http://matasanochargen.disqus.com/enSat, 19 Aug 2006 04:31:02 -0000http://www.matasano.com/log/409/debunktraq-more-mac-wireless-chaff-posts/#comment-2320118<p>Sure, if I'm wrong, I'll apologize.</p><p>But pretty sure I'm not. After reviewing a high-resolution version of the video, its quite clear that the USB device was not in-use during the attack (at least, it wasn't passing frames).</p><p>Its the internal Airport card (!!) that has the 192.168.1.50 IP address.</p><p>Details here: <a href="http://www.smallworks.com/archives/00000461.htm" rel="nofollow noopener" target="_blank" title="http://www.smallworks.com/archives/00000461.htm">http://www.smallworks.com/a...</a></p><p>Do I think that a highly similar attack is possible? Of course, but Maynor and Ellch haven't demonstrated anything thats even close to what they claim.</p>Jim ThompsonSat, 19 Aug 2006 04:31:02 -0000http://www.matasano.com/log/409/debunktraq-more-mac-wireless-chaff-posts/#comment-2320117<p>Matthew, I think you're going to find that if you read the coverage carefully, the "Apple pressure" accusations aren't directly quoted. If you, like most Mac people, are deeply suspicious of Brian Krebs to begin with, I suggest you step back and consider whether there are alternate explanations.</p><p>It is very obviously "easy" to assume bad fath and poor motives; just read Mac blogging coverage of Maynor's presentation.</p><p>The problem is this: lost in the shuffle here is the teeny, tiny little detail that Cache and Maynor's presentation ISN'T ABOUT APPLE. It's about vulnerabilities in wireless drivers, and how a remote attacker can figure out what chipset and drivers you're running to target an attack.</p><p>Want to put this in perspective? Here's some coverage Maynor got BEFORE THE WASHINGTON POST STORY:</p><p><a href="http://www.darkreading.com/document.asp?doc_id=98989" rel="nofollow noopener" target="_blank" title="http://www.darkreading.com/document.asp?doc_id=98989">http://www.darkreading.com/...</a></p><p>Funny, I don't see the Mac-baiting.</p>Thomas PtacekSun, 06 Aug 2006 17:09:38 -0000http://www.matasano.com/log/409/debunktraq-more-mac-wireless-chaff-posts/#comment-2320116<p>I think "what is it about Maynor’s talk that is eating into people’s brains?" is the way the story was told. Too much of an appearance of sleight-of-hand, of mirrors and illusions. Too much of an appearance of showmanship and headline-grabbing. And some pretty ill-chosen things to say outside of the video.</p><p>Perhaps those in the "black-hat" community like showmanship; however, outside, it leaves a taste of falsehood, regardless of the underlying exploit.</p><p>I think for this reason every time something is not shown, or shown misleadingly, it's easy to assume bad faith and the worst possible explanation of Maynor's motives.</p><p>E.g. the external USB wireless device used. I don't buy the explanation "Apple wouldn't let us show the exploit with the internal wireless". It could simply be that it was easier to craft an exploit for the external - not necessarily that the internal is safe - but if so, say so.</p>Matthew BrownSun, 06 Aug 2006 16:26:34 -0000http://www.matasano.com/log/409/debunktraq-more-mac-wireless-chaff-posts/#comment-2320115<p>tom, you're not only right - but it seems that you can also <a href="http://www.matasano.com/log/400/the-kubler-ross-model-of-vulnerability-management/" rel="nofollow noopener" target="_blank" title="http://www.matasano.com/log/400/the-kubler-ross-model-of-vulnerability-management/">predict the future</a>.</p><p>jim/ron/rui are obviously in tenent #1 of the kubler ross model of vulnerability management.</p>dreSun, 06 Aug 2006 00:44:17 -0000