本周的Jackass:Kieren McCarthy

这篇关于上周AirPort安全更新的Techworld文章标题为“Apple Coats WiFi [SIC]安全洞“,几乎每一个断言都是错误的。

关于“本周的千篇一律”文章的双重Byline和独奏荣誉之间的分歧的简要前置插值

The Techworld article is credited to the dual byline of “Jim Dalrymple, Macworld and Kieren McCarthy, Techworld”, but I suspected from the start that the objectionable aspects are entirely the work of McCarthy, and that Dalrymple’s name got dragged into this by whatever the rules are for dual-bylining when a Techworld writer runs something containing reporting from a Macworld writer.

[2006年9月27日更新:截至今天,该文章现在仅归功于Kieren McCarthy。]

Dalrymple作为Macworld的记者有着良好的记录,他对Macworld关于这个Wi-Fi黑客传奇的报道一尘不染特别是,他关于Macworld的故事是关于上周的AirPort安全更新是没有错误的。

我通过电子邮件向Dalrymple发送了关于他在Techworld文章中的作用的电子邮件,他回答说:“请放心,约翰,修改后的文章中没有一句是由我撰写或批准的。我支持我为Macworld写的原始文章。“

Macworld的主编Jason Snell通过电子邮件告诉我:

Just an official notice that Macworld does not endorse that Techworld story, which was created by a Techworld writer with Jim’s name attached[...]

We stand by our story; we wish Techworld would stand by theirs and not misuse the name of our reporter on its snide opinion article masquerading as news.

因此,我将仅仅依靠麦卡锡赐予本周杰克斯奖事实上,如果有的话,麦卡锡值得Jackass荣誉 - 曾经为这篇糟糕的文章而再次将Jim Dalrymple的名字放在上面。


麦卡锡首先指责苹果公司就上周的AirPort安全更新发表了相互矛盾的声明:

Apple has patched a serious security hole in its WiFi driver, despite disputing its existence last month.

A security and AirPort update for Mac OS X fixes holes found in the company’s wireless drivers by a researcher at SecureWorks. Despite自称that the researcher was wrong and the drivers were not in any way vulnerable, the patch covers the self-same problem.

据报道,苹果公司上个月就此话题发表了声明来自Dalrymple本人在Macworld- 不仅在Techworld中重印,而且链接到这篇文章(参见上文“声称”) - 非常精确:Apple仅否认SecureWorks已向他们提供了影响Apple产品的Wi-Fi漏洞的证据苹果公司没有人就这家公司是否意识到这些缺陷提出任何建议。

(而苹果当然也没有否认存在任何这样的缺陷 - 在任何条件下这都是一个鲁莽的声明即使你没有发现任何缺陷,也不可能知道是否存在你不知道的缺陷这是“已知未知数”和“未知未知数”之间的区别拉姆斯菲尔德-ESE。)

没有任何证据证明上周的安全更新涵盖了David Maynor和Jon Ellch在8月的黑帽大会上所展示的“自相同问题” - 而苹果公司特别否认他们这样做了。

下一段:

The company changed its tune over the hole, complaining that SecureWorks had not given it sufficient information and so it had in fact discovered the problem itself.

一直没有改变 - 苹果公司在一个月前声称他们没有收到来自SecureWorks的产品存在缺陷的证据,他们在发布更新后上周宣称同样的事情。

下一段:

SecureWorks researcher David Maynor and “Johnny Cache” demonstrated the vulnerability — where a hole in Apple’s MacBook wireless software driver allows a hacker to take control of the machine — at the Black Hat conference in AugustMaynor said at the time that they had demoed the flaw on the Mac because of the “Mac user base aura of smugness on security”.

Maynor和Ellch在Black Hat的演示明确涉及到第三方卡和司机它仍然是传奇中的一个核心问题,他们是否也在Apple的内置AirPort驱动程序中发现了类似的漏洞,但有一个事实无可争议任何人他们的公开演示不涉及Apple的卡或司机无可争议的。

下一段:

That smugness was nowhere to be seen yesterday as Apple informed the faithful that it personally had discovered the problem that wasn’t a problem anyway because no one had exploited it — except for the two people up on stage at the Black Hat conference, that is.

再次,错了首先,Maynor和Ellch在舞台上没有表现出这样的东西众所周知,他们在视频中展示了他们的漏洞利用演示,以防止任何出席的人录制Wi-Fi网络数据包来复制攻击。他们的录像带被明确地攻击了非Apple卡和非Apple驱动程序。

下一段和最后一段:

The issue isn’t wide-ranging in that it only affects the Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wirelessThat leaves Intel-based Mac mini, MacBook, and MacBook Pro computers completely unaffected.

再次,错了麦卡锡显然只是阅读了描述这三个问题中的第一个在上周的更新中解决The first of the three issues does not affect Intel-based Mac Minis, MacBooks, and MacBook Pros, but that’s because those three Macs use a different AirPort card; the other two AirPort issues addressed last week do affect these Macs.

Amazingly, not only does every single paragraph of this article contain at least one factual error, but甚至文章中报道的错误本身也是相互矛盾的在第四和第五段中,麦卡锡声称上周的Apple安全更新解决了Maynor和Ellch的Black Hat演示所暴露的问题对抗MacBook在下一段和最后一段中,McCarthy声称安全更新不会影响MacBooks或MacBook Pro

它令人难以置信。