David Chartier reports for TUAW, “Remember those hackers in the Washington Post story who claimed to have hacked a MacBook’s wireless drivers to gain control of it? Then remember the follow-up story where the author, Brian Krebs basically, um, how shall I say: ‘slightly falsified’ his way through backing up the original story with excuses that the flaw does exist in Apple’s drivers, but Apple ‘leaned’ on them not to publicize this so they decided to use a 3rd party card? Finally, remember how, in the original article, David Maynor, one of the hackers, is quoted saying ‘We’re not picking specifically on Macs here, but if you watch those ‘Get a Mac’ commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something.’ Boy, that sure doesn’t betray any sense of ‘I am going to lie, cheat and steal to prove whatever I want’ bitterness, does it?”
Chartier reports, “Sounds like SecureWorks, the company who sponsored all this Mac hackery, is finally fessing up to their falsification and admitting that they, in fact, did not find the flaw in Apple’s drivers, and that they used a 3rd party card and software to facilitate the exploit.”
Full article here.
SecureWorks’ statement:
This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers. Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver – not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available.
Full article here.
Thomas Claburn reports for InformationWeek, “Apple sees the clarification as vindication. ‘Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,’ Apple spokesperson Lynn Fox said in a statement. ‘To the contrary, the SecureWorks demonstration used a third party USB 802.11 device – not the 802.11 hardware in the Mac – a device which uses a different chip and different software drivers than those on the Mac. To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.'”
Full article here.
Earlier this week, The Washington Post’s Brian Krebs wrote, “I’ve been asked this many times, so let me make this crystal clear: I had the opportunity to see a live version of the demo Maynor gave to a public audience the next day. In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook — but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in. As far as I’m aware, only one other person at the conference saw the demo the way I saw it (a Black Hat staff member whom I’m not at liberty to name); the discrepancy over the wireless card is probably the biggest reason why the Mac community was so confused and upset by my original post. I tried to clarify that in a follow-up, and am posting the contents of that interview — verbatim — to give the public all of the information I have about this particular exploit.”
Full article here.
MacDailyNews Take: Shouldn’t Apple seek some sort of recourse? Some monetary compensation and/or public apology or at least a shot at stabbing these bozos in the eyes with lit cigarettes or something?
Contact:
Related articles:
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
maybe so called hackers should start having a life of their own, in stead of trying to impress some scared grandmothers.
Like Landis said in the Tour The France, after alleged drug use: “In America, you are innocent until proven guilty”.
I guess, just as for Landis, these hackers are also guilty as hell, and the proof is indeed in the pudding.
if you can’t beat them, lie and stick a lit cancer stick in their eye.
Apple should work this into one of their Get A Mac ads!
I’m not lawsuit crazy, but Apple should go after these goofballs.
My mistake. It was Brian Krebs, the “journalist” who originally wrote the story who stated that Apple’s drivers were also vulnerable. He said, “Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable.”
OK, prove it. Tape another demo without the third party wireless card.
Krebs also stated, “During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet.”
Hmmm. This sounds a little dubious to me. Especially after Apple made it’s announcement yesterday. Apple never would have called them out if they had “leaned on them pretty hard” to keep quiet about their drivers. Perhaps Apple ought to “lean on” Maynor and Cache now?
Here is Kreb’s article where he flasifies the info:
http://blog.washingtonpost.com/securityfix/2006/08/the_macbook_wireless_exploit_i.html
Write to him here. Let’s see if he posts a retraction:
brian.krebs@washingtonpost.com
And in other news: gypsies admit their snake oil doesn’t cure cancer, arthritis, hair loss or warts. Full report at 11.
Fokines locos!
I’ve been looking around the Web at all the sites that carried the original story.
It’s very strange how not one of them seems to have picked up on this!
Are we surprised? Not.
To the ass clowns that said I had to put or shut up on 08/02/06:
well….
Ray . . .
Where ARE You, Ray?
I think this story means:
That the fake exploit that y’all were busy cumming in your pants about wasn’t real. Awe…I am so sorry and you were all so happy and everything. This is why I do not bother answering M$ Windoze ass clowns. My message to y’all: They day you are smart enough to realize the computer is supposed to work for you and not the other way around, you will buy a Mac or go Linux. Then you may be able to understand why your first OS choice was so bad. Yes, we are not bullshitting you on this site. The difference is that big.
I won’t put or shut up but, I will offer y’all nice warm mugs of well deserved STFU.
Apple should sue them for $10,000 just to bring it out on the front page and still not look like bullies. You don’t have to sue for millions, you know.
I think a lot of credit goes to John Gruber at daringfireball.net – he was the first person I saw who began questioning the demonstration, suggesting it had been rigged.
Let’s see if Brian Krebs at the WaPo is sounding so smug now.
There is a more important issue! Kreb’s Lied in His Latest Report
Kreb’s recent report!
August 15th – Kreb’s writes, “In the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook — but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in.”
Don’t just write Brian Krebs! Write the Washington Post!
Brian Krebs: brian.krebs@washingtonpost.com
Letters to the Editor: letters@washpost.com
Apple was Swiftboated by these dishonest swindlers.
I quote “As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available.”
But they had no problem letting stand or insinuating that Apple and the MacBook was an insecure platform?
It’s so amazing how their really isn’t journalist standards anymore. So many tech writers literally lies and falsehoods that easily verified. And let’s look at the main stream press too. Reuters with FAKE and modified war photos. Dan Rather and CBS using FAKE documents. The New York Times EVERYDAY publishing corrections because of outright lies in stories. And each and everytime caught within hours.
“journalists” lie to makeup stories. Commonplace now. It’s a shame and disgrace. The press can’t be trusted to be reporting facts. But slanted stories so “the means justify the end result”.
Perhaps someone should post this story to digg?
AWidgetIHaveNot;
It has been posted on digg.
Check it out: http://www.digg.com
Washington Post is a right-wing rag that’s always got it in for Apple, because of SPJ’s support for Democrats.
I know that’s not the case, but we needed some balance from what everybody says when The Independent or the BBC write something anti-Apple.
As for stabbing them in the eye with a cigarette, it sounds like a waste of cigarette to me.
I think litigation is the answer: not so much for the story, more for the fact that one of them calls himself “Johnny Cache”.
funny, these guys are about to lose some business…
All I will say is the IT industry is small, and serious CIO’s don’t risk their reputation with little outfits like this that have to make fraudulent or false for childish reasons.
“I think litigation is the answer: not so much for the story, more for the fact that one of them calls himself “Johnny Cache”.”
Funny, I think the fact that he calls himself “Johnny Cache” deserves the lit cigarette in the eye!
Now that is funny. WaPo as a right-wing rag. *rolls*
It is on digg. It is also noted as “Reported by Diggers as Possibly Inaccurate”
Why do media outfits lie when the know they are going to get caught? Because they know far more people will believe the original lie than the retraction.
BustingTheSkulls>
It’s called humour, go and read about it…also, whether something’s right-wing or left-wing depends on where you are on the dial, you are to the right of Genghis Khan so everything represents the red menace, I’m on the left of Fidel Castro, so I think everyone’s a lackey of the capitalist pig-dogs. Now where’s my copy of The Little Red Book…
Ndelc>
How about we stab him in the eye, and charge him for the cigarette and our time. I will donate my share to the cause of the intenational worker.
How many times have we seen this? The other time was with that OSX system that turned out they had user profiles on it already. That just shows you how really secure OSX really is when people have to lie about hacking OSX!
Sorry, haven’t read all the posts, so this might be a repeat . . .
Why doesn’t Apple spoof the SecureWorks “hack” with one of their ads . . .
That would kick butt . . .