the daily snivel
Even I'm not THAT long-winded
John Gruber of Daring Fireball spends a lot of time writing about "Mac nerdery." His writing is good and thought-provoking on a subject near and dear to my heart, but there are times I think he thinks things through far too deeply. He recently wrote a 3000 word dissertation on the default way that the Mac OS selects multiple items on a list menu, for example, persuasively coming to the conclusion that Apple's Human Interface Guideline should be amended to allow anchored selections vs. unanchored selections. It's honestly something I'd never given a moment's thought to before, but there you go. He always writes in an entertaining fashion.
Anyway, his website is still on my daily read list, particularly because of highly detailed thoughts on subjects such as the recently hyped wireless hack of a MacBook by two security "experts" from security firm SecureWorks at an August 2006 BlackHat conference.
For background, I'll explain that the claim went that you could hack a MacBook and gain complete control of the system over any wireless network by exploiting an alleged flaw in the wireless card's drivers. As was quickly noted, however, the exploit (shown only via prerecorded video) made use of an external, third-party wireless card. All MacBooks have internal wireless cards by default. But the claim was repeated that this was a flaw that could be exploited through Apple's own wireless card and drivers. In other words, that you could really hack a MacBook via WiFi right out of the box.
The SecureWorks team added, fairly, that this was an exploit that would work on many other computers, including Windows machines. They indicated, however, that they used a MacBook in their demonstration because of the "Mac user base aura of smugness on security," adding, "We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," one does feel that there's more than technical interest behind publicizing such an apparent flaw in this manner.
The problem for them is that, following extensive scrutiny, they have admitted that not only was the wireless card used a third-party, external device, but that the driver it required was third-party software that was not installed by Apple or supported by Apple. This quickly produced a response from Apple:
John Gruber runs with this, after already being very vocal in his skepticism since the claim was aired, and pens yet another thoroughly long, but thoroughly fascinating discussion of the issues:
Go have a read if you love your Appley emo boxes. In fact, even (and especially) if you don't. I would never claim that Macs are invincible (no one seriously does), but it's certainly true that they are comparatively secure systems, and that there was a lot of schadenfreude out there when this exploit was first announced, since some people really do want to see those smug Mac users get theirs.
Comments:Anyway, his website is still on my daily read list, particularly because of highly detailed thoughts on subjects such as the recently hyped wireless hack of a MacBook by two security "experts" from security firm SecureWorks at an August 2006 BlackHat conference.
For background, I'll explain that the claim went that you could hack a MacBook and gain complete control of the system over any wireless network by exploiting an alleged flaw in the wireless card's drivers. As was quickly noted, however, the exploit (shown only via prerecorded video) made use of an external, third-party wireless card. All MacBooks have internal wireless cards by default. But the claim was repeated that this was a flaw that could be exploited through Apple's own wireless card and drivers. In other words, that you could really hack a MacBook via WiFi right out of the box.
The SecureWorks team added, fairly, that this was an exploit that would work on many other computers, including Windows machines. They indicated, however, that they used a MacBook in their demonstration because of the "Mac user base aura of smugness on security," adding, "We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," one does feel that there's more than technical interest behind publicizing such an apparent flaw in this manner.
The problem for them is that, following extensive scrutiny, they have admitted that not only was the wireless card used a third-party, external device, but that the driver it required was third-party software that was not installed by Apple or supported by Apple. This quickly produced a response from Apple:
Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is. To the contrary, the SecureWorks demonstration used a third party USB 802.11 device -- not the 802.11 hardware in the Mac -- a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.
John Gruber runs with this, after already being very vocal in his skepticism since the claim was aired, and pens yet another thoroughly long, but thoroughly fascinating discussion of the issues:
I thus see no way out of this where Maynor and Ellch escape with their reputations intact, other than if they have in fact discovered a vulnerability against the stock MacBook card and driver, that they have disclosed their findings privately to Apple, and that the statement issued Friday by Apple's Lynn Fox is in fact scurrilously false. But even in this scenario -- which as I see it is the best case for Maynor and Ellch -- if they know for certain that MacBooks, as shipped by Apple, are vulnerable, why have they not plainly said so? I'm not saying they should have publicly described the nature of the vulnerability in any detail, but they certainly should have stated clearly that owners of whatever specific Macintoshes they have identified flaws against should be careful when turning on AirPort in any public or non-trusted environment.
In short, either Maynor and Ellch have discovered an exploit against stock MacBook and Apple has decided, incomprehensibly, to scurrilously besmirch their reputations with flat-out lies that will soon be disproved and will bring disgrace to Apple Computer, or, Maynor and Ellch have not discovered such an exploit and they are, at best, gross exaggerators, or, at worse (and more likely in my opinion), outright frauds.
...
So Krebs, albeit belatedly, finally now seems suspicious of the claims Maynor and Ellch had made to him previously, which claims he reported without verification.
But so is it just me, or does the headline Krebs chose for this mea culpa -- "Follow-up to the Macbook Post" -- seem slightly less provocative than the headline he chose for his original post in the series -- "Hijacking a Macbook in 60 Seconds or Less"? A more reciprocally sensational (and therefore reciprocally diggable) but yet completely accurate headline might have been, say, "Losing My Journalistic Integrity in 60 Seconds or Less", or "I'm a Gullible Rube and Got So Excited I Nearly Stained My Pants at the Thought of Breaking a Story on a Major Mac Security Exploit".)
Go have a read if you love your Appley emo boxes. In fact, even (and especially) if you don't. I would never claim that Macs are invincible (no one seriously does), but it's certainly true that they are comparatively secure systems, and that there was a lot of schadenfreude out there when this exploit was first announced, since some people really do want to see those smug Mac users get theirs.
