It turns out that - surprise! - the MacBook wireless networking vulnerability written about previously on this site is no such thing. David Maynor and “Johnny Cache’s” employer have this to say, according to Macworld:
“Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver — not the original wireless device driver that ships with the MacBook,†says the company’s Web site.
In addition, Apple says:
“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,†Apple Director of Mac PR, Lynn Fox, told Macworld. “To the contrary, the SecureWorks demonstration used a third party USB 802.11 device–not the 802.11 hardware in the Mac–a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.â€
So it’s obvious that these two charlatans staged the vulnerability, and why? Because of the alleged…
“Mac user base aura of smugness on security.â€
The vulnerability in the third-party wireless hardware and drivers is real and poses a legitimate threat to those who use it. But, because these two asshats have an irrational hatred for a group of millions of people based on a stereotype, their credibility is trash and the firm they conduct research for is embarrassed. Instead of informing those at risk with some level of sincerity, they decided to sensationalize it because they wanted to “…stab [Mac] users in the eye with a lit cigarette or something.â€
Why is some petty, irrational hatred (and more specifically, a series of commercials) such a motivator for these two that they’re willing to risk their credibility to perpetrate what is, in effect, a hoax? Did they seriously believe that it would never be revealed? Did they not stop to consider the consequences to themselves and their organization when that revelation eventually happened? You certainly don’t make any progress toward stripping Mac users of their alleged smugness when you mislead them with phony demonstrations.
And I wonder if Brian Krebs of the Washington Post will admit to being duped, to not being sufficiently diligent in reporting a story that thousands of other people saw through immediately? Knowing the drive-by media, I doubt it.
Some day there will be a serious vulnerability for the Mac. No software is perfect. When entities who make their living finding such vulnerabilities cry wolf so many times, how will we know when to believe them?
My .Mac Web Gallery
Loading ...
August 17th, 2006 at 10:40 pm
Did you not watch the video, David Maynor said it was a 3rd party driver at least 2 times.
August 17th, 2006 at 11:54 pm
From Brian Krebs on Computer Security, the original source for this story:
It turns out, according to SecureWorks’s own admission, that’s completely false. Apple drivers were never used, and they’re not vulnerable, so there was no reason for Apple to “lean” on anyone to keep a secret that didn’t exist.
Again, those flaws are not present in the default Mac drivers. It’s a complete fabrication.
I’d like to see him stand by it now.
Or maybe it wasn’t shown live because it was intentionally staged to make the MacBook appear to be less secure than it is, and the audience would have asked questions and revealed such.
It most certainly was.