MacBooks and death threats
Back in early August hackers Jon "Johnny Cache" Ellch and David Maynor demonstrated how they exploited a defect in a wireless device driver to compromise a MacBook notebook computer. I blogged about the exploit and later updated my post when a video demonstration revealed that the hack was against a third-party WiFi card connected to the MacBook with a third-party USB card reader.
You are probably (correctly) asking yourself "Why on earth would anyone use a third-party WiFi card with a MacBook when it comes with WiFi built in." The answer to that question came from an interview of the duo by Brian Krebs:
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet.
The next day I posted that the native MacBook WiFi card and device driver were indeed susceptible to the Black Hat exploit and that MacBook users should exercise caution when using public WiFi networks and keep Airport turned off when it's not in use.
In today's episode of MacBook Exposed fellow ZDNet blogger George Ou has taken a few journalists to task for promoting the HackBook story incorrectly leading to "a vicious orchestrated assault on researcher David Maynor and the company SecureWorks." The dissenters are upset because they claim that Maynor and SecureWorks falsified their research presented at Black Hat 2006.
When I contacted David Maynor by email and later phoned him late Saturday night, Maynor was very disturbed by the whole incident. He had already been receiving hate mail and even death threats at the Black Hat convention but the threats had escalated with this latest fabricated story about him falsifying his research.
If you watch the video of the hack Maynor clearly states that he uses a third-party WiFi card (pictured), so Maynor and Ellch fabricated little (if anything) at all in their demo.