Filed under: Analysis / Opinion, Hacks, MacBook, Blogs
Hijacking the 'MacBook Wi-Fi hack' in one article or less
John Gruber is at it again, and this time he's taken the MacBook Wi-Fi hack drama to the cleaners with perhaps the most in-depth play-by-play analysis I've seen to date (would you expect anything less?). Mr. Fireball starts at the top, even including an explanation of the various components involved (card, driver and 'third party') to make sure everyone can follow along. He covers the sensationalizing "Hijacking a MacBook in 60 Seconds or Less" 
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Gordon said 2:32PM on 8-22-2006
I suspect those "researchers" engineered their own driver using the BSD code. If this is the case, there is no doubt that they could get their "trojan" to work against an inbuilt airport card too. But that is no more an Apple problem than compiling some old rsync or sendmail code and installing it.
If you claim Apple has a security problem, but don't use exactly the code that Apple ships in a state representative of reasonable use, then you are not a security researcher. Instead, you are a fraud, a liar and a charlatan.
Reply
Shreedhan said 2:44PM on 8-22-2006
He uses a 3rd party card!!
Reply
Paul said 2:55PM on 8-22-2006
George Ou is nothing but an anti-Apple troll, as is most of ZDNet, but he's the worst. He's the one who started the price comparisons of mismatched MacTels vs. Dells, among other things. Go John!
Reply
No Big Deal said 3:19PM on 8-22-2006
Securosis.com has "the rest" of this story. Reading his entry and Grubuer's are really the top two blog postings on this topic, and are very well-balanced.
What really bothers me about this whole topic, however, is that regardless of whether this vulnerability exists or not for ANY computer -- what's the likelihood that someone can effectively use it BEFORE it gets patched?
I mean, my computer is vulnerable to an asteroid or dinosaur attack, but I'm not worried about those problems. Why should this "exploit" even register on my top million list of things to worry about? Especially when the only people who know how to do the exploit aren't telling anyone else how to do it?
Reply
ultim8Fury said 3:38PM on 8-22-2006
I just read that whole article and I am amazed that I managed to reach an even lower level of interest in the story than I had before.
Quite frankly this whole issue has gone on far too long. Why do people keep dragging it up. Your giving attention to those who clearly crave it ( reporters and the owners of this security "firm"). When it's proved either way, then post. All this he-said she-said bull crap is just mindless regurgitation of the same old facts.
It reminds me of the forum threads that surround MS viral marketing campaigns and the pre-Apple event build up, where people dissect and then sub-dissect the same fact over and over again. Give it up. The people who have the info need to talk openly, that is the only way you can resolve this. Painstakingly combing the existing "facts" will get you running in circles faster than a humorous nail gun accident.
Reply
Dar the Monk said 6:06PM on 8-22-2006
David Chartier, face it, you wanted to mention this post because it had your name in it! haha! Joking with you. But seriosly, you are right. John Gruber has done a most excellent job reporting and he has earned my trust in his abilities unlike some others such as Krebs or Ou.
Reply