I'm starting to think that problem may not be Apple at all....
From Krebster's interview of Maynor
BK: But you're saying in addition to this you've found multiple problems? You're saying that in addition to this flaw [present in the Macbook drivers] there were three others that you've been able to find?
Maynor: Right.
BK: And, so I'm clear: Two of [these] were Windows-based, one Linux-based, and one of those Windows exploits is actually in a third-party external wireless card designed for Windows?
What Mac users want to know if the exploit is for the built in airport. Maynor/Ellch have said it's only for a 3rd party card, which affects maybe in one in a 100,000 mac users (intel mac with atheros chipsets that have a particular third party USB card attached). But they can't say anything until they fix these three other flaws, which could really take a while....
As they said, there's no such thing as bad publicity....
Glenn:
I have a lot of respect for your views on this -- your reporting on the issue has been very sane.
Going back and looking at exactly what Maynor told Krebs is helpful:
Yes, it's a device driver. The thing is, there's a flaw in the OS, but I don't want to specifically point to it, so in the video you'll see I used a third-party USB device. What I'm trying to do is highlight the problems in device drivers themselves, not any one particular flaw. [Maynor misspoke here, and I later clarified this point with him. The wireless device driver that powers the internal wireless card on the Macbook contains flaws that -- when exploited -- give the attacker the ability to create or delete files, or modify system settings. The flaw is in fact in the Macbook's wireless device driver, which is made by a third party. So again, to be clear, the flaw is not, as he suggests in the transcript of this interview, in the Mac OS X operating system itself.]
So, really, we don't know what Maynor told Krebs because Krebs is covering himself up with the "misspoke" clause. I blame Krebs. It's very possible that Maynor felt burned by Krebs's story and that's why he is refusing to talk with Krebs, which gives Krebs space NOT to retract his story and say he got it wrong.
I'm really starting to think the demo had a lot of "shortcuts", but if it wasn't for Kreb's introduction on the exploit being done on the native Airport hardware, and his "cigarette" quote the story would be going to sleep....
The reason it is critical is, to quote Dave Maynor, "No, normally most Macs come with a built in Airport card, so you really don't have much use for a third party wireless card."
I suspect Maynor said it to Krebs in a "joking" manner, and that Krebs, knowing it would make good copy, put it into his final posting. Which could also explain why Maynor/Ellch stopped talking to Krebs after the story broke -- they are a bit mad at him for throwing that in there.
Maynor is right -- Apple should get a new actor to play that dude in the ads -- he was annoying in Dodgeball and is annoying now.
But got to go back to the point -- is Krebs going to retract his claim that this exploit can be done on the native airport hardware and driver?
Well, what really set the stuff ablaze was the "cigarette in the eye" comment.
What puzzles me is I can't find where that came from.
In Brian Krebs's first article, he says:
http://blog.washingtonpost.com/securityfix/2006/08 /hijacking_a_macbook_in_60_seco.html
""We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said. "The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market."
Now everyone else who quoted that was just referring to Kreb's article. Did anyone actually hear (besides Krebs) Maynor make this statement? Why did only Krebs report it? Did he make that quote up? Maynor is appartenly a Mac user himself.
If the MacBook in the video was really hacked as SecureWorks says, then it has to be a USB part -- MacBooks don't have ExpressCard slots.
Apple doesn't support any USB 802.11 adaptors.....why would Apple presure them if the flaw was only in the USB...
My growing sense is they found a minor flaw in a USB driver but then faked the demo (for simplicity's sake) or faked the private demo to Brian Krebs. Or Krebs just made the whole thing up....
OK, they are under heavy "legal" pressure by Apple.
So the bug belongs to Apple -- and not to the third party wifi driver that the video shown at Blackhat refers to?
Let's be clear -- the problem is not Maynor and Ellch. It's the reporting on this -- starting from Brian Krebs at the Washington Post.
http://blog.washingtonpost.com/securityfix/2006/08 /hijacking_a_macbook_in_60_seco.html
Slashdot Mirror
I'm starting to think that problem may not be Apple at all....
From Krebster's interview of Maynor
BK: But you're saying in addition to this you've found multiple problems? You're saying that in addition to this flaw [present in the Macbook drivers] there were three others that you've been able to find?
Maynor: Right.
BK: And, so I'm clear: Two of [these] were Windows-based, one Linux-based, and one of those Windows exploits is actually in a third-party external wireless card designed for Windows?
What Mac users want to know if the exploit is for the built in airport. Maynor/Ellch have said it's only for a 3rd party card, which affects maybe in one in a 100,000 mac users (intel mac with atheros chipsets that have a particular third party USB card attached). But they can't say anything until they fix these three other flaws, which could really take a while....
As they said, there's no such thing as bad publicity....
Glenn: I have a lot of respect for your views on this -- your reporting on the issue has been very sane.
8 /the_macbook_wireless_exploit_i.html
Going back and looking at exactly what Maynor told Krebs is helpful:
Yes, it's a device driver. The thing is, there's a flaw in the OS, but I don't want to specifically point to it, so in the video you'll see I used a third-party USB device. What I'm trying to do is highlight the problems in device drivers themselves, not any one particular flaw. [Maynor misspoke here, and I later clarified this point with him. The wireless device driver that powers the internal wireless card on the Macbook contains flaws that -- when exploited -- give the attacker the ability to create or delete files, or modify system settings. The flaw is in fact in the Macbook's wireless device driver, which is made by a third party. So again, to be clear, the flaw is not, as he suggests in the transcript of this interview, in the Mac OS X operating system itself.]
http://blog.washingtonpost.com/securityfix/2006/0
So, really, we don't know what Maynor told Krebs because Krebs is covering himself up with the "misspoke" clause. I blame Krebs. It's very possible that Maynor felt burned by Krebs's story and that's why he is refusing to talk with Krebs, which gives Krebs space NOT to retract his story and say he got it wrong.
I'm really starting to think the demo had a lot of "shortcuts", but if it wasn't for Kreb's introduction on the exploit being done on the native Airport hardware, and his "cigarette" quote the story would be going to sleep....
The reason it is critical is, to quote Dave Maynor, "No, normally most Macs come with a built in Airport card, so you really don't have much use for a third party wireless card."
7 -of-brians-watch.html
http://briankrebswatch.blogspot.com/2006/09/day-1
I suspect Maynor said it to Krebs in a "joking" manner, and that Krebs, knowing it would make good copy, put it into his final posting. Which could also explain why Maynor/Ellch stopped talking to Krebs after the story broke -- they are a bit mad at him for throwing that in there.
Maynor is right -- Apple should get a new actor to play that dude in the ads -- he was annoying in Dodgeball and is annoying now.
But got to go back to the point -- is Krebs going to retract his claim that this exploit can be done on the native airport hardware and driver?
David Maynor was the one in the video, and the one sticking cigarettes into Mac user's eyes...ouch. That hurt.
Well, what really set the stuff ablaze was the "cigarette in the eye" comment. What puzzles me is I can't find where that came from. In Brian Krebs's first article, he says: http://blog.washingtonpost.com/securityfix/2006/08 /hijacking_a_macbook_in_60_seco.html
""We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something," Maynor said. "The main problem here is that device drivers are a funny mix of stuff put together by hardware and software developers, and these guys are often under the gun to produce the code that will power products that the manufacturer is often in a hurry to get to market."
Now everyone else who quoted that was just referring to Kreb's article. Did anyone actually hear (besides Krebs) Maynor make this statement? Why did only Krebs report it? Did he make that quote up? Maynor is appartenly a Mac user himself.
If the MacBook in the video was really hacked as SecureWorks says, then it has to be a USB part -- MacBooks don't have ExpressCard slots. Apple doesn't support any USB 802.11 adaptors.....why would Apple presure them if the flaw was only in the USB... My growing sense is they found a minor flaw in a USB driver but then faked the demo (for simplicity's sake) or faked the private demo to Brian Krebs. Or Krebs just made the whole thing up....
OK, they are under heavy "legal" pressure by Apple. So the bug belongs to Apple -- and not to the third party wifi driver that the video shown at Blackhat refers to? Let's be clear -- the problem is not Maynor and Ellch. It's the reporting on this -- starting from Brian Krebs at the Washington Post. http://blog.washingtonpost.com/securityfix/2006/08 /hijacking_a_macbook_in_60_seco.html