计算机安全是一门科学Science is conducted by gathering and evaluating evidenceMy problem with Brian Krebs’s coverage of this supposed “exploit” is that his reporting is based entirely on what David Maynor told him仅仅因为某人说他们已经找到了一个安全缺陷并不意味着有一个。
我希望克雷布斯与这个故事已经做得很好I think it’s great that a world-class newspaper like The Washington Post has a columnist dedicated to computer security issues — but坏reporting on computer security is worse than no reporting at all.
Assuming I’m right that Maynor and Ellch have found no exploit against the stock AirPort cards and drivers, the worst part about this fiasco might be the “boy who cried wolf” effect: A false alarm makes it more likely that if someone finds an实际serious security flaw against Mac OS X, Mac users will ignore it, thinking that it’s another over-hyped non-issue like this one appears to be.
Glenn Fleishman is doing a great job covering the continuing news at hiswi - fi网络新闻网站。
吉姆·汤普森的“Yet Another Thing About the Maynor/Ellch Affair” points to something in Maynor and Ellch’s video demonstration that has been bothering me, too: when Maynor gets shell access to the “attacked” MacBook, his shell’s current directory is that of the user who is logged in to the Mac’s GUI. A root exploit would typically put the current directory at “/” — that is, the root level of the startup volume.