DavidMaynor
Latest
MacBook WiFi hack to be published, sound of snoring overpowers announcement
You may remember good-old David Maynor, the infamous hacker who caused a stir in the Mac community by "exploiting" a "loophole" in a MacBook's WiFi that allowed an outside user to gain control of the system. Of course, the hack was then promptly disputed by all sorts of people, said to be a hoax, and generally made fun of. A little bit later on, Maynor and co. turned up in a nerd-tastic war of words on the internet over an OS X "worm," trading barbs, assuming fake names, creating counterfeit blogs, and eventually being reduced to death-threats and public "outings" of their online personalities. Now, according to reports, Maynor is "officially" publishing the details of his original exploit, freed from legal shackles (i.e., NDAs) which he claim prevented him from revealing the truth about his hack. The hot-blooded work is to be published in the September issue of Uninformed.org (an online hacking journal). Says Maynor, "Let them tear me apart all they want but at the end of the day the technical merit of the paper will stand on its own." To which we respond: your 15 minutes are up.
OS X worm saga turns it up a notch with death threats
If you can keep track of the bad TV movie / high school drama that the OS X worm saga has become, hats off to you. In the latest round of confusing doublespeak from the underbelly of the security world, a few key players are (possibly) taking turns swapping identities -- and trading death threats. In the latest installment, Jon Ramsey is Infosec Sellout, David Maynor is LMH, anonymous commenters are promising to "put a bullet in your head for this!" and a spooky legion of "black hat" hackers known as the "Phrack High Council," (or PHC) are doing their best Freemasons impersonation. Now, with the Infosec site deletions, and Dave Maynor's supposed self-outing, calls being issued for the worm to be proven in the wild are increasingly mixed with the literal cries of bloody murder -- all over what can best be described as the lamest hoax for the biggest nerds in internet history. Check out the Computerworld article for some... insight?Update: As noted by a few commenters, David Maynor is now claiming on his blog that he isn't LMH, and that the admission "from" him had been faked. Of course, in this subterfuge-filled war of words, we'll take it with a grain of salt.[Via Slashdot]
MacBook wireless hack possibly much ado about nothing?
Several weeks ago, we regaled you with the tale of how a pair of hackers, David Maynor and Jon "Johnny Cache" Ellch claimed that they could pwn a MacBook in a minute flat. The dynamic duo then showed the exploit to Brian Krebs, a reporter at The Washington Post and a controversy ensued over the next few weeks as to who had shown exactly what to whom when. The most recent episode involved Apple telling Macworld two days ago that SecureWorks, Maynor's employer, hadn't showed Apple any specific information -- however, on its own, Apple discovered a problem, then released security and wireless patches for PowerPC-based and Intel-based Macs. Meanwhile, SecureWorks has been awfully mum on the issue, refusing to say anything further to Krebs or to the IDG News Service. Glenn Fleishman has a very lengthy blog entry over at Wi-Fi Net News that provides a play-by-play of this whole situation, but points out that Maynor and Ellch are scheduled to speak at Toorcon in San Diego later this month, and concludes by saying that he thinks the pair will show their cards and tell all, which may finally settle this torrid affair.
SecureWorks admits to falsifying MacBook wireless hack
[Update: To his credit, David Maynor did in fact state at the beginning and end of this video that he's using a 3rd party card and drivers in order to enable this exploit. It was later comments from David Maynor and Jon "Johnny Cache" Ellch, as well as the disclaimer SecureWorks posted, that prompted me to claim they 'admitted' to 'falsifying' this hack. While these parties might not have outright lied about what's going on here (a debate that raged back at the time), they weren't exactly clear on any of it either. I have written a new post clarifying some key points of this situation that will hopeful set this straight.]Remember those hackers in the Washington Post story who claimed to have hacked a MacBook's wireless drivers to gain control of it? Then remember the follow-up story where the author, Brian Krebs basically, um, how shall I say: 'slightly falsified' his way through backing up the original story with excuses that the flaw does exist in Apple's drivers, but Apple 'leaned' on them not to publicize this so they decided to use a 3rd party card? Finally, remember how, in the original article, David Maynor, one of the hackers, is quoted saying "We're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something." Boy, that sure doesn't betray any sense of 'I am going to lie, cheat and steal to prove whatever I want' bitterness, does it?Sounds like SecureWorks, the company who sponsored all this Mac hackery, is finally fessing up to their falsification and admitting that they, in fact, did not find the flaw in Apple's drivers, and that they used a 3rd party card and software to facilitate the exploit. As icing on the cake part of a 'responsible disclosure policy,' they aren't releasing the name of the manufacturer of said 3rd party magic hacking tools. Three cheers for truth (and discretion) in journalism.Now let's make one thing clear: we at TUAW aren't advocates of the 'Macs are flawless! Long live the prefection that is Apple!' philosophy that naysayers of this experiment are coming under fire for. We are, however, advocates of finding true vulnerabilities on the quest to make the Mac even more solid and secure. The problem here is that this experiment was not one of those quests for truth - it was a quest for, in the words of Mr. Colbert: truthiness. We're genuinely sorry you're annoyed by the commercials, Mr. Maynor (believe me: not everyone loves them), but that's why some genius some time ago invented the ability to change TV channels. Give that remote a whirl some time - it might make your life (and ours) a whole lot easier.Thanks NotVeryPC
