One of the reasons I love John Gruber is his ability to utterly smash stupid people to the point where they’re just itty bitty pieces of silicon crushed into the asphalt of the information superhighway.
After demolishing Paul Thurrott for his flip flopping hypocrisy, he goes after the scheisters over at Secureworks who did didn’t did didn’t did didn’t discover the big “flaw” in the Mac’s WiFi drivers. It’s lengthy, but complete, and he sums it up thusly:
When their supposed exploit was publicized by The Washington Post’s Brian Krebs, who reported that they had found Apple’s own drivers to be “identically exploitable”, they said nothing to dispute Krebs’s report. I believe Maynor and Ellch cultivated the misconception that they had identified a vulnerability in the MacBook’s built-in AirPort card and driver but had performed their demonstration using an external USB card for their video at the request of Apple. This made little sense, as I wrote at the time, but the misconception took root, and Maynor and Ellch said nothing to dispute it while their consulting firm racked up the media attention.
Now that the “fireworks” are starting, my guess is that Maynor and Ellch, if they choose to defend themselves rather than quietly walking away from the table, will do so by claiming that they never stated nor implied that they had found any vulnerabilities in the MacBook’s built-in card and driver. But their prevarications were far too clumsy for them to get away with this.
(And that’s the the best case scenario for how I see this working out. Jim Thompson, after obtaining and studying a high-resolution copy of their exploit demonstration video from which he can read the characters in the terminal windows on-screen, suggests that even their exploit of the third-party USB card was a fraud, based on discrepencies in the MAC addresses and networking interfaces.)
It is a simple yes or no question: Have Maynor and Ellch found a vulnerability that affects MacBooks using Apple’s built-in cards and drivers? That Maynor and Ellch haven’t answered it speaks volumes. Bring on the fireworks.
That’s gonna leave a mark. Probably right around the left cheek, requiring standing while falsifying hacks for at least a few weeks.
Go read the whole thing. Seriously. Afterward, you’ll realize just how full of crap the Secureworks folks really are.
[tags]john gruber, secureworks, daring firewall, security, computers, mac os, osx[/tags]