More on Maynor

More on Maynor

Summary: Maynor's first video has been scrutinized and it is now known that the first hack did not involve a third-party wireless card. It appears to be fraudulent. Check this video.

SHARE:
TOPICS: Apple
61

owned-macbook.pngLast summer, David Maynor announced an exploit for Mac OS X and Apple's AirPort drivers that would allow third party code to be run. The hack was proven to work, but became controversial when a third party wireless card and third party drivers were involved with the exploit.

Maynor since offered an apology for mistakes that he had made and offered a live demonstration of the MacBook Wi-Fi vulnerability at a Black Hat event in DC last month. Maynor also offered to release e-mail exchanges, crash/panic logs, loose notes and the exploit code used in the hack, which allowed third party code to be run over the wireless connection, as a means of clearing is name.

Maynor's first video has been scrutinized and it is now known that the first hack did not involve a third-party wireless card. It appears to be fraudulent. Check this video.

Here's what someone in the know wrote to me:

You can see from that screenshot that there are only 3 interfaces (Built-In Ethernet, FireWire, and Airport) (the bottom thing on the left says daves-computer, it's the shell prompt). There is no third party device.

So that's one "lie" from the video.

Secondly, he explicitly mentioned the IP address at the beginning of the video. Why did he do this? The bug that apple found and he claimed to find was exploited when searching for networks, he didn't have to be connected to one. Which means there was no reason whatsoever for him to list an IP address.

And as you noticed, that IP is for the built-in airport card, which also supports his assertion there was a third party card was a lie.

He also seems to imply that the Mac Book was already connected to the dell (and that's why it had the IP address)

The other issue is if you look at the video in full, you can see that he gets access to the currently logged in user's account. Since the airport drivers run in kernel space, actually getting a hack to run would give him root access. Yet he doesn't since he creates files on the desktop of the logged in user.

So why is him having an IP address important? Well, if his badseed script simply logs in via ssh on the Mac Book, then he'd be able to do everything he said. In order to ssh in, he'd have to have the Mac Book on the network at a predetermined location (and he does).

So I posit that the entire thing is fake and he logged into the Mac Book normally and created a few files via ssh.

It might have been done to promote Errata security for Maynor  and separately to promote Johnny Cache's upcoming book.
I'm not really sure why they did it. Just that so far there is no evidence to support the idea that they actually found an exploit. Especially since they've refused to display publicly the claims they made in the video.

I'm as sick of this story as you probably are, but wanted to pass along this new piece of analysis of the original video. Apple's Airport stack has since been patched. Does anyone even care about this any more?

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

61 comments
Log in or register to join the discussion
  • No offence Jason, but WTF happened to "Full-disclosure"???

    You cannot just quote a piece and then state its origin as "someone in the know".

    Let this person who is calling Maynor a liar come out in the open and say it. If Maynor wasn't lying, then I would expect a libel suit to follow. If he was, then at least the person who "outed" him would get the credit.

    All this cloak-and-dagger BS is getting ridiculous. George goes about promising that the evidence will eventually come out, and here you are quoting mythical references that the whole thing is a lie.

    BTW Did that same source also reckon the Apollo missions were fake, Elvis is working in a supermarket in Idaho and George Bush is really an alien (ok the last one MIGHT be true!)???
    Scrat
    • Why not?

      Every other blogger and Washington Post reporter who have written about the story seem just fine with anonymous sources, demonstrations that no one is allowed to witness, e-mails that no one has seen and super-secret legal agreements.

      Since George (who you mention) has yet to actually present any evidence whatsoever, why should we hold Jason to a higher standard?
      tic swayback
      • both of your points.

        true, so very true. so much bs about this story from the git-go a person doesn't know who's telling the truth.

        gnu/linux...giving choice to the neX(11)t generation.
        Arm A. Geddon
      • It probably..

        It probably has to do with the fact alot of misinformation continue to be spread. Like these so called "video analysis". That video was filmed over four hours and edited down to five minutes, the frame by frame analysis is pretty useless since I didn't do the editing. Watching the video I can point out several areas where I was just randomly typing and pointing to the screen for filler footage that was included.

        Yet people keep giving credence to this incorrect and misleading analysis.
        dmaynor
        • You are evil in the eyes of the zealot

          You are one of the unbelievers who has highlighted the fact that OSX is not immune to security exploits. That makes you a bad man in their eyes. You have taken away their "security blanket" and they hate you for it.
          NonZealot
          • Wasn't it you that said

            Maynor was benevolent and Apple was evil? Being you're one of the biggest [b]
            WinZealots[/b] here, how can you say that? Or are you still claiming not to be a [b]
            Zealot[/b] (even though your posts prove you are)?
            Rick_K
        • It probably has to do with the fact alot of misinformation continue to be s

          It is you,[b]Jihad George[/b] and the rest of the windows zealots that is spreading the
          misinformation. Most sane people would call it "spreading F.U.D.".
          Rick_K
          • Crappy

            Winzealot?

            You know I have reported more problems in windows machines than Apple? How does this make me a winzealot? I have reported more problems in CISCO equipment than Apple.

            I must not understand you terms of what a zealot is then.
            dmaynor
          • You want to stab me in the eye with a lit cigarette or something?

            First of all, [b]WinZealot[/b] may feel slighted if I were to call you him. But your own
            words tell a different story. It shows utter distaste for all Mac users. See bold text
            below.

            [i]"We're not picking specifically on Macs here, but if you watch those 'Get a Mac'
            commercials enough, it eventually makes [b]you want to stab one of those users in
            the eye with a lit cigarette or something," Maynor said.[/b] [/i]
            Rick_K
        • care to reply about these few links?

          http://daringfireball.net/2006/08/curious_case

          http://daringfireball.net/2006/09/lies_damned_lies_and_macbook_wifi_hacks

          http://stephencaver.vox.com/library/post/bill-gates-jackassery-david-maynor-is-a-douche.html

          gnu/linux...giving choice to the neX(11)t generation.
          Arm A. Geddon
          • Ok...

            What do you want in reply?

            John Gruber doesn't know what happened. Even when he sees slides that prove that Apple mislead the press, he choose not to include that in his analysis, instead focusing in on these so called video analysis. That puts him firmly in the zelaot arena of only showing evidence that supposrts his theories.

            As far as my Vista Vs. OSX claime. Its true, I don't care if that upsets you or makes you made, the fact is that Vista has included technology to break most exploits where as OSX is lagging far behind in implementing them. Whats the poblem? Don't belive me? Write an exploit for one of the new Quicktime bugs and see which platform it is easier to get the exploit working on. Wait let me save you the trouble, its OSX.

            So?
            dmaynor
          • in your reply?

            how a sentence or two per link? that would have been sufficient.

            zealots? always a way to deflect criticism.

            vista vs os x? hmm, not really a fair test. one reason, vista is new and os x has been around for years. plus there's other reasons I could list. let's wait and see when leopard comes out. in any case, I'd say linux beats them both. why? because of it's code is open.

            as for writing an exploit, let's wait till they come out with vista sp1. I'm sure there's lots of hackers biding their time till then. vista w/sp2 or se whatever they call it will be a longer time between releases so after that, it should be ripe for picking.

            and finally, hackers that seek publicity are those that I'd like to take a lit cigarette... well you can finish that sentence. ;-)

            p.s. btw, I use windows xp w/sp2, os x and linux.

            gnu/linux...giving choice to the neX(11)t generation.
            Arm A. Geddon
          • Huh?

            How about you get Gruber to respond to the emails showing that I did indeed share information with Apple, then we can talk. Until then he is firmly in the zealot arena who ignores evidence to support his own thoeries.

            And the blig where the best they can do is name call? Prove anything I said wrong, you can't. Why spend time on a some one who doesn't even understand my initial statments?

            And as far as VIsta SP1 coming out, I do not understand what you mean. Since service packs FIX bugs, hackers would want to find problems BEFORE they come out. Even with that I don't see how that affects the security technology that is in Vista now, its not like Microsoft will remove it in SP1.
            dmaynor
          • reponce to your "uh?"

            [b]How about you get Gruber to respond to the emails showing that I did indeed share information with Apple, then we can talk. Until then he is firmly in the zealot arena who ignores evidence to support his own thoeries.[/b]

            sounds good to me. let's get all of the major players here at zdnet for a little q&a session.

            [b]And the blig where the best they can do is name call? Prove anything I said wrong, you can't. Why spend time on a some one who doesn't even understand my initial statments?[/b]

            fair enough. since the story broke, hacking a mac in 60 seconds, so much has been written a person can't keep track of who said what, when, etc. anyway.

            [b]And as far as VIsta SP1 coming out, I do not understand what you mean. Since service packs FIX bugs, hackers would want to find problems BEFORE they come out. Even with that I don't see how that affects the security technology that is in Vista now, its not like Microsoft will remove it in SP1.[/b]

            sorry, there's hackers who'd rather wait to have companies think they fixed certain bugs and then come in under the radar and attack. as for msft's security, that's a no brainer, as they're finally starting to get things right. hopefully they'll build on it and not try to reinvent the os again.

            one more thing. I tested vista up to rc2 and found it to be clunky, irritating, etc. if you had read any of the articles here at zdnet, some of the problems I had with vista were similar to what george ou wrote about. his computer was very similar to the one I had just built towards the end of last year. so I do know about vista but I'll be staying with xp pro when I need the windows eXPerience. after vista sp1 is released I'll have another go around with it; you know what I mean. :-)

            gnu/linux...giving choice to the neX(11)t generation.
            Arm A. Geddon
          • correction. in response to your "Huh?" (nt)

            sorry
            Arm A. Geddon
    • Well...

      I think his point is that who his source is isn't all that important if you look at the video and follow the commentary from his "anonymous source."

      To add fuel to the fire, as part of the "flame fest" resulting from the other day after Maynor demonstrated the crashing of a Mac, he claimed that they never said they could hijack a Mac. However, doesn't this (original?) video show him executing code remotely! That alone makes it even more likely he/cache were BS'ing the whole thing to publicize themselves.
      zkiwi
      • Wrong...

        The problem with this story has always been people like you.
        Please show me where I said "that they never said they could hijack a Mac".

        That is incorrect but you seem to have no problem spreading misinformation.
        dmaynor
        • So, why did you say

          That you weren't going to show the hijack yet on this (earlier) video you purport to show remote code execution if you didn't mean it about the hijack part?

          Given those issues, you saying there's all this misinformation without dealing with the issues just makes you look lamer than the rest of us. Care to deny you showed remote code execution (I'd call that a hijack), and now you won't touch it.
          zkiwi
          • Wrong...

            Pay close attention, I don't know how much clearer to say this:

            I showed remote code execution of a 3rd party card in the video (I say that twice).
            I showed remote code execution of the built-in Atheros card to several people at Blackhat.
            I reported 3 different issues to Apple: a remote code execution problem in the native Macbook, a remote code execution problem in the native Powerbook, a remote code execution problem in the Macbook Bluetooth stack.

            I showed a crash on stage because the first go arounf nobody understood what happened. Showing a crash proves that I could remote affect the machine.

            So you statements about me denying finding a remote code execution flaw is completely incorrect and misleading.
            dmaynor
          • We have paid close attention

            That's why we know you're a liar.
            frgough