This on-again / off-again storyline surrounding the infamous
MacBook WiFi hack has us all in a bit of a whirlwind, but it looks like the responsible party is finally coming clean. David Maynor, who is now the CTO at Errata Security, broke the silence regarding the questionable WiFi
vulnerability that he claimed existed in Apple's MacBook by actually demonstrating his findings in front of the crowds at the Black Hat DC event. The meddlesome duo elicited all sorts of backlash from Apple after the story surfaced, and a showing at the ToorCon hacker convention in San Diego was actually axed after Cupertino threatened to sue Maynor's now-former employer, SecureWorks. Yesterday, however, Maynor streamed rogue code from a Toshiba laptop while his
MacBook (running OS X 10.4.6) scanned for wireless networks; sure enough, the laptop crashed, and he insinuated that the code could actually be used to do far worse things, such as control functions of the computer -- but interestingly enough, it wasn't noted whether the MacBook's WiFi adapter was
Apple's own or of the third-party variety. The angst still felt by Maynor primarily stems from Apple's outright denial of his claims, only to provide an elusive patch that fixed the issue in OS X 10.4.8, essentially making its operating system more secure without giving David his due credit. Mr. Maynor also said that he would no longer attempt to work with Apple and wouldn't report any further findings to them, and while most Macs have certainly done their duty and upgraded to the latest version of OS X, users can reportedly expect a public release of the rogue code to hit the web soon.
posted Mar 2nd 2007 1:58AM
Yes! Instead of WinNuke95 it is now MacNuke07!
So I'm assuming the author of the article forgot Apple's press release about the 10.4.8 security update included fixes for vulnerabilities found by an internal audit sparked because of the fiasco and not the one Maynor has supposedly found.
Of course, not unlike the famous "you can't fire me, because I quit" time-line manipulation technique.
So in other words there is a good chance this will only happen to me when I'm using the redundant linksys USB wifi adapter instead of my built in wifi?
I won't deny that OS X could have a security flaw, but when it comes to "putting your money where your mouth is" this guy sure is stick it up his arse.
Apple and it's user always use the security issue. Just go through Apple forums and Apple Ads. No, he didn't stick up his Ass, he stuck it up Apple's Ass who kept deny his claim.
It also show the nightmare MS has to go through managing hardware and thousands of configerations from different companies, but that's how they their business is base on. Apple has way easy.
why was he running 10.4.6? i thought 10.4.8 has been out for a while.
Because at the time of his exploit 10.4.8 was not released. The release of 10.4.8 was to resolve this exploit.
He hasn't actually proven his claim to anyone. He has yet to provide full details on this hack. His reasoning for not revealing full details was to protect from others using the hack, but if he's pissed off at Apple, why doesn't he stick it to them by proving that he's right and making this whole thing open. And how is Apple taking the easy way a bad thing? You'd rather companies compromise users in order to make money? I'm not saying that Apple is perfect, and I'm not saying that there OS can't be hacked, but I am surprised that people are so worked up over Maynor's jack-ass behavior.
"It also show the nightmare MS has to go through managing hardware and thousands of configerations from different companies, but that's how they their business is base on. Apple has way easy."
MS chose that business model. I dont say poor MS they have to support all this different hardware cuz they chose to support that. Apple Didnt. Apple has it way easier because they avoided that situation.
So, should I be shitting my pants or not?
Why can't the guy just say if he can do it to a stock mac with no additional wifi adapters or not? It would put all this debate to rest and allow Apple and the users update and fix the problems.
You only assume it's "Maynor's jack-ass behavior" and you don't know that he hasn't "actually proven his claim to anyone", Alex. He simply hasn't made sufficient information on his claims public. There could be many reasons for that including being threatened with litigation.
I find it interesting that people are not only willing but eager to make up facts when a claimed security threat is made against Apple. No other platform would receive such a response yet it's Apple users who ultimately benefit from any fixes that may come. All this is more proof that the Mac is more than a computer, it's a belief system.
If I remember correctly this hack is reliant on a macboook using a third party wi-fi dongle....when wi-fi is already integrated! Its nice to see its possible but realistically there is very little to get excited about.
the guy just sounds like a tosser who needs a hug, what a wanker
If you find anything wrong with our OS, Im gonna sue your ass.
(LOL)
This fellow was just trying to get his 15 minutes of fame, he didn't even deserve 5 minutes, though.
INCONCEIVABLE!!!!!!!!!!!!!!!!
You keep saying that word and I don't think you know what it means.....
He's a child. He feels that he was wronged, so now a "security" guy is going to publish rogue code to the web. Gee, such a man of integrity. His family must be so proud.
Lesson: If you find a flaw and a company denies it exists, post ALL of your proof THAT DAY and prove them wrong - or just shut up.
At this late date, I'd (generally) have the latest OS and wouldn't care less about vulnerabilities in older versions.
"NHAnimator @ Mar 2nd 2007 8:17AM
At this late date, I'd (generally) have the latest OS and wouldn't care less about vulnerabilities in older versions."
That's fantastic!!!
I assume this means we can ignore any 2k or xp vulnerabilities that are discovered, right?
"Nearly two months later, however, Apple released Mac OS X 10.4.8, which fixed the problem demonstrated at Black Hat, Maynor said Wednesday."
OK, common sense tells you to take every upgrade Apple gives you, why is this story relevant? You know, I remember my Quadra used to crash all the time, maybe you guys should do a story on the flaws in OS8.
I'm not sure if "trying to find and not to fix" vulnerabilities isn't considered hacking which is a felony.
@craig - you could almost say the same thing about PC users who read this board. I tried posting legit reasons for owning a mac and people came out of the woodwork to slam my comment with no evidence of their claims. They got all over me and others for pointing out the good and bad of both OSes from a users point of view. Someone even said I was "dumber than dirt" for praising the integrated Final Cut Pro and that a real professional video editor wouldn't use that program. That's a belief system if they are that blind.
Go ahead and release your "exploit", man. Let's see how many are affected by it. If it's a catastrophe, then you made your point, otherwise, stop whining.
what's hilarious is how easily the macbots switch between "We're gaining market share, honest!" to "Let's see how many people this really affects".
Good thing that apple's operating systems never take off, eh?
I happen to actually know Maynor and have seen him through this entire ordeal, so why dont you folks who know less than nothing about vulnerability detection, assessment, and disclosure shut up and listen. The hack works. AND tt works against Mac's NATIVE wireless card. The third-party card Maynor used to demo the problem was done precisely to save Apple some disgrace and to illuminate that this problem is NOT an EXCLUSIVELY MAC problem. Why do this? Why try and save Apple the shame? Because at the time, Maynor was HELPING Apple fix the problem, and they were being receptive. You don't just dump vulernabilites out in the wild- this is ethical disclosure. However, at the time he was only
dealing with Apple engineers. The "internal audit" that Apple did that resulted in the fixes was nothing of the sort- Maynor did all the work and handed it over to them and they claimed they did it. Unfortunetly, as soon as Apple PR (specifically, Lynn Fox) found out that engineering was dealing with an outside source who had found a GAPING security hole they shut it down and denied everything. SecureWorks- Maynor's employer at the time, was too scared of pissing off Apple (who were threatening all sorts of lawsuits that had no teeth) to do anything and thus prevented Maynor from defending himself. So, after he went out of
his way to follow ethical disclosure guidelines, Maynor was called a liar and had his reputation toyed with by a vindictive company. THAT is why he now says he will use full-disclosure without Apple's say-so. Apple has acted in bad faith and cannot be trusted. If you doubt that this hack is real- email Maynor via his new company at Erratasec.com and he will be happy to discuss it with you. So quit talking out of your asses, those of you who have never reverse
engineered code in your life or disclosed an OS vulnerability.
Maynor's negative reception in the Mac web he brought on himself. You can't simultaneously claim that Apple's advertising makes you want to jab lit cigarettes into the nearest Mac user's eyes *and* claim that your motivations were aboveboard. Maynor's negative press is entirely his own fault. If he actually had good intentions, he'd not have gone to all the trouble to hide whatever the hack actually entailed. When Apple didn't respond in whatever he may have considered a timely manner, he'd could have simply published enough details of the exploit to make a fix possible. He chose not to do that. He chose to insult the user base and then try and claim he wasn't interested in attacking Mac users. He chose to make unsupportable and very likely outright false claims about a supposed PR smear campaign coming from Apple - when most Mac users rightly recognized that the negative PR around the two was entirely the result of their own actions and their childish attitude.
w00t doug. :)
I believe the guy. In fact, I discovered a hack that can disable a USB port on the MacBook. All you need to do is insert a third-party flat-head screw driver into the port to be hacked, then....
Maynor admitted publicly that insulting the Mac commercials was a mistake- for that you are right. However, you are wrong to say that if his motivations were aboveboard he would not have hidden what the hack entailed. Apple WANTED him to do that. HE wanted to do that. That is how ethical disclosure is done. You keep the details of vulnerabilities hidden till the company has a chance to fix them, that way you don't give hackers ammo to attack computers. When Apple "didn't respond in a timely manner" has nothing to do with it. Apple was communicating with Maynor BEFORE the demo. It was PR that shut down all communication and threatened him if he release it. It wasn't not responding- it was breaking off communication and threatening. By the time that happened it was too late to release details because Apple was also threatening Maynor's company, SecureWorks, who told him not to pursue it further; so long as he worked there, he was bound to obey. There was nothing "supposed" abou the PR smear campaign from Apple. It was an arrogant, smug company (like the commercials or not, you can't deny they are exactly that- arrogant and smug) resorting to low-tactics to preserve the veneer of security that everyone of intelligence in the security industry already knows is a lie.
So Maynor demonstrates the hack using a now outdated version of Mac OS X.
But he doesn't say what WiFi hardware and drivers the MacBook used, doesn't demonstrate if the hack works against Mac 10.4.8, doesn't demonstrate his claims that the code can really hijack a MacBook, and is telling people the problem is not limited to Macs and OS X without proving that claim.
I'm not an expert in coding. But I expect someone who makes a claim about anything to be able to back it up - which Maynor has yet to do.
Had Maynor actually been acting in a responsible, professional manner, he'd have a) not tried to lie his way out of the lit cigarette comment initially (in fact, he's still never actually apologized for that bit of childishness. He now only says it was a "mistake" after first trying to claim he didn't say it at all, which was an outright lie) and b) it's becoming increasingly likely, here, that what Maynor and Ellich tried to do was extort an exorbitant "consulting fee" out of Apple which Apple, rightly, said "no thanks" to and conducted their own investigation of the code. I'm more inclined to believe Apple when they said they received no code demonstrable of such an exploit from Maynor, than I am to believe Maynor himself. His lack of credibility is entirely his own doing. The adult thing to do at this point would be to stop acting like a four year old. Maynor still seems unwilling to do that.
1) Maynor never tried to lie his way out of the cigarette comment. He admits he said it, he HAS publicly said he shouldn't have.
2) Neither Maynor nor Ellch ever asked Apple for any money. Period. No consulting fees.
I appreciate that you are sticking by Apple, but you should not be attacking a researcher who acted completely appropriately and ethically (moreso than he had to) and got smeared for it. Maynor is NOT the first person Apple has done this to either. Should he let it go? Perhaps, but then again, it doesn't feel nice to have someone lie about you in very public forums.
Amen.
When it comes to credibility, i'd say Maynor doesn't even have a shred to hold on to, so why is more of his attention-seeking nonsense being picked up by engadget / the press?
let the poor sucker fade into the background.
Your MacBook is getting owned, Cancel or Allow?
It's called shadenfreude; you brought it on yourselves.
@Doug: " Lynn Fox found out that engineering was dealing with an outside source [...so] they shut it down and denied everything. SecureWorks- Maynor's employer at the time, was too scared of pissing off Apple (who were threatening all sorts of lawsuits that had no teeth) to do anything and thus prevented Maynor from defending himself."
i call BS. plain and simple, you're full of shit.
really, is maynor / secureworks that retarded that they have absolutely no grasp of the law? neither even has a poorly paid lawyer? you're so full of shit. Maynor's "Apple threatened me" excuse was the most transparent - let's not go make a conspiracy theory out of some sorry kid's begging for some sort of notability.
"Apple has acted in bad faith and cannot be trusted."
according to "Doug" ...because YOU'RE a reputable source. wanker.
At the time, the exploit was meant to show that root could be obtained.
The images presented showed the command line in use with escalated privileges, which the tech community was suspicious of because there were breaks in sequence (user login changed, etc).
But this "exploit" simply shows the machine being caused to crash from parsing rogue Wi-Fi data. That's certainly a bug, but not an exploit.
In other words, it sounds like he's simply found a way to make an un-patched machine crash as a result of scanning a corrupted Wi-Fi network.
In essence, a cellphone jammer.
That falls far short of an exploit that allows the machine to be taken over.
As a software developer, I think it is retarded for a company (ANY company, you Apple fanboys) to attempt to cover up an issue when one is discovered. Microsoft is constantly chastised for issues found in their system, but when it happens to a Mac (using third-party stuff or not), people get in a freakin' tizzy over the exploit's legitimacy.
Just give it up, people. Software has bugs. Security through obscurity can't last forever (especially if your attempting to tout a system as being superior in every way). Apple should have lauded Maynor's efforts, perhaps given him a job. Not threatened him with litigation.
Personally, at this point, I support his decision to screw over Apple and it's touchy fanbase by releasing code.
can't we just all get along?
How does defending a grandstanding supposed "security researcher" actually make anything better? In the most likely case, Maynor simply lied. That he's releasing code after the fact, which he himself admits Apple has already patched at this point is irrelevant. It's not a question of Apple's software being absolutely bug-free. It's that self-appointed "security researchers" can't simply vent a personal vendetta against an entire userbase and expect to be taken seriously.
If Maynor et al had conducted themselves in a responsible and adult manner, none of this would be an issue. As it is, why should the Mac userbase take anything he says seriously? Isn't that a larger problem than trying to defend Maynor's questionable ethics ad nauseum?
I don't think I phrased that quite right. I didn't mean to imply that older operating systems should be ignored, but rather, older revisions of said operating systems. In other words, I don't care about new or old vulnerabilities in XP that are fixed in XP SP2.
What's a "macbot"? Are there "winbots", too? I think so. This is my point in the post on the previous page. I never mentioned anything about market share and really don't care. If you or anyone else feels threatened by another company gaining market share, then I really don't know what to say. You have your own ideas and brand loyalties, just like everyone else. I've used Windows since the 3.1 days and still find it quite usable in SP2. Vista remains to be proven. However, I still prefer OSX and Apple hardware for the aesthetics and over all ease of use.
Apple might try to cover things up (and they are quite handy at that with hardware repairs at the Apple Stores), but when is this exclusive to one company? Like I said, if the guy is so behind his exploit and so childish, he should just release it and let it have an affect. Those who haven't updated to the latest "free" update can reap the consequences. Apple will probably never fess up to who actually discovered the exploit nor that there was a specific one in the first place. It's the nature of business. You can call it unethical all you want, but it's really a gray area that almost no one on the consumer level cares about.
"Jeff @ Mar 2nd 2007 11:58AM
i call BS. plain and simple, you're full of shit."
I see you BS, and up the bet. You're a complete idiot. Please attempt an original thought.