Slashdot Mirror
MacBook Wi-Fi Hijack Details Finally Released
Wick3d Gam3s writes "Hacker David Maynor attempted to put the strange tale of the Macbook Wifi hack to rest, and offered an apology for mistakes made. All this and a live demo of the takeover exploit was made at a Black Hat DC event yesterday. Maynor promised to release e-mail exchanges, crash/panic logs and exploit code in an effort to clear his tarnished name. Said Maynor: 'I screwed up a bit [at last year's Black Hat in Las Vegas]. I probably shouldn't have used an Apple machine in the video demo and I definitely should not have discussed it a journalist ahead of time ... I made mistakes, I screwed up. You can blame me for a lot of things but don't say we didn't find this and give all the information to Apple.'"
Apple came out with a patch that addresses this issue:
i jack+flaws/2100-1002_3-6118245.html
http://news.com.com/New+Apple+patch+plugs+Wi-Fi+h
The article doesn't mention if the machine he used in the demo had this patch. And if so, that may imply that the patch has holes.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
What's the point?
(1) I would and do release immediately security faults I find. (have found some).
(2) If someone says I did not find it or throws smut at me I'd sue - all the media running such articles which falsify my work or findings.
So simple.
Companies do act and correct bugs faster when security faults are released.
Frankly, I wouldn't even be surprised if he did some old-fashioned reverse-engineering of the patch to create the exploit for the older boxes.
And then used his time machine to go back in time to before the bug was patched and announce the exploit?
No, his original claim was a farce (hell, look at the video, there was only one wireless device available according to ifconfig). Apple then audited their code, found 3 bugs. He took one of the bugs mentioned, found out how to trigger it, triggered the crash and now claims he was right all along.
The problem is that what's happening now doesn't support his original claims. The original claims were he could hijack a MacBook in under 60 seconds and gain completely control of it. Now all he's getting is a crash with no control.
That is correct, the original video was faked... They prob were close but did not want to wait.7 11399295&hl=en
Here is a video I made debunking their proof: http://video.google.com/videoplay?docid=146818771
My guess is that they got a buffer overflow but had not yet found the correct location in memory to write their shellcode. They still have not...
Nature journal lied in Britannica vs Wikipedia Ask to retrac
You obviously know very little about exploits. If the bug allows remote code execution, which Apple plainly states is possible, the difference in a crash and a hijack is only a matter of a few bytes of shell code. So in essence he has done the hardest part already. Then you come along and claim that since he didn't take it all the way and give you the final easiest 1%, now he's a complete fraud and a liar.
Even if he had demonstrated the original takeover that still wouldn't prove his story. Yet you claim that because of this it makes him look guilty. Nice logic. Basically, either way you get to claim he's full of shit.
Many major vendors have a known history for screwing over vulnerability researchers such as Cisco, Apple, Microsoft and others. I just have a hard time believing this is any different.
Say, I think there might be security problems in Windows. I now deserve credit for every single security patch ever from now on.
Pretty solid video. I just want to add two things. First, the IEEE page says:
And second, though not sure about Macbooks and OSX, but often you can change your MAC address, though it would be silly to change it to Apple's OUI.
So there is a small possibility that the video was real. Perhaps the shot where you see the Terminal.app was filmed at a later time, quite probable if they only used one camera for filming the demo.
So, most likely a fake.
- Raynet --> .