Win a Samsung 22-inch LCD monitor from Joystiq!

John Gruber issues open challenge to MacBook Wi-Fi hackers

Posted Sep 2nd 2006 1:30PM by David Chartier
Filed under: Hardware, OS, Hacks, Odds and ends, Internet Tools, Security, MacBook

Oh it's on now: criticism of the MacBook Wi-Fi hack has been mounting against the original hackers (David Maynor and Jon Ellch) and SecureWorks, while they have remained mostly silent. At least one passionate blogger has been defending the hack and the original statements, but John Gruber has issued an open challenge for Maynor and Elich to prove this hack once and for all: "If you can hijack a brand-new MacBook out of the box, it's yours to keep."

From my understanding of the hack as it was originally explained and pseudo-demonstrated, Gruber's criteria and the actual nature of the challenge sound reasonable: he will meet Maynor and/or Elich at an agreed-upon Apple Store or Mac reseller, and he will purchase a brand new MacBook (but the true question is: traditional white, or $150-premium black? Update: he's already laid down a $1099 price; the base configuration). After taking the machine through a default setup with one administrator account, he will enable Wi-Fi (if it isn't turned on out of the box), but will refuse to join any open networks (since Mac OS X is designed to deny this by default, and the attack - understandably - can't be based on a user blindly joining just any open networks, especially one that might be created specifically by an attacking machine). John will then create a basic file on the desktop, with the default permissions assigned by Mac OS X (read/write by user, read-only by Group and the World).

Maynor and/or Elich are then free to attack, and if the file disappears from the desktop - they win a (very slightly used, recently attacked) MacBook. If the file stands its ground, the hackers owe John the price of the MacBook. If the dynamic duo manage to only crash the machine or the current login session, John will call the challenge a tie, whereas he will keep the MacBook, and the duo don't have to whip out their checkbooks.

I am admittedly no security expert, nor am I a 1337 h4x0r, but the challenge seems sound. Any readers who have been following this saga spot any holes? Feel free to sound off - and stay tuned: the challenge must be accepted by Friday, September 8th, and as John already deduced: the most likely outcome is that they'll only take the challenge if the know they can win.

Tags: challenge, daringfireball, dls, elich, engadget, hack, johngruber, macbook, maynor, securityworks, wifi

  • Read
  • Permalink
  • Email this
  • Comments [18]

Related Headlines

Reader Comments (Page 1 of 1)

TUAW Features

back-to-school
Mac 101 ask-tuaw
Mac News
WWDC (251)
.Mac (65)
Accessories (650)
Airport (75)
Analysis / Opinion (1400)
Apple (1691)
Apple Corporate (571)
Apple Financial (197)
Apple History (51)
Apple Professional (54)
Apple TV (164)
Audio (450)
Bad Apple (129)
Beta Beat (155)
Blogging (86)
Bluetooth (18)
Bugs/Recalls (56)
Cult of Mac (877)
Deals (224)
Desktops (116)
Developer (274)
Education (109)
eMac (10)
Enterprise (145)
Features (411)
Freeware (397)
Gaming (388)
Graphic Design (36)
Hardware (1301)
Holidays (37)
Humor (584)
iBook (66)
iLife (240)
iMac (185)
Internet (339)
Internet Tools (1337)
iTS (980)
iTunes (822)
iWork (23)
Leopard (374)
Mac mini (112)
Mac Pro (54)
MacBook (205)
MacBook Air (81)
Macbook Pro (224)
MobileMe (47)
Multimedia (457)
Odds and ends (1476)
Open Source (281)
OS (933)
Peripherals (214)
Podcasting (183)
Podcasts (94)
Portables (198)
PowerBook (136)
PowerMac G5 (51)
Retail (610)
Retro Mac (50)
Rig of the Week (42)
Rumors (640)
Software (4439)
Software Update (425)
Steve Jobs (253)
Stocking Stuffers (50)
Surveys and Polls (97)
Switchers (114)
The Woz (35)
TUAW Business (252)
Universal Binary (281)
UNIX / BSD (61)
Video (907)
Weekend Review (84)
WIN Business (47)
Wireless (87)
Xserve (39)
iPhone/iPod News
iPhone (1746)
iPod Family (2106)
App Store (142)
SDK (27)
Mac Events
One More Thing (27)
Liveblog (2)
Other Events (226)
Macworld (489)
Mac Learning
AppleScript (4)
Ask TUAW (106)
Blogs (85)
Books (26)
Books and Blogs (62)
Cool tools (449)
Hacks (469)
How-tos (490)
Interviews (44)
Mods (190)
Productivity (590)
Reviews (114)
Security (164)
Terminal Tips (61)
Tips and tricks (573)
Troubleshooting (171)
TUAW Features
iPhone 101 (36)
TUAW Labs (4)
Blast From the Past (19)
TUAW Tips (150)
Flickr Find (38)
Found Footage (90)
Mac 101 (109)
TUAW Interview (31)
Widget Watch (198)
The Daily Best (1)
TUAW Faceoff (6)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith

Sponsored Links

The Unofficial Apple Weblog (TUAW) bloggers (30 days)

#BloggerPostsCmts
1Robert Palmer4434
2Cory Bohon431
3Steven Sande3915
4Scott McNulty262
5Giles Turnbull260
6Erica Sadun241
7Mike Schramm210
8Michael Rose2122
9Mat Lu2010
10Dave Caolo200
11Christina Warren1835
12Brett Terpstra110
13TUAW Blogger30
14Victor Agreda, Jr.25
15Jason Clarke11

Featured Galleries

Macworld 2008 Keynote
Macworld 2008 Build-up
Apple Vanity Plates
DiscPainter
Crash Bandicoot Nitro Kart 3D
Macworld Expo 2007 show floor
Apple Texas Hold 'Em
The Macworld Faithful in Line
iPhone First Look

 

    Most Commented On (7 days)

    Recent Comments

    More Apple Analysis

    More from AOL Money and Finance

    Weblogs, Inc. Network

    Other Weblogs Inc. Network blogs you might be interested in:

    Joystiq
    Download Squad
    The Unofficial Apple Weblog (TUAW)
    BloggingStocks
    Xbox 360 Fanboy
    Autoblog
    Big Download Blog
    Fanhouse Backporch