-
Website
http://www.matasano.com/log -
Original page
http://www.matasano.com/log/405/dear-apple-pundits-please-stop-writing-about-security/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
Kevin
I have just published a rebuttal to Thomas' piece, since I find this post to be a rather selective (and, in my view, rushed and mis-guided) quotation of my own article and wish to set the matter straight, re-focusing on what I think is important and debunking a few of his arguments (which, in my view, are simply not valid).
I tried to explain the issues raised by that "exploit" (and, just as importantly, the way it was covered by the media) in layman's terms precisely to try to avoid the sort of "blind panic" that articles like this seem to _expect_ that would happen, and Thomas completely ignored the points I tried to make.
As to Maynor and Cache’s conduct, I am appalled that they would harp on about their success without publishing the details and subjecting them to proper peer review - a point which I think is valid for many other exploits and the way they came to light.
Security is not about the limelight, guys. It's about doing things the right way and making sure there are no loose ends. By rushing that video out the way they did and leaving margin for so many questions, they pretty much tainted their research.
You can read my response to Rui's comments at http://www.matasano.com/log/rui-argument
Quite correct, those that will simply deny this was an issue need taking to task. However I thought the points of Rui's and John's posts were that this wasn't just about a WiFi hack the dudes doing this were using it to have a pop at the mac, quite unreasonably, singling out that machine and then not even using the on board hardware. I don't believe using the Airport would have exposed any more information than they did using third party stuff.
It all seems a bit contrived, in fact in one interview they described that they demo'd it on a mac to attack the "smugness" that mac user allegedly hold. Somewhat unfairly. Let's face it the headline "macbook hacked in 60 seconds" is clearly scaremongering and could even allow normal PC wifi users to htink this exploit doesn't apply to them and it clearly does.
If they are going to cover the idea that vendors are "under the gun" that applies far more explicitly to PC users since their chips can come from anywhere, Apples WiFi chips as far as the end user is concerned come from Apple.
Just my 2 cents worth
Yes he fucked up with some serious PR headlining, owning a mac in 60 seconds. I mean christ you see HDM making a video over the browser bugs, NO. You see Halvar getting out the handycam when he finds yet another windows patch which has quietly fixed a serious hole in Windows 2003, NO
The thing for me which ruined it for this was:
a: not having the balls to do it live at BH (hello, your telling me they couldnt have done some extra security to ensure that no-one could eavesdrop on the packets between the two laptops?
b: going all gung ho and publically stating "it eventually makes you want to stab one of those users in the eye with a lit cigarette or something"
yeah really mature kids, i mean well done on acting like a professional and not like some spotty nerd who just had his c64 taken away
It's no wonder why big companyes cannot stand security researchers. Its not about the fact they find holes, its the way they go about telling the world
By admitting that they want to "stab one of those users in the eye.." is hardly grown up is it?
David, if you want the world to believe this, then have the balls to go public on what you have found and dont use silly PR tactics and stupid comments
Nothing is secure, if its been developed by a human being
/rant over
Regarding doing it live --- what "extra security measure" would you suggest?
Regarding his comments --- what does that have to do with his findings?
I've been doing this stuff professionally since 1994, and I've been paying attention to dave for about 5 years now, and everything Dave Maynor himself has actually said so far, I believe.
Right its been nearly a week since the announcement, yet have we any further information about this "remote" whole?
Doing further analysis on the video it seems he only gets local access, does he then use a known local issue to gain root? How does this affect the whole entire Mac range? We talking only Intel here or the PPC generation as well.
So many questions from a person i would have expected a more grown up and responsible approach, rather than the "gobbles" style comments.
His comments help justify the findings surely? If your a business manager who has just been told of this issue and then told that the researcher wants to "put cigarettes out in a mac user's eye", do you take him/her seriously or start asking questions?
Thomas you for one should have experience of how hard it is to sell security and what we do to the board level without this kind of immature attitude when it comes to legitimate research. The sec industry is young still and its hard enough changing the perception that everyone has of a security professional (we arent all wearing leather pants with black hair and refusing to speak to anyone who isnt l33t)
now get on with the fix :0)
I do remember his presentation about "USB insecurity" at CanSecWest and i was quite dissapointed that no actual code was shown (As oppossed to the excelent talk, demo and code from
The best way to shutdown all this apple dogmatism is to quit ranting and start coding.
ok now, where's PoC?
rather than " Dear Apple Pundits, Please Stop Writing About Security." I'd just say "Dear Pundits, blah blah"
not entirely sure who deserves the car battery hooked up to their nipples, but someone sure does.
The general thinking among many at CSW 2005 was that USB owneage was theoretically possible but that Maynor did not show he had actually done it, so the value of his presentation dropped to near zero among technical people while it stayed quite high for non-techies and, most importantly, the press. Anybody can claim that this or that is insecure or flawed, the real hard work is proving it.
It's been over a year since CSW 2005 and I still haven't seen a technical paper or sample code that demostrastes the problem beyond any reasonable doubt. Modern research requires that you allow your peers to scrutinize your methodology and the results of your work otherwise its just a makreting campaign.
You mentioned tens of vulnerabilities in your talk and I am confident that the details about them will eventually see the light so anybody will be able to say that you're not full of it. I don't need the details because I've known you guys and your work for many years but most others do need proof to take anybody seriously
Thank you, though!
Does this translate into "I'm Dave Maynor's buddy"?
Now that they have admitted there WAS ZERO issue with OS X drivers, do you still stand by your quote "and everything Dave Maynor himself has actually said so far, I believe."
I'll quote from his site: "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook"
And then you said "Maybe you think the PR department at ISS “rubs off” on people after they’ve left the company."
Yes, i do think it rubs off. David used the macbook for 1 simple reason, its all the buzz with the media at the moment and he knew that it would get a shitload more airtime than using Windows XP
"Regarding his comments — what does that have to do with his findings?"
Loads, his findings weren't as brilliant as he made out to be "owning a macbook in 60 seconds", as long as you use a 3rd party wireless card and also connect to a rogue wireless connection
Yup, you can tell he worked at ISS for years!
"Owning a Dell with XP in 60 seconds"
I'm going to withhold comment for a variety of reasons, with the promise that I will apologize and retract, in a seperate post (not a comment thread), if the rest of this story breaks in a way I don't expect it to.
But I don't expect that there will be any need here.
Can they smackdown a Mac with a foreign device driver? Sure thing.
Is that what they showed?
No way.
Do people think that this is referring to the mythical USB driver (which is my mind, Jim Thompson has shown through the video doesn't exist) or that they have a custom driver with the standard airport hardware?