Notice that Ou doesn’t say that his friend, David Burke, is a lawyer, just a “legal professional.” He doesn’t actually say at all who Mr. Burke is or what he does. But my money’s on this David Burke, who has a recurring role as a D.A. on Boston Legal.
That’s just the kind of of top-notch legal advice you want when refuting a blog post!
So, let’s get down on it! Burke copies whole heaves of text from Daring Fireball to set the ground work for his massive take-down!
Sorry for the following extended quotes, but this is the evidence he uses to support his concern, search the link if you would like to double check…
Uh, no, dude, that’s OK. I’m sure you’ve got mad copy/paste skillz. I’m sure you beat the hell out of that V key.
“Copy. PASTE! Copy. PASTE! Copy. MOTHERFUCKING PASTE! Oh, man, I’m on fi-ya!”
Fox’s statement simply says; Maynor and Ellch have not demonstrated such a vulnerability to Apple.
Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.
So his main concern is garbage. See why you need trained people to examine the evidence?
Ah! You mean like someone who plays a D.A. on TV?
There’s just one problem with Mr. Burke’s stunning legal analysis.
“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,” Apple Director of Mac PR, Lynn Fox, told Macworld.
This is the graph that Maynor’s defenders kind sorta wish wasn’t there and, if you repeat it, will probably make them stick their fingers in their ears and go “LA-LA-LA-LA-LA-LA! I AM NOT LIS-TEN-ING!”
They much prefer to focus on the “sharing of code” quote, as Ou does here:
Fox never stated SecureWorks never contacted them, they only said that no code was shared.
The first part of that sentence is true. The second is not because of the use of the word “only.” She said that SecureWorks provided no evidence.
Ou says “You can’t have their code, bitch!”
You’re not entitled to a researcher’s code which they spent time developing. Giving them the actual malformed packet that triggers the exploit and a pointer to the location of the flawed code is standard practice.
But for SecureWorks to have done this would have been to provide evidence, in which case Fox was mistaken or lying. But Ou’s not arguing that Fox is mistaken or lying. He’s arguing that she used PR gobbledy-gook to try to trick the world into thinking SecureWorks was wrong about the Airport hardware and drivers.
Ou then compliments his possibly imaginary friend on his legal acumen. You can learn a lot on the set of a popular legal show! I wish he’d asked him what Shatner’s really like!
While I know for a fact that Gruber is wrong and doesn’t know what he is talking about since I’m sitting on sensitive information at this point, I’m amazed that you can take Gruber’s own analysis and take it apart and get eerily close to what the truth is.
Well! Someone’s been hanging out in the super-secret hacker treefort in Maynor’s mom’s back yard with the Farah Fawcett poster on the wall!
I wonder if Ou has talked to Apple. Because single-sourcing from SecureWorks may not be the best way to go right now (see: Krebs, Brian). We already know that Ou has gone out of his way to falsely portray SecureWorks as good faith actors who were only interested in making Macs more secure and kittens and puppies more prevalent and spring! with the flowers and dancing and… and…
And that’s bullshit.
You don’t get to run around and say you want to stick a lit cigarette in its user-base’s eye and then pretend you weren’t out to get Apple.
At the end of the day, SecureWorks may be able to demonstrate a hack of Airport. I suspect there’s smoke coming out of that super-secret treefort right now and it’s not from the vigorous self-gratification to the Farah Fawcett poster. But until someone puts up or shuts up, a responsible journalist would not make ham-handed efforts to brow-beat others into silence with vague threats of lightning bolts from Mt. Olympus.
You might be thinking, jeez, this guy writes for ZDNet, I mean, that must mean he’s a responsible journalist, right?
Eh, maybe not.