Security Bitch Watch – Day 1.

On George Ou’s blog post mentioned in the story below, he noted that David Maynor (aka the sensitive pink pony of hackers, who was needlessly subjected to the vicious ridicule of Mac users spurred on by a rabid Steve Jobs screaming “Fly, my monkeys! Fly!”) would be “bringin’ it on” (not a direct quote) and that he would provide “the bitch slap Apple so badly needs” (also not a direct quote) and that “sisters would be doin’ it for themselves” (that, oddly, is a direct quote).

Ou indicated on Sunday morning that SecureWorks’ totally bitching response of doom to the scurrilous Apple’s scurrilous press release of scurrility would be revealed “in the next couple of days.”

The Oxford American Dictionaries as accessed through Dashboard define “couple” as “two” or “an indefinite small number”, but I think we can start the watch as of this morning.

If Ou is right, we shouldn’t have long to wait.

Which is good because the suspense is killing us. This is the John Mark Karr case of the Mac world, you know.

Let’s review the players here and see who’s down for what.

SecureWorks’ George Maynor and Jon “Johnny Cache” (get it?! Puns rock!) Ellch – They hacked a MacBook using a third party wireless card and driver and – according to Brian Krebs – claimed they could do the same thing with a stock Airport card and driver. Krebs also said they claimed they totally told Apple about this and got hit over the head with a sock full of nickels by Steve Jobs who said they’d better not tell anyone or he’d finish the job.

Oh, and I’m sure this isn’t in any way relevant, but they also want to stab Mac users in the eye with a lit cigarette.

Ha-ha! Oh, you guys!

The Washington Post’s Brian Krebs – Krebs wrote that Maynor and Ellch claimed the Apple-supplied Airport card and drivers could be hacked the same way the third party ones could. Then said they didn’t.

Then said he stood by his reporting.

I may have some of that out of order, but that’s essentially it.

ZDNet’s George Ou – Ou is outraged – OUTRAGED! – that Mac users don’t want to have lit cigarettes stuck in their eyes! The nerve! Listen, Mac punks, if a respected security professional wants to stick a lit cigarette in your eye, you just ask him which one! GOT IT?!

Anyway, Ou says Maynor and Johnny Cache never claimed the exploit worked on Apple Airport hardware and drivers, even though he himself linked to Krebs’ post which says they did. And he says they actually demonstrated the hack against Apple hardware and software, which I guess they must have done while just raising their eyebrows a lot and pointing in silence as Ou says they never said they could do that.

He also had the temerity to claim

…Maynor chose an external third party hardware wireless adapter to avoid focusing attention on possible Apple hardware and software issues which may endanger Mac users.

Oh, that’s so sweet of him. See, he’s just looking out for us. What a nice guy. We should send him a fruit basket or some…

WATCH OUT FOR THAT CIGARETTE! SSSSSSSSSSSSSST! AAAAAAAAAGH! MY EYE! MY EYE!!! OH, MY BEAUTIFUL EYE!!!

Yeah, whatever, dude.

Apple Computer – Apple essentially said:

We haven’t seen anything from SecureWorks except a grainy video of an exploit of a third party card and driver.

Did we mention we don’t make or resell that card and driver?

‘Cause we don’t.

Oh, and we’d really appreciate it if you fuckers would stop using a MacBook in your demo.

Hugs and kisses,
Apple.

Here’s what we at Crazy Apple Rumors Site think may have happened. Our opinion is, of course, worth exactly dick.

Maynor and Johnny Cache wanted to demonstrate an exploit they had researched. They also wanted to take a jab at the security of the Mac operating system – a metaphorical jab much like the actual jab with a lit cigarette they’d like to take into the eyes of Mac users everywhere (have you heard this part?). Not really knowing much about Macs (a point I’ll prove at the end), they decided to use a third party wireless card they already knew was exploitable, not realizing it was highly unlikely any Mac user would have a need for a third party card.

Krebs then over-hyped the Mac vulnerability, possibly misinterpreting Maynor’s comments about the exploitability of the stock Airport card and driver. It’s also possible Maynor knew there was a flaw in BSD and assumed it was also exploitable in OS X.

It’s apparently not.

So all this happened and Apple said “Wha-huh?” and Artie MacStrawman threatened Maynor’s life and then Ou freaked out.

That’s just our theory. We’ll gladly eat crow if we’re wrong. [UPDATE, ONE YEAR LATER: I came back to read this and was surprised at how much is actually right. Much, however, is wrong and since I’m all about accuracy… While we STILL haven’t seen the whole exploit, it now looks like they probably did have one on Apple’s native card. But what they sent Apple was not code for an OS X exploit. And then they acted all squirrelly instead of manning up and just releasing the damn thing. Why these few drama queens couldn’t behave like any other security professional who finds a Mac bug is beyond me.]

Except for Ugluk who doesn’t eat crows because he considers them sacred.

He’ll have crowfurkey.

Wait, that’s not right. It’d be… “crowfu”, I guess. Crowfurkey’d be some mutant hybrid of a crow and a turkey.

That’s not right either. It’d be a crow and a tofurkey.

What?

Oh.

Ugluk says that is what he’ll have. The mutant hybrid of a crow and a tofurkey. That’s apparently OK. Um… I’m not sure where we’re going to get that.

And he’d like a Sprite.

OK, look, I’m not really ready to take orders yet…

I’m not even sure if the place we normally go to get crow is open right now.

Anyway, we’re just about done with Day 1 of Security Bitch Watch and so far the silence…

…has been a little deafening.

Brian Krebs’ blog – where the whole thing started – hasn’t been updated since Friday and Ou’s blog (warning: annoying self-starting audio of Maynor’s presentation) hasn’t mentioned the controversy since the aforementioned post. SecureWorks’ web site hasn’t been updated since they added verbiage pointing out the hack took place with third party hardware and drivers.

But there is one other telling thing you need to know about this controversy:

Maynor – in the video of his presentation of the exploit – repeatedly calls the MacBook he’s using “this Apple.” As in “This Apple will connect back to the attacker.”

I don’t know about you, but that tells me a lot.

I’m just sayin’ Maynor or Krebs might want to think about what wines go with crow.

55 thoughts on “Security Bitch Watch – Day 1.”

  1. I couldn’t understand some parts of this article Security Bitch Watch – Day 1., but I guess I just need to check some more resources regarding this, because it sounds interesting.

Comments are closed.