“So remember a few weeks ago when Brian Krebs posted a report titled ‘Hijacking a MacBook in 60 Seconds or Less’ on his Washington Post computer security weblog? He reported on a supposed Wi-Fi security exploit demonstrated at the Black Hat security conference, wherein ‘security researchers’ Jon Ellch and David Maynor hacked into a MacBook via Wi-Fi,” John Gruber writes for Daring Fireball.
Gruber writes, “The Washington Post’s Brian Krebs seems to have painted himself into a particularly uncomfortable corner. It was Krebs who broke the original story, and it was Krebs who gave it the made-for-Digg headline ‘Hijacking a MacBook in 60 Seconds or Less.’ It was Krebs who then wrote, in a follow-up:”
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
Gruber writes, “It is becoming more and more clear that the reporting Krebs “stands by” is false. Maynor and Ellch, I believe, have discovered no such exploit against a stock MacBook. And if I’m right, not only has Krebs blown the story with regard to the security of the MacBook, he has also impugned the integrity of Apple by publishing the claim that the company “leaned on” Maynor and Ellch — an accusation Krebs published without evidence, without details regarding what exactly constituted “leaning on”, and without comment from Apple.”
Full Gruberlicious article here.
Related MacDailyNews articles:
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
LETS STICK TO THIS LYING ASS DOG KREBS!
1st?
those guys are buttholes
makes me want to stab him in the eye with a lit cigarette or something.
interested in seeing how this plays out. of course it wouldnt be the first time someone bent the truth a little in order to get their 15 minutes.
Well look on the bright side Krebs, at least you still have more credibility than Thurott or Enderle
“Or we could hit him in the nose with the butt of a gun… I’m hungry, let’s get a taco.”
I think that this is a perfect example where rendition is needed. Let’s deliver the individual involved to Pakistan where folks are trained in the finer arts of extracting the truth. After a few weeks of we can all be certain who is lying or not. Until then….
(another!) Great article by Gruber. Hopefully all the morons involved in this charade will get their comeuppance. I can’t wait to see what the “fireworks” will consist of. Gentlemen, light your cigarettes!
I think this pretty much proves that Apple’s new commercials are ticking of all the right people. To quote from Moulin Rouge, “The jealousy has driven him MAD!”
In this case, people like Maynor, Krebs, and especially George Ou are just bottled up bags of superheated rage and jealousy about the Mac. We can now sit back and enjoy all the hot air they are expending as they continue to make bigger fools of themselves.
With 20 more “I’m a Mac” commercials on the way, the show is just getting started! Who says the commercials aren’t working?!
I think this is an open and shut case. The Macbooks wireless cards are so far proven innocent of any security faults. No proof has been put forth so it is innocent until proven guilty. And from what I’ve read I wouldn’t worry about Apple’s security as it seems this supposed experts have to cheat and hack to try and prove something that is simply a flat out lie!
The MacBook Wi-Fi crack is real, it’s a purposeful flaw in driver software that’s written by another company.
It’s Uncle Sam’s “backdoor”, just like the CISCO router “flaw” was too.
Apple uses another company to write their driver software as to deflect blame from itself if it’s discovered.
It wasn’t Apple that leaned on those security researchers, it was the US Government.
http://www.eff.org/Privacy/printers/docucolor/
l33T H@xx0r has none of the subtlety or wit of Sputnik, nor his mastery of the art of the non sequitur.
“Sputnik”! That’s the name of the “real IT world” moron that used to troll around this site.
Thanks, Mike K.! I’ve been trying to remember that dolt’s name for a couple of months now, so many thanks, indeed!
I emailed SecureWorks earlier today to express my outrage at what was happening.
Apple really should this time take them to the cleaners… in this case it is easy to see that they ARE the enemy!
Well said above: the Mac/PC adverts ARE working!!
My guess is Sputnick crashed for the last time this year.
MW: appear,as in, Spunik appears to have disappeared.
We have known for some time that the mafia capital of the West Coast is Cupertino. Not that the mafia actually exists mind you. Steveo just sent a couple of his hard drives to lean on Jon Ellch and David Maynor and made them an offer that they could not refuse. They dangled a dongle and told them that unless they wanted to have their very own dongles dangling from the Golden Gate they had better not use the defective Apple drivers and Apple Airport Card. Unfortunately, Brothers Ellch and Maynor did not comprehend the breadth of the entire story and they mention the Apple MacBook by name. So when the heat dies down from this particular adventure, Mac the Knife will be paying a visit to all of our friends and will provide a new definition of kernal panic!
yet another great analysis by John Gruber.
his article should be required reading for Krebs and the security “experts” involved. (and forwarded to all the press following the story too!)
some oh-so-simple questions they could answer to clear this all up, and yet they don’t. hmmm…
For the last time, Sputnik wrote using HUMOR. Sarcasm, people. He was funny. I’m sure he got tired of everyone not “getting it” and moved on to another ID.
Actually, I was never sure which was funnier, Sputnik’s over-the-top “Real IT people” lines, or the amazingly dense furious responses to them.
People take themselves so seriously.
* * * * * * * * * *
As to this topic, Gruber is right on. He places all the events in the correct context, and it’s obvious that as he says – this “middle school” chain of assertions and denials and clarifications is surely beneath the intelligence level of supposed technology reporters and tech security people, isn’t it?
One thing I haven’t really seen mentioned that is an obvious hole in the original story:
Question:If Apple “leaned on” these guys not to demonstrate a flaw in a MacBook, why didn’t they simply use a Windows PC?
Answer? Because it would have gotten no notice at all.
But this exposes another flaw in their statement. If Apple leaned on them, and they were afraid of Apple’s threat, then they wouldn’t have used a MacBook at all. Much less would they have TOLD the reporter that Apple leaned on them!!
Question:How is demonstrating an actual flaw in Apple’s computer something that Apple can “lean on them” about? What threat did they use? What potential consequence was there? What, was Apple going to sue them for doing their job? Imagine the publicity! “Apple Sues Security Firm For Finding Flaws In MacBooks”
Answer: There was no threat.
Question:Following this logic, how was the supposed consequence of Apple’s threat avoided by using a “doctored” MacBook instead, and then claiming to the reporter that the same attack could have been used against the internal MacBook card??!!
I mean, isn’t this exactly the same information that Apple “leaned on them” not to reveal? And so they “reveal” it anyway? You’ve already thumbed your nose at Apple by doing so. WHY NOT DEMONSTRATE IT?
Answer: Because they can’t. Simple as that. As Gruber says, Occam’s Razor.
Maybe Apple had been drinking. I lean on a lot of things when I am drinking.
l33T H@xx0r, get lost…
The Washington Post is a yellow-journalistic rag controlled by the illuminati. They are part of the evil mind-set which seeks to perpetrate evil and fear in the hearts of brave Americans.
I choose to not grace the post with my attention. Pearls for swine, and all that…
If we look carefully, we should find an old xerox of Steve Job’s failure to report for an Atari physical in ’74. With superscript! Mary Mapes told me yesterday.
Gruber is brilliant. Just brilliant.
A fascinating link in Gruber’s article makes the credulous claim that the whole demonstration was a hoax!
http://www.smallworks.com/archives/00000461.htm
Krebs was just doing some old fashion F.U.D.