George Ou speaks again, John Gruber’s “super long analyis” (shorter Ou: “Damn, this David Burke, who has a recurring role as a D.A. on Boston Legal.
That’s just the kind of of top-notch legal advice you want when refuting a blog post!
So, let’s get down on it! Burke copies whole heaves of text from Daring Fireball to set the ground work for his massive take-down!
Sorry for the following extended quotes, but this is the evidence he uses to support his concern, search the link if you would like to double check…
Uh, no, dude, that’s OK. I’m sure you’ve got mad copy/paste skillz. I’m sure you beat the hell out of that V key.
“Copy. PASTE! Copy. PASTE! Copy. MOTHERFUCKING PASTE! Oh, man, I’m on fi-ya!”
Fox’s statement simply says; Maynor and Ellch have not demonstrated such a vulnerability to Apple.
…
Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.
…
So his main concern is garbage. See why you need trained people to examine the evidence?
Ah! You mean like someone who plays a D.A. on TV?
There’s just one problem with Mr. Burke’s stunning legal analysis.
“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,†Apple Director of Mac PR, Lynn Fox, told Macworld.
[Emphasis mine.]
This is the graph that Maynor’s defenders kind sorta wish wasn’t there and, if you repeat it, will probably make them stick their fingers in their ears and go “LA-LA-LA-LA-LA-LA! I AM NOT LIS-TEN-ING!”
They much prefer to focus on the “sharing of code” quote, as Ou does here:
Fox never stated SecureWorks never contacted them, they only said that no code was shared.
The first part of that sentence is true. The second is not because of the use of the word “only.” She said that SecureWorks provided no evidence.
Ou says “You can’t have their code, bitch!”
You’re not entitled to a researcher’s code which they spent time developing. Giving them the actual malformed packet that triggers the exploit and a pointer to the location of the flawed code is standard practice.
But for SecureWorks to have done this would have been to provide evidence, in which case Fox was mistaken or lying. But Ou’s not arguing that Fox is mistaken or lying. He’s arguing that she used PR gobbledy-gook to try to trick the world into thinking SecureWorks was wrong about the Airport hardware and drivers.
Ou then compliments his possibly imaginary friend on his legal acumen. You can learn a lot on the set of a popular legal show! I wish he’d asked him what Shatner’s really like!
While I know for a fact that Gruber is wrong and doesn’t know what he is talking about since I’m sitting on sensitive information at this point, I’m amazed that you can take Gruber’s own analysis and take it apart and get eerily close to what the truth is.
Well! Someone’s been hanging out in the super-secret hacker treefort in Maynor’s mom’s back yard with the Farah Fawcett poster on the wall!
I wonder if Ou has talked to Apple. Because single-sourcing from SecureWorks may not be the best way to go right now (see: Krebs, Brian). We already know that Ou has gone out of his way to falsely portray SecureWorks as good faith actors who were only interested in making Macs more secure and kittens and puppies more prevalent and spring! with the flowers and dancing and… and…
And that’s bullshit.
You don’t get to run around and say you want to stick a lit cigarette in its user-base’s eye and then pretend you weren’t out to get Apple.
At the end of the day, SecureWorks may be able to demonstrate a hack of Airport. I suspect there’s smoke coming out of that super-secret treefort right now and it’s not from the vigorous self-gratification to the Farah Fawcett poster. But until someone puts up or shuts up, a responsible journalist would not make ham-handed efforts to brow-beat others into silence with vague threats of lightning bolts from Mt. Olympus.
You might be thinking, jeez, this guy writes for ZDNet, I mean, that must mean he’s a responsible journalist, right?
Eh, maybe not.
What the hell? It’s too early for this, I tells ya!
…heh-heh, he said “holes”
…heh-heh, I’m number 2
And, First!
And, Second!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
Remember the name “Ou”, boys and girls.. I’m sure with a little more practice, he’ll be a regular Paul Thurrott.
-jcr
Dang, I thought I had achieved another Ace-Deuce punch.
Where are all the people that have replicated this hack using the real deal?
Fifth little pony!
Sixxxx
HELLISH ISN’T IT!?
Seven goes to heaven.
Take that Satan.
you bitch, you can’t use my toothbrush.
and now to read the article
8!!!!!
With 9 you get Peanut Butter Jelly Time!!!!
Of course the setup for the great 11!!!!
12?
oh i got 11….
and 12….
Wow. that article was far too serious and important for CARS. I’m impressed. When ars links to it I’ll sit back and laugh because CARS has become to place for logical discussion. Far out man.
See now I feel Eft. Really I do not just from a SOAP standpoint but from a toothbrush standpoint.
Now I need to just go and have a big ole honkin bowl of Oatmeal for lunch.
Maybe some salmon too.
OOOOH and maybe some applesauce!!!
uh…
Ok, so that’s not the wind making that treefort violently shake. This is the hard-hitting, snub-nosed, gumshoe wearing journalism that we’ve all come to expect from the CARS website’s
comments section.
HA. (of doom)
“Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.”
And they may in fact have been promised a PONY, too. Heck, anything’s possible.
UNLEASH HELL, MOLTZ! YEAH!
Yeah… Farrah Fricken’ Fawcett…
nothin’ like showin that CARS has new tricks up it’s pony…er, ponies up it’s sleeve….
nevermind.
After reading that article from Ou, one can see why CARS took a serious approach: CARS is in danger of being replaced by George if this keeps up!
CARS got some of the most delicious bits above (super-long post, HAHAHA). Enjoy, denizens.
heh…
CARS totally used the Washington Post’s toothbrush.
Real reporting …. sigh … Crazy Apple Rumors/Real Reporting Site … CARRRS
nah – just leave it at CARS
Hope you’re getting overtime John.
Wouldn’t CARRRS be CARS for pirates or even pirates with ponies.
On a semi-serious note…
The company I (work) for did the recordings of all of the BlackHat and Defcon sessions. Maynor stated in the BlackHat session, that the flaw is with the 3rd party drivers. In fact, the session title is ‘Device Drivers’. During the Defcon session, they did try to clarify things a bit. David IS working with Apple, and upon confirmation a affected platforms, will help with a patch.
If I can, I will try to post a MP3 of the recordings sometime very soon…
moo
“When ars links to cars” (paraphase) – that’s gotta be the funniest post in a long time – in so many ways.
What!? Moltz is Jade?
Looks like we’ve got a side order of O’Grady Watch going too! Ou! That’s gotta sting! Here’s hoping O’GW goes aboveground real soon.
Ou! Ou! Ou! No! Let go of the damn toothbrush guys! No means No, Ou!
Where’d I leave that 10 gig iPod, and the sock?
This piece is too conceptual. I don’t get it. I like your more believable characters like “Ugluk” and “Entity.” This “Ou” character doesn’t make much sense.
I agree with Carl. I can believe in mysterious intergalactic entities, but it is just not credible that a real person would be a stupid as this imaginary Ou character. That and the name is just not realistic either. Maybe you should change his name to something believable like Oulu or something.
En’kay. I watched Maynor’s video and he says:
So Maynor is demonstrating the vulnerability of a stupid third party wireless card on a Mac that comes with Apple’s Airport card!!
Am I missing something here??!!
What is all the fuss about? I mean, I’m all for a good fuss and have been known to throw are killer fuss when one is called for but I find myself hard pressed to care about this.
I’ll publish a ‘funny’ post here in the comments for the sake of those who thought the Moltzâ„¢ was being too serious.
WTF? OU! WTF? OU! WTF? OU!
APPLY DIRECTLY TO THE FOREHEAD.
Although Maynor’s video doesn’t claim that they had hacked a Mac’s internal wireless, their interview with Krebs DID make that claim:
http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
Bunch of lying idiots……
Okay, so it isn’t that funny. But hey, this ain’t my website either!!
Thank you, Joe. Here’s my response to the same question:
You’re missing something.
Krebs reported that Maynor said the flaw was also in the stock Airport card and drivers. Ou, oddly, reported that Maynor never said that, but did *demonstrate* that (which makes very little sense).
Check this out. In Ou’s previous post he says
Oh, so it’s all about a third part card and driver. Airport was never involved. Case closed!
Oh, but then, in the same paragraph, he says
Wait, wha-huh?
Which is it, dude?! Pick one!
True enough Joe, but even there they only claim that the exploit is present in the Apple hardware. No one has demonstrated it.
This is how security “experts” make a name for themselves.
Still not able to care…
Longest. Post. Ever.
OK, Ahyner, you don’t have to care, but I think you’re underestimating what they’re claiming. Krebs reported that they – after the videotaped demo – claimed to have done it on stock Airport hardware and software.
I get it John. I’m just not too impressed with claims about that. Why not just crank out another video with them hacking an Airport? Prove what you claim.
Besides, I use a third party PC Card 802.11g and so I’m… Oh. Wait.
Don’t worry guys, problem solved.
I went over there and used their toothbrushes. Then I let my kittens and ponies use their toothbrushes. So I think we are all good now.
John, you hit it right on the head. How could Ou put up another post, after that huge mistake, and then go on a childish rant? Just doesn’t seem smart. I think he’s either:
a. GOT to know something that he thinks will save his reputation.
b. Desperately wants us to think he knows something that he can’t yet share, hoping we’ll forget later,
c. Never listened when his mom told him to think before he writes. Or something like that.
In fairness to George, we all make mistakes. I’m no Charlie’s Angel (because if I was, I’d be in front of a mirror right now….), but he is writing as a journalist (isn’t he?), so he’s got some higher standards to live up to. Especially on such a serious subject, that he’s treating far too nonchalantly.
I’m sorry, but nothing out of that camp (Ou, Kreb, etc) has made much sense at all. They must not be able to say anything sensible without either damning Mac users (by putting them at risk) or damning themselves. In which case, Kreb opened a can of worms that aren’t gonna be put back in the can, and he should just retract his posts and say he made a boo-boo so this whole thing blows over until a patch comes out.
You know, it really burns putting up serious posts on CARS. In uncomfortable places. I’ll leave the disambiguation to the reader as an exercise.
Well, it’s not exactly serious.
Besides, what are you talking about? All of our posts are factual, hard-hitting journamalism.
Uh…
I mean “journalism.”
That’s what I meant to say.
now that you put it that way, it makes it all better.
And yes, the burning has stopped, if you’re interested.
…
Which I’m pretty sure you’re not.
I’m not.
At all.
In the least.
But it is beginning to burn over here now.
Damn you, Step.
It burns on the penis
I George Ou is “going down with the ship.
Bad grammar, e-lawyers and flame wars. I had no idea Ou was a 12 year old girl.
Somebody call fandom_wank.
Ou! Ou! I read Ou’s article I love how we are told that his friend is ‘very smart’, why bother letting his intelligence shine through his analysis when we can just be told? Also I like how he doesn’t never use a lot of double negatives.
After reading that article I have to get this off my chest: NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! ah much better.
Damn 12 year old girls with thier e-lawyers and flame wars, why can’t they just enjoy ponies like the rest of us?
Oh and a half century. Woohoo!