Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Apple Wi-Fi Flaw Disclosure Takes Bizarre Turn



 By: Ryan Naraine
2006-09-29
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
ToorCon: The ongoing drama surrounding the discovery and disclosure of Wi-Fi driver flaws in Apple products just got a little more confusing.

SAN DIEGO, Calif.—The drama surrounding the discovery and disclosure of Wi-Fi driver flaws in Apple products just got a little more bizarre.

First came the Black Hat conference disclosure from SecureWorks researcher David Maynor that the MacBook was vulnerable to a code execution flaw; then came Apples patch that conspicuously nixed SecureWorks from the reporting credits; now a terse one-paragraph statement from SecureWorks has muddied the waters even more.

"SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work under way until both companies agree, along with CERT/CC, that it is appropriate," the Atlanta, Ga. company said.

Resource Library:

Apple has made it clear in public statements that its Wi-Fi driver patch was the result of an internal audit, insisting that SecureWorks never provided enough information to reproduce the issue, but the latest SecureWorks statement appears to suggest the two sides have come to some soft of understanding.

But, it gets even more bizarre. SecureWorks Maynor and independent researcher Jon "Johnny Cache" Ellch are on the schedule to "cover the complete story" at the ToorCon conference here, but rumors are flying that SecureWorks has barred Maynor from presenting.

The company did not respond to an eWEEK request for comment. Maynor and Ellch could not be reached.

According to a ToorCon source, Maynor and Ellch are "still on the schedule," although it is likely the Apple issue will not be discussed. There is the possibility that Maynor, who has faced incessant criticism from rabid Mac fans, could disregard his employer and publicly discuss exactly what was shared with Apple.

At the Black Hat conference in 2005, researcher Michael Lynn quit his job on the spot to present information on vulnerabilities in Cisco IOS after his then-employer, Internet Security Systems, cancelled his talk at the last minute.

"Theres a chance David could pull a Michael Lynn," says a ToorCon source. "Who knows?"

It would be another chapter in what is described on security blogs as one of the most bizarre disclosure episodes in recent memory.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Apple Wi-Fi Flaw Disclosure Takes Bizarre Turn
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}kw6DىCvK%5m[Kݞst(S$Hvr[/=(ɏs7ؖ*T B;vv> IM לٔN]sPçwv$5vvC2I*_ d&@ jہ)}mk uB;;#|6S%}w *s=NN5K&Oº`M$lM1 dck`p,FcwOd{=B ~5;6(GJ{8KE!@׶#շ(>rP _UaNé-}!*{>$J%hGQu a};/ !X]D4C2]hj:TN`Uƞfn=KQz3r[B_M*- Dƞ4HCsd!̒JK^`:tm3G^A]õ]ȒR͌eCwt=PzOMҳB($g >v?$ 68Q)K+0~b[4Ip\΋2 ˺}= :ԍ۱|$ .j.s&"U-wS&>dRr-2^ʲnMw3a[mѡlطGZ.h5E9*U+Qr_ӽl˙=X8^pozϽsj\.;gW~`h-v4򺮕u=yظ} ?d}#5'LT-jR*ML@aBjLq9 uz P%?pAIS# Ԏ40" J1~̢2q}oe}}uI}rv|i",3sAV5 ̠t?#;ˠrqsںy\7=rڽ&I͝N4p3 VkCp5'^=v6~b M u ôWZC{v&޺r|9!IoJ'?;Be}Y З?ReQ So,nHˤd6M2T~`]NjNP_Ҭzpp[cW MZ!rƒ) u$ϙuW/7>hr ^@e)#p?݇IhJq䨉k>ذ 1"%iyՋ,}Et"AͩO%ތ1E|r'ef"ȅQ.% Ć>Ly%Kuu7peMSzhNTꂮ2W|{g?/1 .Cuƍv"e.ڽ^S8^%g 5F4 ie4%!8W5MGZ9HLWPsv/*rKh 2ud8԰1nґ>âxgtA`::)ҧ>RӚMCqRO#Gs>H2胎6mb8-ƙ" ,70}HOqI4㯰 Qx٭lE%_¤< ) zA;=H:]6(Z\?`c VC@B뎂9{׿ޚB"QޒС4aqj =*~3=w}   @l߃5#~[-[Z6x O͙A }(~~9-ROc"# EEKy3@ $h-4az.? Ŋ #!be6ODs@PGҹ;vjPG;7 {TKh!+K@fsfd(4{~4 cbB|#'fXr`Y \d+i)5BYQřgC:יWg_#a BӽB11 }wʠ:'E_ ۝-ý-'˗O.DSQzfכ d50egYA3'|$@]<>+WePÃ"`"+42[!Z!= \P(,Tw^YY䞅ʞT᧒,, H@,gmdz?;V@q)2Sf4),4BtOݡ~@?~UkCT]ٽx@r6y0sm-K{g@xC X{ /WèKA _hi lsiɰCm6|G9Ȇ騤 mMtv:{j,j&M;_&TY9f0>2ei[Foh#M;<kp6X"@@7w_M)kT!kT^͆Χyд]"|#7=dtu3$N )e!\o ZJ[Y*b=)4jKzF 烊7@E30kŠ%lDc*tǩg²읶ה])ϥ(̧6y+U}=cGLmRGMBW{WHZSYAlX)+%UMhj"yd\s˰e0|j}\v)+ܸ~$QK!ɅB@**ZC/çV "IJkiPzP( `kϗA,~Ǭg4"5w.Bāh<.Z6[R5=>ئ\Qۀ+%E>5؉b]DzmAO4dD pHE&A|Z+hp \@U.)L19J2*XPTB4ᦼ6tW݂Ēb:uXQ =j|{e|h3ʋ22 YӅVJjB=9GjZ9Ύ^WYP2:Ś&H_ଯ?p,zM85YoN)zCG>sn.y {VN8aE>yL J<˰"Ud JZY>V6ʼnG =q?@):2pnp{E~t=GhCxZ '`i@% p LM{2ݝ'(3~-h;_?mYf0`%l**5P6*0GnGWG$XSG1>L:k}\WAWӪ`,mC[$ zDÈ i{qņZ ZYMVqqxo|렄6RiExތ9"yea@WIlJhL;+JONMи6>3}&mnj^D[uc`ᄻ,OqG{SK)C,tl 'at/ V$8У4 IW˷(AD ϫ /jShtUM+Pu2YhSYpg#ؚIuU}l,On?AƊAFh5ز@n< DV;I9dYb:9Ki[2|'@d93NQg |0hfwr£: ߀&\@qc`A>HOow07$pkRVRV*X5 VN^Aұg.@C׳@g.4^y" ς2}ݤ1p FU< {H>JS->j4JRU-+)BoED\v[%-& veN6q%a?ͥg?ckD?"B5`Jܥ@v^IўA> Bb2Q{lJw޼\A8fSql'yV:Uq]v3M>ҁh 0>0Rlʪ+> 2&iZIRkϢsG:Lpz]%Qd:)nQ{{+7÷ G L)߭~*9WIPk>hw ĶZV G%}D.,q=C ~S=/_t2JE`7ɠ< j;!O}+tS1wOXL\ tKO7ƒ"'!Z+73,qvëJVqe^?2Z cSwW_vvZM} EE@Dj?$ ?/Ѝ ?FPX1"NKE])w7V쐔4M}ڽK͋C<d¼ODNӽ<|DڝOg8 ^+{;Zh\00C~:?I˖Թh~jS( dzNR(ɢ]2}ܮcoVtaFۧ(F@qiDW~Bh^\/~tϻ9\txx\N#{RG!hUHv::b3hmƛ&%c,kC2 xidDi+%,ҽn9`\5c-ͅHg"S&aDy8aU,yyE_aY,d<0&*Vktzc}E9,׀zB,2ΛY%D( `I/Щ cA?OFrA&zZG>gIəOQI Rt4zUr:?Hע~}#g֢Ѭ]}+ ɏh #: 3e!Z & 2zP/gVU۽N H1sȍڰq ;eΫ Pf|v,N%W3lyRѵl d@T7&]ZG9X16qwv`#(;A\[µS24,`ul3Ljǥ̷NuAHK.}<﷯I[ 09nJs dt#k7yEO>4wX]{WE VwN{}da}_?H+FycP/!OhSi٘NBERTUulko(bYpJeOV ;hd,E#,nP2Q^;pG %ccmf}ݸ;w{f1vnwGP%(>U.=]f+wQ;ޝ{͞wYiYeK\-"Pn'Z|>OW%0)ՁZ_~` 7шW 65bǍn!0נQҥ(S!]CHMU| :SX()D~%EktӼ<$sԉi#n0^t8=R?,#Lgi -k e5,d ],ׄ\1ᨃ5xf]Wd&6( ^NkW*j5 dݓ<iOu&&~$)3_G@:CzvN  haJL]_@!=Iyɣ1pQ tȃr a{/ " mMUJZ9 NN^>vO";Q2iflUaC=$paN ^r-'@k,WzSk+Q(m,Ҋ WIjV 8$ Bt@P#!c@3NRity ؤb^eQwwP*)hPD>phOgdxv0(D_R_}!GBHJT1:(ˇ؁@گirm BK:;镂Uvf-+1BVϢO9ooŮJjmSv-Fr͂ANm{GZ,KujIÈ@Z;tcI XoecӚ[IIiS6q6a}`>S߁Yx6s@Θ1k?xk9\ <&$=&9H۞uSv+8`b un4$Xu\pC80XƪE&o#@V6-(Zݔ}*/>M[ҵn?[}W7~Z˯"phBe'#~)o=aJXGU_ؕ0!P#ݷ3}/dbc)!_&2a/3c:ۮ*Vٔj/ ה'ٹ m+@`qZ4-;a!-Ήdk:D$ƶolPb(vܵ3*[QEvhl[p rƁ͝I;AǸi9tg!j^Q¡(S_Ǡ 1Fy>9"Jl~co ~) ;'kKtRfʔJ]J8VǮG@ D*J3 o?Elm{cʿ?( QղУȞa ݖ>`DU2lJ/6dz2D8$7ϠEKmx %nFכ"KS.93&DEi:Y69Af]kLIk9Ms#\lхvF݂ĸZZV0g`hJ` ~dE0ouA:}0xoN88ts]65 />RrWnJk X?qEd]NŠ S!fqh^۳&^Z53x6^(stD,n__PX#Wc`]08j_g+$^5D-1s=ݶ%Hfo8 ͿWo͓ixH4+mz3TSYf {@S+XTR Zߤ`5>;۲6Lpzlï^JoYf%e։*V$)1L4 Kl(BHr7{-7'rp@kҽ9>u]<g;2)PQ_ {b闶Q0ا% 0$XEp~{hOҷe>#!b1D b@/j]g9L(LT7|fC˸ltq"o(2c=X67T ~Vxr˪vsƲKxll9&BMwȓJ$pK4+u +ދ"^tE'yDd',eh6Ene`a6Dy7꤯ 7m7L=GVN7`Ew٧0_Y "EsB~`vx=I:bœ{%C~GdT#=t_+jmۏoȐ TQ\#5|5XsH4#z2g 7 Ks_Yя T.^/~'Ѝ j\4nH(aV"Ʈ,Jfad75|$ƽlE߽gL2ԍ۱Gs8RG%5xQ  EA<~ZC O]c)i%+L3G K&5D"CA%fZןQy3, Y"KW15\Rkɴr.\iE,zUdI2&/ czRO&Sj9 O=#M)iT-A8; ״|^kpms̴5̈ ZkafB׵Zk]u3ѽ Y<57SYzZ<1xfU'j*w^|;NRcs-*\);,Mu%s.]vB*c@#1ZM2Ӱp-| Y?NRefoUO2U"c†J K. ࡼ'뺸cWVkRj*>5BYQ79F5r.1X3P}"Z{2ֱ:sg 岶_U2u~$M0',VK֔2J\dO}TK[\JH`o2o)ߖ8凰|qP[˜ozpײZ ǁ; %3%oMq${T ^aᗍ_kdܖ3 -:u_ai;t]kt Q3RmFΝz_a~msι Wف9Z`3+nsl˪ZMɶ8+YlwNQgg)q8 @ə莥eCQq_7~mxsr`6ވ۳jzq27xN6iMh%%MFV(hdti^V7Α)W'n,՟.'>Pv/VHՔG?ɺextJ"`r[4mkZ t Mta'7+ 8&\БߕJuOSwRi48}A6ژyiF4Y0 &׶O[ĝ׀gސUb"a=X 2>nde2 GP56 # p7\CsN.7v߾U Cyѝ &du.4G>z(4A򽉡{0uے S2C´vtxa~LR ] 4Bq0h𠔴W*vtE 1ºޛXF #}AaP8Z  +z+5'I]S@)9#2{˪{wyW69ݬd/RiJdR ?$@FP=xɾ)z:1's;˱h^]#k$6}9\w%1a[K |폺Uwo'ݫou粏70cal\_d _T Q9l^28SΘksYx9%yw8lx+<>N| D(/& ƕ^M;LL7[vS+tПxu3K-fPM/ǭ}4=V0.8SL^}'vn<3))'MfNyʻ9-AS~'O>9O_NqY]iVN9?t.sʡ{9ߠsfE\9_<@ߋ^}.rs_yß92zW(S~g9_@EN9e^\%euݜwAtsOK7G\\uS.{/>_?.%B׼rk~_~_sw7y79{wNr!(oY Nops˅q+/ޯ<4sYE~vïX^йR*4ˑ [ҿ2~62A\t[u CFW\=o /deWH4vYAm{}ys/-#yioĦBt(^xTHyE#.ȭ-'Hl]=g%%x=0?Mu{.1پWߕ\)ܼ}:qOkXE9s8WɴVی SZ}b>{2YwI8;{7].6pqS0n* 4`m/73d#8';ZʈPcvdmo߆z L^O\wЯҾl3K쓭?u}Mz`MTV)pF;F`1zI<0vڢ{ꑜ. 7{om D́a[@R'o6*VZ;_5 #O1Q5YUdF*j堼_,)g /(@#غ7M{%}C7":fȳRLq u+[ %<tl-Y7]0/c>>6of.3^46T<gU~ o'2@?o9j/#v2QW!+< Ɲ]~=`wb.eа!,sv[F8 | M3_X&5$W!7cUrߡQC <:,ed` NuOЫȅSI" 9oޔ_gCǓH,_bYD CA( 5t0@2nu–1*F;B;Ndɉؼ!gP,#V}> 8lu^0St4w[ .M " n#q>TLZAۀY ;`91,^R3ΗIv͘x=LicG[zhLR֚lCvsFdy#aq1eA(e6Lm (~%6,wb3(iB. S@e8>cc>m=]wtl#kF&~qgz "d`QS /NE޲c{ Id b2OZ>ಓJ_`q?Ihbv]"6 v{g X6=\E4a0W+xVb;`HIأ ^BO֢-#%0uocOil@O咤 X1W䁝gAg|bOhMxXe7M&$rq;}2`-"eoE52FX]\1SzA۹/܊]''Ͷ cTF\gȌQ)xރA~hDᲁe":}`S so#gTÉtr!̃NN-Gw U|ٲs9ebV)qmeGFӧ_-[ @ O<C24a (zc<9znG}L޴%cHPWϗݜ Xo| 8jO.d6C|gKoXozQڃ`+슧q?d|E#bSp!@pM֧"QTĻ sQ)ۉYj%xd圙ϭ699 3/&e@EqLgHvx566s֨Na^ۺKAўYm0o6`/#]Ǟ':K$~Al=fu'-WrcdKxf:叐^ƃl+RTy X^c0У,2095q얢e.nDaa^o1n,$&@ Sֹ˱Jʶ)E=b\ ѨipSTVD'n3^m'oyeDmE>m+ЍO|3'ȱ ya1 g{yW=?5jl3Gajn,eH}Kqd.5"2fk-.,wvUa4,Lb1"[\'QI 8`\жX3"@a)5|dn~ӧf<˜4W6EĶqytʵ-ˉ=lw.`{e75SF e31C7Dn0BraH d[\O_مuv3\j/YH~1 <99.@OI"cXM1}a`|3S!V7v6̈́ В]&ŮMvbecysĂ"