所以请记住几周前布赖恩克雷布斯发布一份题为“在60秒或更短的时间内劫持MacBook” on his Washington Post computer security weblog? He reported on a supposed Wi-Fi security exploit demonstrated at the Black Hat security conference, wherein “security researchers” Jon Ellch and David Maynor hacked into a MacBook via Wi-Fi.
Maynor and Ellch’s demonstration video showed the MacBook — the target of their “attack” — using a USB-dongle Wi-Fi card. Given that every MacBook comes with a built-in AirPort Wi-Fi card, the central question of this entire saga is whether that built-in AirPort card is similarly vulnerable.
Krebs reported that they used a third-party card and driver in their demonstration because “Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers”Who at Apple “leaned on” them? And what does “leaned on” them actually mean?
一个卡is the wireless networking hardware; e.g机场卡内置每个苹果笔记本,或外部USB软件狗像插入还有MacBook在他的演示。
一个司机是允许操作系统与硬件通信的软件现代操作系统--Mac OS X，Windows和Linux发行版 - 都附带了适用于各种硬件的标准驱动程序对于任何硬件,操作系统不已经有一个司机,但是,您需要安装一个驱动程序之前,硬件工作例如，Mac OS X附带一个USB鼠标驱动程序，“只适用于”您插入的任何标准USB鼠标，但Apple在发布Mighty Mouse时更新了此驱动程序以添加对其特定功能的支持机场“作品”,因为Mac OS X附带驱动各个机场的卡片,苹果发货当Mac用户连接到Wi-Fi网络时，他们通常使用内置的AirPort卡和内置的AirPort驱动程序，其中“通常”我的意思是“几乎总是”。
第三方是指计算机制造商或操作系统供应商未生成或正式支持的组件（硬件或软件）对于MacBook，第三方卡可以是任何Wi-Fi卡，而不是Apple预装在机器内的任何一张Wi-Fi卡。第三方驱动程序可以是用于控制Wi-Fi卡的任何软件，而不是作为Mac OS X的一部分安装的驱动程序你可能会认为这是一个愚蠢的澄清,但克雷布斯自己制造混乱和他使用术语,理由是一些代码的司机,苹果附带Mac OS X是程序员写的公司使用的无线芯片组苹果AirPort-brand卡片不要困惑:如果支持的驱动程序是由苹果和苹果,它不是“第三方软件”。
这里的中心点是，对于MacBook用户而言，这个特殊的漏洞对任何问题都有任何顾虑，它必须使用Mac OS X的内置驱动程序来对抗MacBook的内置卡。使用第三方卡 - 正如Maynor在他们的视频演示中清楚且公认的那样 - 使得使用内置卡的任何Mac用户都没有问题但也是一样司机- 如果Maynor和Ellch可以证明攻击可以对抗MacBook的内置卡，但需要第三方软件驱动程序，那同样没有实际意义。
This video presentation at Black Hat demonstrates vulnerabilities found in wireless device driversAlthough an Apple MacBook was used as the demo platform,it was exploited through a third-party wireless device driver— not the original wireless device driver that ships with the MacBookAs part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available.
What’s notable about this disclosure is that it is about the司机我们已经知道，仅仅通过观看演示视频，它也是基于第三方卡这意味着（a）他们发现的漏洞利用了MacBook的内置卡也不Mac OS X’s built-in driver; (b) the exploit they discovered works against both the third-party driver demonstrated in the video和针对Apple的标准驱动程序，他们莫名其妙地决定发布此免责声明，以明确描述正在演示的内容在视频中; or (c) that the “experts” at SecureWorks do not understand the difference between a driver and a card我的钱在（a）。
The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s [SIC] wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system.While those device driver flaws are particular to the MacBook— and presently not publicly disclosed — Maynor said the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OSStill, the presenters said they ultimately decided to run the demo against a Mac due to what Maynor called the “Mac user base aura of smugness on security.”
“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it isTo the contrary, the SecureWorks demonstration used a third party USB 802.11 device — not the 802.11 hardware in the Mac — a device which uses a different chip and different software drivers than those on the MacFurther, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.”
此外，Atheros Communications的首席技术办公室Bill McFarland，该公司生产的Apple内置AirPort芯片组，包括在每台MacBook上，发送通过电子邮件向Brian Krebs发送以下消息:
Atheros has not been contacted by SecureWorks and Atheros has not received any code or other proof demonstrating a security vulnerability in our chips or wireless drivers used in any laptop computersWe believe SecureWorks’ modified statement and the flaws revealed in its presentation and methodology demonstrates only a security vulnerability in the wireless USB adapter they used in the demo, not in the laptop’s internal Wi-Fi card.
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yetMaynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook driversBut he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable这就是我所报道的。
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
So at the beginning of August, Maynor and Ellch told Krebs that the default MacBook drivers were exploitable, but would not, even on video, demonstrate an exploit against them publicly然而，截至上周四，他们的SecureWorks网站明确指出他们的视频演示确实如此不涉及Apple的默认驱动程序，Apple和Atheros都发表了明确的声明，Maynor和Ellch没有向Apple提供任何证据显示Apple驱动程序有缺陷的证据。
Maynor和Ellch最近在SecureWorks网站上的声明声明他们的视频演示does not involve Apple’s driver; that is not the same thing as declaring that they have not也确定一个利用与苹果的司机不显示视频除了Maynor本月早些时候向Krebs发表的声明，苹果公司的司机“同样可以利用”（这是Krebs的话，不是Maynor的直接引用）之外，他们在这一点上一直保持沉默。
例如，从Apple周五的声明中，我们知道如果Maynor和Ellch有他们发现了一个针对股票MacBook的漏洞利用，他们尚未与Apple（或Atheros）联系，提供有关漏洞的详细信息 - 这对于表面上专业的安全研究人员来说是极不负责任的，并且与他们之前对Brian Krebs所做的声明相矛盾。有与他们的发现有联系的Apple或者,如果他们有联系苹果公司，苹果公司Lynn Fox发表的声明是错误的，苹果公司犯下了一个巨大的，几乎难以理解的愚蠢错误，因为这样一个虚伪的谎言对于苹果公司而言要远远超过泄露Wi-Fi漏洞，如果它确实存在，无论如何肯定会很快曝光即如果Maynor可以打电话给他们，苹果为什么要撒谎？
另一方面，如果Maynor和Ellch有不identified an exploit that works against Apple’s standard MacBook card and driver, then the only possible explanation for what Brian Krebs has reported — that Maynor told him that the default MacBook drivers are “identically exploitable” to those used in their video — is that either (a) Maynor and Ellch are liars and frauds; (b) Brian Krebs is an incompetent hack who grossly and utterly misquoted and misstated what Maynor had told him; or (c) Krebs was in over his head and did not understand the issues he was reporting on.
(A) seems the most likely explanation here; if (b) or (c) were the case — i.eMaynor有不told Krebs that the MacBook’s default driver was identically or even similarly vulnerable, surely Maynor would have spoken out to set the record straight and call Krebs out on his error — a simple “Hey, I didn’t say what Brian Krebs has reported that I said” would have sufficed这并没有发生。
I thus see no way out of this where Maynor and Ellch escape with their reputations intact, other than if they have in fact discovered a vulnerability against the stock MacBook card and driver, that they have disclosed their findings privately to Apple, and that the statement issued Friday by Apple’s Lynn Fox is in fact scurrilously false但即使在这种情况下 - 我认为这是Maynor和Ellch的最佳案例 - 如果他们确定苹果公司出货的MacBook易受攻击，为什么他们显然不是这么说吗? I’m not saying they should have publicly described the nature of the vulnerability in any detail, but they certainly should have stated clearly that owners of whatever specific Macintoshes they have identified flaws against should be careful when turning on AirPort in any public or non-trusted environment.
During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yetMaynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook driversBut he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitableAnd that is what I reported.
I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable.
It is becoming more and more clear that the reporting Krebs “stands by” is falseMaynor and Ellch, I believe, have discovered no such exploit against a stock MacBookAnd if I’m right, not only has Krebs blown the story with regard to the security of the MacBook, he has also impugned the integrity of Apple by publishing the claim that the company “leaned on” Maynor and Ellch — an accusation Krebs published without evidence, without details regarding what exactly constituted “leaning on”, and without comment from Apple.
I’ve received an overwhelming amount of hate mail from Mac enthusiasts over two previous posts on a wireless-device-driver presentation at the Black Hat hacker conference, with people accusing me of all kinds of nasty things.
在哪里通过“仇恨邮件”克雷布斯显然意味着“批评”，而在“讨厌的事情”中，他显然意味着“糟糕的报道”This is one of the oldest tricks in the hack tech writer book: Because, yes, some small number of devoted Mac users are in fact kooks, when you begin receiving criticism after publishing some sort of false or inaccurate analysis regarding the Mac or Apple, you just dismiss it all on the grounds that所有Mac用户是非理性的邪教徒，他们根本无法忍受看到他们心爱的公司或操作系统受到批评。
I’ve been asked this many times, so let me make this crystal clear: I had the opportunity to see a live version of the demo Maynor gave to a public audience the next dayIn the video shown at Black Hat, he plugged a third-party USB wireless card into the Macbook — but in the demo Maynor showed me personally, he exploited the Macbook without any third-party wireless card plugged in.
克雷布斯没有就这次示威提出几个非常明显的问题For example: Had Maynor diddled at all with the wireless drivers on the MacBook to make this work? Had he diddled with the default network settings? Could Maynor demonstrate this exploit on a MacBook supplied by Krebs?
没有问这些问题表明Krebs无法撰写有关计算机安全问题的文章It’s like watching a magician perform a trick using his own deck of cards, and then not only not asking to see the trick performed with a deck of cards as-yet untouched by the magician, but not even asking whether the cards had been tampered with.
克雷布斯：向我解释你在这里正在利用什么Is it a flaw in the Macbook itself?
Maynor：是的，它是一个设备驱动程序。The thing is, there’s a flaw in the OS, but I don’t want to specifically point to it, so in the video you’ll see I used a third-party USB deviceWhat I’m trying to do is highlight the problems in device drivers themselves, not any one particular flaw[Maynor misspoke here, and I later clarified this point with himThe wireless device driver that powers the internal wireless card on the Macbook contains flaws that — when exploited — give the attacker the ability to create or delete files, or modify system settingsThe flaw is in fact in the Macbook’s wireless device driver, which is made by a third partySo again, to be clear, the flaw is not, as he suggests in the transcript of this interview, in the Mac OS X operating system itself.]
方括号内的部分是克雷布斯之外的一篇社论，他似乎对什么构成“第三方”司机感到非常困惑即使部分或整个MacBook的机场司机写的工程师在公司其他比苹果(像,说,创锐讯,芯片组的生产商),如果是软件驱动内置卡,并且作为一个标准组件安装在Mac OS X,和苹果公司提供支持的驱动程序,那么它不是第三方软件The built-in AirPort drivers are part of Mac OS X.1
[Q:] I saw some people quote you as saying the bug is in the built-in in card and other people quote you as saying as its [SIC]不，谁是对的？
答:他们都是The exploit shown in the video was targeting a specific third party driver and that same vulnerability does not affect the built in [SIC]卡We are, however, doing ongoing research on the built-in card as well and have shared our findings with Apple.
So “both” are right, but they haven’t found an exploit against the Apple card and driver — just “ongoing research”? Tell me that doesn’t sound like, “We’re trying to find an exploit that works against the MacBook’s built-in driver and card, but haven’t found one yet.”
James — and you think that Macworld articles adds anything to this because why? You should spend a little bit of time looking at what Apple is actually claiming, and what they’re not talking about hereApple’s PR people are basically pointing out exactly what I’ve said for the past two posts on this issue — that Maynor et确实在视频中使用了第三方USB卡。
克雷布斯在这里所做的是指责苹果发言人林恩福克斯精确地说“这取决于'这个词的意思'是什么样的”样式法律术语But Fox’s statement did not end with her reiteration of the fact that their video demonstration involved a third-party card (which is a fact that is not disputed by anyone who has watched the video — Maynor makes it explicitly clear in the demonstration video that he’s using a USB wireless card)福克斯继续补充说：“此外，SecureWorks尚未共享或演示与Black Hat演示的漏洞相关的任何代码，这些漏洞与我们发布的硬件和软件相关。”这是苹果公司声明的一部分与克雷布斯的报道相矛盾。
SecureWorks is claiming that despite Apple’s claims to the contrary, that the company is shipping Mac products with vulnerable wireless device driversWhat Apple has not addressed in any kind of detail is whether or not the embedded drivers in the Macbook are vulnerableAll of their response so far is aimed at the demo showed in the video publicly.
As for why Apple has not addressed “whether or not the embedded drivers in the Macbook are vulnerable” — it’s because他们不知道，因为，我将再次重复这一点，最后一次，Apple说Maynor和Ellch没有与他们分享演示或代码如果有一个漏洞,苹果无法确认,因为像,还有Ellch还没有共享如果有不漏洞,苹果不能确定是这种情况——对所有苹果都知道,像和Ellch。还有有确定了对MacBook的内置驱动程序和卡的攻击，但无论出于何种原因，它还没有提出它由于他们不知道，他们不能说，“我们的产品没有漏洞”他们所知道的就是他们没有说：他们没有看过Maynor和Ellch的代码或演示。
I have several times now asked SecureWorks to share with me more specific information to back up their claims, but so far I have received no further detailsIf I hear back from SecureWorks with any more material information, I will update the blog.
Apple’s Fox said that prior to the Black Hat demo, SecureWorks did contact Apple about a wireless flaw in FreeBSD, the open-source code upon which Apple’s OS X operating system is basedIn January, FreeBSD released a patch to fix the problem, which according to随附的咨询, related to a flaw in the way FreeBSD systems scanned for wireless networks that could be exploited to allow attackers to take complete control over the targeted machine.
[…] Fox also said Apple staff were already aware of the flaw when SecureWorks contacted them about it prior to their Black Hat presentation, and that Apple had already determined that the wireless flaw addressed in the FreeBSD patch was not exploitable on any of the Mac products.
“SecureWorks has not be able to exploit this for us,” Fox said. “No one has been able to show us a way to exploit our internal [wireless] device drivers with that flaw.”
But so is it just me, or does the headline Krebs chose for this mea culpa — “Follow-up to the Macbook Post” — seem slightly less provocative than the headline he chose for his original post in the series — “Hijacking a Macbook in 60 Seconds or Less”? A more reciprocally sensational (and therefore reciprocally可挖掘) but yet completely accurate headline might have been, say, “Losing My Journalistic Integrity in 60 Seconds or Less”, or “I’m a Gullible Rube and Got So Excited I Nearly Stained My Pants at the Thought of Breaking a Story on a Major Mac Security Exploit”.)
The truth of the matter is that this was a hack on a MacBook but it pertains to third party hardware and third party drivers. While this isn’t a flaw on the part of Apple [UPDATE: The same flawalso seems to affect Apple’s drivers], it is an attack on a MacBook and it shouldn’t be entirely dismissed either by the Mac community
这个无线(SIC] hack shouldn’t be pinned on Apple’s products or Apple’s programming, but remember that just this week there were 26 flaws patched by Apple and many of the flaws were critical. In fact, there were months when Apple patched more than 30 vulnerabilities a month so it’s clear that security vulnerabilities on the Mac are abundant. David Maynor stated that he loves his Mac but it is a fact that the Mac has many security flaws. The point is that no one should not [SIC] be dismissing security issues on Mac and claiming that they are invincible.
This is a straw-man argument; no one sane or knowledgeable has argued that Mac OS X is “invincible”, or that Mac security issues should be dismissed or ignoredWhat many Mac users pointed out regarding Maynor and Ellch’s demonstration, however, is that if it doesn’t work as an exploit against the MacBook’s built-in card, then Mac users可以驳回这个特殊问题。
There has been a vicious orchestrated assault on researcher David Maynor and the company SecureWorks claiming that the Maynor and SecureWorks falsified their research presented at Black Hat 2006.
MacWorld的[SIC]3Jim Dalrymple was the先是反刍this bogus story on Thursday and followed up with “MacBook Wi-Fi黑客曝光” by calling the original research a “misrepresentation”. David Chartier of “The Unofficial Apple Weblog” went as far as saying “SecureWorks admits to falsifying MacBook wireless hack”. Plenty of other media outlets were fed the same story but most of them knew better and refused to run this bogus story. But once Digg and Slashdot ran with this story on Friday, all hell broke loose and the story has infected the blogsphere [SIC]。
确实，谁不会感到震惊在Digg上过度夸大耸人听闻的废话? What paragon of journalistic integrity is next? The New York Times? The Wall Street Journal?
I had personally video interviewed Maynor and his partner Jon “Johnny Cache” Ellch and these two gentlemen were very honest and straightforward. But as soon as I read the stories, the stench began to rise.
Maynor and SecureWorks had been telling the truth the entire time and they had falsified nothing. The only falsification going on was the stories themselves!
(Boldface emphasis is Ou’s.) Even Brian Krebs isn’t sticking with this lineOu, on the other hand, seems determined to go down with the SecureWorks ship.
So what exactly are Maynor and SecureWorks accused of falsifying? They are accused of “admitting” that the wireless hack was an exploit of a third party device and a third party driver. The only problem with this accusation is that it isn’t exactly news since this is precisely what Maynor and company have been saying all along. This was not only evident in my video interview, but it was even in Maynor’s original video demonstration along with every other news report earlier this month during Black Hat.
So Maynor and SecureWorks have been telling the truth about this being a third party driver and hardware from the very beginning and they never misrepresented anythingIf anything, Maynor went out of his way to avoid implicating any issues on the part of Apple because Brian Krebs of The Washington Post reported thatApple had leaned on Maynor and SecureWorks不披露这一事实default Mac wireless hardware and default drivers were in fact vulnerable as well。
When I asked Maynor about this at Black Hat, Maynor would not confirm or deny whether Apple had leaned on him or not saying that he didn’t want to discuss it at the moment.
成绩单清楚地表明了这一点Maynor had demonstrated the same exploit on a Mac without any third party wireless hardware! It also turns out Maynor chose an external third party hardware wireless adapter to avoid focusing attention on possible Apple hardware and software issues which may endanger Mac users.
When I contacted David Maynor by email and later phoned him late Saturday night, Maynor was very disturbed by the whole incident.
He had already been receiving hate mail and even death threats at the Black Hat convention but the threats had escalated with this latest fabricated story about him falsifying his research. In one such threat, the person stated “I’m going to f*ing kill you and your dog” to which Maynor replied “I don’t have a dog.”
Maynor was even more disgusted with the despicable way this story was set up and then planted in the press though […]
我被要求不要透露这个时间的任何细节[SIC]. What I can tell you is that Maynor and SecureWorks will not be taking this laying down and the fireworks will start in the next couple of days.
的原则奥卡姆剃刀认为最简单的解释是最可能的根据该指南和手头的证据，我猜测Maynor和Ellch是不诚实的宣传猎犬，他们研究了FreeBSD Wi-Fi驱动程序中先前发现的漏洞，并得出结论认为他们可能会利用这个已发布的漏洞来对抗Mac OS X.我认为他们失败,试图找到一个漏洞,违背标准的机场卡和驱动程序所使用的几乎所有的Mac用户,然后,他们意识到他们可以在一个演示,利用车司机除了苹果的在使用Windows或开源操作系统的任何其他计算机上进行演示时，在经过篡改的MacBook上吸引更多关注他们自己和他们的公司我相信他们“通知”苹果FreeBSD无线驱动程序的问题,苹果已经知道了,所以他们(即Maynor和Ellch）老实说声称已经向Apple提出“关于无线安全漏洞”，即使它实际上并不是他们自己发现的漏洞，或者实际上影响了Apple的运输代码即that despite the fact that the exploit they had discovered is completely and utterly irrelevant to anyone using a MacBook with Apple’s default AirPort driver and card, which is to say all MacBooks other than the one that Maynor and Ellch modified specifically for their contrived demo, they chose to perform their demo using the MacBook.
Now that the “fireworks” are starting, my guess is that Maynor and Ellch, if they choose to defend themselves rather than quietly walking away from the table, will do so by claiming that they never stated nor implied that they had found any vulnerabilities in the MacBook’s built-in card and driver但是他们搪塞过于笨拙蒙混过关。
It is a simple yes or no question: Have Maynor and Ellch found a vulnerability that affects MacBooks using Apple’s built-in cards and drivers? That Maynor and Ellch haven’t answered it speaks volumes带上烟花。
They’re not part of the “operating system” in the academic computer science sense of the term, but they’re certainly part of Mac OS X as a “product”, in the same way that bundled applications such as the Finder and Safari are part of the system.↩︎
Will someone please tell Krebs that the “B” in “MacBook” is capitalized? Thanks.↩︎
这是Macworld大会不是MacWorld大会What’s with these guys and their inability to get intercapping right?↩︎