Computerworld - I owe David Maynor and Jon Ellch an apology. Several weeks ago, in a column titled “Quack Hackers,” I described their presentation at this year’s Black Hat USA security conference as one of a pair of “hoax hacks” and “rigged demos of make-believe security holes.” At Black Hat, Maynor and Ellch (who hacks under the name “Johnny Cache”) showed how they could hack into a Macintosh laptop via Wi-Fi, as long as the Mac was using a no-name Wi-Fi card with buggy drivers. But Maynor and Ellch also told a Washington Post reporter they could pull the same trick on stock Mac Wi-Fi — a trick they refused to demonstrate. Baloney, I said. It’s bogus, a publicity stunt using Apple’s name to grab headlines.
I was wrong. How do I know? Apple told me so.
Let’s be clear: Apple isn’t saying Maynor and Ellch were right. When Apple issued three patches last month for flaws in the Mac’s Wi-Fi software, the company’s position was that they were the result of Apple’s internal audit of the code.
Which is true — as far as it goes. According to an Apple spokesman, SecureWorks (the company Maynor and Ellch work for) “approached us with a potential flaw, but since they did not supply us with any information to allow us to identify a problem, we initiated our own audit.”
So let’s recap: Apple thought its Wi-Fi code was just fine, thanks.
Until Apple saw Maynor and Ellch’s wireless Mac hack demonstration.
After which Apple suddenly got really interested in combing through its Wi-Fi code again — and quickly found three separate security holes that could allow attackers to run their own code on some Wi-Fi-equipped Mac laptops.
Maybe what Apple found on its own wasn’t what Maynor and Ellch found. SecureWorks is still keeping mum on that question.
But Maynor and Ellch showed Apple something. And whatever it was jolted the company into action. Without it, there wouldn’t have been any code audit — or any patches.
And Mac Wi-Fi users would still be at risk.
Is Apple’s carefully worded nondenial denial about the genesis of those patches aggravating? Sure. So is SecureWorks’ silence. And so is the fumbled newspaper interview that made Maynor and Ellch’s Black Hat presentation look like a publicity stunt. (Maynor has since acknowledged that he thought many of his comments to the reporter would be off the record, and Ellch has said that it was his first newspaper interview.)
Get ready for more of that aggravation.
Hackers turned security researchers aren’t going to become media-savvy overnight. IT security is now big news, and few ex-hackers can finesse the media glare. They’ll figure it out eventually, but until then, there’ll be more mishandled interviews and unintended results.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- The CIO's Guide to Enterprise Mobility Management (EMM) This guide will help those making an EMM platform decision make the best choice for their organization.
- Yankee Group: BlackBerry Results Refute Rumors of its Demise Yankee Group: BlackBerry® is stronger than the press makes it out to be.
- Your New EMM Platform: How to Streamline the Migration Smartphone migration can be resource-intensive and challenging. Find out how outsourcing the process can save significant time and money.
- Live Webcast Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information...
- Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing... All Management White Papers | Webcasts