Text 12605, 64 rader
Skriven 2006-08-18 17:12:12 av /m (1:379/45)
Ärende: SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacki
===============================================================================
From: /m <mike@barkto.com>


http://macdailynews.com/index.php/weblog/comments/10603/

===
David Chartier reports for TUAW, "Remember those hackers in the Washington Post
story who claimed to have hacked a MacBook's wireless drivers to gain control
of it? Then remember the follow-up story where the author, Brian Krebs
basically, um, how shall I say: 'slightly falsified' his way through backing up
the original story with excuses that the flaw does exist in Apple's drivers,
but Apple 'leaned' on them not to publicize this so they decided to use a 3rd
party card? Finally, remember how, in the original article, David Maynor, one
of the hackers, is quoted saying 'We're not picking specifically on Macs here,
but if you watch those 'Get a Mac' commercials enough, it eventually makes you
want to stab one of those users in the eye with a lit cigarette or something.'
Boy, that sure doesn't betray any sense of 'I am going to lie, cheat and steal
to prove whatever I want' bitterness, does it?"

Chartier reports, "Sounds like SecureWorks, the company who sponsored all this
Mac hackery, is finally fessing up to their falsification and admitting that
they, in fact, did not find the flaw in Apple's drivers, and that they used a
3rd party card and software to facilitate the exploit."


SecureWorks' statement:
>>
This video presentation at Black Hat demonstrates vulnerabilities found in
wireless device drivers. Although an Apple MacBook was used as the demo
platform, it was exploited through a third-party wireless device driver - not
the original wireless device driver that ships with the MacBook. As part of a
responsible disclosure policy, we are not disclosing the name of the
third-party wireless device driver until a patch is available.
>>


Thomas Claburn reports for InformationWeek, "Apple sees the clarification as
vindication. 'Despite SecureWorks being quoted saying the Mac is threatened by
the exploit demonstrated at Black Hat, they have provided no evidence that in
fact it is,' Apple spokesperson Lynn Fox said in a statement. 'To the contrary,
the SecureWorks demonstration used a third party USB 802.11 device - not the
802.11 hardware in the Mac - a device which uses a different chip and different
software drivers than those on the Mac. To date, SecureWorks has not shared or
demonstrated any code in relation to the Black Hat-demonstrated exploit that is
relevant to the hardware and software that we ship.'"

Earlier this week, The Washington Post's Brian Krebs wrote, "I've been asked
this many times, so let me make this crystal clear: I had the opportunity to
see a live version of the demo Maynor gave to a public audience the next day.
In the video shown at Black Hat, he plugged a third-party USB wireless card
into the Macbook -- but in the demo Maynor showed me personally, he exploited
the Macbook without any third-party wireless card plugged in. As far as I'm
aware, only one other person at the conference saw the demo the way I saw it (a
Black Hat staff member whom I'm not at liberty to name); the discrepancy over
the wireless card is probably the biggest reason why the Mac community was so
confused and upset by my original post. I tried to clarify that in a follow-up,
and am posting the contents of that interview -- verbatim -- to give the public
all of the information I have about this particular exploit."
===

 /m

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)