Tuesday, September 26, 2006

The MacBook exploit

Turning briefly to tech issues, as I occasionally do, some of the more computer-literate of you may have been following the saga of the MacBook exploit. In a nutshell, two programmers from a company called Secureworks, named Maynor and Ellch, demoed at a conference a vulnerability in Wi-Fi networking that would allow someone on a wireless network to take over your computer.

They demonstrated this exploit on an Apple MacBook because of the "Mac user base aura of smugness on security”. What Maynor and Ellch were rather more coy about was the fact that they had not demoed the exploit against an Apple Wi-Fi card or driver (the software that allows hardware components to work with your OS): in fact, they had used a third-party card and driver.

John Gruber at Daring Fireball has been writing about this issue for a while. He has specifically questioned Maynor and Ellch's claims, and the rather inaccurate and hysterical reporting, even going so far as to bet them a new MacBook that they could not prove their exploit against an unaltered, out-of-the-box MacBook. They did not take up John's challenge.

The whole thing has culminated in this Jackass of the Week award for Techworld's Kieren McCarthy.
This Techworld article on last week’s AirPort security updates, titled “Apple Coats WiFi [sic] Security Hole”, is wrong in nearly every assertion it makes.

John, who is far from being a rabid, uncritical Mac follower, mercilessly and lucidly rips the man apart: it is one of the most devastating and yet clinical fiskings I have ever read.
Amazingly, not only does every single paragraph of this article contain at least one factual error, but even the errors reported within the article itself contradict each other. In the fourth and fifth paragraphs, McCarthy claims that last week’s Apple security update addresses an issue exposed by Maynor and Ellch’s Black Hat demonstration against a MacBook. In the next and final paragraph, McCarthy claims the security update does not affect MacBooks or MacBook Pros.

It boggles the mind.

The whole piece is worth as a demonstration of how to rip a man's writing to shreds whilst remaining absolutely calm: I might ask for some lessons.

And if you run Wi-Fi networks you may be interested: whilst Apple has released a patch for a detected error, it is unknown whether Windows, Linux or any of the Wi-Fi card manufacturers have and you could be vulnerable...

1 comment:

Anonymous said...

"The whole piece is worth as a demonstration of how to rip a man's writing to shreds whilst remaining absolutely calm: I might ask for some lessons."
But then what would be your raison d'etre? Or my reason for coming here?

NHS Fail Wail

I think that we can all agree that the UK's response to coronavirus has been somewhat lacking. In fact, many people asserted that our de...