Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Denies Wi-Fi Flaw, Researchers Confirm

Posted by ryuzaki0 on from the not-as-bad-as-it-seemed dept.

Glenn Fleishman writes "Apple tells Macworld.com that the Wi-Fi exploit demonstrated at Black Hat 2006 in a video doesn't show a flaw in their hardware or software. A third-party USB adapter with different chips and drivers was used, and Apple says the two researchers haven't provided Apple with code or a demonstration showing a working exploit on Apple equipment. The researchers added a note at their Web site confirming that only an unnamed third-party adapter was used. This doesn't mean the researchers have no flaw to show, but rather that their nose-thumbing at Apple users who were too secure in their security was misplaced, at least at present. The researcher's claim that they were providing information to Apple now seems off-base, too."

2 of 267 comments (clear)

  1. So some "facts" were just made up... by gnasher719 · · Score: 5, Interesting

    We were told that all Macs are vulnerable. And not only all Macs, but also all Linux machines, and all Windows machines. It seems this was not the case. Apparently there is no exploit at all against a bog standard Macbook with built-in wireless, and that covers about 99.999 percent. Using an external card was essential to the exploit, the claimed "pressure from Apple" was just made up. Remember, these guys _did_ claim that a Macintosh with built-in wireless adapter was vulnerable, and they didn't demonstrate that because of pressure from Apple! I didn't believe it then, nobody should have ever believed it without evidence, and now they have been caught with their lies.

    Shame on everyone who reported it without checking the facts.

  2. Re:...or alternatively... by Anonymous Coward · · Score: 5, Interesting

    Allow me to provide some background on one of the researchers. David Maynor has never been credited with the discovery of a vulnerability, even after several years at ISS X-Force. I have seen him present at three security conferences (two Blackhats and CANSEC) and not once have I seen him support his claims with any evidence. I am acquainted with a number of his former coworkers in the vulnerability research community and have been told by all of them not to place any stock in his caims. Based on that on the refusal to provide proof, I question this whole situation.