Slashdot Mirror
How Apple Orchestrated Attack On Researchers
An anonymous reader sends us to George Ou's blog on ZDNet for a tale of how Apple's PR director reportedly orchestrated a smear campaign against security researchers David Maynor and Jon Ellch last summer. Ou has been sitting on this story ever since and is only now at liberty to tell it. He posits that the Month of Apple Bugs was a direct result of Apple's bad behavior in the Maynor-Ellch affair. From the blog: "Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist). Apple patched these 'non-existent vulnerabilities' but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The end result is that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007 including last week's megapatch of 45 vulnerabilities."
All this "smear campaign" stuff... talking about how Apple really hammered him on the clarification of whether it was a 3rd party driver. And George gets indignant that Apple asked this to be done.
Yes, you could see in the video that they used a 3rd party driver. However, was it really CLEAR that the exploit only existed for the 3rd party driver? Maynor and Ellch certainly did NOT dwell on this -- they in fact spent more time saying they enjoyed doing this because Mac users were "smug."
And, gullible as the press is, the press most certainly did NOT report "3rd party flaw exposes OS X security hole!" It was more along the lines of "OMGMACCRACKOVERWIRELESS!" It was days before it was clear, and even then it was necessary to specifically explain this to people. Sure, the video showed this, but the fact of the matter is that most people, including the press, did not UNDERSTAND this fact... and this was clearly obvious from the reaction to the matter in the first place.
And what I also don't get is... what are you really showing if you use a 3rd party wireless driver to hack a MacBook which has BUILT-IN wireless? Sure, you can do it, but is that a realistic scenario? I mean, I could compromise someone's system if I stole it and they didn't have disk encryption turned on as well... is that a hack?
It doesn't seem like Apple needed to do much to make those guys look bad - they did a darn good job of it all by themselves.
#DeleteChrome
An anonymous reader sends us to George Ou's blog on ZDNet for a tale of how Apple's PR director reportedly orchestrated a smear campaign against security researchers David Maynor and Jon Ellch last summer.
Karl Rove is Apple's PR director?
The theory of relativity doesn't work right in Arkansas.
Geez, don't leave out Matasano's response. George Ou is a tool.
Is this the same guy who doesn't know Gerbils from Goebbels?
This all sounds a little fantastic to be true. Most folks at Apple I know don't have time for an agenda. And speaking of agendas, George Ou's definitely got a hard-on for Apple.
Right, since ZDNet is such a long time Apple/Mac news and information source - and let's just overlook the phishing code embedded in the MoAB web page(s).
I doubt the real truth has actually surfaced just yet, and it may be a long time, if ever, that it does.
Face it, any OS that widely-used (read: "popular") enough is going to be subjected to bug exploitation. Even Linux has bugs http://www.wired.com/news/linux/0,1411,66022,00.ht ml although, _WAY_ less than M$. In an open source OS the bugs get fixed, IMO, faster and more reliably than your weekly M$ patch. The point is, ITS GOING TO HAPPEN!
I'll try anything once. Twice if it's DRM free.
I'll accept that the MoAB was definitely a result of the furor and press over the wireless vulnerability. But I'm not sure that I believe the smear campaign / character assassination part. Honestly, Apple really didn't need to bother; those guys' original presentation was so sketchy that they practically invited criticism themselves. First they'd say one thing (that it affected all Macs) but then they demo'ed it with a totally different hardware setup, with no good explanation as to why, producing countervailing views as to whether all Macs were really that insecure in their default state, etc. There's no way you can spin the way the vulnerability was announced as a well-managed affair. The whole thing stank from the beginning.
At any rate, though, I don't think it's really any surprise that large parts of Apple still bow to the notion that "if there's a bug in the code, and nobody outside of the company knows about it, is it really a bug?" somehow warrants a 'yes' answer. So as a Mac user, I'm not really unhappy at all that MoAB happened, for whatever reason. I'd rather have stuff out in the open, and patched quickly, than some sort of quasi-secret (because, let's face it, if more than one person knows about it, it's not a secret anymore) unpatched vulnerability. I like Apple's gear but that doesn't mean I don't think they need to get a swift kick in the ass every once in a while to stay on top of things.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
From one of the folks accused of conspiring with Apple:
h e-macbook-wi-fi-hack-conspiracy/
http://www.tuaw.com/2007/03/20/clarification-on-t
"While I'm flattered at the possibility of Apple even talking to me, the truth of the matter is that the company pretty much ignores TUAW, and most other Apple-related blogs, entirely. Honestly: Fox and I never exchanged so much as a "mwahaha" over email, or any other form of correspondence for that matter. I've never been contacted by anyone from Apple regarding anything besides the fact that one of my older PowerBook's warranties was about to expire, and that AppleCare would be a great way to stay within their graces."
E pluribus unum
Does Microsoft give free PR to "security researchers" every time it patches a bug? How about various linux software projects, do they crow openly about those who find bugs in their software? Or do they just patch the bugs?
Everything I've read about this suggests the "security professionals" are looking for fame and Apple doesn't care. I don't either. As long as bugs get patched, and Apple seems to have done so in a timely fashion, at least as much as Microsoft and other software companies do.
Should read: At any rate, though, I don't think it's really any surprise that large parts of Apple still bow to the notion that "if there's a bug in the code, and nobody outside of the company knows about it, is it really a bug?" somehow warrants a 'no' answer.
In other words, big portions of the Mac OS are still developed as closed-source products, or by people who probably were trained in that mindset, where a bug really only matters once it's widely disclosed.
I've never bought this, because frankly I just don't trust people to keep their mouths shut while a company fixes things at their own pace. I'd rather see bugs get tons of press, and force companies into hauling their developers in on overtime and fixing the thing ASAP, so that the time before first discovery and patching is minimized. I would rather everyone know about it (including administrators and owners who can take defensive measures) than try to cover it up for as long as possible, maximizing the chance that the Russian mafia or other black hats will get their hands on an unknown (to everyone else) vuln.
Some parts of Apple seem much more comfortable with full disclosure than others, and I'm perfectly comfortable with bludgeoning the parts that aren't if that's what it takes. As a Mac user, I'm not at all displeased about MoAB, regardless of its motivations.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
but it doesn't make it look any worse. How do you hurt the image of a pair of morons who already do an incredible job of making themselves look like asshats?
MOAB as "revenge"? A number of "Apple's" bugs as listed in MOAB were in third-party software (VLC on day 2 for fuck's sake!), the same as their original hyperbolic wireless exploit shenanigans. And then they go and use an exploit on the site, and act like petulant children in their communication with others through the site, all the while crying foul that they aren't being treated like serious security professionals.
This is not "news" by any stretch of the imagination. Ou is only now "at liberty" to discuss the matter? I remember quite clearly while the whole wireless driver brouhaha was happening that he and the researchers were claiming Apple was running a "smear campaign" against them -- a campaign that everyone else in the security community and press was somehow unaware of, given how massive Ou claims it to have been.
Apple never claimed there were no flaws in their drivers, I don't know how many more times this can possibly be stated to Ou, if it is necessary to use shorter words with fewer syllables or what. Apple's only statement on the whole matter was that Maynor never provided any specific information to Apple as to what this specific security hole was supposed to be. He jumped up and down and waved his arms and told Apple they needed to fix it real soon, but neither he nor Ou nor anyone else has provided any kind of documentation indicating he gave any actual, useful information to Apple about this security vulnerability. He just made vague pronouncements about wireless security and then expected Apple to read his mind, as far as all the available evidence can prove.
Yes, Apple released patches for network drivers after this whole announcement was made -- they released patches for network drivers before then, too!
Ou continues to be either grossly deceived, completely inept at actually investigating and reporting, or so caught up in his ego that he can't recognize he's been played like a piano.
This is not a case of Apple hiding their heads in the sand, running a smear campaign, or fanbois refusing to accept that something could be less than perfect.
Provide some actual evidence and people will listen to your fearmongering, but it's been a year already since this "huge vulnerability" was disclosed and the most we've seen is a computer crash!
Recursive: Adj. See Recursive.
Apple continued to claim that there were no vulnerabilities in Mac OS X
All systems have vulnerabilities, how can they say that with a straight face?
Libertarian Leaning Political Discussion Forum.
Does it really?
I'm not mac fanboy (in fact I'm a Linux fanboy) but I do like my mac laptop and I don't really have an opinion on Apple so my point of view on the topic really sees this as a none issue.
Both parties handled the wireless 'hack' (3rd party driver doesn't really count on built in/OS supported by default hardware) badly and had their own motives for their actions.
Though the Month of Apple Bugs, as a mac user, just appeared to be either a stunt by Apple or a stunt by some one else no one cares about to show off mac security compared to windows. And really the end result was that Apple had to fix a ton of bugs; as a mac user this made me happy and happier when Apple sent several patches to my mac with these fixes in short order.
So really I see this as a null event and its effect on my opinion of Apple has only changed in two regards as a result: they will fix bugs quickly and well (regardless if this is accurate or not, remember I'm a user who really doesn't care - eg average mac user) and that with a huge security community pushing to crush 'smug' mac users outlooks on osx they only found 62 critical bugs. Seriously, 62, that's it, what a joke.
Again as a mac user this just improves my view of Apples commitment to security. Plus I think it would prove to be a comical point if there were to be such a serious Month of Windows Bugs! "Oh see my mac only had 62 bugs, your windows pc has what? 12,085,387? Have fun with that virus scanner, firewall, and content filter you need to run just to reduce your risk of your windows box getting infected!"
At the end of the day all OS have bugs and companies have to deal with them they way they see fit; and the users have to accept that or switch operating systems. It's not like you don't have a choice; heck I'm a linux user who bought a mac for a spare computer that would 'just work' when debian sid decided that my computer wasn't some thing it wanted to play with.
I ate your fish.
Everyone else gets to name a month. Dammit I want one too.
So in other words, security guys say OS X has problems, Apple says nuh uh, security guys risk the security of all the Macs out there by posting vulnerabilities for our machines that can be exploited. Wow, yah thanks for that, you really showed Apple with that... and risked my Mac's security. Thanks, thanks a ton! Way to keep Apple "honest." Do you get how sarcastic I'm being.
Do Maynor, Ellch, KF and LMH in fact speak for " the security community"?
Played or not, Maynor and Ellch came out swinging at Mac users and attacked them on attitude's sake alone.
Last summer, KF was blogging about what a great, rapid job Apple did on its patches, and by January, he's got them on a spit in the public square, and baiting Apple and its users.
Is this to be the public face of the security community?
What I got from the original video, taken on its face, is that the MacBook was not vulnerable, that the exploit was for some 3rd party vendor's stuff, but they were going to use the MacBook just to cheese off Apple users, whose attitudes they perceived as lousy. Human memory being what it is, like Orson Welles' The War Of The Worlds radio broadcast, they had to realize after watching the remaining lion's share of the video that people would mostly retain the image of a MacBook getting pwned.
Beyond the mechanicals, my other impression was that if they were going to demo an important vulnerability and chose to wrap it in several layers of personal feelings for a specific bunch of people, they might be skilled, but they're still unprofessional.
I'm not sure if George is trying to paint them as choirboys or simply C his own A.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist).
I believe they actually claimed they hadn't had the vulnerability in question demonstrated to them. The fact that they later patched *a* vulnerability in wireless drivers doesn't necessarily prove anything. If it does, then as an Apple basher, my future plan will be:
a) announce that I've found a vulnerability in in $OSX_FEATURE.
b) ignore requests for details, proof, etc
c) be universally regarded as an idiot
d) Wait until someone else finds a vulnerability in $OSX_FEATURE and Apple patches it.
e) trumpet from the rooftops that I said there was a vulnerability in $OSX_FEATURE months ago and OMG! Apple denied it and look, they've just fixed it and I was right all along!
f) Smugly watch the sensationalist articles about how Apple bullied me.
Oh! I see! There are lots of ADVERTISEMENTS on this blog page! Phew! This was a great way to drive traffic! Thanks ZD-Net, for the "news"!!!
Now I'll turn on CNN and watch the "news" about the next dreaded disease from Asia that could kill my children (and see Viagra ads at the same time.)
Um ... why does Ou think those researchers should get credit for uncovering a vulnerability in Mac OS X that (Ou reminds us over and over again) they themselves claimed, from the beginning, that they did not uncover?
...
And when did Apple ever "claim that there were no vulnerabilities in Mac OS X"? I am pretty sure that's never been said, at least, not officially. Maybe some employee spoke out of turn, but the company itself has never made that claim. Ever.
I don't know anything about Ou, but these two huge misstatements don't make me trust him
If you think 62 is not a significant number you need to wake up and stop drinking your hippie juice, this represents more than half of windows 2003 product lifetime security bugs. so to put in perspective that is 2 years of MS bugs in a month of research hmmmm yeah keep living in your dream world where 62 bugs is small number for just a couple of guys poking around.
no you need to stop smoking the M$ cock. Microsoft documented well over 476 "critical" bugs of the nature OS X had.
"Slashdot, where telling the truth is overrated but lying is insightful."
Since my wireless connections, on my dual G5 and my TiBook work just fine ..
Although a quick check at Mac Fix It does discuss the problem: http://www.macfixit.com/article.php?story=20070318 234944267
Curious
SteveM
Let me ask you this-
What has Microsoft ever done for the open source community other than to try to undermine Linux?
What has Apple done to support the open source community?
Do technologies like hardware acceleration for X windows, more focus on open standards (Open LDAP, SMB, etc.), make Apple as evil as microsoft?
Jobs is as bad as Gates in some respects, but a blanket statement like this cannot possibly apply in all aspects of their work. Is Bill bad because he is supporting his charity now? Is Steve Jobs bad for spending his own money to make an animation company that produced quality family films? You can't judge on one level- it's simply impossible. Your argument needs better qualification. Saying that you like "open source and community review" will earn you a few karma points on slashdot, but in my book that post was all about "Apple is Evil."
< pinky to corner of mouth >
You seriously don't think 62 is a lot for a a couple researchers to find in one month? This was hardly an extensive complete audit of MacOS. It was what they found in 30 days. Sorry, that just doesn't seem confidence inspiring to me.
Seriously, this whole sorry saga has been hashed and rehashed all over the web. Why should /. give these clowns any more publicity? See John Gruber's blog for an excellent debunking of Maynor, Ellch, and Ou's claims.
Ou continues to be either grossly deceived, completely inept at actually investigating and reporting, or so caught up in his ego that he can't recognize he's been played like a piano.
And an asshat to boot.
SteveM
If this thing is completely related to 3rd party driver , it is a sign that Apple needs to adopt a WHQL like method to certificate third party drivers. I know it would sound bad but they could publicly call users not to use a certain, unmaintained driver which apparently got abandoned by hardware manufacturer.
I know MS one is not that serious but Apple could start from beginning learning from MS mistakes.
It could be more security and performance focused rather than vendor lock in.
BTW I bought a Windows only USB Wireless product by mistake (site error) and I have good clue what driver they may be talking about. If it is the case, it is completely unrelated to Apple really. Also I am not talking about Orangeware etccommercial drivers which are maintained very good.
Well then, I'll do my part for that cause by pointing out Firefox's development process is just as bad as Apple.
Here's a few of my favourite bugzilla bugs, in ascending order of bullshit:
#324253., a cross site XSS exploit which nobody responsible for the code seems to care about.
#45375, a request to make tooltips not cut off at an arbritrary length, which they refuse to fix in Firefox apparently out of spite.
#18574 - The MNG bug... you really have to see this farce with your own eyes. Especially the bit where the asshole in charge of the image code stated that the MNG DLL has to fit within his deliberately impossible to reach size requirements before he'd even consider re-adding it.
How many bugs were exploited?
Did the people posting the bugs with their pompous attitude (as they did with the php, microsoft, and soon to be seen myspace) get the retirement in 6 months on the jobs they were looking for?
If their true and altruistic goal was to have these bugs fixed, well, they did a pretty good job. Too bad I don't believe in altruism through acting like an asshole.
The problem I am talking about first reared its head in the 2007-002 update, not the .9 update (though I have little doubt that it exists there as well.)
I've fallen off your lawn, and I can't get up.
Please, continue to have "Months of Apple Bugs", hell, make it every month! The more you force Apple to patch the more secure my mac will be.
If Apple is just as bad as Microsoft OSs where are all the viruses and zombing? I sometimes leave my Mac logged onto the internet for days at a time. I take a deep breath everytime I log on with an XP system. I run spybot several times a day on my PCs and never have a problem with the Mac. Why all the obsession with degrading Macs when Macs have a history of security? Better to use it as an example to Microsoft why they need to improve their security.
The Mac community seems really histrionic in comparison to Windows...what's the deal here?
Not apple, these idiots that went to all this out of spite.
Way to be adults. I don't mind the results of a more secure OS X, but this was entirely the wrong way to do it. Completely irresponsible and childish. Shame on them.
Comment removed based on user account deletion
Some moron keeps tagging every story with a claim that may or may not be true as FUD.
/rant
Please stop it.
FUD has a very specific meaning. Pay attention - FUD stands for Fear, Uncertainty, Doubt. It is a marketing strategy that spreads, you guessed it, Fear Uncertainty and Doubt about a competitors product. Every statement you disagree with is not FUD. Not every untruth is FUD. Not all FUD is untrue for that matter.
Thank You, that is all.
Nov 14, 2006 was the last time WebKit was updated.
With the latest patches, according to Secunia, Safari has 4 outstanding unpatched advisories, of which the most severe is "Less critical."
By comparison, Firefox 2 has 3 unpatched Secunia advisories, with the most severe also being "Less critical."
IE6 has 20 unpatched advisories, with the most severe rated "Moderately critical." IE7 has 7 unpatched advisories, with the most severe also rated "Moderately critical."
The US free market: two halves of a government-granted duopoly are free to set the market price.
the MOAB didn't discover all of those 62 bugs, they found 31, 6 of which involved 3rd party software.
Live EVERY week... Like it's Shark Week
That is why he gets the spiffy icon.
Was that Apple's security is fantastic! Seriously, they went to all that trouble, asked for submissions, publicised it far and wide .. and that's the best they can come up with? It was like SCO and their "mountains" of code.
.. it would probably turn into a Year Of Windows Bugs, if not Decades Of Windows Bugs. Actually I take that back, there is a Decades Of Windows Bugs, it started in 1992 and it's still going strong!
What was the score again? A couple of crashing bugs, only one of them remote, and that one didn't work 95% of the time (I sure wasn't able to duplicate it). Most of the "Apple Bugs" were 3rd party, and while they were admittedly running on the Apple platform, we can hardly blame Apple themselves for 3rd party bugs. Needless to say they were almost all immediately fixed, sometimes within hours.
The lesson I got from MOAB is that in general Apple's security is excellent. I'd love to see what a "Month of Windows Bugs" would unearth
Let my new 7-digit UID be a lesson to all - write down your passwords.
How hard would it have been to include the URLs?
#324253, a cross site XSS exploit which nobody responsible for the code seems to care about.
#45375, a request to make tooltips not cut off at an arbritrary length, which they refuse to fix in Firefox apparently out of spite.
#18574 - The MNG bug... you really have to see this farce with your own eyes. Especially the bit where the asshole in charge of the image code stated that the MNG DLL has to fit within his deliberately impossible to reach size requirements before he'd even consider re-adding it.
Told you Microsoft was evil! Oh, wait!
"Are there fewer known bugs in Macs? Certainly" Right. The reason is irrelevant.
...or someone who understands that its *nix core is inherently more secure than the NT core.
I can see that you fall into the third category.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
---- Apple's massive marketing campaign would have you believe that on the day your Mac shows up, it will be impenetrable by viruses.
Pragmatically, Macs are impenetrable by viruses, and have been for years.
If you want to counter that argument in concrete terms, by showing a Mac virus with 1/100th the penetration of Blaster, Nimda, Sobig, et al, feel free. If you can't, you'll have to admit that historically, Macs have not been penetrated to 1/100th the degree that Windows machines have.
If you want to make a hard prediction that Macs will be penetrated to N degree within the next X months, go ahead. If not, you'll have to admit that you can't be confident in making such a prediction.
If you want to present evidence that Macs are about to be compromised through a specific vector, trot it out. If you can't, you'll have to admit you don't have any evidence that would support such a claim.
If all you can really bring against the Mac is a pack of abstractions that boil down to, "nothing is perfect," nobody cares. It's a truism that has no practical meaning.
If you want to say something useful about a Mac's vulnerability, put it in concrete terms. Is having your Mac hijacked by malware more or less likely than getting killed in a car crash? Is it more or less likely than dying by falling down the stairs? Is it more or less likely than being struck by lightning? Is it more or less likely than winning the lottery? Is it more or less likely than having a meteorite come crashing through your roof?
If you think it's more likely than any of those things, show me the numbers to back it up.
Cute. If you'd had Windows running alongside another OS for any length of time you'd know which has more security issues.
I OS's I currently use are Windows, FreeBSD, and OpenBSD. Now go somewhere else and pretend you have a clue. I'm sure there are plenty of Linux newbs and mac zealots out there that would love to hear you preach.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
If you've had as many security problems with your *BSD installs as Windows then I'd say you're the newb. Might want to pick up a book or something.
Most folks at Apple I know don't have time for an agenda.
Not only do they lack time for an agenda, they also lack time to support their beliefs with facts. Apple employees seem to take it as a given that OS X is secure, efficient, and user friendly. In fact, there is very little solid evidence that it is better in any of those areas than either Linux or Windows.
Don't get me wrong, Apple makes decent products, but their smugness and lack of looking beyond their own company is not only annoying, it's also going to be bad for the company in the long term.
So secure it doesn't talk to anyone - not even the person who owns it!
But seriously, gotta worry about so many vulnerabilities being reported at once. Must be the tip of the iceberg.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
I thought that Apple's advantage is that it "Just Works". I guess that's out the window now. The world's going to hell in a handbasket...
A house divided against itself cannot stand.
I think MS is unfeeling and ruthless, but Apple with the JobsMonster is far worse.
"They are, and always have been, an insanely brutal monopolist."
In what market does Apple have a monopoly?
"which is why Apple is getting sued by the European Union."
um, no they are not. And what would they be sued for?
"Want to see fair use? Try buying an Apple computer without OS X on it."
I also can't buy a Nokia phone without the Nokia OS in it. Oh the humanity! And why would you want to get a Mac without OS X? What would you gain from that that you couldn't gain from simply buying the computer and erasing the HD? And what does your question have to do with "fair use"? You are not in any shape or form prevented from running some other OS on the Mac.
"The MoAB shattered a lot of illusions"
MoAB was a flop, IMO. They stuffed their numbers by adding bugs in applications that had nothing to do with Apple (like VLC).
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
In short, in a totally open system, things might tend to get locked up by process.
Debian.
Thats all, just Debian and their record on timely releases.
In the free world the media isn't government run; the government is media run.
Do technologies like hardware acceleration for X windows, more focus on open standards (Open LDAP, SMB, etc.), make Apple as evil as microsoft?
Are you saying that Apple have made some contribution to hardware acceleration for X Windows? Maybe on their own platform.
Are you saying that SMB is an open standard and that Apple have contributed to it?
I think you're terminally confused.
What has Microsoft ever done for the open source community other than to try to undermine Linux?
Actually I'm pretty sure that MS have started more open source projects than Apple have. The only Apple one I know of is launchd. I know of at least two MS ones.
I thought Ou had lost all credibility by now. He's biased and stupid. I know that sounds harsh, but for heaven's sake, read his blog posts! He compared Apple to Nazi Germany, not even knowing how to spell Joseph Goebbels ("Joseph Gerbils", I'm not kidding!), and he called Fox using a number he got in a confidential mail from Maynor. I mean, geez!
The people he accuses have gone on the record saying that Fox had not contacted them. Chartier says:
This whole story only exists in Ou's head. Apple orchestrated nothing at all, the "researchers" discredited themselves all on their own, simply by claiming different, contradictory things at different times.
George Ou is nothing but a Troll. Can we please just ignore him?
We have a name for Mac users: poseurs.
But seriously, if you think the colour of a computer makes it better, then that says it all.
America, Home of the Brave.
You can lie about anything, so long as you keep repeating the lie more often and more loudly than those who trying to expose it. That will always work so long as people take what they see and hear at face value, and can't be bothered to look a little deeper.
The higher the technology, the sharper that two-edged sword.
We'll know something strange is going on when rumours of Jobs going out with Vicki Vale appear in the press.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
The big problem is that Maynor has yet to release exploit code or crash dumps for the alleged native hack.
The burden of proof remains on those who claimed the exploit, they've managed to utterly fail to live up to that burden. (Maynor's last demonstration only produced a DoS crash with the lame excuse of not wanting sniffers to get his exploit code for not showing the "pwnage".)
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
"I have a friend in the security community who insists that there was also a lawsuit by Apple against David Maynor because of this incident. But he says he can't give me details because they're still confidential."
I call BS because lawsuits are a matter of public record, so their existence cannot by definition be confidential. Judges can order certain parts of a case to be sealed (and in some rare circumstances all of it) because of confidential content, but the fact that Apple Inc. (or at that time, Apple Computer Inc.) sued David Maynor on such-and-such a date would be in the public records of the jurisdiction where it was filed, even if matters of national security are involved, as for example AT&T are claiming is the case in a current lawsuit. Judges sometimes allow a defendant to use a pseudonym, but this is very rare, and wouldn't be granted because somebody's got a new job.
I'm not going to change your sheets again, Mr. Hastings.
I don't use OS X, so this question isn't as rhetorical as it might seem: Does Apple usually give credit to bugs found?
Avoid Missing Ball for High Score
I'm sorry to chime in with stupid comment. But sorry this is Slashdot so here I go ;-)
I'm sick tired of such "researchers". Back in good old days they were simply called "testers" - and their job was look for bugs localize them and report to developers. Instead of reporting bug all they do is create a "sensation" or "scandal".
Apple might not the best company when it comes to PR (actually probably second worst - right after Sony) but most of the problems gets resolved easily. And even then, most of the time Apple's PR reaction is ... right no reaction. The guys are used to live and work under piles of NDAs and very very rarely talk to press. Or rather they organize events if they want to announce something. (I'd rather give thumb up to Mac fan boys for smoking the so called "researcher" into clear. Because that what I believe took place.)
Rise of Internet unfortunately attracted hunters for cheap publicity. And most of the so called "security researchers" are fit right into the category. They relate to research equally as e.g. Britney Spears relates to music.
P.S. Disclaimers: Ex-Mac-owner. Linux developer. And yeah, I know how to write secure programs and what QA is.
All hope abandon ye who enter here.
I am the worst (or best, depending on your point of view) kind of Apple apologist, but any attempt from any company to stifle, ignore, or deny security research is not just silly, it is reprehensible. Companies with products where security is a concern should always respond with acknowledgement of the research, credit to the researchers, and evidence proving the validity of the claim either way. Then, of course, release a fix in due time if necessary. These same corporate entities ask for courtesy from the security community in notifying them first of problems, but yet many still react negatively to this valuable community-provided service. For those who behave properly, this restraint should be afforded. For those who respond as Apple have done, the appropriate response is, I think, exactly what happened: a flurry of publicized of exploits without prior and exclusive notification. Proceding in this fashion creates an incentive to take security concerns seriously and disintentives to burry them.
Why bother.
Apple did what I would expect, and as someone that owns Apple stock I would want them to do. Their image and name was being slandered and they defended themselves. And if they are being honest, they took on the costs and did their own audit, found bugs and patched them.
To this day, no exploit has been demonstrated reliably against any hardware by these guys, this is a fact.
To this day, no proof that Secureworks or these two researchers gave any information to Apple or had any contact with them prior to the media campaign has been shown. This is a fact. No crash dumps, no emails that were sent, nothing, no response from Apple, nothing. Just words against words. I'm not saying that there aren't bugs, just that the claims made by these researchers that they were pressured aren't backed.
To this date, no evidence of any threat of a law suit has been shown by either side.
So far we simply see an email from Apple's PR people (go figure, this is a fucking PR campaign) expecting clarification.
"MP3 players and online music sales?"
Nope. They are the biggest player in those markets for sure, but that does not mean that they are a monopoly. There's practically nothing that would tie me to an iPod, I could easily buy some other player instead. And there are several other music stores that sell more or less the same content as ITMS is selling, for more or less similar prices. So what's the problem here?
Is there a ruling by a court of law that states that Apple is a monopoly? I don't think so.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
The point I take from this is that Apple at least patched their stuff. Unlike some other vendor(s) who let their products go for >3 months with exposed security flaws.
Those who have telepathy have no need to RTFA.
"In what market does Apple have a monopoly?"
u nes/2100-1041_3-6166226.html
Any market they can get a foothold in. Currently that seems to be online music (at least to the same extent that MS ever had a monopoly.) For most of us Apple = MS without the success...
"um, no they are not. And what would they be sued for?"
I don't think they're getting sued, but the EU has been putting pressure on the iTunes store for some time.
http://news.com.com/EU+takes+aim+at+Apple+over+iT
"I also can't buy a Nokia phone without the Nokia OS in it. Oh the humanity! And why would you want to get a Mac without OS X? What would you gain from that that you couldn't gain from simply buying the computer and erasing the HD? And what does your question have to do with "fair use"? You are not in any shape or form prevented from running some other OS on the Mac."
1) Maybe I already own the OS and I'm disposing of my old Mac? If you believe that the price for the OS isn't built in to every Mac sold then I have a bridge that I'd like to sell you.
"MoAB was a flop, IMO. They stuffed their numbers by adding bugs in applications that had nothing to do with Apple (like VLC)."
It was a flop because you drank the cool-aid.
Good point. EXCEPT.. Nobody uses Mac OS =9 anymore. Also, maybe this fact you mention says something about the awesome security of Macs :)
Change is certain; progress is not obligatory.
"Any market they can get a foothold in."
Every single company wants to get as big market-share as possible. But, as it happens, Apple has no monopoly in any market.
"Currently that seems to be online music (at least to the same extent that MS ever had a monopoly.)"
Nope, Apple does not have a monopoly there. Besides, MS has been REPEATEDLY found to be a monopoly by various courts of law. There has been no such judgement passed about Apple.
"Maybe I already own the OS and I'm disposing of my old Mac? If you believe that the price for the OS isn't built in to every Mac sold then I have a bridge that I'd like to sell you."
So, you basically want to get a Mac for less money and without OS X? And since you can't, you complain? Well, I want to get a phone without OS as well, but I can't. Why aren't you complaining about that? Or how about your mp3-player, it shipped with OS as well? Can you get a Dell without OS?
What is Apple sold macs without OS but at the same price? How would you determine the amount of money Apple should discount their machines without OS? And why should Apple sell computers without OS?
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
Apple sells the hardware and the software as a single unit. Don't like that? Well, there are dozens of other companies that are willing to sell you computers, some of them might even sell you a naked PC. so what's the problem? Because you want some specific computer? And I want a pony.
And, like I said, why aren't you guys whining because there are LOTS of equipment that come bundled with software, and the two can't be separated? If I want to buy a Nokia E61, I'm absolutely required to buy the Series 60 OS with it. Why isn't that unfair? And how would you determine the cost of the software in a hardware/software-combo? Apple basically sells products that are composed of hardware (the computer) and software (OS X and iLife). And you are now getting all annoyed because they are not selling you the product that you want. Well, tough. Can't please them all.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
This has the same stench as that retard Paul Murphy (really Rudy de Haas).
Let's see, Microsoft pays for: fake TCO studies, fake benchmark studies, pro-msft bloggers, fake journalists like Enderle, fake think-thinks like AdTI, and astroturf campaigns; amoung other things.
Frankly, I no longer believe any pop-media blog, or article, that is pro-msft, or anti-msft-competition. Msft has too much media influence.
Something to do with the price of OS X being included in the price of the mac itself? I seem to recall seeing several other topics (among many others) where, in the discussion, people get VERY uppity about having to pay for windows to be included on their machines.
I really don't understand how our educational system could have failed this badly. Really. I can understand that maybe schools don't teach economics at all. I can understand that they don't teach formal logic or decision making. I don't really understand how so many people can make assertive statements about monopolies without looking up the word and understanding both what a monopoly is and what the law forbids it from doing and why. Is it not simply common sense to understand at least on a very basic level the topic you're discussing? Most of the people here don't even seem to know what a monopoly is, let alone why someone would complain when a monopoly takes an action, but not when a non-monopoly takes the same action. I really and truly hope a lot of people here are paid by MS to confuse people, because the alternative is even worse.
For the jillionth time I'll explain monopolies and bundling. It is legal to bundle products and services in a free market. It is legal to become a monopoly. It is illegal to bundle a product or service you have monopolized the market for, with another product or service from a pre-existing, separate market.
In this example it is legal for Apple to bundle computer systems and operating systems and applications and toasters if they feel like it. They have a monopoly on none of these markets. MS has a monopoly on desktop OS's. They can sell bundled mice and toasters and cheese if they want, but they cannot sell any bundle that includes a desktop OS.
Why? The reason a monopolist is forbidden from bundling in that way is simple, power. Monopolies combined with tying or bundling give a monopolist the power to break capitalism for profit. They can undermine our economic system and prevent the innovation, low prices, and variety that are the main advantages of capitalism. Monopolies take all the worse aspects capitalism and combine them with all the worst aspects of extreme socialism.
Ethically is it legal to forbid actions based upon how much power someone has. For example, is it ethical to pass a law that says anyone who used an enlarging ray to make themselves 10000 feet tall is forbidden from walking downtown? Just because they have the power to crush people and buildings underfoot, should they have fewer rights? In my opinion, yes. With power comes risk to society and responsibility for that power.
Monopolies are 10000 foot tall companies that have the power to undermine capitalism. For a simple example, suppose I have a monopoly on electrical power distribution. I own the lines and the law restricts that to one company per geographical region for the sake of safety. Well and good. Being a monopoly is not illegal. Now suppose I want to go into the cheese selling business. I already have a customer base. If I stop selling electricity by itself and only sell a bundle of electricity + a month's supply of cheese for $30 more than I was selling just electricity, what will happen? Well people need electricity. A few might buy generators and try to make their own, or try to go without and heat with wood, but in general everyone will still buy electricity and with that they will buy my cheese. So now everyone has this cheese. Are they going throw away the cheese and go to the store and buy different cheese? What about families that can't afford that extra $30, they'll substitute it even for other food. So cheese sales from other places goes to hell and stores stop carrying it except specialty shops (think Apple) and the entire cheese market is taken over. So there were people out there making better tasting cheese that cost less to produce and they went out of business because of this action. Is that right or good for anyone? And what motivation do I, as the electricity
Golly, maybe it's because Microsoft is not a PC maker, and Dell (eg) is not a software maker? Man, some of you nitpickers really go overboard.
It doesn't mean much now, it's built for the future.
Are you talking about this:
a lifornia_judge
http://www.ehomeupgrade.com/entry/2095/northern_c
??
Because there's basically nothing in the ruling of the judge that says "Apple is a monopoly". It just says that the plaintiff (Thomas Slattery) can proceed with the lawsuit where he accuses Apple of being a monopoly. THAT is the lawsuit which determines whether Apple is a monopoly or not.
So no, California does not think that Apple is a monopoly. Some guy in California does, and the courts just told him that "yes, you can proceed with your lawsuit".
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
This is the idiot who compared Apple to the Nazis and "Joseph Gerbils." What a maroon!
"In theory it's possible they're trying to settle this outside of court first."
If it's settled without ever going to court then there's no lawsuit. There's a big difference between _threatening_ somebody with a lawsuit, and actually suing them.
"I find it unlikely with Apple, they seem ready to goto court on anything."
They go to court on anything they think they stand a reasonable chance of winning. However, in this particular case, it's difficult to see what Apple could sue any of these people for, let alone have any likelihood of winning.
I'm not going to change your sheets again, Mr. Hastings.
It's only a matter of time, my friend. And don't think Apple isn't scared right now.
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
So the state of California doesn't thing Apple ISN'T a monopoly.
No, that's also wrong. What California thinks is that there is nothing so terrible about how the case is laid out that they will let him try - they could easily do so even the state of California was 100% sure Apple was not a monopoly. It's quite different than saying his case actually has any chance of success.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Ok, I just saw the video. Attacker, victim, third party wireless card, interact with bytecode device driver. Oh and I notice that the video is sponsored by - Microsoft.
But what did they expect to happen. Why didn't they first privately inform Apple and then if no action was taken go public. Two security researchers in search of the glory announce an Apple exploit. The Apple PR dept goes into overdrive and spins the issue. What did you expect from the PR dept of a major corporation - the truth. Welcome to the real world.
davecb5620@gmail.com
First, I'll admit that I didn't specify OS X. I referred to it indirectly by saying, 'has been for years', but I can see how a person could read that another way. My bad.
That said, though, critters like the WDEF virus weren't exactly a 'plague' in terms of distribution or severity. They were sparse and relatively benign. They existed before the internet became the major conduit for passing information between computers, and could only propagate via physical media. That put some serious limits on their speed of propagation. In fact, it puts them in the category of exploits that only propagate through direct action of a human with physical access to the computer, and there's still some debate on whether to put such exploits in the same category as full-auto viruses like Blaster &co.
When it comes to full-auto viruses, the Mac's reputation for security goes well back past OS9. Remember the 'Hack a Mac' contests back in the late 90s? The only reason anyone managed to win was by taking advantage of a bug in a third-party script running under the webserver. To the best of my knowledge, there was never a successful exploit against the Mac OS in its out-of-the-box configuration. In point of fact, many military sites used pre-OS-X Macs for webservers specifically because they had such a good reputation for being uncracked.
(And just for context, this took place at the same time people could BSOD a Windows machine anywhere on the internet by sending it The Ping of Death)
Hey, who modded my previous entry to troll. I didn't say anything worse than the parents/grandparents, and at least I wasn't an anonymous coward.
America, Home of the Brave.
What I don't get is why people concentrate on the irrelevant issue of wether a driver works or not. The article was about Apple bullying researchers, using odd legal tactics to prevent truth about their vulnerabilities for surfacing and hiring bloggers to cover their tracks. If Microsoft had done this, it would be on front page on the newspapers, and the first item on Slashdot would be "Microsoft Bullying Security Researchers". But this is Apple, so it is probably OK for them to do it.
I find it interesting that you believe a server OS can be compared to a desktop OS on par. I guess you don't since you are trying to mask your comparison of apples to oranges with rude insults. When it comes down to it 62 bugs is nothing in a desktop environment that demands free and open usage; more so now that they are all fixed. Servers are a completely different story and no matter how much FUD or insults you throw you cannot change that.
I ate your fish.
Macintosh Computers
(Hey, if you can exclude Macs as being in a different market in order to make MS a monopoly.. it cuts both ways)
Um, SMB was made by Microsoft, and Active Directory uses LDAP.
MoAB was a flop, IMO. They stuffed their numbers by adding bugs in applications that had nothing to do with Apple (like VLC).
While true that the attack vector was on a 3rd party application, the bug allows for arbitrary code execution. This is something that the OS shouldn't allow. So it IS still an issue with OSX. When the flaw is exploited, OSX is more than happy to run injected code, now it seems to me that when this happens on windows everybody points the finger at MS, does the reality distortion field really reach this far?
Anyone who's nailed an El-Ed major understands it.
The Independent: Reverend Spooner Arrested in Friar Tuck Incident - ISIHAC, Historical Headlines
Good points in regard to the original post. I'm on the fence. I see advantages to open (now mistakenly attached to MS which is now draconian in practice and NOT open) standards VS closed (presumably Mac). SO I'll leave opining to others.
Congratulations. Your post is so stupid it make me spill my soda while laughing out loud at what a moron you are. You obviously don't know what a monopoly is, but you somehow assume you know better than all the lawyers and economists in the world and for some reason your uninformed opinions must be correct. I actually read your post twice looking for the "ha ha I'm kidding no one is really this dumb" comment. Comedy gold.
That is to be decided by the court, and not by the state. And that particular lawsuit has not reached it's conclusion yet.
Why? Because some AC on
And Nokia is a monopoly, since they do not allow anyone to make clones of Nokia-phones. Rrrrrright.
The MS antitrust-trials? It was discovered that MS blackmailed OEM's to not ship Netscape. Microsoft also pre-installed IE with their OS, completely saturating the market. And two separate courts found that to be ILLEGAL and MONOPOLISTIC. But I guess that just pales in comparison to Apple who dares to *drum roll*: sell a computer and an OS as a coherent whole! How dare they?!?!?! Yes yes yes, no court has found Apple to be a monopoly, but they ARE! Since this AC on Slahdot says so!
First, I do believe that the price is $129, not $150. Second: if you feel that the new version of the OS doesn't give you anything worthwhile, you are in no shape or form required to buy it! So what the FUCK are you blathering about! "Renting software"? That would imply that the software stops working if the user does not pay. Well, there are lots of users who do not pay, and their software is still working fine.
I did not say that, you fucking retard. What I asked was that what would buying a Mac without OS give you that you wouldn't get from simply wiping the HD. I never implied that "Getting a Mac and not running OS X? That's retarded!". Hell, I have used my Mac Mini as a Linux-server, so I HAVE used something else than OS X on a Mac. And if you want to run WIndows on it, go right ahead. I have no problem with that. But since you apparently hate Apple and everything they do, why would you actually want to buy one of their products? It just boggles the mind!
Jesus, am I really wasting my time on this shit?
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
And Dell has a monopoly in Dell-computers. Duh!
But seriously, Apple is no more a monopoly than Nokia is. Yes, Apple sells hardware and software as a single unit, and some might say that that's a monopoly. But it's not. If it were, then ANYTHING that shipped with such a bundle would be a monopoly. But they aren't. Nokia E61 + Series 60 3rd Edition form a coherent whole, like Mac + Mac OS does. But that doesn't mean that Nokia is a monopoly, since there are loads of other phones the consumer could choose from. And Apple is not a monopoly, since the consumer is free to choose some other computer instead.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
What book teaches how to have less than zero security problems? Can I get it on Amazon?
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
I'm not suggesting that they go on a death march for every trivial bug. That's unreasonable. (Although I would like them to notify users of workarounds for all known issues, even the seemingly trivial ones, or at least note their existence somewhere.)
But here's the problem when you don't have any public disclosure, and you're laboring under the impression that nobody outside of the company knows of the bugs. Let's say you get in four trivial bugs, and one critical vulnerability. There is a lot of temptation -- and I have seen this happen, over and over, in places where I work -- to fix the trivial ones first and let the big whopper sit a while until everyone has "cleared their desk." That way, you make your metrics look good, which makes the PHB happy, etc. Then when everything else is done, work gets started on the big problem.
That's not really the best outcome for users, because unless the vulnerability was discovered internally, I just don't believe that it's really "undisclosed." Somebody knows about it, and the fewer people know about it, the more of an advantage they have, and the more tempting it's going to be for them to abuse it (either auction it off or use it directly).
So I wouldn't want a vendor freaking out every time anything comes in, but I do want them to feel like there's at least as much of a gun to their head, as there is to mine as a user, when something critical comes in.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
"There has been no such judgement passed about Apple."
Yet
I was just kidding.. I don't think Apple has a monopoly on computers. I also don't think Microsoft has a monopoly anymore either. OSX is a viable alternative.
And thanks to them, the 10.4.9 update was rushed out the door and more complicated than it needed to be.
Many people had problems with their system not booting after appying the update. In my case, the system drive's file system had unrecoverable errors after the update installed. Say goodbye to my data.
Yes, anything really important was backed up, but I still lost a little bit and I still have to spend a bunch of time reinstalling and recovering my system to the point it was before the update.
I'm so glad to hear that the reason may be that a few people were too childish to get along, so they resorted to fighting in the public arena and in court over the security and stability of OUR systems.
Grow up for fsck sake.
KF?
LMH?
C his own A?
WHAT?
the hottest music podcast on the block
Uh, if you've dealt with exactly zero problems on your FreeBSD boxes, then you have a rather vulnerable box. The BSDs are good, but they aren't THAT good.
I'm defining a security problem as some type of breach. Your definition is obviously different. For the record, the last security issue I had with Windows was in 2001, when a worm hit my box via a remote exploit in Trillian, but I had never used any of the BSDs at that time, so I didn't count it.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
I still blame Apple for the poor quality of the update.
Change is certain; progress is not obligatory.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
http://news.com.com/EU+takes+aim+at+Apple+over+iT
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
10.4.9 is a major security and bugfix-type upgrade. I first, I just noticed that things went very fast. Then, I noticed that Photoshop wouldn't open a jpg. Uh-oh. Well, most of the stuff in MacFixit that isn't "reapply the combo updater," is "clean cache and dump prferences. So I ran Applejack, my freeware of choice. Ta-da. Evidently, the caches that were tossed were clogged. Works like a charm. I haven't noticed a single problem since. Sorry if that sounds gung-ho or something. It's just true.
In fact, one of the best "worry-bead" sites is MacFixit. Predictably, when people go there, they've got a problem. Things can break, after all. If you haven't tuned up your system in six months, some permission may be set wrong. You could have a corrupt font or a corrupt cache -- something that impedes a clean install of the update. Get Disk Warrior. Run Disk Warrior. Run Applejack. Unplug all USB and Firewire. All peripherals, just to be safe. Reinstall the whole thing from the combo updater.
If you base your idea of how much trouble a certain upgrade is by who's complaining at MacFixit, you're making a huge statistical error. The people who go there go there because they have problems. It's like an Internet poll: it's a huge sampling error. If you did a survey on heroin addiction at three in the morning outside a clean needle dispensary, you'd think everybody was an addict.
The other day, talking about politics, somebody said, "ALL the people I know are voting for Obama. How come Hillary is ahead in the polls?" Well, that may be true for your friends, but that is stunningly dumb for an intelligent person.
AC, perhaps you misunderstood my use of contrast to provide emphasis on my point. Otherwise, you have shown nothing but a disposition to level personal attacks. As you are clearly better informed and possessed of superior reading comprehension skills, care to enlighten me by offering any support to your claims?
Why bother.
Spot on for the first observation, but a wag of my finger for the second, since it shows you didn't read or understand the post to which you replied.
LDAP is a protocol; Active Directory supports it, it's true. Open LDAP, which is what the parent post was talking about, is a product.
The parent's examples were poorly picked, but their point remains quite solid. Comparing the relative track records of Apple and Microsoft, one can see that Apple has been much more supportive of open standards and technologies in recent years. Microsoft has adopted some standards, but has either done very little to contribute back to them, or (worse) has "extended" them in proprietary ways.
Apple, on the other hand, has made community contributions back to code bases (like WebKit), and has generally been a good citizen when it comes to supporting and refining open standards and technology. They aren't perfect, and there are certainly other organizations that do even better (Ubuntu springs to mind). Still, what they do should be rewarded and encouraged, because Apple has demonstrated that it listens to constructive criticism better than most companies.
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
So you are actually claiming the history is false? And that all the evidence is made up? And that the guys went later and changed the information they published origianlly (and that lots of people read) and no one noticed? And that Apple cant be possibly responsible of misbehavior? You've ben certainly brainwashed. Seriously.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck