ie8 fix
madison

Real World IT

George Ou
Home / News & Blogs / Real World IT

How Apple orchestrated web attack on researchers

By | March 20, 2007, 2:06am PDT

Summary: The Mac press had a field day nearly destroying the reputations of two security researchers but where they alone in their actions? See proof of how Apple and its PR department were pulling the strings all along.

Last summer, when I wrote "Vicious orchestrated assault on MacBook wireless researchers," it set off a long chain of heated debates and blogs. I had hoped to release the information on who orchestrated the vicious assault, but threats of lawsuits and a spineless company that refused to defend itself meant I couldn't disclose the details. A lot has changed since then: Researcher David Maynor is no longer working for SecureWorks, and he's finally given me permission to publish the details.

The scandal broke when Jim Dalrymple put out a hit piece on security researchers David Maynor and Jon "Johnny Cache" Ellch, saying that their research was a "misrepresentation."  Dalrymple based his conclusion solely on the word of Apple PR director Lynn Fox. David Chartier went even further and said that, "SecureWorks admits to falsifying MacBook wireless hack" based solely on a SecureWorks disclaimer (it's no longer there) that merely reaffirmed what the original video was saying all along–that the hack demonstrated in the video was based on third-party wireless hardware.  I had personally interviewed the two researchers before this whole scandal broke out, and I specifically asked Maynor and Ellch if they were using Apple's Wi-Fi hardware in their official Black Hat demonstration. They clearly said that no Apple Wi-Fi product was used for the exploit. That's why I was shocked to see the researchers blamed for changing their story and "admitting" they made the whole thing up when no one changed the story and no one admitted to anything. Yet the headline from Chartier, along with Dalrymple's story, was blasted all over the Web after it made Digg and Slashdot. Everyone simply assumed Maynor and Ellch were frauds because they supposedly "admitted it."

Through all of this, I've been accused of covering up for my "buddies" and losing my objectivity, but I had never met David Maynor and Jon Ellch–and last summer was my first trip ever to Black Hat and Defcon. It was by mere chance that I overheard them in an interview with another reporter in the press room. I asked them if I could videotape an interview with them afterward, and they said yes–which led to this interview. But when I read the news that the researchers "admitted to falsifying their research," I was shocked, and I almost believed it for a second–until I read the stories and saw that there was no admission but a simple reaffirmation of what had been claimed all along on SecureWorks' Web site in some obscure location that blogger Chartier just *happened* to find. It didn't matter that the so-called "evidence" wasn't an "admission" at all because it looked the part, and that's all that was needed to hang the two researchers and brand them as frauds. But did Chartier really just happen to come across the evidence?

When I called David Maynor to get to the bottom of this, it turned out that Apple PR director Lynn Fox (who was also cited by Jim Dalrymple as proof that the researchers "misrepresented" the research) was the puppetmaster from start to finish. She not only contacted sympathetic bloggers like Chartier and "journalists" like Jim Dalrymple, she was actually the one who got SecureWorks to publish the "clarification" in the first place. Once she got SecureWorks to publish a clarification that merely reiterated the fact that third-party hardware was used in the original video (and it was clearly disclosed in the first 20 seconds of the video that it was third-party hardware), she used that as "incriminating" evidence that the researchers admitted to falsifying the video and shared her "findings" with Apple-friendly press.

[* Update 4/4/2007 - David Chartier disputes he was contacted by Lynn Fox and is complaining that I didn't check with him on this.  That's hardly the issue here and I know for a fact from sources at Apple that Fox contacted the media and planted the "researchers admit to lying" story and handed out the so-called incriminating link to SecureWorks' website.  The fact that Fox did or didn't directly speak with Chartier is completely immaterial and it's been established that Fox did speak with Dalrymple.  Unless Chartier makes it a habit to routinely patrol obscure corners of the SecureWorks website, the information flowed from Lynn Fox to the media and it quickly made its way to David Chartier where he embellished and slandered two security researchers.  Why didn't I email Charier and ask him directly?  Simple, Chartier has been ignoring me when I ask him to explain why he slandered Maynor and Ellch and he had been deleting my posts on his blog asking him to explain the same question.  Chartier now claims he never saw my posts but I explicitly remember my posts on his blog and remembered him dodging the questions on why he slandered Maynor and Ellch.  Chartier can wipe my comments on his blog but he can't wipe it on mine and this thread still sits here with him dodging my question.  Chartier can say he never saw my posts all he wants but he dodged several of my posts on my blog and he erased my posts on his blog and now denies it.  After all that, I wasn't going to waste my time trying to contact someone who dodges my questions and deletes my posts.  He can't deny he slandered David Maynor and Jon Ellch and he won't answer to it.  Unfortunately there are more than 1000 links on Google pointing to Chartier's slanderous blog stating that SecureWorks admits to falsification.  Chartier and Dalrymple who were ultimately manipulated by Lynn Fox's planted story were the focal point of deception and that's why I'm calling these three people out.]

But how did Lynn Fox get SecureWorks to publish a clarification on its Web site? It turned out that Fox had actually wanted an even more incriminating statement from David Maynor himself and sent him an e-mail on 8/15/2006 (two days before the public accusations of fraud hit the Web) demanding that he post a confession word for word. Maynor refused and told Fox to speak to SecureWorks PR, and the two parties came to a compromise on 8/16/2006, where SecureWorks would simply post a clarification. SecureWorks never knew what hit them when the accusations of fraud hit on 8/17/2006 because they figured they were merely posting a clarification that reiterated what they had been saying all along. They had no idea that MacWorld and an unofficial Apple blog would tear them to pieces and simply assumed it was an admission that facts were originally misrepresented. As proof of how this all went down, here is the e-mail Lynn Fox sent to David Maynor demanding that he post the confession publicly. I was given a copy of it on 8/19/2006.

From: Lynn Fox <####@apple.com>
To: David Maynor <####@mac.com>
Cc: Moody David <####@apple.com>, Wiley Hodges <####@apple.com>
Date: Tue Aug 15, 2006 06:14:09 PM PDT
Subject: Your post on SecureWorks website

<<Original Attached>>

David,

Below is the note we drafted about the MacBook exploit confusion.

Please confirm that you've received this and will post it without text changes on your blog and front and center on SecureWorks' news & events page tonight. The placement of this post should be as prominent as the initial announcement of the exploit demo at Black Hat.

You are welcome to call me on my cell at 415-###-#### if you need to discuss any further.

Thanks,
Lynn

For the Record: MacBook is not inherently vulnerable to Black Hat-demonstrated exploit
By David Maynor

I want to clarify something about the wifi device driver exploit we demonstrated at Black Hat in Las Vegas a couple weeks ago.

Confusion has mounted as to whether the exploit I demoed at Black Hat and for Brian Krebs of the Washington Post is reliant the use of a third party driver. In short, the answer is yes. The MacBook is not inherently vulnerable to the attack, and I never said that it was.

Part of the confusion lies in the fact that we have not specifically named the third-party device driver; this is because we know that the vendor is working on a patch and we don't want to release the name of the chipset until the fix is in place.

I hope this clears up some of the confusion. Stay tuned for a live demo of this exploit live at Toorcon.

Note that I've masked out parts of the e-mail addresses and parts of Lynn Fox's cell phone number for privacy issues, but I can assure you it was the right phone number. I actually called the number to confirm that it was real, and Lynn Fox was quite upset and demanded to know where I got the number. I declined to answer since the e-mail at the time was given to me by David Maynor off the record. I asked Fox about the scandal, and she told me that her cell phone was breaking up and that she'd call me back. Within a minute, I had David Maynor instant-messaging me that Lynn Fox was on the phone with him in a rage. I told him I didn't disclose anything to Fox, and Maynor simply directed Fox to SecureWorks PR.

When I finally got Fox back on the phone, I asked her some questions about how MacWorld and the unofficial Apple blog got the information on the so-called confession. I got all my questions answered, but I can't disclose what she said since Fox refused to speak on the record. But the bottom line is that Lynn Fox played Jim Dalrymple, David Chartier, and the rest of the Mac press/blogosphere like a violin, though it was clear they were all willing participants. When I pointed out the flaws in their stories, Chartier and Dalrymple simply ignored me and stuck to their guns and Chartier erased all of my comments on his weblog.

So what was the end result of all this? Apple continued to claim that there were no vulnerabilities in Mac OS X, but came a month later and patched its wireless drivers (presumably for vulnerabilities that didn't actually exist). Apple patched these "nonexistent vulnerabilities" but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The result was that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007, including last week's megapatch of 45 vulnerabilities.

Apple is a mega corporation that nearly smashed the reputation of two individuals with bogus claims of fraud. It didn't matter that they weren't the ones pulling the trigger because they were pulling all the strings. David Chartier should be ashamed of himself and his blog. Jim Dalrymple of Macworld and his colleagues who jumped on the bandwagon should be ashamed of their reporting. Frank Hayes was the only one of Dalrymple's colleagues who had the decency and honor to apologize. Most of all, shame on Apple.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Real World IT”

Topics

Disclosure

George Ou

http://blogs.zdnet.com/Ou/?page_id=557

Biography

George Ou

George Ou, a former ZDNet blogger, is an IT consultant specializing in Servers, Microsoft, Cisco, Switches, Routers, Firewalls, IDS, VPN, Wireless LAN, Security, and IT infrastructure and architecture.

546
Comments
Add Your Opinion

Join the conversation!

Just In

RE: How Apple orchestrated web attack on researchers
a1931582 22nd Nov 2009
lolitas bbs, illegal porn, underage girls, preteen sex, child pornography!
naked preteen, preteen nudists, naked children, nymphets, ranchi bbs!
lolita portal, nude kids, ls magazine, preteens, lolita sex!
lolita bbs, young nymphets, lolitas, nude preteens, preteen girl!
pre teen model, lolita girls, preteen *******, preteen nude models, lolita nude!
lolita art, child porn, preteen model, preteen pics, nude children!
kid sex, underage nudity, nymphet, little lolitas, russian preteen!
kid porn, nudist kids, underage models, kids nude, loli bbs!
russian lolita, kids naked, underage sex, teen bbs, bbs!
lolita pics, young lolita, little lolita, lolita, naturist preteen!
sun bbs, pre teen sex, naked kids, underage lolitas, preteen naked!
illegal cp, underage nude, cp, lolita preteen, nude lolitas!
preteen bikini, loli, underage nudist, preteen girls, illegal porn!
naked preteens, preteen boy, illegal sex, lolita mpegs, lolita models!
young preteens, pthc, preteen nudes, preteen incest, lolita porn!
View in thread
0 Votes
+ -
Never mind the horse head George....
Scrat 20th Mar 2007
You're in for it now!

This has always had the love stink of Jobs over it. Good for you in showing what has happened.

I just hope you're tough enough for the backlash...
0 Votes
+ -
The truth will set you free
georgeou 20th Mar 2007
They've been screaming for "the proof" for the last 8 months, too bad they're going to get what they wished for.

These are some serious charges and I've reported only the facts. I can't say or post any of these accusations and emails if they weren't true without getting in to some serious trouble.
0 Votes
+ -
Still missing the "vicious orchestrated attack" part
Robert Crocker 20th Mar 2007
Let's see, you've shown us a "copy" of an email allegedly from an Apple PR spokesperson. The actual content of said email would seem to be an attempt to factually clarify the "Hack a Mac in 60 seconds" demonstration.

Two questions:
1) Was there anything factually wrong with the statement crafted by Apple?
2) How does this go from one email to a "vicious orchestrated attack"?
0 Votes
+ -
Yes there was something factually wrong with the statement.
ShadeTree 20th Mar 2007
"Confusion has mounted as to whether the exploit I demoed at Black Hat and for Brian Krebs of the Washington Post is reliant the use of a third party driver. In short, the answer is yes. The MacBook is not inherently vulnerable to the attack, and I never said that it was."

The whole reliant on a third party driver and the MacBook not being inherently vulnerable are misdirection and an out right lie. Since we know now the third party driver was for the Atheros chipset and that yhe driver was included as part of OSX the MacBook was inherently vulnerable to the attack.

it never ceases to amaze me to what lengths the Cult of the Mac will go to defend Apple. The vicious orchestrated attack was where Ms. Fox planted falsehoods about what occurred to the Apple faithfull and friendly press and let them viciously attacked the security analysts knowing full well they were right all along.
0 Votes
+ -
Misrepresentation
tic swayback 20th Mar 2007
---it never ceases to amaze me to what lengths the Cult of the Mac will go to defend Apple.---

Odd, as far as I know, Robert Crocker does not own a Mac or use one. He's always been one of our local OSS Linux folks. Perhaps Apple is putting legal pressure on him as well.
0 Votes
+ -
Shouldn't you be apologising about now....
ShadeTree 20th Mar 2007
... or doesn't this latest article clear your clouded vision as to what transpired? Seems to me you and your ilk have some groveling to do.
0 Votes
+ -
The vast "Apple" Winged conspiracy eh? Funny....
Laff 20th Mar 2007
Find me the smoking gun...perhaps a memo from Apple stearing others to do the
dirty work. Then I'll give you something...props even. Still all in all even "IF" it is true
it just seems like well business too me. I just like Apple better than MS never
claimed either company were saintish and not capable of playing hardball. Stil there
is that whole "prove it" thing we have too cross first.

Pagan jim
0 Votes
+ -
Re:The vast "Apple" Winged conspiracy eh? Funny....
Scrat 20th Mar 2007
"Find me the smoking gun..."

but there lies the problem.

It wouldn't matter if the smoking gun had just discharged a bullet into your head, you'd still deny the existance of the gun, the bullet, the Anti-Apple statement etc...
0 Votes
+ -
If a letter from an Apple publicist instructing ...
ShadeTree 20th Mar 2007
... the security analyst to lie is not proof enough or the fact that one of the vocal attackers published an apology and said Apple told him he was wrong or the fact they patched the issue are not proof enough then you will never be satisfied. You can go back to sleep now.
0 Votes
+ -
What do I have to apologize for?
tic swayback 20th Mar 2007
Please quote any specific thing I have to apologize for. I repeatedly said that George and Maynor/Ellch could very well be right, just that I couldn't believe them without any evidence.

George has presented some evidence here, but I'm not convinced it actually says what he claims it says. I've also yet to see any evidence of the originally claimed hack.

So what should I apologize for? Do you believe everything you read on the internet, or are you allowed to ask questions?

Oh, and you'll be sure to get that apology. In a few days....
0 Votes
+ -
Guilty as charged
Robert Crocker 20th Mar 2007
Actually I'm a Java developer though we do use Linux here for computational work.

I'm sure I've been pressured somewhere by someone but I have no idea who or how (personally I think it was that Occam dude, and he pulled something that looked like a knife on me).
0 Votes
+ -
"...that Occam dude..."
handydan918 20th Mar 2007
Nice! wink
0 Votes
+ -
RE: Yes there was something factually wrong with the statement.
Protagonistic 20th Mar 2007
"t never ceases to amaze me to what lengths the Cult of the Mac will go
to defend Apple."

Yeah, those Mac zealots will go almost as far defending their Macs as
George will defending Windows. In case you haven't noticed Mac users
don't have a corner on that market.
0 Votes
+ -
As a Mac user ... thank you George
LilBambi_z 20th Mar 2007
I use the Mac, Linux and Windows and as someone who appreciates what security researchers do for the good of all computer users and the Internet community, thank you very much for writing this blog entry.
0 Votes
+ -
So Jihad George....
Rick_K 20th Mar 2007
When are you going to start telling the truth? Where is the so called orchestrated
attack? Or better yet, the "smoking gun"? Oh wait, we're all supposed to take the
words of Jihad george an Anti-Apple Zealot as fact? How many times
have you twisted and misrepresented "facts" to suit you agenda? Too many time
for the majority of the readers. Sure the NBM members take what you say as
gospel. But for them Microsoft is a religion, just like it is for you. Do I personally
think Apple is beyond reproach? No, it's a for profit company. If anyone here
remembers a little application called SoundJam, I personally liked it. Apple bought
the rights to it, as well hired the programmer. It was then renamed iTunes. Do I
feel OS X is perfect? Hell no, it's a complex piece of software. But it is better than
windows. The NBM members (yourself included), refuse to give it any credit.
Instead you use deception, to make windows look better than it really is. Microsoft
won't admit how many "flaws" they patch, claim that spyware is a "critical security
enhancement", etc. Yet with all these wrong doings the NBM members still defend
Microsoft.

To date you haven't given any proof of your wild claims, unless you expect the
general public to believe your lies. Since I don't believe you are you and maynor
going to put a light cigarette in my eye? After all I'm one of those "smug Mac
users".

These are some serious charges and I've reported only the facts. I can't say or
post any of these accusations and emails if they weren't true without getting in to
some serious trouble.

If you were a serious journalist and not a 2 bit hack, you could indeed get into
serious trouble. But the fact that you write a "blog" or "opinion piece", does not
require the same burden of proof as a real journalist. An opinion doesn't
have to have any basis in fact, or even be accurate. You've openly stated that you
love Microsoft and hate Apple. So anything you write, has a level of bias in it. The
fact that it took maynor 8 months to reverse engineer a patch Apple put out,
doesn't speak well for him and his NBM preaching either. Now add his Anti Apple
comments, as well as insulting all Mac users. So your claim of proof is nothing
more than something to garner you more praise at the NBM weekly meeting, well
unless Microsoft is paying you directly for spreading lies and misinformation.
0 Votes
+ -
Look at your rantings
fr0thy2. 20th Mar 2007
Look at your rantings and you call George a zealot. I think it is sooooooo funny that the apple nuts get themselves all lathered up when it comes to "comments" on apples and such. Apple albeit smaller is the same as any corporation. You pot heads from the 70's are all gone. They are multimillionaires trying to protect that garage look and feel. As long as you do you will never be taken seriously - (10% or less of the market). You can cry moan and get is defensive. But you have flaws, bugs, open doors. And if you ever get to the point you are as big as MS (doubt it but weirder things have happened) then you are going to be hit so hard your little hippie heads will just spin. Can't wait for that to happen, it is going to be soooo funny. George you keep up the good work, and keep the "hippie freaks" hopping. Someone has to keep an eye on them and bring them back to reality, and not the rose colored glasses that the Apple Corp keeps handing out. Good WORK!
0 Votes
+ -
You need to...
Rick_K 20th Mar 2007
Take your meds. Jihad George has often misrepresented facts to fit his agenda.
This is why he writes a blog instead of reporting news. I for one never said OS X was
perfect, just it's better than windows. Jihad George is the one that made
spectacular claims and never backed them up. Jihad George is the one
orchestrating a smear campaign on Apple. The NBM Zealots are eating it up, the rest
of us are skeptical of any claims made by Zealots, such as Jihad George. Why
would you personally defend someone that has not shown any logical reasoning? His
bias is well documented on ZDNet, try reading all his rants about how Evil Apple is
and how benevolent Microsoft is.
0 Votes
+ -
Skepticism?
flatliner 21st Mar 2007
Getting so fired up over a supposed non-issue? Who's giving who the facial now?
0 Votes
+ -
I just wanted you to know that this Microsoft tactic is not working.
nomorems 20th Mar 2007
Better to improve ones own rep than try to bag on someone else.

Microsoft will never regain what it has lost.
0 Votes
+ -
Message has been deleted.
SquishyParts Updated - 21st Mar 2007
0 Votes
+ -
wow, pot calling the kettle black.
xuniL_z 20th Mar 2007
Ricky, calm down. You are showing how serious of an Apple zealot you are even after given proof.

Hell, the apology from Frank Hayes is proof enough.
0 Votes
+ -
You looking in the mirror again?
Rick_K 20th Mar 2007
You NBM Zealots are really funny. You better get that Zero day attack under control.
Maybe install some more Microsoft spyware on you system and don't forget to run as
administrator.
0 Votes
+ -
Oh, that's how it is then.
xuniL_z 20th Mar 2007
I'm an NBMer. Sure Ricky. I've used more systems than you will in a lifetime. I've never gone after a writer's throat for something this petty, I'll tell you that. I accept Windows flaws. I've never written long attack pieces like yours and call a writer a "two bit hack" because they wrote a blog about windows vulnerability. That is just crazy, and not because "windowz has so many I'm used to it" Rick. I don't see any windows users going there.

You take a rant like yours, say by me, place it in a Windows article or Linux article and i'd have people piling on calling me a troll. They do now, just for my opinion.

Yet, the cult of Mac will let people get away with drunken rages like nomorebrains w/o one word from anyone telling him he's out of line, cause it's never out of line to bash MS not matter the language or the insinuations made. Or even this one by you. Not a single person, windows or otherwise is here calling you a troll or laughing at how you don't have a clue etc.

Except me telling you it was a bit much considering Frank Hayes admitted to all of it. Do you not believe Frank Hayes? Just because Apple is saying it was from an "internal audit" you can't piece that together? Or you don't want to.

Either way, you really are making too much out of the fact that OS X is as insecure as any other OS. Maybe slightly less because it's built around it's own hardware and that's the ONLY reason. Any other company, MS included, that built on top of one machine would have similar results and advantages in those areas. I think you give up a lot to let your boy steve pick out your hardware for you. CNet has many machines rated highter than a Mac in it's price range. Why would someone buy a machine that is avg. hardware to get an OS that requires you to install Windows anyway? Sounds like you overpay 3 times to me.
0 Votes
+ -
I love it.
nomorems 20th Mar 2007
I am called a Mac zealot AND a Linux zealot! Guess I really piss people off that I will never support the Microsoft crime organization.

Hmmm....maybe I can be a Sun zealot next week?
0 Votes
+ -
By the way - why do you care if people spend sooo much on Apple? (NT)
nomorems 20th Mar 2007
NT
0 Votes
+ -
To repeat what I said on Tech Rep.
Cayble 20th Mar 2007
Weaselly
I use the term weaselly because that?s what our fellow poster and Apple enthusiast tic swayback said that Apple would be if they had been parsing their words in their statements instead of admitting out right that they had been contacted about the wireless bugs by Maynor and SecureWorks.

Interestingly enough, I myself never really said Apple was being weaselly, and agreed with the line of thought that simply pointed out that Apple had just carefully made their statements "lie proof", I suspected in order that supportive Apple consumers would not press Apple further then the most favorable interpretation possible. And on that count Apple appears to have guessed right. To this day it appears that quite a number of Apple apologists have made a ?choice? to continue to believe Maynor is a fraud even though Apple never said he was, and in fact a careful reading of what Apple did actually say would rather imply he was not a fraud. Amazing how Apple suspected that many of its most avid supporters would not be careful readers.

In some respects I almost feel sorry for Apple in a kind of perverse way because I find it hard to believe even they would actually suspect the level of fervor their most ardent supporters would unleash. I actually think that Apple probably didn?t start this whole mess that they created with the hope of destroying Maynors reputation, I?m betting they were trying to make sure that nobody mistakenly believed the Blackhat demonstration was with original Mac hardware, particularly with Krebs of the Washington Post saying the class of exploits was on all OS?s including OSX. Little did Apple know that the Frankenstein they have created in the form of Apple enthusiasts was so monsterous that it would shred and rip limb from limb any target that Apple so much as implied it had a problem with. And just like Dr. Frankenstein, Apple found it more then a little embarrassing if they were actually going to force themselves to step in after the fact and admit to their monster that it had made a mistake and over reacted by destroying a rather innocent party. Where Apple is a fault is that when they observed the ?crowd going wild? they never came out and made their words clear and admitted that Maynor had contacted them about the exploit, even if they were not satisfied with the level of contact.

In stead, once the feeding frenzy had begun Apple sat back and continued to parse their words, avoiding the truth and allowing their ?followers? to grow more and more rabid with every post. Clearly when the pro Apple crowd was foaming at the mouth and putting outright lies into the mouths of Apple representatives in order to justify their nonsense, Apple should have stepped in and said at least, something like:

? David Maynor did contact us about the vulnerabilities he claims exists in the wireless drivers and hardware in some Apple products, we have been unable to identify the existence of these flaws as of yet and David Maynor has not provided us with sufficient information to come to a rapid resolution to this question. We are working on the matter and hope to be able to verify or dismiss the claim of such vulnerabilities in the very near future. We have asked SecureWorks to clarify on their website that the demonstration at Blackhat was performed on an Apple notebook that was equipped with third party hardware and drivers and was not done on a stock Macbook. We currently have no reason to suspect that demonstration was falsified or fraudulent in any way.?
The reason why they should have said something akin to the above is because not only would it have been the truth, it would have been clear about what Apples real position was in the matter. Instead they let their over enthusiastic apologist followers go mad and fabricate words out of whole cloth and then attribute them to Apple, whichApple themselves never said.

So I guess in some respects at least, tic was right. Apple was a bit of a weasel.
0 Votes
+ -
Question
tic swayback 20th Mar 2007
Is it possible that both things are true--that Apple were total weasels AND that Maynor and Ellch's claims weren't up to snuff?

I have no doubt that Apple was approaching this in a weasel-esque fashion. After all, they had both lawyers and PR people involved, which as far as I can tell, is automatically going to bring in some serious weaseling (that is, if the lawyers and PR folk are any good, and I have no doubt that Apple can afford quality).

So even if Apple was deliberately making "lie-proof" statements, is it possible that their statements were in fact correct, given the lack of evidence pointing in the other direction?
0 Votes
+ -
Both things were true, from what I recall.
Cayble 20th Mar 2007
I don't think anyone was saying that Maynor or SecureWorks were as forthcoming as they should have been in the end, even the best George would say is that Maynor was as forthcoming as he could be under the legal circumstances he was in, nobody said that Maynor and SecureWorks performed flawlessly. Even now that Maynor himself is free to talk he is admitting the problem he got stuck with was in part due to certain errors on his part.

As far as Apples complicity in this whole mess goes, there were a couple of articles George posted that showed very well how it could be that Apple was telling the truth, although not nearly all the truth, and yet Maynor could have told the truth as well. Of course that shot John Grubers crappy illogical argument apart so there were many who didn't want to hear anything that implied that Maynors exploits could still exist if Apple hadn't lied. Theory being that Apple would never lie and the only way Maynors exploits could exist was if Apple was lying so that meant Maynor had to be lying. A lot of Apple enthusiasts loved that line of logic, and didn't want to hear that Apple didn't have to be lying if the exploits existed.

As far as I can see, Apples statements were correct, and it had nothing to do with lack of proof at all. Apple had lots of proof about many things they were slow to admit, but eventually did. That knowledge they had that they didn't let the public in on for weeks allowed them to carefully craft their statements so that if more of the truth did come out they wouldn't be caught in a lie. Like you said tic, the lawyers probably helped them work their way into those carefully worded statements.

Could Maynor actually have said more about things publicly without suffering legal consequences at the time? Who knows, unless you know exactly what legal binding he was under, but make no mistake there is without any doubt that such legal situations exist all the time that would have made Maynor opening his mouth any more then he did very legally hazardous for him. It is very very possible.

Given what Maynor has now said, its also impossible to concoct a rational reason why he didn't say back then what he is saying now unless there was something bad that would happen to him back then if he did speak up. There is certainly no advantage from what I can see, beyond the possibility of avoiding legal complications for waiting until now to say what he has said. I certainly didn't help his reputation any waiting it out, and given the beating he took in the blogs over this what ever held him back had to be something very compelling. Like legal issues.

The real clue for anyone with a brain should have been SecureWorks response, or lack there of, in this whole deal. It was a dead giveaway. If no such vulnerability existed it would have been the most negligent thing in the world for SecureWorks to remain silent about the fact that such a vulnerability didn't exist. Not to mention, if SecureWorks had been knowingly allowing bogus stories about possible vulnerabilities in Apple hardware/software fly around the internet, being attributed to their employee, they would have made a very powerful enemy out of Apple, and Apple would have pressed SecureWorks hard to admit the truth if the vulnerabilities didn't exist, with legal threats I'm sure. Yet SecureWorks said not a thing. Should of been pretty solid proof to anyone that Apple wasn't putting that kind of pressure on SecureWorks. And then they ended up "working together" as the story goes. That should have been the icing on the cake, but some people who just didn't want to believe still didn't.

Well more fool them.
0 Votes
+ -
Still just speculation
tic swayback 21st Mar 2007
I hope you're willing to recognize that you're still just speculating. We still have no proof that the exploit actually existed then or even exists now.

---Theory being that Apple would never lie---

No, the theory was that Apple had no plausible reason to lie. No one ever came up with a motivation for this. Apple had already acknowledged many OSX flaws as serious as this one. Why the sudden 180 degree change in behavior in this singular case?

---Apple had lots of proof about many things they were slow to admit, but eventually did.---

Can you explain further? What proof did Apple have and what did they admit?
0 Votes
+ -
You have got to be kidding. Dont play so dumb.
Cayble 26th Mar 2007
This was a big story in the regular newpaper, Washington Post at that. It was about to start picking up steam on the internet and Apple stuck their big bad foot right in the Doo-Doo by insisting that SecureWorks make it clear the exploit on the Mac was not stock hardware as Krebs had reported in the post it could be done on stock hardware. Apple then avoided admitting early on that they had been contacted by Maynor about a stock exploit because that had some implications that Maynor was telling them a stock exploit existed, and that would make their efforts to quiet up the whole Blackhat demo confusion moot if they had to admit Maynor was giving them some information on a similar exploit on stock hardware. After all, the real important thing always was, noy if the Blackhat demo was on third party hardware and drivers, but if a similar flaw was available in stock Apple hardware and drives anyway.

Apple quickly found that when they had tried to cleverly avoid any implications that such an exploit could be done on stock hardware it slowly backfiered when tough questions began to show that they were being less then forthcoming about their actual knowlege of a possible stock vulnerability actually being a real possability.

It was only because they decided to be less then transparent about what they had been told about a potential stock Macbook exploit that the very same avoidence of simply admitting that Maynor had TOLD them such a stock vulnerability existed, even if he wasnt forthcomeing enough himself. They ran circles around the Apple consumer by telling them that Maynor hadnt told them enough to identify any particular flaw, but in the very same breath made it sound like Maynor wasnt telling them about any flaw in particular!! It was crazy!! It was like Apple was saying:

"Maynor is telling us there is some problem with Apple laptops, no problem in particular, we dont know why he keeps telling us these wierd things, but we keep asking him for packet captures anyway because we like listening to nonsense. We keep noticing hes telling us about old problems we know about. We are not going to say what exactly he is claiming what the problem is, hopefully you will simply think he is just mindlessly contacting us about usless nothing for no reason. Mind you we will say again we do keep asking for packet captures hes not providing to us because although to someone who can think straight its clear we are interested in his reseach, (although we are not going to admit he has told us what its about)to most people who are loyal to us they will simply assume we are being dilligent and Maynor is a Mad Man. We fully realize that to anyone without a vested interest in Apple products appearing to be flaw free none of this will float, but to anyone who is ready to turn a blind eye to simple logic they will find a way to trust us anyway. Unless Maynor decides to go public...which we may be able to have delayed for a bit anyway..."
0 Votes
+ -
Excellent post!
NonZealot 20th Mar 2007
Little did Apple know that the Frankenstein they have created in the form of Apple enthusiasts was so monsterous that it would shred and rip limb from limb any target that Apple so much as implied it had a problem with.

I love it and I agree 100%. The story here is not Maynor et al, it is not Apple, it is not George, the story here is the reaction of the Mac zealots. They are so willing and eager to defend Apple on every little issue that in this case, they actually brought far more attention to the matter than I'm sure Apple really wanted.
0 Votes
+ -
Message has been deleted.
SquishyParts Updated - 21st Mar 2007
0 Votes
+ -
Your kidding right?
Cayble 20th Mar 2007
That had to be one of those silly reverse psychology joke posts like Mike Cox posts. Curse symbols? Nut bag? tinfoil hat? Then call me a child? Well if you were actually serious you would also have to be about 12 years old yourself not to see that you just displayed the very behavior you accused me of. Clearly you would have no actual knowledge about this story and would have proved you are just one more pointless apologist with out a real clue about the facts.

Instead I'll just rely on the possibility that you just made a rather poor attempt at one of those silly reverse psychology joke posts. A vry poor attempt.
0 Votes
+ -
ummm....correct me if I'm wrong...
mdsmedia 20th Mar 2007
...but I believe the response was to George's post.

Other than that, everything else you said has to be true. And thanks for saying it on George's behalf.
0 Votes
+ -
Proof request...
stevenrluce@... 21st Mar 2007
George, I'm a graphic designer and filmamker, and Mac-user since since long
before OSX. And, frankly, I can't even once recall Apple ever claiming that there
were no security holes in OSX. Although, I have heard them claim to be the most
secure system on the market, but nothing more. Perhaps your seceret stash of
emails reveals more than I am aware, but this "scandal" seems to me to be little
more than a company defending its flagship product against a misleading claim.
And, yes, I am aware that David Maynor never claimed that the vulnerability
existed without the use of third-party wireless hardware. And while I understand
your consternation, keep in mind that the average consumer only hears the words,
"Mac wireless is vulnerable". After that, its all just "blah blah blah". A company like
Apple, that is still fighting an uphill battle with M$ for market share, can't afford
to sit back and let those types of unintentionally misleading stories circulate
unchecked. So, unless you can document Apple's claim to invulnerability, then I
think maybe you need to take some classes in brand management. Because this
isn't really much of a scandal.
0 Votes
+ -
Be at peace with yourself
D T Schmitz 20th Mar 2007
Today is a new day, a new beginning.
Peace.

Let's all find something new and interesting to share.
0 Votes
+ -
Uppers? (NT)
Scrat 20th Mar 2007
(NT)
0 Votes
+ -
Don't know what you mean.
D T Schmitz 20th Mar 2007
nt
0 Votes
+ -
Dietrich he's referring to drugs
Intellihence 20th Mar 2007
What a loser if he uses drugs .
0 Votes
+ -
Indeed, what a loser *IF* I used drugs...
Scrat 20th Mar 2007
...which I don't, which therefore makes me a winner!.

Oh, and uppers was referring to dietrich's unnaturally "pleasant" post.

BTW If you put NT at the end of your post title, it normally means there isn't any text in the body of the post.

So,
You're wrong on all counts, and managed to make yourself look pretty dumb in the process.

Mac user much?
0 Votes
+ -
There There Scrat
D T Schmitz 20th Mar 2007
Have a cookie and some milk--you'll feel better. wink
0 Votes
+ -
Nice!!!
ShadeTree 20th Mar 2007
Now that George has shared what really transpired your answer is to ignore it and move along. My how your attitude has changed since the shoe is on the other foot. It always amazes me how far the "Cult of the Mac" will go to defend Apple and ignore the facts.
0 Votes
+ -
Stick to the facts
GW Mahoney 20th Mar 2007
I'm tired of these claims that reading the facts to be in favor of Apple, who was the original victim of an unsubstatiated hijack claim - still unsubstantiated seven months afterward, by the way - is repeated defended by shouts of cultist and fanboy.

Firstly, that's not a defense, and secondly you offer no proof. Being against Maynor or George is all it takes.

How are you any better than a fanboy?
0 Votes
+ -
Still unsubstantiated???
Cayble 20th Mar 2007
Wow. Unreal. You just proved a point that you are apparently trying to refute. Its clear your not interested in proof. In fact the more proof the more you disclaim. Its pointless. Just in case you still haven't noticed, Apple still hasn't denied the vulnerabilities that Maynor claimed never existed. SO either they existed, or Apple just likes to keep the world guessing for the fun of it, thats how they get their kicks I guess your saying. Face it the vulnerabilities were real.
0 Votes
+ -
Apart from the fact they patched the vulnerabilities....
mdsmedia 20th Mar 2007
....they claimed never existed.

Apart from the fact one of the Apple party later apologized.

Apart from the fact that a "smoking gun" will probably never be found, is that the only "fact" that will satisfy the "Cult of the Mac"?

I love that term, whoever coined it, I hope it sticks happy

Unsubstantiated?? Indeed!!
0 Votes
+ -
Prove it doesn't exist? Are you daft?
GW Mahoney 22nd Mar 2007
Obviously the one making the claim has to prove it exists. Besides it's impossible to refute someone who says they have a super-secret way of breaching your security. That's what Maynor and Ellch have been playing on the whole time. This BS can go on forever... or until people get tired not being given any proof.

Lucky for them there are fools like you two who require no proof to bash Apple.
0 Votes
+ -
How about Apple just comes out and says it never existed
Cayble 26th Mar 2007
After all, Maynor is publicly still saying the vulnerability did exist, and Apple is still saying nothing. Months ago the apologists were making the sorry excuses for Apple that they couldn't come out and say absolutely such vulnerabilities do not exist until enough research could be done to verify that. Well, little ol' Maynor is still out there saying it did and Apple to this day is not saying it didn't. And your sorry claim of "the one making the claim has to prove it exists" is ridiculous if you simple choose to ignore the proof offered. This is a particularly interesting case where we are dealing with a computer hardware/software issue where Apple has all the expertise required to prove, and then make the claim the vulnerability did not exist by now. Get a clue. They are not saying a word. They are just being quiet and hoping it goes away. In any other situation, what do you seriously think that would mean when they could come out by now and say one way or the other? Maybe they get a cheap thrill out of letting Apple users fighting blindly for them instead of sticking up for themselves? Is that it?
0 Votes
+ -
You keep repeating yourself there Shade...we know, we know
Laff 20th Mar 2007
you are amazed and bewildered.. OK got it:P

Now what? Let's say I'm OK with the case that George Ou has presented no holes
and the evidence is unarguable. Let's grant you this for this example. Now what?
Do I stop likeing Apple products because Apple is capable of playing hardball? If
that is the standard they you my friend must stop using MS products because in
it's history it has been proven time and again that MS plays some nasty hardball.
Real nasty. Now don't go off on a rant about me bringing in MS I'm just trying to
establish what ais it I'm suppose to do based on yoru standards? If your claim is
that I should stop being an Apple fan because Apple was caught (A claim made by
George Ou of all people) playing hardball then does that mean that that is a well
established result of said and that others should follow?

Not even sure what this is all about? OSX is NOT perfect...oh my!?! You can crash
a computer if you put your mind to it and dedicate yourself to said...amazing!!!
The things I learn on these sights. That if you make a claim then go silent in the
face of questions that speculation might very well occur? Havent paid much
attention to elections have you? That Apple might be cabably of playing good ole
fashion hardball....shocking!!!

Pagan jim
0 Votes
+ -
An admission that Apple suppressed the facts ...
ShadeTree 20th Mar 2007
... about what occurred and that Maynor, George and the rest were wrongly accused of lying would be sufficient. An appology from those that called them liars would be nice.
0 Votes
+ -
Facts?!
GW Mahoney 20th Mar 2007
We've been begging for facts since the beginning. The most important "fact" is either still being withheld my Maynor, or doesn't exist.

Krebs: OMG, a MacBook can be hijacked!!

Security Community: Really? I'm willing to verify your claims, can you show me how, in private if you like.

Apple: No it can't.

Maynor: We never demoed that.

Public: But you have a hack, right?

Maynor: We can't say.
.
.
.
Months pass...
.
.
.
Public: Ok, Apple has patched, and you no longer work for SecureWorks, and you must be dying to vindicate yourselves, can you show us the hack now?

Maynor: No, I feel I've been vindicated.

Public: F-U!

Shade Tree: Fanboys!
0 Votes
+ -
RE: How Apple orchestrated web attack on researchers
a1931582 22nd Nov 2009
lolitas bbs, illegal porn, underage girls, preteen sex, child pornography!
naked preteen, preteen nudists, naked children, nymphets, ranchi bbs!
lolita portal, nude kids, ls magazine, preteens, lolita sex!
lolita bbs, young nymphets, lolitas, nude preteens, preteen girl!
pre teen model, lolita girls, preteen *******, preteen nude models, lolita nude!
lolita art, child porn, preteen model, preteen pics, nude children!
kid sex, underage nudity, nymphet, little lolitas, russian preteen!
kid porn, nudist kids, underage models, kids nude, loli bbs!
russian lolita, kids naked, underage sex, teen bbs, bbs!
lolita pics, young lolita, little lolita, lolita, naturist preteen!
sun bbs, pre teen sex, naked kids, underage lolitas, preteen naked!
illegal cp, underage nude, cp, lolita preteen, nude lolitas!
preteen bikini, loli, underage nudist, preteen girls, illegal porn!
naked preteens, preteen boy, illegal sex, lolita mpegs, lolita models!
young preteens, pthc, preteen nudes, preteen incest, lolita porn!

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix