Forwarded from: "jpippin" <jpippin@private> > A responsible demonstration policy would have forbidden the > installation of flawed drivers to make a point. > Apple sees the clarification as vindication. "Despite SecureWorks > being quoted saying the Mac is threatened by the exploit demonstrated > at Black Hat, they have provided no evidence that in fact it is," > Apple spokesperson Lynn Fox said in a statement. "To the contrary, the > SecureWorks demonstration used a third party USB 802.11 device "... If anyone in newsreporting land was paying any attention, they would've noticed that the video which Maynor and Ellch played to show the exploit repeatedly mentions that they are using a third party driver - not the default Mac drivers. Repeatedly mentions it. Repeatedly. As for what the InformationWeek writer thinks is appropriate, I'd prefer that he make comments that don't make it so glaringly obvious that he uses a Mac and wishes to defend its virtue. The rhetoric about those naughty, nay, irresponsible security demonstrators allowing flawed driver use is absurd. It was an exploit demo. Exploit demos demo flawed code. A Mac was used. So what? Be happy that the presenters used a Mac. In part, it means the brand is making some further traction with the security world elite. Why is it that when the Mac is treated the same as PC and put on an even playing field from a security standpoint that suddenly the presenters are irresponsible monsters? Thomas should show some lack of blatant bias in his reporting, or at least admit it. Joel Pippin President Secure Network Administration, Inc. -----Original Message----- From: isn-bounces@private [mailto:isn-bounces@private] On Behalf Of InfoSec News Sent: Friday, August 18, 2006 1:40 AM To: isn@private Subject: [ISN] Security Firm Disclaims Mac Hack Demo http://www.informationweek.com/internet/showArticle.jhtml?articleID=192201815 By Thomas Claburn InformationWeek Aug 17, 2006 In a video presented at the Black Hat USA conference in early August, SecureWorks researcher David Maynor and Jon Ellch demonstrated hacking into a MacBook, setting off a flurry of press coverage about the insecurity of Wi-Fi-enabled computers from Apple and PC vendors. Now it seems SecureWorks is backing away from its suggestion that MacBooks are just as vulnerable as other Wi-Fi-capable computers. The company has posted a disclaimer on its site to make it clear that the demonstration at Black Hat used a modified MacBook. "This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," the disclaimer says. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available." A responsible demonstration policy would have forbidden the installation of flawed drivers to make a point. Apple sees the clarification as vindication. "Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," Apple spokesperson Lynn Fox said in a statement. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device " not the 802.11 hardware in the Mac " a device which uses a different chip and different software drivers than those on the Mac. To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship." _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Thu Aug 24 2006 - 23:27:46 PDT