Did they or didn't they?
The central question over whether two researchers were able to compromise a MacBook as claimed in a presentation at the Black Hat Security Briefings last month continues to draw controversy. On Friday, blogger John Gruber laid down the gauntlet, challenging the researchers--David Maynor and Jon Ellch-- to show off their exploit in a neutral venue to prove it exists.
The challenge ignited a discussion of the issue at a security-oriented mailing list run by Dave Aitel, founder of security firm Immunity, with some notable researchers weighing in on the potential flaw, including Ellch. For the most part, the researcher did not give any details of the flaw, saying that the issue is now between his company, SecureWorks, and Apple.
The controversy is unlikely to go away until more information is released, in many ways because initial media reports focused on the claims that the MacBook was vulnerable to an attack via its wireless drivers. Yet, Maynor's and Ellch's entire presentation focused, not on the MacBook, but on wireless drivers in general and how to find flaws in such drivers. The presentation was a direct extension of previous work done by Maynor.
Interested readers should read the entire DailyDave thread in its entirety.
Posted by: Robert Lemos