Robert Lemos, SecurityFocus 2007-03-01
ARLINGTON, VA. -- Security researcher David Maynor got some measure of vindication at the Black Hat DC Conference this year.
Colapse all |
Post comment
Maynor reveals missing Apple flaw
2007-03-01
Anonymous
Anonymous
This doesn't prove that he was the one who discovered the bug. Why did it take him 6 months after the patch was released to release any details?
It's quite possible that he just reversed the patch in order to create the tool that he demonstrated.
There were a lot of claims at the time tha...
[ more ] [ reply ]
It's quite possible that he just reversed the patch in order to create the tool that he demonstrated.
There were a lot of claims at the time tha...
[ more ] [ reply ]
Maynor reveals missing Apple flaw
2007-03-02
David Taylor (2 replies)
David Taylor (2 replies)
I sure hate that it took this long for this story to come out but am sure glad it did. Brian Krebs reported on this back when it became public and was hit pretty hard by the Mac fanatics. Apple really came out smelling bad from this whole situation....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Maynor reveals missing Apple flaw
2007-03-02
Anonymous (1 replies)
Anonymous (1 replies)
Um, so why doesn't anyone mention the fact that Macbook don't contain Broadcom chipsets? They all contain Atheros drivers (which the alleged exploit was in). So either this article is inaccurate, or Maynor simply reversed the patches....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Maynor reveals missing Apple flaw
2007-03-05
Anonymous
Anonymous
It might have something to do with the fact that Maynor reported 3 bugs to them, one in the Atheros driver in the Macbook, one in the Broadcom driver in the powerbook, and one in the bluetooth stack of the Macbook.
Reversing the patches would be kinda hard since in the preso there were email disc...
[ more ] [ reply ]
Reversing the patches would be kinda hard since in the preso there were email disc...
[ more ] [ reply ]
Apple Fanboys, Grow Up.
2007-03-04
Anonymous
Anonymous
The reason Maynor waited 6 months was to demonstrate it at Blackhat. Duh.
If there was nothing to find, then how how did apple magically find and fix the bugs for Maynor to reverse the patches and write exploit code?
What did Maynor do, look in his crystal ball and guess? Look fanboys, Occams ...
[ more ] [ reply ]
If there was nothing to find, then how how did apple magically find and fix the bugs for Maynor to reverse the patches and write exploit code?
What did Maynor do, look in his crystal ball and guess? Look fanboys, Occams ...
[ more ] [ reply ]
You got it all wrong Robert
2007-03-05
Anonymous (1 replies)
Anonymous (1 replies)
Robert, get your facts straight and go back and watch the original video again and take a look at what this guy is saying.
This guy is now saying that his attack was on Broadcom's wireless drivers. Then in the video he uses a MacBook with a 3rd party wireless card, NOT the internal card inside t...
[ more ] [ reply ]
This guy is now saying that his attack was on Broadcom's wireless drivers. Then in the video he uses a MacBook with a 3rd party wireless card, NOT the internal card inside t...
[ more ] [ reply ]
Re: You got it all wrong Robert
2007-03-05
Robert Lemos (1 replies)
Robert Lemos (1 replies)
In the article, I mistakenly aggregated issues in two wireless drivers into a single issue in the Broadcom driver, because Maynor for the most part limited his comments to that driver.
In reality, Maynor and Ellch reported three bugs to Apple, one in a Broadcom driver (PowerBooks), one in the Ath...
[ more ] [ reply ]
In reality, Maynor and Ellch reported three bugs to Apple, one in a Broadcom driver (PowerBooks), one in the Ath...
[ more ] [ reply ]
Re: Re: You got it all wrong Robert
2007-03-05
Anonymous (3 replies)
Anonymous (3 replies)
Then they are not Apple flaws like you state Robert. There was evidently no Apple flaw or why has he never publicly demonstrated the flaws with anything other than a 3rd-party driver on MacOS?
Why not be accurate in the title of your article and say "Maynor reveals missing wireless flaws" becaus...
[ more ] [ reply ]
Why not be accurate in the title of your article and say "Maynor reveals missing wireless flaws" becaus...
[ more ] [ reply ]
Re: Re: Re: You got it all wrong Robert
2007-03-05
Anonymous
Anonymous
Apple takes the broadcom and atheros driver code and intergrates it into the OS. They are in
/System/Library/Extensions/IO80211Family.kext/
What hardware you are using determines what driver is used. Intel Macbooks use the Atheros based drivers while PPC based Powerbooks use the Broadcom driver...
[ more ] [ reply ]
/System/Library/Extensions/IO80211Family.kext/
What hardware you are using determines what driver is used. Intel Macbooks use the Atheros based drivers while PPC based Powerbooks use the Broadcom driver...
[ more ] [ reply ]
Re: Re: Re: You got it all wrong Robert
2007-03-05
Robert Lemos
Robert Lemos
Six months ago, you would have been right. This would have been an article about flaws in general wireless drivers. In fact, I reported it that way at the time. (See: http://www.securityfocus.com/news/11404).
However, Maynor's latest presentation, which was the focus of this article, was not on g...
[ more ] [ reply ]
However, Maynor's latest presentation, which was the focus of this article, was not on g...
[ more ] [ reply ]
Re: Re: Re: You got it all wrong Robert
2007-03-06
Anonymous
Anonymous
First off, what right do you have to go bashing him? You won't even give us your name. He has written numerous articles for SF and helped the community in many ways and this is the thanks he gets? You go bashing him because you can't imagine that your precious Mac would possibly have some kind of fl...
[ more ] [ reply ]
[ more ] [ reply ]
Maynor reveals missing Apple flaws
2007-03-05
Anonymous (1 replies)
Anonymous (1 replies)
All you people that swoon around the security of Apple software, I dare you to take your unpatched powerbook, Macbook or Macbook pro to a black hat conference. The fact of the matter is all connections are insecure no matter what hardware and drivers you use and it will continue to be like that unti...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Maynor reveals missing Apple flaws
2007-03-06
Russell Morris
Russell Morris
I'm not a Mac users, I've only ever used one a couple of times and have no real desire to do so again. That aside, I believe that the previous message regarding the title was somewhat correct, I'd personally have said "Maynor reveals missing 'Apple' flaws". It's not really a Mac flaw in itself, it...
[ more ] [ reply ]
[ more ] [ reply ]
Maynor reveals missing Apple flaws
2007-03-14
Anonymous
Anonymous
I was at Blackhat and saw the presentation and it was on the 3rd party broadcom drivers. They had said the reason they used the broadcom drivers was because they were publicly available. They could look at the source code and figure out an exploit from there. They also stated that they did not re...
[ more ] [ reply ]
[ more ] [ reply ]
They should have gone for the original premise
2007-03-22
Troy
Troy
David Maynor admitted to making mistakes, two of them quite significant: he chose a MacBook for the demo, and he chose to preview the set-up to a journalist looking for a career-making sensational news item. This made the whole thing zoom in on Apple.
He wouldn't be in such deep funk if he and El...
[ more ] [ reply ]
He wouldn't be in such deep funk if he and El...
[ more ] [ reply ]
Maynor reveals missing Apple flaws
2007-03-22
Anonymous
Anonymous
Robert commented:
"However, Maynor's latest presentation, which was the focus of this article, was not on generic wireless flaws but in Apple's response to the specific wireless flaws allegedly shipped as part of its products."
So you're saying that what he showed last year and what he showed re...
[ more ] [ reply ]
"However, Maynor's latest presentation, which was the focus of this article, was not on generic wireless flaws but in Apple's response to the specific wireless flaws allegedly shipped as part of its products."
So you're saying that what he showed last year and what he showed re...
[ more ] [ reply ]
Didn't Maynor originally claim that the flaw allowed arbitrary code execution? And even all this time later the recent demo was Denial of Service? A flaw yes, but not the same thing at all! Why trust Maynor's word about the so called email "evidence" that ...
[ more ] [ reply ]