windows or OS X, for what is worth.
And what’s that “dependency hell” thing you talk about?
Oh, come on! You don’t make things go away by just denying them. The reason why apt-get is such a comfortable tool is exactly because dependeny hell exists.
I use fink on a Mac (which uses apt-get) and the normal procedure when installing software A is that apt-get starts downloading and installing software B, C and D first because of “dependency hell”.
However, if you like to install software which you can’t get with apt-get, “dependeny hell” is still around waiting to bite you in the ass.
The main DE and WM people have done an amazing job at turning the linux GUI experience from the “hey, at least it works” level to the “hey, this is freaking amazing and beautifull” where it is now.
Sorry, I disagree. The last time I saw a freaking amazing and beautiful demo of a Linux desktop, it had a strong third-class “rip-off” taste (demo was showing Expose like feature, 3D cube spining virtual desktop change, live update windows, transparency and so on – all highly amusing (if you don’t use a system which already offers such features) but unfortunately without the slightest thought about user experience)
Don’t get me wrong – I like Linux (and MacOS X) but denying problems won’t help Linux in any way..
Edited 2006-10-02 10:01
And what’s that “dependency hell” thing you talk about?
Oh, come on! You don’t make things go away by just denying them. The reason why apt-get is such a comfortable tool is exactly because dependeny hell exists.
I use fink on a Mac (which uses apt-get) and the normal procedure when installing software A is that apt-get starts downloading and installing software B, C and D first because of “dependency hell”.
However, if you like to install software which you can’t get with apt-get, “dependeny hell” is still around waiting to bite you in the ass.
You’re judging Linux on the basis of dependency hell in one Linux distro. Well, guess what?
If you judge by Windows98, “Windows” (my experience with it) crashes all the time;
If you judge by NT, “Windows” doesn’t run games or have good hardware support.
If you judge by XP, “Windows” has a Fisher-Price interface (by default, anyway)
If you judge by MS-DOS, MS OS’es don’t have GUIs.
Oh, and Win98 has “dependency [DLL] hell” too; arguably the fix – allowing every program to install its own version of DLL’s – is worse than Linux’s fix. In fact, scratch arbitrary: considering the point of DLL’s (facilitating code reuse), if Linux were the big player and Windows the runner-up, people would laugh at its need to have umpteen different versions of the same DLL installed simultaneously.
The main DE and WM people have done an amazing job at turning the linux GUI experience from the “hey, at least it works” level to the “hey, this is freaking amazing and beautifull” where it is now.
Sorry, I disagree. The last time I saw a freaking amazing and beautiful demo of a Linux desktop, it had a strong third-class “rip-off” taste (demo was showing Expose like feature, 3D cube spining virtual desktop change, live update windows, transparency and so on – all highly amusing (if you don’t use a system which already offers such features) but unfortunately without the slightest thought about user experience)
What do fantastically-fast spinning windows add to the “user experience”? Yes it’s flash, but it’s confusing and not very useful, even if Linux’s implementation IS a “ripoff”.
Don’t get me wrong – I like Linux (and MacOS X) but denying problems won’t help Linux in any way..
No-one is “denying Linux problems”. The only “problem denial” that goes on is from Windows users who refuse to accept that the only reasons MS’s crappy, late solutions to problems don’t “rool” are user ignorance and MS’s monopoly.
Quick call a Whambulance for johnny ‘Cache’
Jut a couple of links out of hundreds.
http://www.wi-fiplanet.com/news/print.php/3633681
http://www.linux.com/article.pl?sid=06/09/04/138253
David Maynor should choose his friends more carefully.
I am curious, though. Thom, did you post this to start a flamewar, or are you truly interested in real story?
Apple seem to have made this into a much bigger drama than it needed to be.
Releasing a statement which says “we are working on a patch” or even “we are looking at the issue” would have been lot better way to handle things.
Sticking your head in the sand and shouting la-la-la is really not a good way for a company to handle security issues. All software has bugs, all software has security issues, a company which does not recognise this is does not inspire confidence.
What’s odd is they don’t usually do this, usually software update just finds patches and that’s it, end of story. Even in this case they worked on a patch and fixed it. They do take security seriously so the entire episode appears to have been a PR screw up. But why?
Port-a-Johnny is Lame anways!
But I never know that you was able to get third party wireless cards for a Mac – I asumed the only option was the airport card, modern powerbooks didn’t ship with pc-card slots
But I never know that you was able to get third party wireless cards for a Mac – I asumed the only option was the airport card, modern powerbooks didn’t ship with pc-card slots
There is a nice open source wireless driver for OS X and it supports a large number of devices.
There are a small handful of USB wifi adapters that will work with OS X. I’ve been getting an old iBook up and running for someone and have a Belkin USB wireless adapter working with it. It wasn’t the cheapest (about $60 Canadian), but still a lot less than what the local Apple retailer quoted for an airport card ($250 plus labour).
I’m no Apple cheerleader but I’ve watched them patch things pretty well. They’ve had cases where they have been slow occasionally, but for the most part, they proceed pretty quickly.
There are a couple of difficult to find bugs in the kernel. They’re difficult to find, difficult to research, and they’re difficult to exploit.
What the SecureWorks seem to have done is what is known as a publicity stunt. It draws attention to the company by using a familiar face.
It’s certainly possible that Apple had flaws in their wireless drivers. They recently patched the AirPort software. However, why did SecureWorks need the USB device? Supposedly, they ran it again successfully without the device but that was either covered up or never existed.
If it’s real, I want to see it happen spontaneously on any WiFi-enabled Apple computer. I don’t want to see it on some system they’ve had. It’s easy to gain control of a specially-prepared system in which you’ve already developed a faulty device driver but it’s a lot more to take over one that’s untouched.
I’m not siding with either company. I want real proof. There are enough fanatics for and against Apple that make this whole series of events difficult to believe.
I think every OS has it’s vulnerabillities of which a lot are 0day,even over a considerable lenght of time.Why should OSX be an execption?
Jon Elch is nothing more than a kid. A so called reseacher with hair painted in blue, well that’s look serious!!!!
People interested in this story should read the covering at http://daringfireball.net/ who seems to give an exellent analysis of the story and how everyting that Jon or Maynor are sayong is basically lies.
There is a fact that nobody can deny here. A big compagny (Apple), which i am sure it is serious not to say lies about security (and it never did before anyway) has clearly and several times made clear that neither Jon neither Maynor neither SecutyWorks have shown them or demonstrated them or spoke with them about a security hole in their driver. The secutity patch that Apple made available was indeed the result of internal investigation after Secutiyworks and Maynor have talked about wifi security issues at the Black Hat.
To make it simple, people at Apple is strongly stating that they have never been in contact with both “researchers” concerning the wifi attack that they demonstrated at the black hat conference, and they have never been demonstrated that this attack does affect macs built in card.
Now, maybe Apple built in card could have been concerned by the Maynor’s demo, but the fact in this story is that both researchers have never proven that it DOES (and god damm don’t say me that Apple prevented them to do that in a way or another, Maynor and Jon and are not the only “researchers” working on security things affecting Apple, why other researchers can do?) and secondly that have been lying all the time that they have been in contact with Apple regarding this issue, if there were at all!!!
So whatever Jon is saying, the point remain that he is the one who is not professional by acting like a kid. If Secureworks would have contacted Apple about this issue it would have said that clearly and it is not the case because guys at SecureWorks did not. And because Maynor works for Secureworks he did not either… Which explains why SecureWorks asked Maynor to cancel his presentation, he would have put SecureWorks in a kind of difficult situation regarding their credibility.
So what’s Jon is saying?
-“The fact that SecureWorks/Apple managed to compel him not to means that they must have had something very compelling to stop him. I’m not supposed to talk about what that is.”
Do you have any proof that Apple has anything to do in the fact that SecurityWorks has asked Maynor to stop to give this talk. I don’t think so!!! Or maybe you are not supposed to talk about it, BS!, you don’t work for SecurityWorks, you just keep saying bla, bla things which are basically irrelevant.
-“We give a talk saying that device drivers have lots of bugs. We demo one bug in Apple. ”
He does not even know by hinself what happened!! You did not demo one bug in Apple, you demoed a bug in a third-party card attached to a an Apple. That’s a completly different thing. He does’nt know himself what the stoty is about, how can anyone take hime in serious. It just boggles the mind.
-“Apple says that it doesn’t exist, and we didn’t talk to them about it.”
Apple says that he does not exist because nobody is saying to them that it exists. And i notice that this time Jon does not say or confirm anywhere that him or Maynor have told anything to Apple, which they said at the Black Hat, why not to say it clearly again today? Because it was a lie?
-“One day before [our ToorCon] talk, SecureWorks and Apple get together and manage to stop Dave from coming. They also issue this cutesy press release:
”SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC, that it is appropriate.””
This does not prove anything, what does measn is that both compagnies get aggreed to work more closely to avoid the mess that Maynor and Jon made. I just see in this that Secureworks somehow admitted that they have never told anything to Apple concerning the black hat presentation and that to avoid such mess both compagnies are better help to exchange secutity issues more easily.
Is SecurityWorks claiming that they contacted Apple before? NO, they never claimed so, and only Maynor and Jon have argued during the Black Hat conference so but we know it was a lie.
And if really Jon is so conviced about himself, why did’nt he accep the challenge of John Gruber. He proposed them to hack in the same way that they did at the Black Hat conference a brand new macbook that he could keep if he would succeed. Why not to accep? Basically if they have demonstrated a hole publically, they could have also demonstrated it to Gruber. At least Jon who does not work for SecurityWorks has nothing to hide regarding any employer, so why did he refuse? The challenge was simple, make the same demo on a brand new macbook…
Apple did not anything to stop ths challenge (they could if they were sure that this issue indeed existed, isn’it?), Gruber was free to make it, and Jon or even Maynor were free to accept it.
-“So, if SecureWorks provided them with virtually nothing useful, then what the hell could they have to coordinate with CERT.”
What the problem with the CERT, Apple joined the research program with teams working at Carnegir Mellon, so what the problem to coordinate with the CERT. A lot of Apple security related research is done there for the Software Engineering Institute’s Network Systems Survivability (NSS) program which includes the CERT. What’s wrong? The statement clearly says that the work between SecurityWorks and Apple will be done with the coordination with the CERT, it does not confirm anything about wether or not SecuriWorks has provided anything useful regarding the security hole discussed at the Black Hat and again why Jon is not saying now that he did provide Apple with information as he was saying before. Why to speak about SecurityWorks, what about him, nothing prevented him to go ahead to talk to Apple and to prove them that what his discovered could affect Apple too. He did not do so, right, and still he does not do today, just keep saying BS to attract attention.
-“And why did they wait till one day before ToorCon to decide this?”
Better ask SecurityWorks about that. My guess is that SecurityWorks aleady felt embarrassed with this story and they did not want another chapter!!!! Because whatever Maynor and Jon were about to speak, there was nothing that could restore their credibility….
-“Apple and SecureWorks had 2 months to stop Dave and I from giving this talk. Why wait till the day before? Neither Dave or I found out about this till yesterday morning. How is that professional?”
Ask SecuriryWorks!!!! Or better ask your friend Maynor, i am sure that he knows……
So what remains from all of this is that Jon still keeps sayong things without facts, which makes me think that he better shut up now!!!! His credibility and professionalism (yes talk about it) are already well flushed into the toilet……
“A so called reseacher with hair painted in blue, well that’s look serious!!!!”
Because judging someone based on his hair colour is very mature…
“A big compagny (Apple), which i am sure it is serious not to say lies about security”
Right, because big companies never lies or tries to silence researchers (cue Cisco).
No he does not judge him on his hair-color but on changing his hair-color to blue and yes apple may be lying but there is no proof of that at all. There is only two guys and a couple of journalists with a story they will not prove but that is very easy to prove if they really wanted to. And if paint your hair blue you are not afraid of your job security if you are you are not really that non conforming young man that you want people to believe you are.
Guys, this article is about the Wifi exploit, not about the Mac price or why Applescript is better than yourscript. 10 out of 19 comments made so far are totally off-topic.
Guys, this article is about the Wifi exploit, not about the Mac price or why Applescript is better than yourscript.
Just for the record, perl6 is the best.
====
This message was autogenerated using RubYcrawlR
Sorry to be off topic but…
Most laptops these days have some form of button on the underside or on the batteries themselves for checking the state of their charge, indeed my old Latitude (almost 4 years old now) has it.
Also, on the price of Mac’s versus PCs; I spec’d up a PC for my brother recently who was toying with buying a Mac. I assured him the PC would be cheaper however, by the time I’d finished the PC was £3 cheaper and I hadn’t including additional features/toys like built-in webcams. I do reside in the UK so I can’t speak for every country obviously!
Also, on the price of Mac’s versus PCs; I spec’d up a PC for my brother recently who was toying with buying a Mac. I assured him the PC would be cheaper however, by the time I’d finished the PC was £3 cheaper and I hadn’t including additional features/toys like built-in webcams. I do reside in the UK so I can’t speak for every country obviously!
Before buying MBP, I almost convinved with the low price Dell. But after building with the same configuration, the price is almost the same, and it’s still excluding built in camera. So, here is the summary about Mac:
1. Mac price is competitive compared to PC.
2. Mac is always built on high quality hardware. If you are used to use cheap hardware, Mac is not for you.
Well, I initially believed SW, and backed their claims to many friends of mine. This last minute backout is so incredibly lame, though, that it hardly matters whether they were telling the truth or not. Even if Maynor couldn’t give the talk, I see no reason why JC couldn’t have, but all he has to say is that he wouldn’t. All in all the situation stinks, and is even more difficult to pick apart at this point. One thing’s for sure, though, Apple stomped their asses IRL even if they did find a flaw in Apple code a (which is increasingly doubtful). P\n3d…
Half of us look at this situation and see that Apple clearly lied about there being no exploit, and the other half see the exact opposite.
The difference is with whom your bias lies. I was surprised to still see so many posts about how these two SecureWorks guys were liars, even after Apple released a patch to fix the exact same hole that these two hackers claim they exploited.
After that, how can anyone claim the exploit didn’t exist? Seems like the Mac zealots have a lot of unfortunate coincidences to explain away, if that’s what they’re going to insist on believing, even after a lot of evidence clearly refutes that.
You really should look deeper into the story. What the 2 hackers did, was flawed by using a USB Wifi device, not the internal. They brought focus on the MacBook Pro because of theri personal dislikes over advertising(?) and their perceptions of Mac users.
The patch Apple came up with was for PPC Macs, not the Intel versions, while in the same time frame Intel was releasing a firmware upgrade for the Centrino.
At the time Apple and Intel were working on somewhat similar security issues, these hackers hadn’t given any information to anyone. Claiming that Apple lied is false.
You really should look deeper into the story. What the 2 hackers did, was flawed by using a USB Wifi device, not the internal. They brought focus on the MacBook Pro because of theri personal dislikes over advertising(?) and their perceptions of Mac users.
A correction: those two hackers ALWAYS admitted, from day one, they were using a third party driver/device. It was THE MEDIA who puffed the story up, NOT them.
“The patch Apple came up with was for PPC Macs, not the Intel versions..”
It’s actually for both platforms.
You are right in that the latest update is for both platforms. Thom commented on the media puffing this up, and he is quite correct, and that is where the issues get all out of whack.
What would clear things up is an article with a time-line of events. At the time the two hackers were presenting the vulnerability, Intel was releasing a firmware upgrade, and Apple was releasing an ‘Airport’ security update. Both updates were unrelated. The Intel update occurred without any apparent connection to the two hackers work, although it may be the update was addressing the very issue.
The media (blogs and press) started in on wild speculation that Apple was telling lies. This was based on the timing of events, not on any actual communication from the two hackers. Jon Elch is playing this up for some personal reasons without presenting any facts, seeming awfully close to being slanderous.
I was surprised to still see so many posts about how these two SecureWorks guys were liars, even after Apple released a patch to fix the exact same hole that these two hackers claim they exploited.
Apple’s patch was for a completely different issue they uncovered while looking for an issue like the one these hackers claimed to have found. I don’t know where you heard it was the “exact same hole,” probably just your assumption, but I heard very differently.
http://blogs.zdnet.com/Ou/?p=328
Someone else took issue with that response (link on that page), but his logic is as bad as his syntax, so I couldn’t handle reading it thoroughly enough to find a point. But there you go, Apple’s side of the issue, and very credible given the posturing and “I can do that but I don’t wanna” attitude we’ve seen from these hackers as far as backing up their claims.
Just a few things:
1. If it’s fixed why the hell don’t they show the bug in action, in someone else’s MacBook? It would be fairly easy to test that an unpatched Mac has the bug, and an updated Mac doesn’t!
2. If there’s such a bug, why did they use a third party wifi card when they showed it?
3. So, Apple stops David from attending, and Jon still thinks that he shouldn’t show the bug in public and prove that Apple = bad?
Who should I believe, the guy who tells me that there’s a bug, that they can prove it, but that they don’t feel like it, we just have to have faith, or the company that tells me that there is no bug?
I do believe that Apple is capable of behaving this badly. But it’s _easy_ for them to prove that they are telling the truth.
Either they are lying or they are behaving like little kids that like the attention they are receiving. Either way, it’s hard to feel any sympathy for them.
I went to school with him at North Central College in Naperville IL and I can tell you he’s an honest guy, he knows his stuff and he wouldn’t fake something like this. If he says it, I believe him.
Apple would be making a big mistake if they are trying to cover up a security problem. If the truth is revealed, they will bear the reputation of dishonesty regarding their products’ security problems, which is far worse than losing the mystique of “invulnerability” (which shouldn’t have been there in the first place)
I initially find it difficult to believe that the researchers were making fraudulent claims, but now I think there is a possibility that they have exaggerated their claim.
Edited 2006-10-04 01:10