[ISN] Security Firm Disclaims Mac Hack Demo

From: InfoSec News (alerts@private)
Date: Thu Aug 17 2006 - 22:40:00 PDT


http://www.informationweek.com/internet/showArticle.jhtml?articleID=192201815

By Thomas Claburn
InformationWeek
Aug 17, 2006

In a video presented at the Black Hat USA conference in early August, 
SecureWorks researcher David Maynor and Jon Ellch demonstrated hacking 
into a MacBook, setting off a flurry of press coverage about the 
insecurity of Wi-Fi-enabled computers from Apple and PC vendors.

Now it seems SecureWorks is backing away from its suggestion that 
MacBooks are just as vulnerable as other Wi-Fi-capable computers. The 
company has posted a disclaimer on its site to make it clear that the 
demonstration at Black Hat used a modified MacBook.

"This video presentation at Black Hat demonstrates vulnerabilities found 
in wireless device drivers," the disclaimer says. "Although an Apple 
MacBook was used as the demo platform, it was exploited through a 
third-party wireless device driver - not the original wireless device 
driver that ships with the MacBook. As part of a responsible disclosure 
policy, we are not disclosing the name of the third-party wireless 
device driver until a patch is available."

A responsible demonstration policy would have forbidden the installation 
of flawed drivers to make a point.

Apple sees the clarification as vindication. "Despite SecureWorks being 
quoted saying the Mac is threatened by the exploit demonstrated at Black 
Hat, they have provided no evidence that in fact it is," Apple 
spokesperson Lynn Fox said in a statement. "To the contrary, the 
SecureWorks demonstration used a third party USB 802.11 device " not the 
802.11 hardware in the Mac " a device which uses a different chip and 
different software drivers than those on the Mac. To date, SecureWorks 
has not shared or demonstrated any code in relation to the Black 
Hat-demonstrated exploit that is relevant to the hardware and software 
that we ship."


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Thu Aug 17 2006 - 23:03:20 PDT