假设的MacBook Wi-Fi Hack的奇怪案例

所以请记住几周前布赖恩克雷布斯发布一份题为“在60秒或更短的时间内劫持MacBook” on his Washington Post computer security weblog? He reported on a supposed Wi-Fi security exploit demonstrated at the Black Hat security conference, wherein “security researchers” Jon Ellch and David Maynor hacked into a MacBook via Wi-Fi.

克雷布斯的劣质报道留下了几个未解决的基本问题,这是我8月3日提出的即:

  • Maynor and Ellch’s demonstration video showed the MacBook — the target of their “attack” — using a USB-dongle Wi-Fi card. Given that every MacBook comes with a built-in AirPort Wi-Fi card, the central question of this entire saga is whether that built-in AirPort card is similarly vulnerable.

  • Krebs reported that they used a third-party card and driver in their demonstration because “Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers”Who at Apple “leaned on” them? And what does “leaned on” them actually mean?

在继续之前,值得在这里澄清一些术语:,司机,和第三方

一个is the wireless networking hardware; e.g机场卡内置每个苹果笔记本,或外部USB软件狗像插入还有MacBook在他的演示。

一个司机是允许操作系统与硬件通信的软件现代操作系统--Mac OS X,Windows和Linux发行版 - 都附带了适用于各种硬件的标准驱动程序对于任何硬件,操作系统不已经有一个司机,但是,您需要安装一个驱动程序之前,硬件工作例如,Mac OS X附带一个USB鼠标驱动程序,“只适用于”您插入的任何标准USB鼠标,但Apple在发布Mighty Mouse时更新了此驱动程序以添加对其特定功能的支持机场“作品”,因为Mac OS X附带驱动各个机场的卡片,苹果发货当Mac用户连接到Wi-Fi网络时,他们通常使用内置的AirPort卡和内置的AirPort驱动程序,其中“通常”我的意思是“几乎总是”。

第三方是指计算机制造商或操作系统供应商未生成或正式支持的组件(硬件或软件)对于MacBook,第三方卡可以是任何Wi-Fi卡,而不是Apple预装在机器内的任何一张Wi-Fi卡。第三方驱动程序可以是用于控制Wi-Fi卡的任何软件,而不是作为Mac OS X的一部分安装的驱动程序你可能会认为这是一个愚蠢的澄清,但克雷布斯自己制造混乱和他使用术语,理由是一些代码的司机,苹果附带Mac OS X是程序员写的公司使用的无线芯片组苹果AirPort-brand卡片不要困惑:如果支持的驱动程序是由苹果和苹果,它不是“第三方软件”。

这里的中心点是,对于MacBook用户而言,这个特殊的漏洞对任何问题都有任何顾虑,它必须使用Mac OS X的内置驱动程序来对抗MacBook的内置卡。使用第三方卡 - 正如Maynor在他们的视频演示中清楚且公认的那样 - 使得使用内置卡的任何Mac用户都没有问题但也是一样司机- 如果Maynor和Ellch可以证明攻击可以对抗MacBook的内置卡,但需要第三方软件驱动程序,那同样没有实际意义。

我们所知道的

SecureWorks(口号:“信息安全专家”)是Maynor被聘为研究员的安全组织截至周四,他们的致力于此漏洞的网页包含以下免责声明(重点补充):

This video presentation at Black Hat demonstrates vulnerabilities found in wireless device driversAlthough an Apple MacBook was used as the demo platform,it was exploited through a third-party wireless device driver— not the original wireless device driver that ships with the MacBookAs part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available.

What’s notable about this disclosure is that it is about the司机我们已经知道,仅仅通过观看演示视频,它也是基于第三方这意味着(a)他们发现的漏洞利用了MacBook的内置卡也不Mac OS X’s built-in driver; (b) the exploit they discovered works against both the third-party driver demonstrated in the video针对Apple的标准驱动程序,他们莫名其妙地决定发布此免责声明,以明确描述正在演示的内容在视频中; or (c) that the “experts” at SecureWorks do not understand the difference between a driver and a card我的钱在(a)。

这是值得注意的原因是,如果(a)是正确的(他们发现的漏洞并不适用于标准机场司机从苹果软件)它完全与布莱恩·克雷布斯的原始和广为人知的故事。克雷布斯写道(重点补充):

The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s [SIC] wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system.While those device driver flaws are particular to the MacBook— and presently not publicly disclosed — Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OSStill, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the “Mac user base aura of smugness on security.”

为响应SecureWorks的承认他们的演示没有利用内置驱动程序,Apple周五发布了关于所谓漏洞的声明苹果公司Mac公关总监林恩福克斯告诉Macworld:

“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it isTo the contrary, the SecureWorks demonstration used a third party USB 802.11 device — not the 802.11 hardware in the Mac — a device which uses a different chip and different software drivers than those on the MacFurther, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.”

福克斯代表Apple的声明是明确的:Maynor和Ellch的利用涉及MacBook的标准Wi-Fi硬件卡或软件驱动程序当然,这并不意味着Apple的标准驱动程序在某种程度上同样容易受到攻击,但如果是这样的话,Maynor和Ellch没有向Apple证明这样的漏洞据福克斯说。

此外,Atheros Communications的首席技术办公室Bill McFarland,该公司生产的Apple内置AirPort芯片组,包括在每台MacBook上,发送通过电子邮件向Brian Krebs发送以下消息:

Atheros has not been contacted by SecureWorks and Atheros has not received any code or other proof demonstrating a security vulnerability in our chips or wireless drivers used in any laptop computersWe believe SecureWorks’ modified statement and the flaws revealed in its presentation and methodology demonstrates only a security vulnerability in the wireless USB adapter they used in the demo, not in the laptop’s internal Wi-Fi card.

同样,这种说法是明确的公司的首席技术官MacBook机场卡,我相信,至少写一些苹果所使用的驱动程序的源代码,说像Ellch还没联系他们,还有更不用说披露任何实际缺陷卡或驱动程序。

但在8月3日,在后续他最初的“劫持MacBook在60秒或更少”,克雷布斯写道:

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yetMaynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook driversBut he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable这就是我所报道的。

I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.

So at the beginning of August, Maynor and Ellch told Krebs that the default MacBook drivers were exploitable, but would not, even on video, demonstrate an exploit against them publicly然而,截至上周四,他们的SecureWorks网站明确指出他们的视频演示确实如此涉及Apple的默认驱动程序,Apple和Atheros都发表了明确的声明,Maynor和Ellch没有向Apple提供任何证据显示Apple驱动程序有缺陷的证据。

中央,尚未回答的问题

整个传奇归结为一个简单的问题:Maynor和Ellch是否使用Apple的内置AirPort卡和驱动程序发现了针对MacBooks的漏洞?

鉴于上一节中列出的所有事实,您可能首先想到这个问题具有回答,答案是“不”,但除非我丢失的东西,这是令人费解的,还是一个悬而未决的问题。

Maynor和Ellch最近在SecureWorks网站上的声明声明他们的视频演示does not involve Apple’s driver; that is not the same thing as declaring that they have not确定一个利用与苹果的司机不显示视频除了Maynor本月早些时候向Krebs发表的声明,苹果公司的司机“同样可以利用”(这是Krebs的话,不是Maynor的直接引用)之外,他们在这一点上一直保持沉默。

我们有足够的事实,然而,确定无疑地知道一些我们的主角不会出现他们的声誉完好无损显然,有人撒谎或无能(或两者兼而有之)。

例如,从Apple周五的声明中,我们知道如果Maynor和Ellch他们发现了一个针对股票MacBook的漏洞利用,他们尚未与Apple(或Atheros)联系,提供有关漏洞的详细信息 - 这对于表面上专业的安全研究人员来说是极不负责任的,并且与他们之前对Brian Krebs所做的声明相矛盾。与他们的发现有联系的Apple或者,如果他们联系苹果公司,苹果公司Lynn Fox发表的声明是错误的,苹果公司犯下了一个巨大的,几乎难以理解的愚蠢错误,因为这样一个虚伪的谎言对于苹果公司而言要远远超过泄露Wi-Fi漏洞,如果它确实存在,无论如何肯定会很快曝光即如果Maynor可以打电话给他们,苹果为什么要撒谎?

另一方面,如果Maynor和Ellch有identified an exploit that works against Apple’s standard MacBook card and driver, then the only possible explanation for what Brian Krebs has reported — that Maynor told him that the default MacBook drivers are “identically exploitable” to those used in their video — is that either (a) Maynor and Ellch are liars and frauds; (b) Brian Krebs is an incompetent hack who grossly and utterly misquoted and misstated what Maynor had told him; or (c) Krebs was in over his head and did not understand the issues he was reporting on.

(A) seems the most likely explanation here; if (b) or (c) were the case — i.eMaynor有told Krebs that the MacBook’s default driver was identically or even similarly vulnerable, surely Maynor would have spoken out to set the record straight and call Krebs out on his error — a simple “Hey, I didn’t say what Brian Krebs has reported that I said” would have sufficed这并没有发生。

I thus see no way out of this where Maynor and Ellch escape with their reputations intact, other than if they have in fact discovered a vulnerability against the stock MacBook card and driver, that they have disclosed their findings privately to Apple, and that the statement issued Friday by Apple’s Lynn Fox is in fact scurrilously false但即使在这种情况下 - 我认为这是Maynor和Ellch的最佳案例 - 如果他们确定苹果公司出货的MacBook易受攻击,为什么他们显然不是这么说吗? I’m not saying they should have publicly described the nature of the vulnerability in any detail, but they certainly should have stated clearly that owners of whatever specific Macintoshes they have identified flaws against should be careful when turning on AirPort in any public or non-trusted environment.

简而言之,像和Ellch发现还有一个对股票MacBook和苹果已经决定利用,不可思议地,下流地污渍和彻头彻尾的谎言,很快就会证明他们的声誉和苹果电脑将带来耻辱,或者,像和Ellch没有发现还有这样一种利用他们,在最好的情况下,总群,或者,在最坏的情况(更有可能的是在我看来),彻底的欺诈行为。

Brian Krebs'Dugg'自己是一个强大的深洞

《华盛顿邮报》的布莱恩·克雷布斯似乎已经把自己逼到一个特别不舒服的角落正是克雷布斯打破了原来的故事,正是克雷布斯给了它为Digg制作的标题“在60秒或更短时间内劫持MacBook”那是克雷布斯写的,在后续行动中:

During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yetMaynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook driversBut he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitableAnd that is what I reported.

I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.

It is becoming more and more clear that the reporting Krebs “stands by” is falseMaynor and Ellch, I believe, have discovered no such exploit against a stock MacBookAnd if I’m right, not only has Krebs blown the story with regard to the security of the MacBook, he has also impugned the integrity of Apple by publishing the claim that the company “leaned on” Maynor and Ellch — an accusation Krebs published without evidence, without details regarding what exactly constituted “leaning on”, and without comment from Apple.

上周,8月15日,星期二克雷布斯发表第三个weblog条目的话题,他开始:

I’ve received an overwhelming amount of hate mail from Mac enthusiasts over two previous posts on a wireless-device-driver presentation at the Black Hat hacker conference, with people accusing me of all kinds of nasty things.

在哪里通过“仇恨邮件”克雷布斯显然意味着“批评”,而在“讨厌的事情”中,他显然意味着“糟糕的报道”This is one of the oldest tricks in the hack tech writer book: Because, yes, some small number of devoted Mac users are in fact kooks, when you begin receiving criticism after publishing some sort of false or inaccurate analysis regarding the Mac or Apple, you just dismiss it all on the grounds that所有Mac用户是非理性的邪教徒,他们根本无法忍受看到他们心爱的公司或操作系统受到批评。

克雷布斯继续说:

I’ve been asked this many times, so let me make this crystal clear: I had the opportunity to see a live version of the demo Maynor gave to a public audience the next dayIn the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook — but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in.

然后他遵循这不可否认大胆的索赔记录的录音采访中他对像,还有,像这个演示执行使用内置的机场还有卡。

克雷布斯没有就这次示威提出几个非常明显的问题For example: Had Maynor diddled at all with the wireless drivers on the MacBook to make this work? Had he diddled with the default network settings? Could Maynor demonstrate this exploit on a MacBook supplied by Krebs?

没有问这些问题表明Krebs无法撰写有关计算机安全问题的文章It’s like watching a magician perform a trick using his own deck of cards, and then not only not asking to see the trick performed with a deck of cards as-yet untouched by the magician, but not even asking whether the cards had been tampered with.

成绩单中最有趣的部分是这种交换(强调我的):

克雷布斯:向我解释你在这里正在利用什么Is it a flaw in the Macbook itself?

Maynor:是的,它是一个设备驱动程序。The thing is, there’s a flaw in the OS, but I don’t want to specifically point to it, so in the video you’ll see I used a third-party USB deviceWhat I’m trying to do is highlight the problems in device drivers themselves, not any one particular flaw[Maynor misspoke here, and I later clarified this point with himThe wireless device driver that powers the internal wireless card on the Macbook contains flaws that — when exploited — give the attacker the ability to create or delete files, or modify system settingsThe flaw is in fact in the Macbook’s wireless device driver, which is made by a third partySo again, to be clear, the flaw is not, as he suggests in the transcript of this interview, in the Mac OS X operating system itself.]

方括号内的部分是克雷布斯之外的一篇社论,他似乎对什么构成“第三方”司机感到非常困惑即使部分或整个MacBook的机场司机写的工程师在公司其他比苹果(像,说,创锐讯,芯片组的生产商),如果是软件驱动内置卡,并且作为一个标准组件安装在Mac OS X,和苹果公司提供支持的驱动程序,那么它不是第三方软件The built-in AirPort drivers are part of Mac OS X.1

奇怪的是,在本抄本的最后,Krebs提供了一个链接由像和Ellch还有PowerPoint文件,包含“幻灯片响应他们从Mac用户那里听到的一些问题”,他们显然是在DefCon上提出的,这是他们第二次出席这次演讲。

文件中只有六张幻灯片,最后一张是:

[Q:] I saw some people quote you as saying the bug is in the built-in in card and other people quote you as saying as its [SIC]不,谁是对的?

答:他们都是The exploit shown in the video was targeting a specific third party driver and that same vulnerability does not affect the built in [SIC]卡We are, however, doing ongoing research on the built-in card as well and have shared our findings with Apple.

So “both” are right, but they haven’t found an exploit against the Apple card and driver — just “ongoing research”? Tell me that doesn’t sound like, “We’re trying to find an exploit that works against the MacBook’s built-in driver and card, but haven’t found one yet.”

克雷布斯在本文附带的评论帖中更进一步后代表苹果Macworld林恩·福克斯发表的声明,一个叫詹姆斯·贝利的读者在评论中叫出来,问克雷布斯之间的差异来证明他所报道,像和Ellch还有苹果的产品中发现了一个漏洞,报道苹果(以及反过来被“靠”保持安静),和苹果的明确声明他们没有看到或听到像和Ellch还有蹲一个利用MacBook。

克雷布斯回应道(克雷布斯的博客不提供每个评论的永久链接,唉):

James — and you think that Macworld articles adds anything to this because why? You should spend a little bit of time looking at what Apple is actually claiming, and what they’re not talking about hereApple’s PR people are basically pointing out exactly what I’ve said for the past two posts on this issue — that Maynor et确实在视频中使用了第三方USB卡。

克雷布斯在这里所做的是指责苹果发言人林恩福克斯精确地说“这取决于'这个词的意思'是什么样的”样式法律术语But Fox’s statement did not end with her reiteration of the fact that their video demonstration involved a third-party card (which is a fact that is not disputed by anyone who has watched the video — Maynor makes it explicitly clear in the demonstration video that he’s using a USB wireless card)福克斯继续补充说:“此外,SecureWorks尚未共享或演示与Black Hat演示的漏洞相关的任何代码,这些漏洞与我们发布的硬件和软件相关。”这是苹果公司声明的一部分与克雷布斯的报道相矛盾。

克雷布斯继续说:

SecureWorks is claiming that despite Apple’s claims to the contrary, that the company is shipping Mac products with vulnerable wireless device driversWhat Apple has not addressed in any kind of detail is whether or not the embedded drivers in the Macbook are vulnerableAll of their response so far is aimed at the demo showed in the video publicly.

不对。Fox声明的第二部分是Maynor和Ellch“没有与Apple共享或演示任何与此假设利用相关的代码”。

As for why Apple has not addressed “whether or not the embedded drivers in the Macbook are vulnerable” — it’s because他们不知道,因为,我将再次重复这一点,最后一次,Apple说Maynor和Ellch没有与他们分享演示或代码如果有一个漏洞,苹果无法确认,因为像,还有Ellch还没有共享如果有漏洞,苹果不能确定是这种情况——对所有苹果都知道,像和Ellch。还有确定了对MacBook的内置驱动程序和卡的攻击,但无论出于何种原因,它还没有提出它由于他们不知道,他们不能说,“我们的产品没有漏洞”他们所知道的就是他们没有说:他们没有看过Maynor和Ellch的代码或演示。

华盛顿邮报的计算机安全专栏作家需要精心准备这种基本的中学阶段逻辑令人震惊。

最后,在他原来的帖子发布16天后的星期五,克雷布斯的“我站在自己的报告”门面开始出现裂缝他发表了关于该主题的第四篇文章,标题为“Macbook的后续行动[SIC]发布”。2

在发布了林恩福克斯的声明之后,克雷布斯写道:

I have several times now asked SecureWorks to share with me more specific information to back up their claims, but so far I have received no further detailsIf I hear back from SecureWorks with any more material information, I will update the blog.

翻译:“我不再支持自己的报道。”

选择翻译:“哦男孩操我。”

克雷布斯补充说这个有趣的一点,我将返回后:

Apple’s Fox said that prior to the Black Hat demo, SecureWorks did contact Apple about a wireless flaw in FreeBSD, the open-source code upon which Apple’s OS X operating system is basedIn January, FreeBSD released a patch to fix the problem, which according to随附的咨询, related to a flaw in the way FreeBSD systems scanned for wireless networks that could be exploited to allow attackers to take complete control over the targeted machine.

[…] Fox also said Apple staff were already aware of the flaw when SecureWorks contacted them about it prior to their Black Hat presentation, and that Apple had already determined that the wireless flaw addressed in the FreeBSD patch was not exploitable on any of the Mac products.

“SecureWorks has not be able to exploit this for us,” Fox said. “No one has been able to show us a way to exploit our internal [wireless] device drivers with that flaw.”

因此克雷布斯虽然迟到了,但最后似乎对Maynor和Ellch先前向他提出的索赔持怀疑态度,声称他未经核实就报道了这一说法。

But so is it just me, or does the headline Krebs chose for this mea culpa — “Follow-up to the Macbook Post” — seem slightly less provocative than the headline he chose for his original post in the series — “Hijacking a Macbook in 60 Seconds or Less”? A more reciprocally sensational (and therefore reciprocally可挖掘) but yet completely accurate headline might have been, say, “Losing My Journalistic Integrity in 60 Seconds or Less”, or “I’m a Gullible Rube and Got So Excited I Nearly Stained My Pants at the Thought of Breaking a Story on a Major Mac Security Exploit”.)

George Ou:和船一起走下去

ZDNet的George Ou加入Krebs排队,以提升他在新闻厕所的可信度和声誉Ou,他参加了Maynor和Ellch首次发表演讲的黑帽会议,他第一次写故事时几乎是正确的在他的博客上:

The truth of the matter is that this was a hack on a MacBook but it pertains to third party hardware and third party drivers.  While this isn’t a flaw on the part of Apple [UPDATE: The same flawalso seems to affect Apple’s drivers], it is an attack on a MacBook and it shouldn’t be entirely dismissed either by the Mac community

然后他补充道“更新”,指出克雷布斯now-seemingly-discredited报道,像,还有Ellch发现了一个缺陷在苹果自己的司机。

你继续说:

这个无线(SIC] hack shouldn’t be pinned on Apple’s products or Apple’s programming, but remember that just this week there were 26 flaws patched by Apple and many of the flaws were critical.  In fact, there were months when Apple patched more than 30 vulnerabilities a month so it’s clear that security vulnerabilities on the Mac are abundant. David Maynor stated that he loves his Mac but it is a fact that the Mac has many security flaws.  The point is that no one should not [SIC] be dismissing security issues on Mac and claiming that they are invincible.

This is a straw-man argument; no one sane or knowledgeable has argued that Mac OS X is “invincible”, or that Mac security issues should be dismissed or ignoredWhat many Mac users pointed out regarding Maynor and Ellch’s demonstration, however, is that if it doesn’t work as an exploit against the MacBook’s built-in card, then Mac users可以驳回这个特殊问题。

我发现了一个暗示:“有一天,你的Mac用户会得到你的,当它发生的时候我会在你的脸上揉搓它”,但是所有人都说,这不是一个特别值得注意的博客条目。

然而,他在周日发表的后续报道是一个很难的,从标题开始:“MacBook无线研究人员的恶意精心策划攻击”欧开始:

There has been a vicious orchestrated assault on researcher David Maynor and the company SecureWorks claiming that the Maynor and SecureWorks falsified their research presented at Black Hat 2006.

Ou的引人注目的使用被动语态(“…”)薄面纱犯罪者的暗示这是苹果电脑公司“恶性策划袭击”例如苹果公司的林恩福克斯在媒体上诋毁了梅诺和埃尔奇的声誉值得庆幸的是,噢,在这里支持并捍卫他们的荣誉。

MacWorld的[SIC]3Jim Dalrymple was the先是反刍this bogus story on Thursday and followed up with “MacBook Wi-Fi黑客曝光” by calling the original research a “misrepresentation”.  David Chartier of “The Unofficial Apple Weblog” went as far as saying “SecureWorks admits to falsifying MacBook wireless hack”.  Plenty of other media outlets were fed the same story but most of them knew better and refused to run this bogus story.  But once Digg and Slashdot ran with this story on Friday, all hell broke loose and the story has infected the blogsphere [SIC]。

“大多数”媒体机构所知道的“反刍”,“虚假”故事比仅仅涉及运行那些Ou所说的故事只是简单地代表Apple发布Lynn Fox的声明而已。

你继续说:

当我在Digg上遇到这些故事时,我感到非常震惊。

确实,谁不会感到震惊在Digg上过度夸大耸人听闻的废话? What paragon of journalistic integrity is next? The New York Times? The Wall Street Journal?

I had personally video interviewed Maynor and his partner Jon “Johnny Cache” Ellch and these two gentlemen were very honest and straightforward.  But as soon as I read the stories, the stench began to rise.

我很想在这里开一个关于Ou可能在午餐时吃的东西的笑话,但决定反对它。

Maynor and SecureWorks had been telling the truth the entire time and they had falsified nothing.  The only falsification going on was the stories themselves!

(Boldface emphasis is Ou’s.) Even Brian Krebs isn’t sticking with this lineOu, on the other hand, seems determined to go down with the SecureWorks ship.

So what exactly are Maynor and SecureWorks accused of falsifying? They are accused of “admitting” that the wireless hack was an exploit of a third party device and a third party driver.  The only problem with this accusation is that it isn’t exactly news since this is precisely what Maynor and company have been saying all along.  This was not only evident in my video interview, but it was even in Maynor’s original video demonstration along with every other news report earlier this month during Black Hat.

另一个稻草人的论点没有人真正看过他们的视频,而是对Maynor和Ellch所展示的漏洞进行了争论在视频中配备第三方USB无线网卡的MacBook争议的焦点是,Maynor和Ellch是否曾明确或暗示地指出,他们在MacBook的内置卡和驱动程序中也发现了类似或相同的漏洞,如果有的话,他们是否向Apple提供过此类证据。

你继续说:

So Maynor and SecureWorks have been telling the truth about this being a third party driver and hardware from the very beginning and they never misrepresented anythingIf anything, Maynor went out of his way to avoid implicating any issues on the part of Apple because Brian Krebs of The Washington Post reported thatApple had leaned on Maynor and SecureWorks不披露这一事实default Mac wireless hardware and default drivers were in fact vulnerable as well

在这里要小心,因为如果你认为这一段中的矛盾太难了,你的头脑会受到伤害Ou在第一句中声称它只是关于第三方卡片和驱动程序,但接下来的句子中吹嘘Maynor声称Krebs认为默认的MacBook卡和驱动程序“也很脆弱”呃,乔治,那是有争议的部分,而不是视频中的外部USB加密狗演示然后有一个可爱的想法,Maynor“不顾一切地避开涉及Apple的任何问题”,随后Maynor毫无根据地声称Krebs声称苹果已经“倾向于”让他闭嘴。

When I asked Maynor about this at Black Hat, Maynor would not confirm or deny whether Apple had leaned on him or not saying that he didn’t want to discuss it at the moment. 

他似乎没有想讨论这个靠着事件会议以来,。

成绩单清楚地表明了这一点Maynor had demonstrated the same exploit on a Mac without any third party wireless hardware!  It also turns out Maynor chose an external third party hardware wireless adapter to avoid focusing attention on possible Apple hardware and software issues which may endanger Mac users.

如果Brian Krebs的成绩单说它发生了,那一定是真的。

When I contacted David Maynor by email and later phoned him late Saturday night, Maynor was very disturbed by the whole incident.

我敢打赌。

He had already been receiving hate mail and even death threats at the Black Hat convention but the threats had escalated with this latest fabricated story about him falsifying his research.  In one such threat, the person stated “I’m going to f*ing kill you and your dog” to which Maynor replied “I don’t have a dog.”

当他们来自那些古怪的Mac怪人时,死亡威胁很有趣。

Maynor was even more disgusted with the despicable way this story was set up and then planted in the press though […]

这种“卑鄙的”故事种植方法显然是苹果发言人林恩福克斯通过电话打电话给记者,记录在案并就此事发表明确声明的技巧。

我被要求不要透露这个时间的任何细节[SIC]. What I can tell you is that Maynor and SecureWorks will not be taking this laying down and the fireworks will start in the next couple of days.

考虑点燃保险丝。

结论

的原则奥卡姆剃刀认为最简单的解释是最可能的根据该指南和手头的证据,我猜测Maynor和Ellch是不诚实的宣传猎犬,他们研究了FreeBSD Wi-Fi驱动程序中先前发现的漏洞,并得出结论认为他们可能会利用这个已发布的漏洞来对抗Mac OS X.我认为他们失败,试图找到一个漏洞,违背标准的机场卡和驱动程序所使用的几乎所有的Mac用户,然后,他们意识到他们可以在一个演示,利用车司机除了苹果的在使用Windows或开源操作系统的任何其他计算机上进行演示时,在经过篡改的MacBook上吸引更多关注他们自己和他们的公司我相信他们“通知”苹果FreeBSD无线驱动程序的问题,苹果已经知道了,所以他们(即Maynor和Ellch)老实说声称已经向Apple提出“关于无线安全漏洞”,即使它实际上并不是他们自己发现的漏洞,或者实际上影响了Apple的运输代码即that despite the fact that the exploit they had discovered is completely and utterly irrelevant to anyone using a MacBook with Apple’s default AirPort driver and card, which is to say all MacBooks other than the one that Maynor and Ellch modified specifically for their contrived demo, they chose to perform their demo using the MacBook.

当华盛顿邮报的布莱恩·克雷布斯(Brian Krebs)宣称他们发现苹果公司自己的驱动程序“具有相同的可利用性”时,他们所谓的漏洞利用被公开了,他们没有说任何可以质疑克雷布斯的报道我相信Maynor和Ellch培养了他们在MacBook的内置AirPort卡和驱动程序中发现漏洞的错误观念,但是应Apple的要求使用外部USB卡为他们的视频进行了演示这没什么意义,就像我当时写的那样但是误解已经成熟,Maynor和Ellch在他们的咨询公司时没有说出任何争议引起了媒体的关注

Now that the “fireworks” are starting, my guess is that Maynor and Ellch, if they choose to defend themselves rather than quietly walking away from the table, will do so by claiming that they never stated nor implied that they had found any vulnerabilities in the MacBook’s built-in card and driver但是他们搪塞过于笨拙蒙混过关。

(就是这样最好的情况我如何看待这个问题的方案Jim Thompson在获取并研究了他们的漏洞利用演示视频的高分辨率副本后,他可以从屏幕上的终端窗口中读取角色,暗示即使是他们的利用第三方USB卡是欺诈,基于MAC地址和网络接口的差异。)

It is a simple yes or no question: Have Maynor and Ellch found a vulnerability that affects MacBooks using Apple’s built-in cards and drivers? That Maynor and Ellch haven’t answered it speaks volumes带上烟花。


  1. They’re not part of the “operating system” in the academic computer science sense of the term, but they’re certainly part of Mac OS X as a “product”, in the same way that bundled applications such as the Finder and Safari are part of the system.↩︎

  2. Will someone please tell Krebs that the “B” in “MacBook” is capitalized? Thanks.↩︎

  3. 这是Macworld大会不是MacWorld大会What’s with these guys and their inability to get intercapping right?↩︎