Text 12607, 76 rader
Skriven 2006-08-18 18:07:52 av RobertB. (1:379/45)
  Kommentar till text 12605 av /m (1:379/45)
Ärende: Re: SecureWorks admits falsifying Apple MacBook ?60-second wireless hij
===============================================================================
From: "RobertB." <rb28@nyu.edu>

Kind a makes you stop and wonder about some of these "security experts" running
around.

r.

In article <94bce21l5iumkh5p86k39jou765i9o3g0q@4ax.com>,
 /m <mike@barkto.com> wrote:

> http://macdailynews.com/index.php/weblog/comments/10603/
>
> ===
> David Chartier reports for TUAW, "Remember those hackers in the
> Washington Post story who claimed to have hacked a MacBook's wireless
> drivers to gain control of it? Then remember the follow-up story where
> the author, Brian Krebs basically, um, how shall I say: 'slightly
> falsified' his way through backing up the original story with excuses
> that the flaw does exist in Apple's drivers, but Apple 'leaned' on them
> not to publicize this so they decided to use a 3rd party card? Finally,
> remember how, in the original article, David Maynor, one of the hackers,
> is quoted saying 'We're not picking specifically on Macs here, but if
> you watch those 'Get a Mac' commercials enough, it eventually makes you
> want to stab one of those users in the eye with a lit cigarette or
> something.' Boy, that sure doesn't betray any sense of 'I am going to
> lie, cheat and steal to prove whatever I want' bitterness, does it?"
>
> Chartier reports, "Sounds like SecureWorks, the company who sponsored
> all this Mac hackery, is finally fessing up to their falsification and
> admitting that they, in fact, did not find the flaw in Apple's drivers,
> and that they used a 3rd party card and software to facilitate the
> exploit."
>
>
> SecureWorks' statement:
> >>
> This video presentation at Black Hat demonstrates vulnerabilities found
> in wireless device drivers. Although an Apple MacBook was used as the
> demo platform, it was exploited through a third-party wireless device
> driver - not the original wireless device driver that ships with the
> MacBook. As part of a responsible disclosure policy, we are not
> disclosing the name of the third-party wireless device driver until a
> patch is available.
> >>
>
>
> Thomas Claburn reports for InformationWeek, "Apple sees the
> clarification as vindication. 'Despite SecureWorks being quoted saying
> the Mac is threatened by the exploit demonstrated at Black Hat, they
> have provided no evidence that in fact it is,' Apple spokesperson Lynn
> Fox said in a statement. 'To the contrary, the SecureWorks demonstration
> used a third party USB 802.11 device - not the 802.11 hardware in the
> Mac - a device which uses a different chip and different software
> drivers than those on the Mac. To date, SecureWorks has not shared or
> demonstrated any code in relation to the Black Hat-demonstrated exploit
> that is relevant to the hardware and software that we ship.'"
>
> Earlier this week, The Washington Post's Brian Krebs wrote, "I've been
> asked this many times, so let me make this crystal clear: I had the
> opportunity to see a live version of the demo Maynor gave to a public
> audience the next day. In the video shown at Black Hat, he plugged a
> third-party USB wireless card into the Macbook -- but in the demo Maynor
> showed me personally, he exploited the Macbook without any third-party
> wireless card plugged in. As far as I'm aware, only one other person at
> the conference saw the demo the way I saw it (a Black Hat staff member
> whom I'm not at liberty to name); the discrepancy over the wireless card
> is probably the biggest reason why the Mac community was so confused and
> upset by my original post. I tried to clarify that in a follow-up, and
> am posting the contents of that interview -- verbatim -- to give the
> public all of the information I have about this particular exploit."
> ===
>
>  /m

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)