SecureWorks admits to falsifying MacBook wireless hack
[Update: To his credit, David Maynor did in fact state at the beginning and end of this video that he's using a 3rd party card and drivers in order to enable this exploit. It was later comments from David Maynor and Jon "Johnny Cache" Ellch, as well as the disclaimer SecureWorks posted, that prompted me to claim they 'admitted' to 'falsifying' this hack. While these parties might not have outright lied about what's going on here (a debate that raged back at the time), they weren't exactly clear on any of it either. I have written a new post clarifying some key points of this situation that will hopeful set this straight.]Remember those hackers in the Washington Post story who claimed to have hacked a MacBook's wireless drivers to gain control of it? Then remember the follow-up story where the author, Brian Krebs basically, um, how shall I say: 'slightly falsified' his way through backing up the original story with excuses that the flaw does exist in Apple's drivers, but Apple 'leaned' on them not to publicize this so they decided to use a 3rd party card? Finally, remember how, in the original article, David Maynor, one of the hackers, is quoted saying "We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something." Boy, that sure doesn't betray any sense of 'I am going to lie, cheat and steal to prove whatever I want' bitterness, does it?
Sounds like SecureWorks, the company who sponsored all this Mac hackery, is finally fessing up to their falsification and admitting that they, in fact, did not find the flaw in Apple's drivers, and that they used a 3rd party card and software to facilitate the exploit. As
Now let's make one thing clear: we at TUAW aren't advocates of the 'Macs are flawless! Long live the prefection that is Apple!' philosophy that naysayers of this experiment are coming under fire for. We are, however, advocates of finding true vulnerabilities on the quest to make the Mac even more solid and secure. The problem here is that this experiment was not one of those quests for truth - it was a quest for, in the words of Mr. Colbert: truthiness. We're genuinely sorry you're annoyed by the commercials, Mr. Maynor (believe me: not everyone loves them), but that's why some genius some time ago invented the ability to change TV channels. Give that remote a whirl some time - it might make your life (and ours) a whole lot easier.
Thanks NotVeryPC
Share
[Update: To his credit, David Maynor did in fact state at the beginning and end of this video that he's using a 3rd party card and drivers...
Add a Comment
Um, you spelled perfection wrong
August 21 2006 at 7:55 PM Report abuse Permalink rate up rate down Reply"SecureWorks admits to falsifying MacBook wireless hack"
This title of your’s is despicable. Explain this lie in your title and your story David. It is bad enough you accuse them of falsification without proof, but it’s absolutely disgusting you would accuse them of admitting to falsification. What in the world did they admit? They’ve been saying on the video that it was third party hardware and drivers all along in their original video and in my video interview.
“They claim Apple's hardware and software have the flaw - *yet they demo it with 3rd party hardware and software.* In a follow up Brian wrote to the original article he even defends their original allegations with claims that 'Apple leaned on them' not to publicize this, without so much as a mention, a name or a blurb from the apparent letter they received from Apple. Then they still go ahead and publish it - using *someone else's* products?â€
Did you even bother to read the word-for-word transcript I linked to in second to last paragraph? David did you even attend Black Hat or DEFCON? Did you ever contact Maynor? Did you even look at the original presentation let alone understand it? You’re calling Maynor a liar because they’re following responsible disclosure. You have no way to know if Apple leaned on them or not. You don’t know what you’re talking about here. All of the gory details will come out in the next few days, and you’re going to look real foolish when it does.
George Ou: The criticism Maynor and the article's author Brian have fallen under has to do with a lot more than just the video; it has everything to do with where the accusations lie from both Maynor and Brian.
They claim Apple's hardware and software have the flaw - *yet they demo it with 3rd party hardware and software.* In a follow up Brian wrote to the original article he even defends their original allegations with claims that 'Apple leaned on them' not to publicize this, without so much as a mention, a name or a blurb from the apparent letter they received from Apple.
Finding flaws in a platform to help improve its security is good, but so are discretion and truth in journalism. One could also easily argue that publicizing this in the Washington Post isn't exactly the most worthwhile place to actually help solve the problem; but it *is* a great way to stir controversy, boost page hits and get a whole lot of PR time.
The issue that has earned Maynor and Brian accusation is because their methods don't back up their claims in any way. They claim *Apple's* hardware and software contain flaws, *publicly* demo it with *3rd party* hardware and software, and then (as icing on the cake) decide to *withhold* the name of said 3rd party manufacturer?
I still stand by so many others who, logically, call foul.
David, your article is bull.
http://blogs.zdnet.com/Ou/?p=300
"I was absolutely shocked when I ran across these stories on Digg. I had personally video interviewed Maynor and his partner Jon 'Johnny Cache' Ellch and these two gentlemen were very honest and straightforward. But as soon as I read the stories, the stench began to rise. Maynor and SecureWorks had been telling the truth the entire time and they had falsified nothing. The only falsification going on was the stories themselves! Not only did Dalrymple and Chartier and others like them not follow the most basic of journalism principles to at least check with the source, they apparently didn't even bother looking at the original video of David Manor released by SecureWorks."
guess why Johny Cash didn't accept my 1000USD challenge?
I think I just wasted too much of my time looking for something that isn't there. Any one else feeling a bit duped?
August 19 2006 at 1:47 AM Report abuse Permalink rate up rate down ReplyThat smallworks description of the events that transpired was absolutely amazing. Dude took it apart like the Zapruder film and talked way over my head!
August 18 2006 at 11:57 PM Report abuse Permalink rate up rate down ReplyLink missing in last post. (damnit!)
http://www.smallworks.com/archives/00000461.htm
The Maynor video is complete fiction. See here for details.
August 18 2006 at 11:35 PM Report abuse Permalink rate up rate down ReplyAwesome. That's all I gotta say. Awesome. Airport rocks.
August 18 2006 at 8:34 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- Ventev UltraTHIN Hard Shell Case for iPhone 4 for $2 + $2 s&h, more
- Body Glove Matrix Case for iPhone 4 / 4S for $3 + $2 s&h
- Pogoplug Premium Personal Cloud for PC and Mac for $10 + free shipping
- olloclip 3-in-1 Lens System for iPhone 4 / 4S for $70 + free shipping
- Open-Box Nike Aero Neckband Headphones for $13 + $6 s&h
- Adobe CS5.5 Design Premium Student for PC or Mac downloads for $337
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
27 Comments