Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Apple Wi-Fi Flaw Disclosure Takes Bizarre Turn



 By: Ryan Naraine
2006-09-29
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
ToorCon: The ongoing drama surrounding the discovery and disclosure of Wi-Fi driver flaws in Apple products just got a little more confusing.

SAN DIEGO, Calif.—The drama surrounding the discovery and disclosure of Wi-Fi driver flaws in Apple products just got a little more bizarre.

First came the Black Hat conference disclosure from SecureWorks researcher David Maynor that the MacBook was vulnerable to a code execution flaw; then came Apples patch that conspicuously nixed SecureWorks from the reporting credits; now a terse one-paragraph statement from SecureWorks has muddied the waters even more.

"SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work under way until both companies agree, along with CERT/CC, that it is appropriate," the Atlanta, Ga. company said.

Resource Library:

Apple has made it clear in public statements that its Wi-Fi driver patch was the result of an internal audit, insisting that SecureWorks never provided enough information to reproduce the issue, but the latest SecureWorks statement appears to suggest the two sides have come to some soft of understanding.

But, it gets even more bizarre. SecureWorks Maynor and independent researcher Jon "Johnny Cache" Ellch are on the schedule to "cover the complete story" at the ToorCon conference here, but rumors are flying that SecureWorks has barred Maynor from presenting.

The company did not respond to an eWEEK request for comment. Maynor and Ellch could not be reached.

According to a ToorCon source, Maynor and Ellch are "still on the schedule," although it is likely the Apple issue will not be discussed. There is the possibility that Maynor, who has faced incessant criticism from rabid Mac fans, could disregard his employer and publicly discuss exactly what was shared with Apple.

At the Black Hat conference in 2005, researcher Michael Lynn quit his job on the spot to present information on vulnerabilities in Cisco IOS after his then-employer, Internet Security Systems, cancelled his talk at the last minute.

"Theres a chance David could pull a Michael Lynn," says a ToorCon source. "Who knows?"

It would be another chapter in what is described on security blogs as one of the most bizarre disclosure episodes in recent memory.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Apple Wi-Fi Flaw Disclosure Takes Bizarre Turn
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}kw6DىCvK%ۚ-nO9: I)CRv+='7n%?tb["PU( $ W7-gL.]sfS;uA@ [!%> '()ԯ1mnf]S/ _hoL|Aშ :#:@.Pk< Z57껲54o/ne0S-ڎIQ>)֐NմImZ/P8$H.wH~Th7eMGQR`J Cw*Nul9 Q!W2/Fӽ8t[h  5ya_U'iv;P;U{QUh/E@^cBȡ[Rh=5dc7.{ -,v2K*-aе :9z u v}J@J73ҧ }KH;R@}ky>5I ib1lp2JH n>,!\G-0/<m6L( |HI Cu"ħzr(˺Y4hmwEaij|Tݯ(GGCrL!-g©;xg۷~](Uw9.C[w5-uP\vNni\u/.>-N ?w`jLTV+Rhf Rc@G,{/BKoV7-%MюR;2,fϷ 3+i3*,ǝq%?[WM&M}'l,aZ4 2_]1-Uisi_:'Ww:Rڟ+̪ZUlxmuH|6=kh`cRV>GdZݓ6 )H|[:VEq޿ } ,-)Ttܿ!,_0f k$LJsi)":u P;|sNm҄& 9B:%ϙu_/7>hr ^@e)#8?݇IhJq䨉kYSl؅ R揇4eOO XZEU>hi"A[T}O%ތ1E|r/ef"ȅQ.% Ć>Ly%Ku}7pWM,jY]6'tauIUis_}ޡ:i|nuO^yֆ)WIC EhYf7-vIqM}sQV1+e_;ڇU9%zQnʼnl :2X jXR7HaQogtA`::)ҧ>RӚMCqRO#Gs>H2胎6mb8-ƹ" ,70}HOqI4WX(|}ZcOg6/|\a֔^i$>6(Z\?`c VC@B랂9׿ޚB"Qފҡ4aqj =*~3=w}   @l7k 6G~[>l03ͣA\IQ?z[ dSJJds 4.gH)AH =[h ]99 Ŋ #!be6ODs@PG҅;vjvn23,BV-KїPf%i2khƪń(VFN1|(0VRx5Vn,`o+GvP#&G#˰` 3G }= 3̲M҄%Ll;!i`0Ґ(eNa9熳~Lh?wܰHz}O VV̚3=P.Ƈ5œL{nlQr`8 0:|Ch2iMYguϳ-jəSN`cܑn̜07ÚL ~Dg詅m>`T4;:SڶESroBoڅRU眺_dA_fMjlȜu>IVBO7cnS^ʚtɕU.FiJ~*tj~#Jݼ~h;h{q#%MAw =e河xO:[[I%7˺I8{Ұ.Z.퉟eY mc-׾0^Ԣ(/Q|u$"!lsiŰ,B /0|:Cb&^fthQs&u|pöV/UKW3@-ZYSj2ej[`B]PeܠQ@5%X3PQ[ lx kuꟸPCߵɗK|#=dsqu3$0TN(e!\o ZJkX"lM M=t%<42.|O\V,'0sgеSҝabia;m/ US_H?[Q>Oom V!҇FD+ه0`,E=_G3_&])=B~*+e iҏ5 &^PGe d^ `M`R#׶݇| :lF֝9BQ>-L.-g \\ipj ZDZLhKAqA0*]y.g;f} p+zpgI 7ѾhʰeZh`ZqcJD%xb(O?CU^/VR8;OZV*ժ 5ǩUT\=W*ov L3)' Sf N|_ћxoũ1ztU9[J?0t .rɵ>gs||ujN8alEc>eLZrlxTa5£M۩{ 0v\ j Y58._g0p4J 922f`KP hԻu(bH=#CpBEWFڬ,t[4CuλWԲ)OkX@Aܚ:z,-HT0  d5}u*ՃZIe߯YUbY چHB&:GdHC>+`Zv*gwj6Jh)XS!RW dĞeeKEdkC鳨ݙY$8MGFi$]k|[P vfVɭ>ZvN'_&Ʀ(ɘVNaf28ڇF18=[ ٔ|{.r 5:=Fh=Нt;Ǻq7?,WE8&ϡRB7PUL xg4sDcC6VNMƏvpTm"z'"#^)~ZsqS)+J LH+' 3FYˡYF 3_?S~6W"h -z; ezrP-,sK"hJgԋ_r[rn)ty4ņ5ѣ(4CFyp0 +o3{Kql'ϱK{&@u1RlɪV;P%봚j%I=NM=1h+QcKBuṚ?\\׆hoy!?"XSwgtṡ)uRfCi5jZ)}#0Lpĵ)$7G }O*lU*JtP(]HX9H(P YGۻBlpI75 ),&L{~;Atf;ݫC {D۝~`o;Zj\#-0MC~:W?IMUK\6lb4 L@IP 4p?"YCO}u\I7m}ڏ"8-odF4zw/YJ|{ѽGE-{w[j܉C䄬W!yN.͛FS̠o2XGzz0<㥑a3+"APKվ̂ Ӝ4"Z?N3bn *qZw}uYLPH:>XaHHR ~tDӻh~dgu؋n/2 m D78C*QW"2Eh%iA%'ݛ&g <@&9/HUɉ܎B^YVRT t6Iџ`o e܃*WVz[k':_HbI NANhs_,Ĩ#9c1xc|.A-6ҾN=$4sJd":Q%;)~ڰO'cv,Q7&}Z9} DK{,i;;_坠PzsgOɭ2 Xw= Zt Ud_Rx~t %W>i^7yja~%X@2oBOHԃb5zǿ|뢧  r{k_= g䢅q+ѻ^QW{20tKdؕvd{qO n<]1n鐧4vlLcI")VԺUw7`\8%'+wr62Ӣ @7YM (f~\;pOҠ%cc}d}ݸ;w{f1vnw GP%( >E.=]f+wQ{]x͞wYiYU.J\-"Pn'Z^|HW%0)ՁX_~`6Ј3W 65D1FPeEk(R= n?b"T),"?I"H5tm^rI9ĩ4t|/B:38SYYrBˬAfEYş:22BK5a1@CL4+s=y+2A|V]fN\H_/+L3I~el?Oze#of#<s^t jA@Nj$tr_sI=MY/A=z#Z*njW%E}XbllR13~eShk_ꋲ3z(D*c®cs]!+p|\[`$~GΎrs@')YJ,ճx[끤Z۔]K/ŮQ~`S[ᙾKQpkZ;0b Zҩ3oF;bشVlRalRڔM_MXOw`?3& |L0qA9<۵aD G s oHO$Aimn)_n0ao,Y@h@X.CLzsL! ]XުE&o#@V6-(Zݔ}*/>M[ҍn?[}W7~Z?E bA(7MOGlI=Sz”<]BGoI.(^ŔRCLe^f7@5횯"iMYpCyrOж4~ECݲH ҪPoMCDnlƶ u i:b];b.5~*3kV!\= D +:_*eZ*/*T!9šDN HYgд?߰=5"BlE6Wi\򪎫NVxFkf54w(И2Aҙ>O@yJv N88p:N8ao^j1I3lȈds7ynƔJb 3ׁct "h4 9k2D7dd ;tj3Xme+avKIְ J8tIF bSě1ظꆌP~MF҅Ig>慗CSn LoM5| Fx^ PmlPieҹОܿ#Ti:sI؛wpշl\lx&66W_{̣-wm²9Ecc0q)8lL3l|cGUwL7>m: kQ|^AyigXdFDP#1\"a>z>bo߳x6u4qFl _$FB'HC7ϠEzImxޕz?nKc̐g#߂+xf<P v=?D1%7 ᚏ`#-[.0"պԲ?sCS+l33\œ]i@I  x9!ol^v#xӾԞz;(̍7xtz];EP7A 4B,Y4gMRkgRlk*`W.>!;Xf_M:ZUŃgW,⨥ş ovx!ʇ)\D7{`h%1•{[dp3sg(1ytw^X^wmYTk39=mVx7iχbW۰:pXJ)-y0m-mĬө{O+e6X -}-ඬG=܃y[YKj|ubM4t86e/VtL)2~rJf6,:Hj` >A#ɉ.> ztowwv]gO/=޵w 5x,|-^/Em/>oIJ0I0V1^AړjYİOX ђ,#;ЋdP S+կ8 e7 2{*x}][G?|=eO) x/-5򲪝=#?=i_tTI#$Z6@d8@amIYx' K=M]X.b쀼 Q :&M7q#o}g?$u(,UD%}g;'?X?(z)LšE|y{H&oD#ঐߛ~_*MO:@XJr'g)̿ňk('>?Ɨ`Z-#/䷅B/o|-He _M!AAÈȡ-bÒWVc#7 <߉// ,tZ4C;js+A#샒=%x ,q Dw un3<QmEMm&^o kQPϐ3VGBA8AXJo,"%xaCc8(ĒI ~PFpxIz(jsh*b4KB-'"5}L121%` Zk^gYr+Șzab=! cyTAN9=S5yS*GZ!դFK&GZk>A5Rhs̴5̈Gbv ]mz^CjJ[75S]<_q=%o7ݝCgnVu2ŷ/{D!5&<ڢş2.TX 6e51LЭ%8i]I٫TT>uv,՜Fd>^hTJӑu sӰ>m{A=~jLLH[{@Tq 81q, Ye)F/փފ> rF@Yf!s%0H]YUc `= qΕ?4;}ۻhzxX2 LG0:wOuqsYRAh0xԘ8@!'vq]Q sxrI"aK9.!y:q0ra)?Ĉo8fkHג s)Bxg۷nzʁRHU t083"* ҊF2*mM /7nrnR-i`Ik„0'ld Dpg;Fy]RRiFctkXa،6=/K@ \={q\31Faŷ^$l;b21#bH~9?3DjV nՁ.JeEt03#?B5O^RSJLmn$|s 3CXLi8qXg 9S $Ӈ;a8; ܕɫ6N-h遭YGw`C[UEY|obL,`A~쎣Bj@̐0^د?>&).yci 8OyN4xPJ+ K;:B"DILv]a]M,#>0(-ŌCZUѓȤ)t_tM=VreU<ŋbnV?7 -4W PRx  V #v(CdSGL€،\ݹXh4/ iӛv>Nn:NC瘰}RGݪ;דUs{h|10kyl2/*f(H^5/NQʩͦΘksYx9%Ew8lx̟D~D(/& ƕ^Mӄ-xecڝjݴ{=-ZI YW'>;ȉkh >r:X)` oBjs@1@C|k_O{.4"z_m^;^O9?C97P~ )By794hsOd})4>g};yg}yUhtZ9пNN?ӹ)wrWh|/E|9s _ /}/s{ ̡%%e^^'UW_KN9 S~ 90W9{s#?W0~W9ׅws?]/r qu7׸r3_/9}}ɡ---m:Iʙ#gk\8=>9)/9R{ WKӜ(gsVڍnV`{CJ{_/G+@I>s}mR+ ]q%]pLڭf]9hq_l %^a/ ^敽 YV=՞bMedG,D<mJ5BfaO@z6fs"X5½q>u\2fA<'ԎnOArDwMw̪[0/:)}.ԧӚ޴\mv<2kݫ++#BAfп~% + 1y}2oفOh] O WYZ-K`aP$П}rF1^V+p3lc}k|_;}sռ\73K쓭ú>a=^*B8D#wo0H= <0vڢ{ꑜ 7\xќ;cö0N l(U5m_oR-W+w俒$2 G b3jJUNl*Ay 0XR^9Q(Fuo*K0njE=u̐ga0VJ!'\Cx'»=n`BM_||mBfh0l|y Nd`?$L,(sY\FdlO]BgCVyxs; z1n&\ʠaC7ao/XbKZ;cp\';l=.2 gI?IϐR(|K9H%)^xjA߮ewgg_5b GykGc3@p6+,D*9"[Io %Q)@EikA/?tI3ۉd쥽%}Yq v.}xFʫu\*4/դ#\\wц|7(6؋|%O Ͽa9eD$uЧ FϩnC>XZe.-s(ŬBSd<)O4o'[nIG\k<`iЄ.^p멎TU|JA1Y<&[zRc*1ue|nHJUƧf2{O:з 57d8[| yQFu:h/Aslk 6-  `ꎈM6iZDR*,Dl'f , ~sf?(@P W91"uz ?{<=v;fC &+_2uE>v/-Ǭ9JrX}P?):OOgsZU<Hʶ!AW5`/=H]S(|9N]RjãōGXx; [) Iy>p <Щ0T\bX%eܔuF.EmhT4X )*l+7 9/߶7qݼ¶"yX\A\X3'5ȱ ya1 g{y{~k#'>g~ux:YʐLW\ȏ, ˘V /OىBׅѰ0 L;,lyED%e2rACb 0F c:p2 19,O)xI1%h3l䳈mAb ?ڵ-caG?,ɀGA> []r*. :X^5FElT$bB=AH>aHbV\3z7ZО3q7C& Cga+cPMYjcL1GyY<L}]x O!0YdWP Y-f1%Dv$8ґCAĞBTfƲ"7cP!0X]-B@:S .x C,$ˋ}P cyx ŧ$ASb0|:L+K+aMdz^khXi/6/;_yH%B}Sw= QFs;O(Uƥ29;(>^tooh/=n|:~jIQEeiNђu7vJ]7[Y"^ֳ/ 6A|>Ðy67n&_!-2VѪwV㛾VtƦI:1qzrJ]jq[OEQj)lئdUi29J{) 1^[)MCS9U2k +q>lgLp -ϱeRZ`l/Z6v$!