wireless-weblog.com — Great news for Mac fans: the Wi-Fi exploit recently demonstrated at the Black Hat conference doesn't represent a flaw in Apple's software or device firmware, because the demo used third-party drivers and chips that aren't found in MacBooks. SecureWorks has changed the info about the exploit on its Web site -- and is deeply, deeply embarrassed...
Aug 18, 2006 View in Crawl 4
macparrotAug 18, 2006
Last comment, this is like when some exploit is shown on XP that hasn't been upgraded or patched with the latest security downloads. Someone claiming an exploit in that circumstance is being dishonest and would be slammed unmercifully when it was discovered (rightfully so) by XP users. Fanboyism aside, that's what has most sane Mac users (there are a few) ticked off
fabulousAug 18, 2006
and here:<a class="user" href="http://macdailynews.com/index.php/weblog/comments/10603/">http://macdailynews.com/index.php/weblog/comments/10603/</a>
angelpAug 18, 2006
The fact that this topic and Apple bothers you so much speaks volumes about your lack of a life.
Closed AccountAug 19, 2006
Yeah except that on one side you've got a little known journalist making hearsay claims that SecureWorks has not confirmed. All we have is the account of this one journalist. Nobody else has seen this in action or apparently gotten the same story out of SecureWorks. That hearsay has done quite a bit for his exposure the past week, don't you think? Do you think that Apple would "lean" on SecureWorks if this was not a real exploit, and then publicly deny that they've been informed of it? Eventually that will catch up with them, and I doubt they're THAT dumb. SecureWorks has not said anything to indicate that this was a viable exploit on the Mac or windows for that matter without the 3rd party driver in question. The reporter said they said it. Very different.It also makes no sense to withhold the name of the 3rd party drivers if you've supposedly already said it worked with the Apple OEM drivers.The story just doesn't add up.
radiofrequencyAug 19, 2006
I think this reflects the lack of experience most "security professionals" have in finding flaws in operating systems other Windows.Probably because most operating systems don't have as many - or as obvious - flaws as Windows.
vanillabaronAug 19, 2006
This 'marked as inaccurate' problem is driving me away from digg. Digg is great, I do love it, and I think it is an incredibly important pointer to the future of news delivery.But when news reports are true (i.e. they correctly report that person X said statement Y, or that company X released statement Y), yet people mark the story as inaccurate - because they don't BELIEVE (not know, only believe) that the statements are false - then there is a real problem.The anti-Apple and pro-Bush crowd have abused Digg, by labelling nearly every pro- or neutral-Apple, and anti-Bush, story as false, regardless of whether they are or not. It degrades digg, it makes the site as offensively biased as Fox News, and I plead with Kevin Rose and the crew at digg to remove the 'mark as inaccurate' feature immediately.Let people report the news, and then force individuals to do their own fact-checking, rather than allow some to falsely discourage people from reading a few stories. That's what the 'marked as inaccurate' label does - it discourages many people from even bothering to read and form an opinion about the story.If a news item turns out to be false, then that WILL be reported, and that refutation can be posted on digg. There is no need for the 'mark as inaccurate' feature, and the current level of abuse demands that it be removed.
n00bnationAug 19, 2006
@ Boondoggle:Krebs isn't some "little known journalist," he's the top Google result for "computer security blog" (and 3rd result for "security blog"). He works for what's probably the most respected newspaper in the US. As for hearsay claims, *all* reporting is hearsay.Apple *doesn't* publicly deny that they've been informed of the problem, Apple spokeswoman Lynn Fox told Krebs that SecureWorks contacted them about it prior to the Black Hat conference. What Apple does say is that SecureWorks hasn't shared code or details of the exploit.As for why they aren't releasing the name of the third-party driver vendor, that's what responsible disclosure is all about. You inform a company of a problem and give them a reasonable amount of time put out a fix before going public with it. As long as they're making a good-faith effort to fix the vulnerability and get it to their customers, you cut them (and their customers) some slack. If Apple denied to them that it's a problem, they have no moral obligation to Apple to withhold details.Again, unlike some fanatics, not even Apple is claiming that SecureWorks lied about anything, only that they haven't shared or demonstrated any exploit code with Apple. The most likely scenario is that both sides are telling the truth. I find the claim that Krebs is just making up the private demo or his conversation with SecureWorks to be disappointing wishful thinking.
Closed AccountAug 22, 2006
@CeeAyy, That is what diggs are supposed to do. It isn't working.