craphound.com— "Text of Speech Given Johnny Cache at ToorCon 2006 in lieu of his and David Maynor's scheduled talk on "Wireless Drivers"" (via boingboing.net)
Oct 1, 2006View in Crawl 4
Didn't the initial "hack" only work via a 3rd party USB wireless device and driver?And Apple is to blame for ...?If I install a 3rd party "performance exhaust" in my Dodge Aries K and that exhaust causes engine damage, Dodge is at fault, right?
I agree - please check your facts before posting blatantly misguided and one-sided headlines like this. These guys can certainly get credit for at least blowing the issue wide open - there was, after all, a security flaw that Apple patched. But these guys haven't offered any evidence that they aided Apple or even found the flaw in Apple's drivers, nor have they offered anything to show Apple gagged them.
My thoughts exactly.While it is possible that Apple could prevent them from appearing at a conference, they could prevent them from showing proof. Assuming what they claim is true, what could Apple do legally to silence them? Apple has claimed their claim is false, so Apple could not claim it was a security issue. (to silence them)Were I in their situation, and the claim is true, I would share it with the world at this point. There is no real recourse Apple could take. (that I am aware of). "The fact that Secureworks/Apple managed to compel him not to means that they must have had something very compelling to stop him. I'm not supposed to talk about what that is."Just smells like bulls**t. Again, if all his claims are true (including the 'pressure' from Apple), it is something he should be telling the world. Especially if Apple (or any company) is acting like that. Saying he can't talk about it is pure crap, because that is all he is doing.If Apple wanted to shut him up, they are doing a piss poor job of it.
Actually, Company B patched a product of a completely different generation. Company B did not make patches for the generation alleged to be weak by Company A.Logic dictates that the patch and vulnerability are likely unrelated.
While all that may be true, we are well past the 'zero day' point. Pressuring them the first time is plausible. But today? Apple claims their exploit doesn't exist and they have also made patches. What is the point (and effectiveness) of pressuring them today? There is no gain in trying to cover a security flaw. There have been ones before and worse.
Comments like that should be dugg down. It's as pointless as some Mac users speaking of Windows exploits with unmistakable glee. I digg them down too. It adds nothing to the topic and just inflames idiots from both sides.
"There is a very simple equality to show the problem. !(evidence) = evidence."Yes, and there is no evidence, and no sound and rational reason for there being no evidence, except that is is all BULLs**t.It doesn't matter if Daring Fireball isn't a driver coder. It is still all BULLs**t.People have gone public with vulnerabilities in apple systems before, it isn't particularly difficult if you have EVIDENCE.
So here is the test. Now the patches are out. Maynor and Cashe say the patch is for thier exploit.It is no longer zero-day.Lets SEE THE f**kING EXPLOIT on an UNPATCHED SYSTEM.RIGHT NOW before they take the time to reverse engineer the current patch. If they take 2 more weeks, it is still all BULLs**t.
@smhillBecause i'm not intelligent enough doesn't mean any of the rest of the community is. If the developers who write the drivers were smart enough to find the vulnerabilities there wouldn't be any. Or else it would be negligence.And it's not like i'm dumb, i've done a fair amount of application hacking myself, but simply said i don't have the experience in either the OSX environment nor in driver construction. And if me, a practiced hacker (i'm assuming that practiced hackers make up a relatively small portion of digg) does not know how to do this, it is therefore unlikely that very many others could either. If this was windows, i'd have an idea where to start, but in OSX i'd be dealing with a whole new animal.I'd be put dollars to dimes that if we had a real hacker among us we'd have seen someone else coroborrate or not the claims made. Simply said, only secureworks and apple know the truth, and everyone else is interpretting the events.
You stupid, stupid f**k. First of all, the expression is "case IN point." Secondly, you can't just sue anyone for anything. Third, it's only defamation if the person is giving out FALSE information. The guy should talk MORE if he wants to stay away from a lawsuit.Do us all the favor and keep your lack of real knowledge to yourself.
jonahan52Oct 2, 2006
Well, you'd more than likely see a news story stating such. It's not like you can just go buy a company without people noticing dumbass.
drycountyOct 2, 2006
Didn't the initial "hack" only work via a 3rd party USB wireless device and driver?And Apple is to blame for ...?If I install a 3rd party "performance exhaust" in my Dodge Aries K and that exhaust causes engine damage, Dodge is at fault, right?
Closed AccountOct 2, 2006
I agree - please check your facts before posting blatantly misguided and one-sided headlines like this. These guys can certainly get credit for at least blowing the issue wide open - there was, after all, a security flaw that Apple patched. But these guys haven't offered any evidence that they aided Apple or even found the flaw in Apple's drivers, nor have they offered anything to show Apple gagged them.
smhillOct 2, 2006
My thoughts exactly.While it is possible that Apple could prevent them from appearing at a conference, they could prevent them from showing proof. Assuming what they claim is true, what could Apple do legally to silence them? Apple has claimed their claim is false, so Apple could not claim it was a security issue. (to silence them)Were I in their situation, and the claim is true, I would share it with the world at this point. There is no real recourse Apple could take. (that I am aware of). "The fact that Secureworks/Apple managed to compel him not to means that they must have had something very compelling to stop him. I'm not supposed to talk about what that is."Just smells like bulls**t. Again, if all his claims are true (including the 'pressure' from Apple), it is something he should be telling the world. Especially if Apple (or any company) is acting like that. Saying he can't talk about it is pure crap, because that is all he is doing.If Apple wanted to shut him up, they are doing a piss poor job of it.
noreturnOct 2, 2006
Actually, Company B patched a product of a completely different generation. Company B did not make patches for the generation alleged to be weak by Company A.Logic dictates that the patch and vulnerability are likely unrelated.
smhillOct 2, 2006
While all that may be true, we are well past the 'zero day' point. Pressuring them the first time is plausible. But today? Apple claims their exploit doesn't exist and they have also made patches. What is the point (and effectiveness) of pressuring them today? There is no gain in trying to cover a security flaw. There have been ones before and worse.
macparrotOct 2, 2006
Comments like that should be dugg down. It's as pointless as some Mac users speaking of Windows exploits with unmistakable glee. I digg them down too. It adds nothing to the topic and just inflames idiots from both sides.
Closed AccountOct 2, 2006
"There is a very simple equality to show the problem. !(evidence) = evidence."Yes, and there is no evidence, and no sound and rational reason for there being no evidence, except that is is all BULLs**t.It doesn't matter if Daring Fireball isn't a driver coder. It is still all BULLs**t.People have gone public with vulnerabilities in apple systems before, it isn't particularly difficult if you have EVIDENCE.
Closed AccountOct 2, 2006
So here is the test. Now the patches are out. Maynor and Cashe say the patch is for thier exploit.It is no longer zero-day.Lets SEE THE f**kING EXPLOIT on an UNPATCHED SYSTEM.RIGHT NOW before they take the time to reverse engineer the current patch. If they take 2 more weeks, it is still all BULLs**t.
maninblac1Oct 2, 2006
@smhillBecause i'm not intelligent enough doesn't mean any of the rest of the community is. If the developers who write the drivers were smart enough to find the vulnerabilities there wouldn't be any. Or else it would be negligence.And it's not like i'm dumb, i've done a fair amount of application hacking myself, but simply said i don't have the experience in either the OSX environment nor in driver construction. And if me, a practiced hacker (i'm assuming that practiced hackers make up a relatively small portion of digg) does not know how to do this, it is therefore unlikely that very many others could either. If this was windows, i'd have an idea where to start, but in OSX i'd be dealing with a whole new animal.I'd be put dollars to dimes that if we had a real hacker among us we'd have seen someone else coroborrate or not the claims made. Simply said, only secureworks and apple know the truth, and everyone else is interpretting the events.
noreturnOct 3, 2006
You stupid, stupid f**k. First of all, the expression is "case IN point." Secondly, you can't just sue anyone for anything. Third, it's only defamation if the person is giving out FALSE information. The guy should talk MORE if he wants to stay away from a lawsuit.Do us all the favor and keep your lack of real knowledge to yourself.
rspeedOct 3, 2006
People still believe this guy?He's a raving lunatic looking to spice up his resume. Reported lame.