How Apple orchestrated web attack on researchers
Posted by jericho
How Apple orchestrated web attack on researchers http://blogs.techrepublic.com.com/Ou/?p=451 http://blogs.zdnet.com/Ou/?p=451
Last summer when I wrote “Vicious orchestrated assault on MacBook wireless researchers”, it set off a long chain of heated debated and blogs. I had hoped to release the information on who orchestrated the vicious assault but threats of lawsuits and a spineless company that refused to defend itself meant I couldn’t disclose the details. Well a lot has changed since then and researcher David Maynor is no longer working for SecureWorks and he’s finally given me permission to publish the details. [..] Apple is a mega corporation that nearly smashed the reputation of two individuals with bogus claims of fraud. It didn’t matter they weren’t the one’s pulling the trigger because they were pulling all the strings. David Chartier should be ashamed of himself and his blog. Jim Dalrymple of Macworld and his colleagues that jumped on the bandwagon should be ashamed of their reporting. Frank Hayes was the only one of Dalrymple’s colleagues that had the decency and honor to apologize. Most of all, shame on Apple.
People have been piling onto Apple for a long time, and I don’t think this article really adds anything. I sat in that talk, and saw them insert the 3rd party card for the exploit. I also heard them claim that Airport cards were similarly vulnerable (and a lot of crowing about Apple’s wireless patches fixing the flaw–and still no details). Then I witnessed SecureWorks and Maynor refuse to provide any details for months more, and I don’t think any details have yet been released. Maynor did some talk recently where he demonstrated a DoS and claimed it was the saem flaw. Whatever. There are no heroes in this story, only jerkoffs. Well, that’s not fair…Johnny Cache has some interesting things to say, and it’s not really his fault that Maynor’s part of the talk brought all the heat.
In short….full disclosure of the vulnerability from the start would have avoided a lot of hate and vitriol spewed from both sides, and we’d know exactly what got disclosed to who, and when.