John Gruber flames out during cross examination

John Gruber flames out during cross examination

Summary: John Gruber at the Daring Fireball has done this super long analysis of the current Mac driver-gate fiasco. Gruber goes on record to state that "Brian Krebs has 'dugg' himself a mighty deep hole" and that I George Ou is "going down with the ship". At first glance when you read it without carefully examining the facts, Gruber sounds somewhat plausible. But one of my readers David Burke who is a very smart legal professional took it upon himself to cross examine Mr. Gruber's analysis and it appears that Gruber wouldn't even pass a collegiate course in "logic and critical thinking". Mr. Burke was kind enough to let me reprint it here and I thank him for it.

SHARE:
TOPICS: Apple
196

John Gruber at the Daring Fireball has done this super long analysis of the current Mac driver-gate fiasco.  Gruber goes on record to state that "Brian Krebs has 'dugg' himself a mighty deep hole" and that I George Ou is "going down with the ship".  At first glance when you read it without carefully examining the facts, Gruber sounds somewhat plausible.  But one of my readers David Burke who is a very smart legal professional took it upon himself to cross examine Mr. Gruber's analysis and it appears that Gruber wouldn't even pass a collegiate course in "logic and critical thinking".  Mr. Burke was kind enough to let me reprint it here and I thank him for it.

Here is David Burke's cross examination of John Gruber:

In response to John Gruber's analysis

It’s an interesting article, but there is an error students of logic and critical reasoning will discover when they read through it, and it is a very critical error in the bloggers main concern.  His main concern appears to be from the following quote;

We do have enough facts, however, to know with certainty that some of our protagonists will not emerge with their reputations intact. Someone, clearly, is either lying or incompetent (or both).

For example, from Apple’s statement on Friday, we know that if Maynor and Ellch have identified an exploit against a stock MacBook, that they have not yet contacted Apple (or Atheros) with details about the vulnerability — which is both enormously irresponsible for ostensibly professional security researchers, and which contradicts statements they previously made to Brian Krebs that they had been in contact with Apple regarding their discoveries. Or, if they have contacted Apple, the statement issued by Apple’s Lynn Fox is flat-out false and Apple has committed an enormous, almost incomprehensibly foolish mistake, because such a mendacious lie will prove far worse for Apple than divulging a Wi-Fi exploit that, if it actually exists, is surely going to come to light soon anyway. I.e. why would Apple lie about this if Maynor could call them on it?

On the other hand, if Maynor and Ellch have not identified an exploit that works against Apple’s standard MacBook card and driver, then the only possible explanation for what Brian Krebs has reported — that Maynor told him that the default MacBook drivers are “identically exploitable” to those used in their video — is that either (a) Maynor and Ellch are liars and frauds; (b) Brian Krebs is an incompetent hack who grossly and utterly misquoted and misstated what Maynor had told him; or (c) Krebs was in over his head and did not understand the issues he was reporting on.”

By the bloggers own evidence this is incorrect unless he has left out some critical evidence he knows of to support his concern which appears unlikely.  Sorry for the following extended quotes, but this is the evidence he uses to support his concern, search the link if you would like to double check;

"Fox’s statement on behalf of Apple is unequivocal: Maynor and Ellch’s exploit involves neither the MacBook’s standard Wi-Fi hardware card or software driver. That, of course, does not mean that Apple’s standard driver isn’t somehow similarly vulnerable, but if it is, Maynor and Ellch have not demonstrated such a vulnerability to Apple, according to Fox.

Further, Bill McFarland, the chief technical office of Atheros Communications, the company that produces the built-in AirPort chipsets Apple includes in every MacBook, sent the following message to Brian Krebs via email:

'Atheros has not been contacted by SecureWorks and Atheros has not received any code or other proof demonstrating a security vulnerability in our chips or wireless drivers used in any laptop computers. We believe SecureWorks’ modified statement and the flaws revealed in its presentation and methodology demonstrates only a security vulnerability in the wireless USB adapter they used in the demo, not in the laptop’s internal Wi-Fi card.'

But back on August 3, in a follow-up to his original 'Hijacking a MacBook in 60 Seconds or Less', Krebs wrote:

'During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in MacBook drivers. But he also admitted that the same flaws were resident in the default MacBook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default MacBook drivers are indeed exploitable.'"

The statement made by Gruber relating to Fox on behalf of Apple simply indicates that the actual test performed to show the exploit only demonstrates it can be done with the third party drivers and hardware, it does not say that there has never been a claim made to Apple that such an exploit could be shown to them, or was offered to be shown to them, or was told to them that such an exploit does exist on a stock Apple system, or that Apple had never been made aware of such an exploit on a stock Apple system or Apple never requested such a stock system exploit not be demonstrated at Black hat.  Fox’s statement simply says; Maynor and Ellch have not demonstrated such a vulnerability to Apple. 

While Atheros appears not to have been contacted by Secureworks nobody has claimed that Secureworks has contacted Atheros, but in fact it is wholly possible that Apple has in fact been contacted by Secureworks as there is no denial by Fox or any other evidence supplied that Apple has not been told such an exploit exists and in fact Gruber does go so far to admit in his analysis of Foxe’s statement; “That, of course, does not mean that Apple’s standard driver isn’t somehow similarly vulnerable”  Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.

At no point in Lynn Fox’s statement does she ever claim that Secureworks has never ‘told’ Apple such an exploit could be performed on a stock Apple so Lynn Fox has certainly not lied about what this blogger claimed she might have.  Further there is absolutely no evidence shown by this blogger that Secureworks did not tell Apple such an exploit could be demonstrated on a stock Apple system or any denial that Apple asked them not to use a stock Apple system in their demonstration.

So his main concern is garbage.  See why you need trained people to examine the evidence? Sometimes what looks obvious is not.
End of cross examination

 

I responded to David Burke with the following in email:
John Gruber -
"For example, from Apple’s statement on Friday, we know that if Maynor and Ellch have identified an exploit against a stock MacBook, that they have not yet contacted Apple (or Atheros) with details about the vulnerability — which is both enormously irresponsible for ostensibly professional security researchers"

George Ou - I'm no lawyer, but this is a grossly incompetent assumption.  Fox never stated SecureWorks never contacted them, they only said that no code was shared.  You're not entitled to a researcher's code which they spent time developing.  Giving them the actual malformed packet that triggers the exploit and a pointer to the location of the flawed code is standard practice.

David Burke responded:
"Exactly George, all those kind of claims stick out like a sore thumb when you start reading through his extensive post to see what he is presenting for evidence of such claims.  At no point does he supply any evidence or quotes that indicate that Apple says they were not notified that such an exploit exists and the whole demonstration was a surprise to Apple.  In fact, the stories of Apple putting some pressures on them not to go with a stock Apple system may lend a possible indication to the way this unfolded.  Apple was told about the exploit and what was going to go down in the demonstration, Apple was surprised and at some point at least asked that it not be turned into a big "Apple Haters" demonstration and there was some level of compliance with Apples wish's and a third party card and driver was used, but the testers let it out to the reporter that there was more to the story and that the stock Apple could be hacked just the same.  I have no idea what actually happened, but I also know that what Gruber used as an explanation for his theory is groundless."

Again, thanks for your superb logic David.  While I know for a fact that Gruber is wrong and doesn't know what he is talking about since I'm sitting on sensitive information at this point, I'm amazed that you can take Gruber's own analysis and take it apart and get eerily close to what the truth is.

  • How did Atheros get pulled in to Mac wireless-gate?
  • John Gruber flames out during cross examination
  • Vicious orchestrated assault on MacBook wireless researchers
  • Topic: Apple

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Talkback

    196 comments
    Log in or register to join the discussion
    • Interesting reaction

      For someone who has repeatedly said that in a few days all these
      people are going to be eating crow when the facts that only you
      know about right now finally come out, you sure are defensive.
      frgough
      • During the initial article ...

        ... poster's continuously threw up Gruber's post as evidence. It is only natural therefore that George refutes that article in this blog. Further more you are using the same logic errors that Gruber did. The fact that George published this blog has no bearing on whether or not he has information.
        ShadeTree
        • logic

          Sure it does. The tone and content are not logically consistent
          with someone who has inside information vindicating his
          opinion.

          There is no need to refute the rhetoric of his critic. All he simply
          has to do is state that the critic's argument are irrelevant
          because they are factually incorrect.

          Ou doesn't do this. Instead he engages in a critique of the
          methodology and argument of the critic.

          In logic, Ou's fallacy is called Red Herring or misdirection.

          Like most logical fallacies, it indicates the person engaging in it
          has no valid argument to make.
          frgough
          • Not at all.

            Your are using false logic again. George implied he has information he cannot share. No where did he imply that he would ever be able to reveal it only that it would be revealed. In that circumstance it is quite logical to discredit the people attacking you. It is in fact basic human nature just as it was natural for you to reply to my post. No conclusion can be drawn from this.
            ShadeTree
            • false logic

              Just repeating the phrase false logic doesn't make it so. You
              contradict your own point, anyway.

              It doesn't matter if Ou is the one who reveals it or someone else.
              The point being, if the facts are there and they will be revealed,
              engaging in pendantic parsing of language (not the argument,
              but the language of the argument) is a Red Herring.

              BTW, attempting to discredit your critic is known as a Shoot the
              Messenger fallacy. Again, employing it is a sign that you have no
              substantive argument to make.
              frgough
            • Um, actually...

              He didn't 'imply' anything. George STATED he had information that he had to 'sit on for a few days'. Common sense would dictate after those few days, he would be free to disclose, no?

              If he mis-spoke as to his ability to scoop the story, so be it. Yet, he repeatedly paraded this forthcoming revelation, so he is the natural target when the Earth 'fails to shake'.

              Sounds like more desperate back-pedaling and revisionism to me.
              tangent001
        • George refutes?

          Did george refute the article or did someone else fight his little
          battle for him....we have a word for this where I come from, it ends
          in cat.
          SquishyParts
      • Defensiveness

        Is it any wonder that George is being defensive? People have been riding him pretty hard. I think a lot of people forget that there is a person at the other end of the blog, not just words on the screen. I say good for you George, defend yourself.
        Rbust0
        • He should be defensive

          He made claims, claimed he had evidence for them, but refuses to release any of the evidence (I believe there are some NDA's involved). Should we just automatically accept everything George says with no proof whatsoever? Given his track record of being wrong, I think a little cynicism here is a good thing.
          tic swayback
          • There's a difference...

            ...between 'a little cynicism' and flat-out calling George a liar, which many posters have done. People don't seem to realize that lack of evidence doesn't prove the opposite, it just means that all evidence isn't 'evident' yet. That's why a negative can never be proven.

            Be cynical, by all means, but withhold judgement until all facts are revealed.

            Carl Rapson
            rapson
            • The appropriate response

              And I think the appropriate response is not to believe a word about this flaw until there's evidence that it exists. I think it's prudent to take measures just in case it is real (Apple users can change their Airport system preferences to only join trusted networks, for example).

              But I think we should all live by "I'll believe it when I see it", rather than "I'll see it when I believe it."
              tic swayback
            • Believing

              "Blessed are they who have not seen, but yet believe." John 20:29

              Sorry, couldn't help myself.
              Rbust0
            • so...

              why be defensive if all info is not revealed??


              Be cynical, by all means, but withhold judgement until all facts are revealed.

              same goes for Ou, why make a stink??
              richvball44
          • RE: He should be defensive

            Don't misinterpret me, now. I'm not saying we should just accept everything at face value. I was merely commenting on the fact that frough was surprised that George was being defensive. Any person under as much fire as George is right now will do things (such as post this particular blog) to make themselves look better and/or relieve the pressure even if it doesn't acutally shed any new light on the particular subject.
            Rbust0
          • What you believe or disbelieve is not ...

            ... the point. You can disagree without attacking a person's character. Much of what was posted was a personal attack on George. Just what exactly is George's track record? Can you name instances where he was wrong?
            ShadeTree
            • Gruber personally attacked George?

              I didn't see the Daring Fireball column as much of a personal attack.

              ---Just what exactly is George's track record? Can you name instances where he was wrong?---

              He has repeatedly shown an inability to understand the scientific method. He's written blog after blog comparing the price of computers and the security records of computers where he starts with a pre-conceived conclusion and then cherry picks his data to fit that conclusion. He sets up situations where only the data that supports him is allowed to be included in the discussion. That's where I have issues with his credibility.
              tic swayback
            • case in point...

              You're doing in that post exactly what you accuse George of, but much more flagrantly.
              JetJaguar
            • Huh?

              I've repeatedly said there isn't enough data to draw any conclusion as far as this alleged vulnerability goes. Please tell me how that qualifies as biasing results or overinterpreting data.
              tic swayback
            • Tic, he was reffering to your last point...

              You started with the conclusion that George was unreliable and then you cherry picked your words to support that conclusion with providing a single verifiable point.
              ShadeTree
            • Cherry picked my words?

              Huh? What do you mean by that? Should I instead have randomly included every single word in the English language? Would you like me to post URL's for George's previous blog entries where he makes bad comparisons on price or on security? I can dig them out if you'd really like.

              Here's one where he decides Dell has cheaper laptop prices than Apple. And tries to prove it by comparing laptops that are not equipped equivalently:
              http://blogs.zdnet.com/Ou/?p=155

              Here's one where he tries to prove that OSX is more dangerous to use than Windows by randomly defining criteria and misinterpreting statistics:
              http://blogs.zdnet.com/Ou/?p=165

              And here's one where he found something on the internet and just assumed it was true without doing any further research:
              http://blogs.zdnet.com/Ou/?p=270
              tic swayback