On TV.com: TOP 10 Shows CANCELED Too Soon
BNET Business Network:
BNET
TechRepublic
ZDNet

August 24th, 2006

John Gruber flames out during cross examination

Posted by George Ou @ 1:21 am

Categories: Defcon2006, Mobile/Wireless, Networking, Security, ~Events~

Tags:

John Gruber at the Daring Fireball has done this super long analysis of the current Mac driver-gate fiasco.  Gruber goes on record to state that "Brian Krebs has ‘dugg’ himself a mighty deep hole" and that I George Ou is "going down with the ship".  At first glance when you read it without carefully examining the facts, Gruber sounds somewhat plausible.  But one of my readers David Burke who is a very smart legal professional took it upon himself to cross examine Mr. Gruber’s analysis and it appears that Gruber wouldn’t even pass a collegiate course in "logic and critical thinking".  Mr. Burke was kind enough to let me reprint it here and I thank him for it.

Here is David Burke’s cross examination of John Gruber:

In response to John Gruber’s analysis

It’s an interesting article, but there is an error students of logic and critical reasoning will discover when they read through it, and it is a very critical error in the bloggers main concern.  His main concern appears to be from the following quote;

We do have enough facts, however, to know with certainty that some of our protagonists will not emerge with their reputations intact. Someone, clearly, is either lying or incompetent (or both).

For example, from Apple’s statement on Friday, we know that if Maynor and Ellch have identified an exploit against a stock MacBook, that they have not yet contacted Apple (or Atheros) with details about the vulnerability — which is both enormously irresponsible for ostensibly professional security researchers, and which contradicts statements they previously made to Brian Krebs that they had been in contact with Apple regarding their discoveries. Or, if they have contacted Apple, the statement issued by Apple’s Lynn Fox is flat-out false and Apple has committed an enormous, almost incomprehensibly foolish mistake, because such a mendacious lie will prove far worse for Apple than divulging a Wi-Fi exploit that, if it actually exists, is surely going to come to light soon anyway. I.e. why would Apple lie about this if Maynor could call them on it?

On the other hand, if Maynor and Ellch have not identified an exploit that works against Apple’s standard MacBook card and driver, then the only possible explanation for what Brian Krebs has reported — that Maynor told him that the default MacBook drivers are “identically exploitable” to those used in their video — is that either (a) Maynor and Ellch are liars and frauds; (b) Brian Krebs is an incompetent hack who grossly and utterly misquoted and misstated what Maynor had told him; or (c) Krebs was in over his head and did not understand the issues he was reporting on.”

By the bloggers own evidence this is incorrect unless he has left out some critical evidence he knows of to support his concern which appears unlikely.  Sorry for the following extended quotes, but this is the evidence he uses to support his concern, search the link if you would like to double check;

"Fox’s statement on behalf of Apple is unequivocal: Maynor and Ellch’s exploit involves neither the MacBook’s standard Wi-Fi hardware card or software driver. That, of course, does not mean that Apple’s standard driver isn’t somehow similarly vulnerable, but if it is, Maynor and Ellch have not demonstrated such a vulnerability to Apple, according to Fox.

Further, Bill McFarland, the chief technical office of Atheros Communications, the company that produces the built-in AirPort chipsets Apple includes in every MacBook, sent the following message to Brian Krebs via email:

‘Atheros has not been contacted by SecureWorks and Atheros has not received any code or other proof demonstrating a security vulnerability in our chips or wireless drivers used in any laptop computers. We believe SecureWorks’ modified statement and the flaws revealed in its presentation and methodology demonstrates only a security vulnerability in the wireless USB adapter they used in the demo, not in the laptop’s internal Wi-Fi card.’

But back on August 3, in a follow-up to his original ‘Hijacking a MacBook in 60 Seconds or Less’, Krebs wrote:

‘During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in MacBook drivers. But he also admitted that the same flaws were resident in the default MacBook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported.

I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default MacBook drivers are indeed exploitable.’"

The statement made by Gruber relating to Fox on behalf of Apple simply indicates that the actual test performed to show the exploit only demonstrates it can be done with the third party drivers and hardware, it does not say that there has never been a claim made to Apple that such an exploit could be shown to them, or was offered to be shown to them, or was told to them that such an exploit does exist on a stock Apple system, or that Apple had never been made aware of such an exploit on a stock Apple system or Apple never requested such a stock system exploit not be demonstrated at Black hat.  Fox’s statement simply says; Maynor and Ellch have not demonstrated such a vulnerability to Apple. 

While Atheros appears not to have been contacted by Secureworks nobody has claimed that Secureworks has contacted Atheros, but in fact it is wholly possible that Apple has in fact been contacted by Secureworks as there is no denial by Fox or any other evidence supplied that Apple has not been told such an exploit exists and in fact Gruber does go so far to admit in his analysis of Foxe’s statement; “That, of course, does not mean that Apple’s standard driver isn’t somehow similarly vulnerable”  Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.

At no point in Lynn Fox’s statement does she ever claim that Secureworks has never ‘told’ Apple such an exploit could be performed on a stock Apple so Lynn Fox has certainly not lied about what this blogger claimed she might have.  Further there is absolutely no evidence shown by this blogger that Secureworks did not tell Apple such an exploit could be demonstrated on a stock Apple system or any denial that Apple asked them not to use a stock Apple system in their demonstration.

So his main concern is garbage.  See why you need trained people to examine the evidence? Sometimes what looks obvious is not.
End of cross examination

 

I responded to David Burke with the following in email:
John Gruber - "For example, from Apple’s statement on Friday, we know that if Maynor and Ellch have identified an exploit against a stock MacBook, that they have not yet contacted Apple (or Atheros) with details about the vulnerability — which is both enormously irresponsible for ostensibly professional security researchers"

George Ou - I’m no lawyer, but this is a grossly incompetent assumption.  Fox never stated SecureWorks never contacted them, they only said that no code was shared.  You’re not entitled to a researcher’s code which they spent time developing.  Giving them the actual malformed packet that triggers the exploit and a pointer to the location of the flawed code is standard practice.

David Burke responded:
"Exactly George, all those kind of claims stick out like a sore thumb when you start reading through his extensive post to see what he is presenting for evidence of such claims.  At no point does he supply any evidence or quotes that indicate that Apple says they were not notified that such an exploit exists and the whole demonstration was a surprise to Apple.  In fact, the stories of Apple putting some pressures on them not to go with a stock Apple system may lend a possible indication to the way this unfolded.  Apple was told about the exploit and what was going to go down in the demonstration, Apple was surprised and at some point at least asked that it not be turned into a big "Apple Haters" demonstration and there was some level of compliance with Apples wish’s and a third party card and driver was used, but the testers let it out to the reporter that there was more to the story and that the stock Apple could be hacked just the same.  I have no idea what actually happened, but I also know that what Gruber used as an explanation for his theory is groundless."

Again, thanks for your superb logic David.  While I know for a fact that Gruber is wrong and doesn’t know what he is talking about since I’m sitting on sensitive information at this point, I’m amazed that you can take Gruber’s own analysis and take it apart and get eerily close to what the truth is.

  • How did Atheros get pulled in to Mac wireless-gate?
  • John Gruber flames out during cross examination
  • Vicious orchestrated assault on MacBook wireless researchers

    • George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

    • Talkback
    • Most Recent of 196 Talkback(s)
    Good Lord. Give it up.
    Why stick up for a company (like Apple)that makes commercials that are so offensive to such a large majority of the world (read that as Windows users)making them appear simple minded and without a clu... (Read the rest)
    Posted by: Cayble Posted on: 10/24/06 You are currently: a Guest | | Terms of Use
    Interesting reaction  frgough | 08/24/06
    During the initial article ...  ShadeTree | 08/24/06
    logic  frgough | 08/24/06
    Not at all.  ShadeTree | 08/24/06
    false logic  frgough | 08/24/06
    Um, actually...  tangent001 | 08/24/06
    George refutes?  SquishyParts | 08/25/06
    Defensiveness  Rbust0 | 08/24/06
    He should be defensive  tic swayback | 08/24/06
    There's a difference...  rapson | 08/24/06
    The appropriate response  tic swayback | 08/24/06
    Believing  Rbust0 | 08/24/06
    so...  richvball44 | 08/24/06
    RE: He should be defensive  Rbust0 | 08/24/06
    What you believe or disbelieve is not ...  ShadeTree | 08/24/06
    Gruber personally attacked George?  tic swayback | 08/24/06
    case in point...  JetJaguar | 08/24/06
    Huh?  tic swayback | 08/24/06
    Tic, he was reffering to your last point...  ShadeTree | 08/25/06
    Cherry picked my words?  tic swayback | 08/25/06
    I said that because...  JetJaguar | 08/25/06
    Burke has no additional info but picked him apart  georgeou | 08/24/06
    Again, we have no way of judging for ourselves  tic swayback | 08/24/06
    Well, yes and no...  Cayble | 08/24/06
    I think his points should be considered  tic swayback | 08/24/06
    Tic!!! There is no possability of a lie!!  Cayble | 08/24/06
    Blatant lies versus being disingenuous  tic swayback | 08/25/06
    Ok tic, I agree with that  Cayble | 08/25/06
    This isn't a class in logic or rhetoric -- and a plea to make it stop.  timyu | 08/24/06
    Simple Solution.  ShadeTree | 08/24/06
    Timyu's post  JetJaguar | 08/24/06
    Who cares? It's only Apple.  No_Ax_to_Grind | 08/24/06
    Damnit....  James T. Kirk | 08/24/06
    Which has to make you wonder  frgough | 08/24/06
    Windows too  Robert Crocker | 08/24/06
    But...  rapson | 08/24/06
    Nope  frgough | 08/24/06
    Yep  tic swayback | 08/24/06
    Wow  jcg_z | 08/24/06
    FUD versus reality  tic swayback | 08/24/06
    What's one more?  Richard Flude | 08/24/06
    That's the point, innit?  tangent001 | 08/24/06
    I've got a secret, day 4(?)  Robert Crocker | 08/24/06
    George Ou "I've got a secret"  frgough | 08/24/06
    Edging up to day 5  Jens T. | 08/24/06
    So what you're saying is...  tic swayback | 08/24/06
    Smallworks guy is beyond help  georgeou | 08/24/06
    What about Apple?  tic swayback | 08/24/06
    Apple has plausible deniability in their carefully worded statements  georgeou | 08/24/06
    I still don't see the point in doing this  tic swayback | 08/25/06
    No, what he suspects is...  tangent001 | 08/24/06
    Very simple answer  georgeou | 08/24/06
    Why Aircrack?  Jens T. | 08/25/06
    No  georgeou | 08/25/06
    re: No  mike_ohanlon | 08/25/06
    George shows the chinks in the armor  dgtruckses | 08/25/06
    Root?  Jens T. | 08/24/06
    Let's see  jragosta | 08/26/06
    It would be nice...  rapson | 08/24/06
    Why I came out sooner  georgeou | 08/24/06
    Speaking of smear campaigns...  tic swayback | 08/24/06
    I can't release those emails yet  georgeou | 08/24/06
    Fraud Fraud Fraud  GW Mahoney | 08/26/06
    Not quite  jragosta | 08/26/06
    I don't think that's possible...  GW Mahoney | 08/26/06
    You may be right  jragosta | 08/26/06
    Ou self-destructs  tangent001 | 08/24/06
    Again, no one ever claimed not to have contacted Atheros  georgeou | 08/24/06
    Never said they did  tangent001 | 08/24/06
    Oh my god!  georgeou | 08/25/06
    Atheros claimed the haven't been contacted!!!  Jens T. | 08/24/06
    What is so hard to understand?  georgeou | 08/25/06
    Your way with words his hard to understand!  Jens T. | 08/25/06
    no  georgeou | 08/25/06
    no what?  Jens T. | 08/25/06
    So if it's not an Atheros problem...  MTMacPhee | 08/26/06
    Keep in mind...  Cayble | 08/24/06
    re: Keep in mind  mike_ohanlon | 08/24/06
    You're leaping too far  georgeou | 08/24/06
    No...  tangent001 | 08/24/06
    Fine...  Cayble | 08/24/06
    Key words you missed  georgeou | 08/25/06
    Then why....  jragosta | 08/26/06
    Pathetic  dgtruckses | 08/24/06
    and your point would be?  JetJaguar | 08/24/06
    you forget, it's not spittle...  dgtruckses | 08/24/06
    "Only" is not correct  CDB-FR | 08/24/06
    You missed a key point here  georgeou | 08/24/06
    There are always more exploits...  dgtruckses | 08/24/06
    20 days with no confirmation  Jim888 | 08/24/06
    That's the point  jragosta | 08/25/06
    He's lying again  jragosta | 08/25/06
    21 days and counting  Jim888 | 08/25/06
    Again...  tangent001 | 08/24/06
    Agreed  Cayble | 08/24/06
    Still more super-top secret information?  jragosta | 08/25/06
    Nice try, Didnt work, not even close.  Cayble | 08/24/06
    We just want answers...  dgtruckses | 08/24/06
    We all like answers, here is where to look  Cayble | 08/24/06
    Very nice response, but the burden isn't on Apple  dgtruckses | 08/24/06
    What would Apple's motivation be?  tic swayback | 08/24/06
    And I do agree with you,  Cayble | 08/24/06
    Deliberate or no  tic swayback | 08/24/06
    I don't see the Apple evasiveness  dgtruckses | 08/24/06
    funny...  JetJaguar | 08/24/06
    ???  doctorSpoc | 08/25/06
    Your lost. Try reading, see how that works  Cayble | 08/25/06
    Or maybe....  jragosta | 08/26/06
    What's really going on here is...  JetJaguar | 08/24/06
    Are you a "legal professional"???  dgtruckses | 08/24/06
    either this is simply a misplaced response  JetJaguar | 08/24/06
    A strawman deserves an inane response  dgtruckses | 08/24/06
    Proofreading is our friend!  JetJaguar | 08/24/06
    re-read the msg  garamondbold | 08/26/06
    As a Mac User...  tic swayback | 08/24/06
    I couldn't agree more  JetJaguar | 08/24/06
    What's REALLY going on...  jragosta | 08/25/06
    If you had our politics  TonyMcS | 08/24/06
    Why weasel?  tic swayback | 08/24/06
    Stupd statement  jragosta | 08/25/06
    George is doing a good job of flaming out himself.  chrisndeca | 08/25/06
    You missed the point.  Cayble | 08/25/06
    P.S. Take this to bed  Cayble | 08/25/06
    Linux users  Rbust0 | 08/25/06
    Maybe Apple users are upset because they have been identified.  jehrler | 08/25/06
    So they clearly have an agenda (as do you)...  dgtruckses | 08/25/06
    Reasonable response  tic swayback | 08/25/06
    Stop beating the cigarette deal  georgeou | 08/25/06
    Forgiven but not forgotten  tic swayback | 08/25/06
    You still won't forget when it wasn't even said to you?  georgeou | 08/25/06
    Missing the point George  tic swayback | 08/25/06
    and just imagine...  JetJaguar | 08/25/06
    Which would have been entirely possible...  tic swayback | 08/25/06
    Well, ok...  JetJaguar | 08/25/06
    It was clearly a deliberate choice  tic swayback | 08/25/06
    yes, it definitely was clearly a deliberate choice  JetJaguar | 08/25/06
    Security professionals vs. blog poster  dgtruckses | 08/25/06
    Tweaking users is fun  tic swayback | 08/26/06
    It may be a thankless job,  JetJaguar | 08/26/06
    "cigarette deal" just shows motivation  dgtruckses | 08/25/06
    Uh, George, he said it to a REPORTER...  dgtruckses | 08/25/06
    Maybe the super secret lawyer made them say it..  jragosta | 08/25/06
    Actually...  Rick_K | 09/29/06
    Good Lord. Give it up.  Cayble | 10/24/06
    Maynor, Ellch in flames, Krebs, Ou to follow?  dgtruckses | 08/25/06
    Read it. Hes really poorly informed on the whole thing.  Cayble | 08/25/06
    Maynor, Ellch discredited in press  dgtruckses | 08/25/06
    Care to cite where Krebs is backing away?  georgeou | 08/25/06
    Sure George  dgtruckses | 08/25/06
    Ha! Come on, you cannot be serious??  Cayble | 08/25/06
    context  JetJaguar | 08/25/06
    i.e. he's backing away from Maynor, Ellch  dgtruckses | 08/26/06
    Artie MacStrawman is at it again  tic swayback | 08/25/06
    Another take on it here:  tic swayback | 08/25/06
    Yes tic  Cayble | 08/25/06
    is it really "another take"?  JetJaguar | 08/25/06
    I'm not sure the sense is "common"  tic swayback | 08/25/06
    Krebs is an issue true...  Cayble | 08/25/06
    More super-secret information  jragosta | 08/25/06
    Your as mixed up as Gruber.  Cayble | 08/25/06
    You're as mixed up as Ou  Jens T. | 08/25/06
    Wrong. Pick up a dictionary. What grade did you go to?  Cayble | 08/25/06
    A dictionary? How about the Oxford American Dictionary?  Jens T. | 08/25/06
    Dig the hole, jump in, I'll fill it for you  Cayble | 08/25/06
    Cayble, meet Bill Clinton  dgtruckses | 08/25/06
    Come on dgtruckses!!  Cayble | 08/26/06
    The OED is sloppy??  jehrler | 08/26/06
    Come on Cayble!!!  dgtruckses | 08/26/06
    Does that include George Ou?  dgtruckses | 08/26/06
    Umm, sorry jehrler, you are quite incorrect.  Concordx | 08/27/06
    Wrong  jragosta | 08/25/06
    Can you read??  Cayble | 08/25/06
    I think I can clear things up here  GW Mahoney | 08/26/06
    Or third option...  jragosta | 08/26/06
    What about Maynor?  dgtruckses | 08/26/06
    Maybe you should try it  jragosta | 08/26/06
    I read it...I suspect you are dead wrong, Its clear  Concordx | 08/27/06
    Details  jragosta | 08/26/06
    You're wrong  jragosta | 08/26/06
    That bothered me, too  gskiii | 08/25/06
    No More Secrets!!!!  NoPumpGas | 08/25/06
    George gives it away  dgtruckses | 08/25/06
    splitting hairs  Mr. Me | 08/26/06
    Am I in bizarro world?  dangitman | 08/26/06
    I only point out the vicious false statements  georgeou | 08/26/06
    Viscious false statements and false facts  gskiii | 08/27/06
    BS  jragosta | 08/27/06
    BS  jragosta | 08/27/06
    Why do you make false statements?  georgeou | 08/27/06
    Right...  jragosta | 08/27/06
    Organic orchestrated attacks...  gskiii | 08/27/06
    well, let's see.....  Monkey_MCSE | 09/07/06
    Great idea!  jragosta | 09/07/06
    Yes, a Bizarro world...  d_dejesus@... | 08/27/06
    Yes, I'm concerned as well...  gskiii | 08/27/06
    Oh My God, the Idiot Ou is at it Again! An Ode to Ou . . .  joeldm | 08/28/06

    What do you think?

    SponsoredWhite Papers, Webcasts, and Downloads

    Click Here
    advertisement

    Recent Entries

    Top Rated

      Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
      advertisement

      Archives

      ZDNet Blogs

      White Papers, Webcasts, and Downloads

      SmartPlanet

      Click Here