Slashdot Mirror
Apple Denies Wi-Fi Flaw, Researchers Confirm
Glenn Fleishman writes "Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."
And here I agreed that the Mac community was too complacent. I was hoping that this would be a rather benign wake-up call (given that it wasn't an exploit seen in the wild, and the hats were taking proper precautions to prevent it from becoming so). And now we see that they were just trying to leverage their exploit to make a (valid, but now diluted) point.
Just junk food for thought...
When they have integrated wi-fi and the user decides on a third party usb option with questionable settings, I wouldn't say it was my fault either.
Anyone who thought about it for more than a second or two would have realised that it was never going to be a vulnerability in the default MacBook Pro hardware or drivers. If it wasn't, why would they need to introduce a third-party wireless adapter at all?
Frankly, the disclosure here was pretty amateurish. Surely they would have known that demoing the vulnerability on Apple hardware would have implicated Apple. In fact based on the "aura of smugness on security" comment it looks like they deliberately *chose* Apple hardware to be falsely implicated.
Do these guys have *any* credibility left?
Yeah, so they should also trust two jokers on the internet who want to create a buzz around their presentation, and frame their demo so that it is bound to do so...? It cuts both ways.
Although we'll see nothing but speculation in this article and its comments, eventually the truth will be known, and we'll have an exploit which is documented and proven to work, or not. If Apple have a flaw, and won't admit it, that would light a fire under them wouldn't it?
Given the hackers comments :
Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook.
It sounds like they were bullshitting to try to make a splash, which they did. Till I see proof, I'm not inclined to trust either side.
Before you tar and feather someone publicly, make darn sure you don't leave the wrong impression or it will boomerang on you later.
This is true in any industry.
If these guys had made it CLEAR that they were using a NON-APPLE network device from the get-go we wouldn't be having this discussion today.
What they should have said:
"We found a wireless exploit in a major-brand wireless network device. We will be releasing the name and model number of the device after responsible notification to the vendors involved. The videotape you are watching shows this device connected to an Apple Macintosh. We have also tested a device containing the same chipset connected to a Windows-based PC and found similar problems."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The headline's construction is confusing (paraphrasing) Apple Denies, Researchers Confirm. Since deny and confirm are antonyms, the headline implies that the two parties, Apple and the researchers are in disagreement, which is not the case.
My other sig is extremely clever...
Some how I think all this current bull shit about Mac users being "smug" about security is simple sour grapes. Linux users are similarly "smug" about security, but that is only if you define "smug" as simply stating the fact that there are certain things in place in the OS either by design or decision that make it inherently more secure out of the box. That in NO WAY means we should take any threat lightly, however stating the inherent higher security of these OS' is far from "smug" it is a simple fact. If no one likes it, then tough shit. I refuse to apologize or be meek about heightened security of my OS preference simply because windows users are pissed off because they are still struggling with exploits and viruses that should have been rendered impotent years ago.
It depends on which Steve Jobs you want to believe. Jobs from 5 years ago spouting off about how "clock cycles aren't everything" and "IBM and Motorola chips are far superior to any Intel chips" or the Jobs of today with "Our new Intel chips make our old chips look like solid state transistors".
I'm convinced slashot is filled with people who just enjoy not being willing to understand the simplest of things.
The PowerPC G5 processor is an absolutely superior design to anything Intel was putting out in the 90s. I don't know of any hardware geek who disagrees, although they may disagree on real-world performance with available complete systems.
That Intel is putting out well-designed power-efficient processors today does nothing to change the past. That IBM is uninterested in desktop computer processors NOW and is allowing the G5 to languish does nothing to diminish the fundamental superiority of the processor design, or the performance advantage it had years ago during active development.
You may as well complain that car buyers today are just fanbois, because beack in the 60s everyone knew Japanese imports were lousy, cheap machines that barely stood up to American cars. Yet now people say Japanese cars are great and reliable -- I mean, gosh, make up your minds, guys, flip-flop much? Once something is bad or good, it has to stay that way FOREVER, Mister Whirly said so!
Recursive: Adj. See Recursive.