washingtonpost.com— Here's the video to go along with the previous "hijacking" story. Interesting to note, they attack a 3rd party driver, but don't mention if the built in wi-fi is also susceptible.
Aug 3, 2006View in Crawl 4
Given that Maynor went out of his way to insult Mac users (notice he didn't say that he wanted to stick the guy in the commercial in the eye with a lit cigarette, but instead directed his infantile tirade at Mac "users"), it's a pretty safe bet that he would have compromised a stock MacBook if he could have. Instead, he had to resort to using a wireless card and driver that he knew to be vulnerable but that nobody is actually using in their Macs.I'm all for vulnerability demonstrations (regardless of who made the software or hardware) and I wouldn't have been surprised to see a full-blown remote exploit against Apple-branded hardware. I actually have a much higher opinion of Mac wireless security now that we have an example of a highly motivated and supposedly highly skilled and educated attacker (I know he's a researcher, he's simply playing the role of attacker in this case) who cannot seem to find a vulnerability. It's still anecdotal, but impressive none the less.
"and . . . um don't think however just because we are attacking an apple the flaw is in an apple we are actually using a 3rd party wireless card." "it will manipulate buggy code in device drive in this apple."So the internal will not be affected if the driver is better written.I would also just like to point out they made it clear that it really had nothing to do with it being an apple.
I also think the choice of attacking the mac vs a windows box is the 'ho-hum, another windows exploit' factor. Windows hacks just don't get the same kind of press or word of mouth. Change it to a mac, (by what ever means possible) and presto... high Digg count and it's on every news wire.Cheers,Rich
Totally valid point, but I think it's a little more insidious than that. If there are any actual production machines that ship with a vulnerable card and driver combination, he should have used one in the demonstration. I mean, if there are thousands of vulnerable users out there it would seem far more useful to point out the real impact of the flaw than to use the opportunity to facilitate a lame personal attack on Macs or, as you say, pull off a cheap publicity stunt.You can certainly look at it either way and say "well, he is raising awareness via clever PR" but, by using an essentially non-existent platform (MacBook + wierd USB wireless card), he makes it easy to dismiss the issue as purely hypothetical rather than a true vulnerability that we might see exploited in the wild.After giving the matter due consideration, the only meaningful conclusion I can reach is that David Maynor = puke
suboptimalAug 3, 2006
Given that Maynor went out of his way to insult Mac users (notice he didn't say that he wanted to stick the guy in the commercial in the eye with a lit cigarette, but instead directed his infantile tirade at Mac "users"), it's a pretty safe bet that he would have compromised a stock MacBook if he could have. Instead, he had to resort to using a wireless card and driver that he knew to be vulnerable but that nobody is actually using in their Macs.I'm all for vulnerability demonstrations (regardless of who made the software or hardware) and I wouldn't have been surprised to see a full-blown remote exploit against Apple-branded hardware. I actually have a much higher opinion of Mac wireless security now that we have an example of a highly motivated and supposedly highly skilled and educated attacker (I know he's a researcher, he's simply playing the role of attacker in this case) who cannot seem to find a vulnerability. It's still anecdotal, but impressive none the less.
valhallaAug 3, 2006
"and . . . um don't think however just because we are attacking an apple the flaw is in an apple we are actually using a 3rd party wireless card." "it will manipulate buggy code in device drive in this apple."So the internal will not be affected if the driver is better written.I would also just like to point out they made it clear that it really had nothing to do with it being an apple.
rwhiffenAug 3, 2006Submitter
I also think the choice of attacking the mac vs a windows box is the 'ho-hum, another windows exploit' factor. Windows hacks just don't get the same kind of press or word of mouth. Change it to a mac, (by what ever means possible) and presto... high Digg count and it's on every news wire.Cheers,Rich
suboptimalAug 3, 2006
Totally valid point, but I think it's a little more insidious than that. If there are any actual production machines that ship with a vulnerable card and driver combination, he should have used one in the demonstration. I mean, if there are thousands of vulnerable users out there it would seem far more useful to point out the real impact of the flaw than to use the opportunity to facilitate a lame personal attack on Macs or, as you say, pull off a cheap publicity stunt.You can certainly look at it either way and say "well, he is raising awareness via clever PR" but, by using an essentially non-existent platform (MacBook + wierd USB wireless card), he makes it easy to dismiss the issue as purely hypothetical rather than a true vulnerability that we might see exploited in the wild.After giving the matter due consideration, the only meaningful conclusion I can reach is that David Maynor = puke