“Is the book on the Mac Wi-Fi hijack saga finally being closed? David Maynor, chief technology officer at Errata Security, at the Black Hat DC event here on Wednesday broke the months-long silence on a controversial Mac hack. He also said he plans to publicly release computer code used in that attack,” Joris Evers blogs for CNET.
“Maynor did offer an apology,” Evers writes. “‘I screwed up a little bit,’ he said. There was a lot of confusion around the Mac hack because the original presentation used a third party Wi-Fi card. However, Maynor and Ellch had in fact also found flaws in Apple’s own hardware, he said.”
Evers writes, “Maynor demonstrated a Mac Wi-Fi hack on stage on Wednesday. His MacBook running Mac OS X 10.4.6 crashed while scanning for a wireless network and coming across rogue code Maynor was pushing out from a Toshiba laptop. While the attack he demonstrated only caused a crash, it could also be used to run code on the Mac, he said.”
“Apple fixed that particular problem in September with Mac OS X 10.4.8, Maynor said,” Evers writes. “‘I did provide the information on vulnerabilities in Apple products, I provided them with code and they were given packet captures,’ he said. In the future, Maynor said he won’t work with Apple. ‘I do not feel comfortable keeping relations with the company and will not report future findings to them,’ he said.”
Full article here.
[Thanks to MacDailyNews Reader “oh my” for the heads up.]
Whatever. The only thing demonstrated was a crash to an old, unfixed Mac OS X version. How about demonstrating an actual hijack? Thought so. This whole fiasco would make us want to stab Maynor in the eye with a lit cigarette or something, if only we cared one iota. And Maynor is a little baby. Apple will survive without Maynor’s dubious reports of future findings.
Related articles:
The curious case of the supposed Apple MacBook Wi-Fi hack – August 21, 2006
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
@Ray
Maynor provided the documents ipso facto: after the fact. Hence, MDN’s take is right on the money.
Ray, I agree. This guy may have made some mistakes when he first announced his hack, mistakes which he acknowledged here. But he should not be disregarded even if his demo was only of a “crash.” I am willing to believe, as Apple did, that there may be something needing to be addessed here. On that front, he is trying to do the right thing. I’m willing to give him the benefit of the doubt and even support him if he helps ensure a continued secure platform in the future. Ridicule in this case is counterproductive and inappropriate.
I don’t buy it. This whole “demo” stinks like a load of crap. It took him this long to come out with a demo, and all he can do is crash the Mac?
Why doesn’t he take Gruber up on his challenge? He won’t. Because this is all bull$#!+, just like the last demo.
He still admits it was a 3rd party card. What did he expect from apple anyways? a handjob?
EEK….I standardized on 10.4.6 What am I to do??? What is the cost
of upgrading to a more secure version??? OH Yes ITS FREE?
Another want to be getting free press from you know who… Not worth the typing MDN
SHAME ON YOU.
Find some real news…
A FRIEND
Anyone have his email? I have an attack for him and his ISP….
One Billion Emails
Hello Moto