George Ou speaks again, John Gruber’s “super long analyis” (shorter Ou: “Damn, this David Burke, who has a recurring role as a D.A. on Boston Legal.

That’s just the kind of of top-notch legal advice you want when refuting a blog post!

So, let’s get down on it! Burke copies whole heaves of text from Daring Fireball to set the ground work for his massive take-down!

Sorry for the following extended quotes, but this is the evidence he uses to support his concern, search the link if you would like to double check…

Uh, no, dude, that’s OK. I’m sure you’ve got mad copy/paste skillz. I’m sure you beat the hell out of that V key.

“Copy. PASTE! Copy. PASTE! Copy. MOTHERFUCKING PASTE! Oh, man, I’m on fi-ya!

Fox’s statement simply says; Maynor and Ellch have not demonstrated such a vulnerability to Apple.

Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.

So his main concern is garbage.  See why you need trained people to examine the evidence?

Ah! You mean like someone who plays a D.A. on TV?

There’s just one problem with Mr. Burke’s stunning legal analysis.

“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,” Apple Director of Mac PR, Lynn Fox, told Macworld.

[Emphasis mine.]

This is the graph that Maynor’s defenders kind sorta wish wasn’t there and, if you repeat it, will probably make them stick their fingers in their ears and go “LA-LA-LA-LA-LA-LA! I AM NOT LIS-TEN-ING!”

They much prefer to focus on the “sharing of code” quote, as Ou does here:

Fox never stated SecureWorks never contacted them, they only said that no code was shared.

The first part of that sentence is true. The second is not because of the use of the word “only.” She said that SecureWorks provided no evidence.

Ou says “You can’t have their code, bitch!”

You’re not entitled to a researcher’s code which they spent time developing.  Giving them the actual malformed packet that triggers the exploit and a pointer to the location of the flawed code is standard practice.

But for SecureWorks to have done this would have been to provide evidence, in which case Fox was mistaken or lying. But Ou’s not arguing that Fox is mistaken or lying. He’s arguing that she used PR gobbledy-gook to try to trick the world into thinking SecureWorks was wrong about the Airport hardware and drivers.

Ou then compliments his possibly imaginary friend on his legal acumen. You can learn a lot on the set of a popular legal show! I wish he’d asked him what Shatner’s really like!

While I know for a fact that Gruber is wrong and doesn’t know what he is talking about since I’m sitting on sensitive information at this point, I’m amazed that you can take Gruber’s own analysis and take it apart and get eerily close to what the truth is.

Well! Someone’s been hanging out in the super-secret hacker treefort in Maynor’s mom’s back yard with the Farah Fawcett poster on the wall!

I wonder if Ou has talked to Apple. Because single-sourcing from SecureWorks may not be the best way to go right now (see: Krebs, Brian). We already know that Ou has gone out of his way to falsely portray SecureWorks as good faith actors who were only interested in making Macs more secure and kittens and puppies more prevalent and spring! with the flowers and dancing and… and…

And that’s bullshit.

You don’t get to run around and say you want to stick a lit cigarette in its user-base’s eye and then pretend you weren’t out to get Apple.

At the end of the day, SecureWorks may be able to demonstrate a hack of Airport. I suspect there’s smoke coming out of that super-secret treefort right now and it’s not from the vigorous self-gratification to the Farah Fawcett poster. But until someone puts up or shuts up, a responsible journalist would not make ham-handed efforts to brow-beat others into silence with vague threats of lightning bolts from Mt. Olympus.

You might be thinking, jeez, this guy writes for ZDNet, I mean, that must mean he’s a responsible journalist, right?

Eh, maybe not.


  1. OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
    OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
    OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
    OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!

  2. Remember the name “Ou”, boys and girls.. I’m sure with a little more practice, he’ll be a regular Paul Thurrott.


  3. Dang, I thought I had achieved another Ace-Deuce punch.

    Where are all the people that have replicated this hack using the real deal?

  4. Wow. that article was far too serious and important for CARS. I’m impressed. When ars links to it I’ll sit back and laugh because CARS has become to place for logical discussion. Far out man.

  5. See now I feel Eft. Really I do not just from a SOAP standpoint but from a toothbrush standpoint.
    Now I need to just go and have a big ole honkin bowl of Oatmeal for lunch.
    Maybe some salmon too.
    OOOOH and maybe some applesauce!!!

  6. uh…

    Ok, so that’s not the wind making that treefort violently shake. This is the hard-hitting, snub-nosed, gumshoe wearing journalism that we’ve all come to expect from the CARS website’s

    comments section.

    HA. (of doom)

  7. “Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.”

    And they may in fact have been promised a PONY, too. Heck, anything’s possible.

  8. After reading that article from Ou, one can see why CARS took a serious approach: CARS is in danger of being replaced by George if this keeps up!

    CARS got some of the most delicious bits above (super-long post, HAHAHA). Enjoy, denizens.

  9. heh…

    CARS totally used the Washington Post’s toothbrush.

    Real reporting …. sigh … Crazy Apple Rumors/Real Reporting Site … CARRRS

    nah – just leave it at CARS

  10. On a semi-serious note…
    The company I (work) for did the recordings of all of the BlackHat and Defcon sessions. Maynor stated in the BlackHat session, that the flaw is with the 3rd party drivers. In fact, the session title is ‘Device Drivers’. During the Defcon session, they did try to clarify things a bit. David IS working with Apple, and upon confirmation a affected platforms, will help with a patch.

    If I can, I will try to post a MP3 of the recordings sometime very soon…


  11. “When ars links to cars” (paraphase) – that’s gotta be the funniest post in a long time – in so many ways.

  12. Looks like we’ve got a side order of O’Grady Watch going too! Ou! That’s gotta sting! Here’s hoping O’GW goes aboveground real soon.

    Ou! Ou! Ou! No! Let go of the damn toothbrush guys! No means No, Ou!

    Where’d I leave that 10 gig iPod, and the sock?

  13. This piece is too conceptual. I don’t get it. I like your more believable characters like “Ugluk” and “Entity.” This “Ou” character doesn’t make much sense.

  14. I agree with Carl. I can believe in mysterious intergalactic entities, but it is just not credible that a real person would be a stupid as this imaginary Ou character. That and the name is just not realistic either. Maybe you should change his name to something believable like Oulu or something.

  15. En’kay. I watched Maynor’s video and he says:

    Don’t think, however, just because we’re attacking an Apple that the flaw itself is in the Apple. We’re actually using a third party wireless card.

    So Maynor is demonstrating the vulnerability of a stupid third party wireless card on a Mac that comes with Apple’s Airport card!!

    Am I missing something here??!!

    What is all the fuss about? I mean, I’m all for a good fuss and have been known to throw are killer fuss when one is called for but I find myself hard pressed to care about this.

    I’ll publish a ‘funny’ post here in the comments for the sake of those who thought the Moltzâ„¢ was being too serious.

  16. Apple has agreed, in an out of court settlement, to pay Creative $100 million in order to end a patent dispute. CARS has discovered that there is much more to this lawsuit than is apparent.

    “It’s all Creative’s fault,” Apple claimed. “It started right after they moved in next door.” Glancing out of the window and tapping their tea saucer, the technology company added, “They never mowed their lawn.”

    “That is so not true!” Creative replied. “We keep our law ‘lush’ rather than ‘tight.’ Apple said it looked long but we thought it looked full and rich.” “Things just kind of went downhill from there.”

    A few weeks later Creative called the police on Apple for a ‘noise violation’. Creative claimed that Apple was playing music too loud too late at night. “And it was nothing but Night Ranger’s ‘Don’t Tell Me You Love Me’ over and over again. I hate that song!” The police declined to comment.

    “We had a party,” Apple explained, “and Creative was invited but didn’t want to come. They called the cops at 10PM on a Saturday night! They were already in bed, if you can believe that. Lightweights.”

    Apple’s elm tree in the front yard was tee-peed the night before Halloween and the next night someone soaped the windows on Creative’s El Camino. What followed were flat tires, missing bicycles, broken windows, dismembered pets, dead skunks down chimneys, burn outs on the lawn at 2AM, a burning bag of dog poop on the porch as part of a ‘ring and run’, and countless prank phone calls. Finally, Creative had had enough and filed a law suit.

    “Well, the MP3 player patent thing was just our way to get at Apple. They weren’t listening to reason. Come to think of it, they weren’t listening to our childish pranks either.” Creative admitted outside the court room before their lawyers ushered them into a private meeting in a secluded corner.

    “Forget it!” Apple threw their hands up in disgust. “Forget it. Just give them their money and then we’re building a large privacy fence on their side of our property.” As Apple’s lawyers drug the technology company toward the court house lobby, Apple yelled, “But if their damn dog gets in our trash again I’ve got some hamburger soaked in anti-freeze that I need to get rid of if you know what I mean!!”

    Okay, so it isn’t that funny. But hey, this ain’t my website either!!

  17. Thank you, Joe. Here’s my response to the same question:

    You’re missing something.

    Krebs reported that Maynor said the flaw was also in the stock Airport card and drivers. Ou, oddly, reported that Maynor never said that, but did *demonstrate* that (which makes very little sense).

    Check this out. In Ou’s previous post he says

    So Maynor and SecureWorks have been telling the truth about this being a third party driver and hardware from the very beginning and they never misrepresented anything.

    Oh, so it’s all about a third part card and driver. Airport was never involved. Case closed!

    Oh, but then, in the same paragraph, he says

    The transcript clearly reveals that Maynor had demonstrated the same exploit on a Mac without any third party wireless hardware!

    Wait, wha-huh?

    Which is it, dude?! Pick one!

  18. True enough Joe, but even there they only claim that the exploit is present in the Apple hardware. No one has demonstrated it.

    This is how security “experts” make a name for themselves.

    Still not able to care…

  19. OK, Ahyner, you don’t have to care, but I think you’re underestimating what they’re claiming. Krebs reported that they – after the videotaped demo – claimed to have done it on stock Airport hardware and software.

  20. I get it John. I’m just not too impressed with claims about that. Why not just crank out another video with them hacking an Airport? Prove what you claim.

    Besides, I use a third party PC Card 802.11g and so I’m… Oh. Wait.

  21. Don’t worry guys, problem solved.

    I went over there and used their toothbrushes. Then I let my kittens and ponies use their toothbrushes. So I think we are all good now.

  22. John, you hit it right on the head. How could Ou put up another post, after that huge mistake, and then go on a childish rant? Just doesn’t seem smart. I think he’s either:
    a. GOT to know something that he thinks will save his reputation.
    b. Desperately wants us to think he knows something that he can’t yet share, hoping we’ll forget later,
    c. Never listened when his mom told him to think before he writes. Or something like that.

    In fairness to George, we all make mistakes. I’m no Charlie’s Angel (because if I was, I’d be in front of a mirror right now….), but he is writing as a journalist (isn’t he?), so he’s got some higher standards to live up to. Especially on such a serious subject, that he’s treating far too nonchalantly.

    I’m sorry, but nothing out of that camp (Ou, Kreb, etc) has made much sense at all. They must not be able to say anything sensible without either damning Mac users (by putting them at risk) or damning themselves. In which case, Kreb opened a can of worms that aren’t gonna be put back in the can, and he should just retract his posts and say he made a boo-boo so this whole thing blows over until a patch comes out.

  23. You know, it really burns putting up serious posts on CARS. In uncomfortable places. I’ll leave the disambiguation to the reader as an exercise.

  24. Well, it’s not exactly serious.

    Besides, what are you talking about? All of our posts are factual, hard-hitting journamalism.


    I mean “journalism.”

    That’s what I meant to say.

  25. now that you put it that way, it makes it all better.

    And yes, the burning has stopped, if you’re interested.

    Which I’m pretty sure you’re not.

  26. I’m not.

    At all.

    In the least.

    But it is beginning to burn over here now.

    Damn you, Step.

  27. I George Ou is “going down with the ship.

    Bad grammar, e-lawyers and flame wars. I had no idea Ou was a 12 year old girl.

    Somebody call fandom_wank.

  28. Ou! Ou! I read Ou’s article I love how we are told that his friend is ‘very smart’, why bother letting his intelligence shine through his analysis when we can just be told? Also I like how he doesn’t never use a lot of double negatives.


  29. Damn 12 year old girls with thier e-lawyers and flame wars, why can’t they just enjoy ponies like the rest of us?

Comments are closed.